RE: Restrictions on internet access
- From: v-edtian@xxxxxxxxxxxxxxxxxxxx (Edward Tian)
- Date: Thu, 11 Aug 2005 05:56:40 GMT
Dear Joe:
Thank you for posting here!
To do so, we should first make sure that all the clients are Web Proxy
clients, which means the ISA server is used as the Proxy server in Web
browser setting. In this way, the clients will utilize the Web Proxy
Service of ISA and benefit from the Caching function of the Web Proxy
Service.
Suggestion 1
If you are using ISA 2004, I would like to provide you the following steps
to do so:
1. Open ISA2004 management console, navigate to Firewall Policy, right
click it and select New->Access Rule.
2. Enter a name for this Access rule, for example: 'deny specific internet
access', and click Next.
3. Select 'Deny' and click Next.
4. Under 'This rule applies to' option, change it to 'Selected protocols'.
Click Add, and then add HTTP, HTTPS from 'Common Protocols'. After that,
click Next.
5. On the Access Rule Sources page, add 'Internal' from 'Networks', and
then click Next.
6. On the Access Rule Destinations page, click Add and choose New->URL Set,
then a 'New URL Set Rule Element' page appears. In your situation, you can
set the following URLs:
a. http://www.netbank.com.au/*
b. http://www.westpack.com.au/*
c. http://www.rba.gov.au/*
Then add this newly defined URL set and click Next.
7. On the User Sets page, please make sure to which users or groups you
want to limit access. By default, this rule is applied to All Users. You
can remove 'All Users' from the list and manually add it. Click Add->New,
then New User Set Wizard will be launched. Enter a name for this user set
then select Add->Windows users and groups, add the users or groups that are
restricted to access the specified web sites. Then click Next and Finish.
8. If you have other access rules that are listed before this rule on the
Firewall Policy tab, DON'T FORGET to move this rule up. This action makes
sure that this rule is enforced before other "allow" rules permit access to
the Internet service that you want to restrict. To move an access rule up,
right-click the rule, and then click Move Up. After you have modified the
rule hierarchy, click Apply to save your changes and to update the firewall
policy, and then click OK.
Suggestion 2
If you are using ISA 2000, I would like to provide you this step-by-step kb
article:
How To Prevent Users from Accessing Unauthorized Web Sites in ISA Server
http://support.microsoft.com/?id=300492
In addition, to add a security group, we can use the SBS Server Management
to do so. Open Server management console, navigate to Security Groups, on
the right panel, click 'Add a Security Group' and follow the instruction to
create a new security group.
Hope the above information helps, I look forward to hearing from you. If
anything is unclear, please don't hesitate to let me know, I am standing by
to help you.
Have a nice day, Joe! :)
Best Regards
Edward Tian(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: Restrictions on internet access
| thread-index: AcWdb1r26NHZCe9nTzqxjfJElX8nBQ==
| X-WBNR-Posting-Host: 203.34.164.71
| From: "=?Utf-8?B?am9lMjI1Mg==?=" <joe2252@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: Restrictions on internet access
| Date: Tue, 9 Aug 2005 22:50:04 -0700
| Lines: 7
| Message-ID: <C4C6ED75-AE0C-47B4-B828-EACB114262F2@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:142972
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| We have SBS2003 Premium edition. One of the security groups is Internet
Users
| which has unrestriction internet access. Could someone please guide how
to
| create another group with limited access to the following sites:
| www.netbank.com.au www.westpack.com.au www.rba.gov.au and then it will be
| just the matter of adding users into this group..isn't it?
|
| Thank you kindly.
|
.
- References:
- Restrictions on internet access
- From: joe2252
- Restrictions on internet access
- Prev by Date: RE: Sharepoint, monitoring and the company web
- Next by Date: SBS 2003 + Windows Server 2003
- Previous by thread: Restrictions on internet access
- Next by thread: Re: Disk image software, Paragon Drive Backup
- Index(es):
Relevant Pages
|
