Re: GP No internet
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 02/03/05
- Next message: George Hester: "Security"
- Previous message: lforbes: "Re: folder redirection simple question"
- In reply to: Moydog: "GP No internet"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 3 Feb 2005 00:00:40 -0600
If it is only a few computers you can configure the computer with a bogus
default gateway as long as the user is not a local administrator which would
allow him to change it back if he knew how. A sure fire way would be to put
those "computers" in their own OU with a GPO for that OU to apply an ipsec
filtering policy to those computers. An ipsec filtering policy uses only
permit and block filter actions to control a computers network access. You
could for instance create an ipsec policy with a mirrored block all IP rule,
and then add another rule with permit filter action for the local subnet.
The link below explains more on ipsec filtering. --- Steve
http://www.securityfocus.com/infocus/1559
"Moydog" <tlmoyer@yahoo.com> wrote in message
news:%23IMT$pTCFHA.824@TK2MSFTNGP11.phx.gbl...
> Is there a way with GPO to block certain MACHINES from accessing the
> internet? Intranet is needed, but no internet. Maybe putting an incorrect
> proxy server in the internet settings or something, but only for say a
> group of machines, or a single machine?
>
- Next message: George Hester: "Security"
- Previous message: lforbes: "Re: folder redirection simple question"
- In reply to: Moydog: "GP No internet"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
