Re: block internet access

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 02/03/05 

Date: Thu, 3 Feb 2005 12:17:17 -0600

You can use ipsec filtering policy to block user access to the internet. You
can use ipsec with block and permit filter actions. You could create an
ipsec policy with a mirrored block all IP rule and then create another
mirrored rule with permit for the subnets that should be allowed. The user
on the restricted computer will not gat any special error message however
and will not be able to get updates from Windows Updates from the internet.
The link below explains ipsec filtering more. --- Steve

http://www.securityfocus.com/infocus/1559

"Rob Bergstrom" <nospam@backatcha.com> wrote in message
news:uOm1URhCFHA.1084@tk2msftngp13.phx.gbl...
>I have a subnet in a remote location that 2 computers need to be blocked
> from getting to the Internet.
>
> Can I use group policy to do this or some other way in Active Directory?
> ( I
> have a firewall that I can do it using the rules and make a static IP for
> those computers.)
>
> They are on the 192.168.4.0 network, go through the router to the main
> network 192.168.1.0 to get Internet.
> If I gave them a bogus default gateway they won't be able to log on to the
> domain since they have to access the 1.x network to login.
>
> The firewall is probably the best way, but I would like to know of any way
> in AD and/or group policy if there is one.
> Windows 2003 servers/XP clients
>
> Thanks,
> Rob
>
>

Relevant Pages

  • Re: block internet access
    ... > You can use ipsec filtering policy to block user access to the internet. ... > can use ipsec with block and permit filter actions. ...
    (microsoft.public.win2000.group_policy)
  • RE: Group Policy Connundrum - Stick with it, its confusing!!!
    ... Applied Group Policy Objects ... Small Business Server Internet Connection Firewall ... Secure Proxy Server: 0.0.0.0:80 ... Import the current Content Ratings Settings: ...
    (Security-Basics)
  • Re: Locking down computers
    ... The updated policy is a must, but you need to get that app fixed, too. ... Take a look at the Internet Storm Center's time to live numbers. ... words that managers can understand, you aren't doing what you need to. ... Messenger, tho a PITA, can be a business asset. ...
    (comp.security.misc)
  • Re: Remote users unable to connect to internet outside of network
    ... When users leave the network and try and connect to the ... internet from home or hotel room they are unable to connect to the ... Addresses of your DCs you must disable the policy on your mobile ... Keep a back up of your OE settings and folders ...
    (microsoft.public.windows.server.dns)
  • Matthew Shears Appointed as ISOCS Director of Public Policy
    ... advocate for the core values of an open and accessible Internet. ... Matthew will drive ISOC's policy ... ISOC moves forward to develop new approaches to help policy makers ...
    (comp.dcom.telecom)