Re: Unable to block internet access through GPO by using a proxy
- From: JAMiE132 <JAMiE132@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 15 Jan 2009 05:08:01 -0800
Hi Becky,
So they need to access certain sites on the internet and the lntranet site
as well. What is the proxy settings that you configured on the user
configuration GPO?
Regards,
Jamie
"BeckyBoo123" wrote:
Hi thanks for all of the responses. That is a good idea, I will be able to.
apply that if all else fails, however these users will require IE access for
local intranet and also authorised courier sites eg DHL TNT parcel tracking.
Is there a way I can still allow access to these sites while blocking any
other web activity by using something other that proxy settings (as this does
not seem to work anyway!)
Cheers!
"JAMiE132" wrote:
Hi Becky,
I agree with the others that blocking by the client side is not good
practise; however we sometimes need to make do with the resources we
currently have implemented. Are these users on the TS using applications that
are web base? If they do not need to use the web browser then you could
create a GPO user configuration software restriction policy to prevent
specific users from using the web browser application.
http://support.microsoft.com/kb/324036
http://technet.microsoft.com/en-us/library/cc737304.aspx
Regards,
"BeckyBoo123" wrote:
I can confirm both of those, this is my gpresult:
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\tuser>gpresult
Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 15/01/2009 at 11:02:30
RSOP data for ******\tuser on TS1 : Logging Mode
-------------------------------------------------------
OS Type: Microsoft(R) Windows(R) Server 2003, Standard
Edition
OS Configuration: Member Server
OS Version: 5.2.3790
Terminal Server Mode: Application Server
Site Name: N/A
Roaming Profile:
Local Profile: C:\Documents and Settings\tuser
Connected over a slow link?: No
USER SETTINGS
--------------
CN=Test User,OU=No Internet,OU=***** Users,DC=*****,DC=local
Last time Group Policy was applied: 15/01/2009 at 10:23:34
Group Policy was applied from: dc1.*****.local
Group Policy slow link threshold: 500 kbps
Domain Name: *****
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
No Internet Policy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups
---------------------------------------------------
Domain Users
Everyone
BUILTIN\Users
REMOTE INTERACTIVE LOGON
NT AUTHORITY\INTERACTIVE
TERMINAL SERVER USER
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
RDP Users
And my rsop.msc results show that proxy settings are enabled, using
127.0.0.1 for all addresses.
At some point we will be upgrading our firewall but at the moment it has no
capabilty of blocking access for certain users only so using a GPO seems like
the only option. Do you know the names of any free software which can do this
for us?
I understand completley what you are saying. I will bare this in mind,
hopefully the MD's will let us spend money to avoid this.
"Florian Frommherz [MVP]" wrote:
Howdie!
"BeckyBoo123" wrote:
I have been trying to block internet access to a few certain users by
setting up a GPO which uses a proxy to block access to the net.
I read in several places that this was the bext way to do it.
It certainly isn't. Setting the proxy address only catches IE - other
browsers, applications and stuff can use the configuration the
LAN-Connection has configured.
So, I created a new GPO called "No intenet" amongst other things, I set
the
proxy settings to 127.0.0.1 and then appled the ploicy to the users in
question.
All of my plicy has taken effect, I can see everything in place. It even
displays the proxy that I put in.
However, when I attempt to browse it still allows internat access even
though the proxy is in place.
The policy is applied to the users? Can you confirm with gpresult and
rsop.msc?
Apart from that - to really make sure the internet access is blocked, check
for a firewall/proxy implementation that is capable of using AD as a base.
ISA and Squid can do that - there are also others (free). Blocking access on
the clients is bad design. You're configuring file access on the shares on
the servers - not at the clients, right? You should do that with the
internet access, too.
cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste
- Follow-Ups:
- Re: Unable to block internet access through GPO by using a proxy
- From: BeckyBoo123
- Re: Unable to block internet access through GPO by using a proxy
- References:
- Unable to block internet access through GPO by using a proxy
- From: BeckyBoo123
- Re: Unable to block internet access through GPO by using a proxy
- From: Florian Frommherz [MVP]
- Re: Unable to block internet access through GPO by using a proxy
- From: BeckyBoo123
- Re: Unable to block internet access through GPO by using a proxy
- From: JAMiE132
- Re: Unable to block internet access through GPO by using a proxy
- From: BeckyBoo123
- Unable to block internet access through GPO by using a proxy
- Prev by Date: Re: Cross-Domain GPO
- Next by Date: Re: DHCP server on a DC failed to see directory server
- Previous by thread: Re: Unable to block internet access through GPO by using a proxy
- Next by thread: Re: Unable to block internet access through GPO by using a proxy
- Index(es):
Relevant Pages
|
