Re: correct way to block net access???

Unfortunately that will work by machine only. Basically you would assign the
machines you want restricted to the DNS server that you setup.

However after a little digging, I think you may have been on track with your
first post. By using Software Restriction policy - Additional Rules - New
Internet Zone rule you can define a list of trusted sites and disallow the
Internet Zone. Again this is a computer policy and not a user policy, so it
is only valid by machine, not user. But it is lot less overhead than
confirung the other options.

--
David Davis [MCSE, CCNA, Security +]



"Sarah Sanders" wrote:

> Ok, if I don't put the gateway in, that probably won't enable me to connect
> to other things, besides, other users who login on those computers need
> access to the internet (such as a manager login).
>
> I don't know much about proxy servers, and we're on a limited budget, so
> that's probably not a good idea. I thought about blocking access through
> the firewall depending on IP's or MAC addresses, but that wont solve the
> different users on the computer problem.
>
> I like the DNS controlled hosts idea, but will that work for ALL users, or
> just some users depending on the computers they log on to? or can that be
> controlled by group policies?
>
> Sarah
>
>
> "Daniel" <daniel@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:uzZC5w0cFHA.3712@xxxxxxxxxxxxxxxxxxxxxxx
> > David Davis wrote:
> >> For the users that you wish to restrict from the internet, assign then a
> >> blank gateway address. No gateway, no internet.
> >
> > But having no gateway may cause other issues. A proxy server is
> > definetely the way to go.
> >
> > --
> >
> > Daniel
> > MCSE, MCP+I, MCP in Windows 2000/NT
> >
> > --------------------------------------
> > remove the 2nd madrid from my mail address to contact me.
>
>
>
.

Relevant Pages

  • Re: Restrict Dynamic Updates
    ... outlined in the article "HOW TO Configure DNS for Internet Access in ... Windows Server 2003", realizing that that was not the initial intent ... internal DNS server host external public data. ... internal DNS server that hosts your internal AD infrastructure access from ...
    (microsoft.public.windows.server.dns)
  • RE: ISA 2004 Firewall Client and ActiveSync 4.2
    ... at home in my WLAN all internet ... that killing my default gateway is not the way ... gateway and the appropriate DNS server entries. ... server internal IP then your client works as a secureNAT client and you're ...
    (microsoft.public.isa.clients)
  • Re: Help needed with intermittent internet
    ... cable internet service. ... The second NIC in the server is for the LAN, ... Occasionally I can get a response from the gateway, ... This fact led Comcast to conclude pretty early on that the ...
    (comp.dcom.modems.cable)
  • Re: Windows Time Service woes!!
    ... My internal DC FSMO is: ... My Internet gateway router (Win2K3 member server running a network firewall) ... my Internet router as a gateway) to time.nist.gov. ...
    (microsoft.public.windows.server.networking)
  • [UNIX] Hardening the BIND DNS Server
    ... Hardening the BIND DNS Server ... Your Domain Name Service is the road sign to your systems on the Internet. ...
    (Securiteam)