Re: How can I use SBS GPO to restrict AL internet access for speci
- From: "kj" <kj@xxxxxxxxxxx>
- Date: Wed, 8 Nov 2006 15:48:54 -0700
ISA (or equivalent) is the correct answer. Even vaporProxy is easily
circumvented.
Nothing in R2 that helps either.
--
/kj
"Wayne" <Wayne@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F413D1C6-8EC4-4E08-A868-D1D21B073E53@xxxxxxxxxxxxxxxx
I wonder if anyone actually tests theses things before they give advice.
I'm running an entire Windows 2003 Domain, with Windows XP SP2 clients. I
set up an OU (organizational unit) and made one group policy with one
object
enabled, "Restrict Internet communication".
I can tell you this does NOT work.
Maybe R2, or SP1 works but I can TELL you this doesn't.
The only way to "partially" restrict users from using the Internet is to
set
up a bogus Proxy server. You can do this with GPO (Group Policy Object),
registry entry, VBS script, or search the net for a program called
Proxy.exe.
If you set this up in the GPO you should also disable the connections
page.
Administrative Template | Windows Components | Internet Control Panel |
{disable connections page}. I would also add additional securities as it
will not take long for the end user to find a way to install something
like
Mozilla or another Internet Client.
ISA server, if you have one, is actually a better idea.
Good Luck.
Wayne MCSE, MCP, A+, ABC . etc .
"Charlie Russel" wrote:
If you're running Premium Edition, btw, you can do it as you originally
described. ISA can control access for all clients running the firewall
client based on who the user (or group) is. And prevent any non-firewall
client machines from getting out at all.
--
Charlie.
http://msmvps.com/blogs/xperts64
"RobertNC" <RobertNC@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:411D6F18-986B-462E-A8A5-45853FF4F441@xxxxxxxxxxxxxxxx
Thank you! I must have read that wrong when I was looking at it,
because
it
seemed that this wouldn't restrict user access, only communication for
system
events. I read about setting the bogus proxy setting, too. Thanks for
the
quick reply!
--
Bob
"Montreal MCSA" wrote:
Hi Bob,
As long as your users are using Windows XP Pro SP2 it is fairly easy,
but
not by Group - only by Organizational Unit. What you want to do is
create a
GPO to
disable Internet Communication, and this is what you do:
In GPMC (Group Policy Management Console) find the OU you have
created.
Right click on it and select Create and Link a GPO Here...
Name the GPO (i.e.: Block Internet).
Right-click on the new GPO and selet Edit. The GPOE (Group Policy
Object
Editor) will appear.
In the left tree pane expand User Configuration, then expand
Administrative
Templates, then expand System, then expand Internet Communication
Management.
There should be two options in the right (details) pane - Internet
Communication settings, and Restrict Internet communication.
Double-click Restrict Internet communication and the Properties window
will
appear. Select the Enabled radial, click Apply, then click OK.
Close the GPOE, then from the GPMC right-click your new GPO, and
select
Enforced.
You're done! This should take care of it for you.
--
MDG, MCSA
MCSA (2003), MCSA (2000)
Certified Small Business Specialist
Visit my blog at www.mitpro.ca/Blogs/tabid/55/BlogID/2/Default.aspx
"RobertNC" wrote:
This should be easy, but apparently not! Is there any easy way to
set a
group
policy to restrict ALL internet access for a group of users?
--
Bob
.
- References:
- Prev by Date: Re: PIX501 ISA SBS2003 Network Setup Thoughts
- Next by Date: Re: Break an SBS 2003 out of an existing SBS domain with same domain n
- Previous by thread: Re: How can I use SBS GPO to restrict AL internet access for speci
- Next by thread: How to have all company email sent to ISP server?
- Index(es):
Relevant Pages
|
