RE: Restrict Internet Access

Hello Anthony,

Thank you for posting to the SBS Newsgroup.

I understand that you want to restrict internet access for clients in your
SBS 2K3 Standard network.

The best for you to accomplish is add a pack filter at the outbound of SBS
2K3, which uses the RRAS to block the IP of the external sites.

1. Go to Start, Administrative Tools, Routing and Remote Access.

2. Expand Yourserver (Local)/IP Routing/General.

3. Double click "Network Connection".

4. Click "Outbound" and select "Transmit all packets except those that meet
the criteria below".

5. Click "New", check "Destination Network" and add the IP address and
subnet mask you want to restrict.

6. Click "OK"

Also, you can accomplish by applying Group Policy to user, but IE policy is
not a recommended way since it may lead to many addition administrative
tasks in the future.:

1. Run "gpmc.msc" and you are in the Group Policy Object Editor Window.

2. Expand Local Computer Policy/User Configuration/Internet Explorer
Maintenance/Security.

3. Double click Security Zones and Content Rating in the right panel.

4. Check the box "Import the current security zones and privacy settings",
click "Continue" and "Modify Settings".

5. Select "Security" tab and highlight "Restricted sites", then click
"Sites".

6. Enter the web sites to the zone you want to restrict then click "Add"
and "Close".

[Note]: If a client logs on a workstation as a local workstation rather
than log in a domain, the Group Policy will not apply to the user, so there
is absolute way for you to restrict the internet access for clients.

To best perform user level control or destination sites control, you need
to use ISA.

Hope this information helps. I am glad to be working with you again.

Best regards,

Brandy Nee

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

.

Relevant Pages

  • Content Advisior
    ... I have a SBS 2000 server running on a network with 30 clients. ... are allowed no internet access so are not in the backoffice internet users ... If I do setup a group policy will this over write the settings stored ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: Disable internet use via group policy?
    ... Put all users you dont want to access the net in a group and use security ... For instance a simple search on google for "disable internet access via group ... >network with about 7 clients and around 20 users. ... >has a different approach without using group policy, I'm up for it as well. ...
    (microsoft.public.windows.server.general)
  • Re: Setting up new users
    ... could do is to let the users logon as the guest account. ... configured in permissions for a share folder so keep that in mind. ... Use Group Policy to restrict the users further. ...
    (microsoft.public.win2000.security)
  • Re: Read only account
    ... You can restrict a user account so that is only has read/list/execute ... services/client&server data redirection] to restrict redirection of ... to save their password for their TS client connection via Group Policy. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Group Policy for locking down windows xp
    ... Your best bet would be to use a combination of Group Policy and ntfs ... permissions to restrict access. ... With XP Pro you can also use Software Restriction Policies to restrict what ...
    (microsoft.public.windows.group_policy)
Loading