block internet access

  • Thread starter Thread starter Rob Bergstrom
  • Start date Start date
R

Rob Bergstrom

I have a subnet in a remote location that 2 computers need to be blocked
from getting to the Internet.

Can I use group policy to do this or some other way in Active Directory? ( I
have a firewall that I can do it using the rules and make a static IP for
those computers.)

They are on the 192.168.4.0 network, go through the router to the main
network 192.168.1.0 to get Internet.
If I gave them a bogus default gateway they won't be able to log on to the
domain since they have to access the 1.x network to login.

The firewall is probably the best way, but I would like to know of any way
in AD and/or group policy if there is one.
Windows 2003 servers/XP clients

Thanks,
Rob
 
You can use ipsec filtering policy to block user access to the internet. You
can use ipsec with block and permit filter actions. You could create an
ipsec policy with a mirrored block all IP rule and then create another
mirrored rule with permit for the subnets that should be allowed. The user
on the restricted computer will not gat any special error message however
and will not be able to get updates from Windows Updates from the internet.
The link below explains ipsec filtering more. --- Steve

http://www.securityfocus.com/infocus/1559
 
Thanks.
Rob


Steven L Umbach said:
You can use ipsec filtering policy to block user access to the internet. You
can use ipsec with block and permit filter actions. You could create an
ipsec policy with a mirrored block all IP rule and then create another
mirrored rule with permit for the subnets that should be allowed. The user
on the restricted computer will not gat any special error message however
and will not be able to get updates from Windows Updates from the internet.
The link below explains ipsec filtering more. --- Steve

http://www.securityfocus.com/infocus/1559
Click to expand...
 
Back
Top