Blocking Internet Access

  • Thread starter Thread starter Charlie Hill
  • Start date Start date
C

Charlie Hill

Need recommendations about how to prevent specific users
from accessing the Internet. Here are the details.

1. Some users need no access to the Internet or our
intranet.

2. Some users need access to our INTRANET, but blocked
from accessing the Internet.

Here is my feeble solution for 1st case.
Used GPO to block use of iexplore.exe & msimn.exe (Outlook
Express). This closed the front doors, but left two back
doors.

Windows Explorer (explorer.exe) can be used to browse the
Internet, and Adobe Acrobat Reader can be used to browse
the Internet.

How can I close these back doors to the Internet?

I do not have a solution for item 2. I do not know how to
block the Internet, but allow access to the local intranet.

AdThanksVance

Charlie
 
Charlie Hill said:
Need recommendations about how to prevent specific users
from accessing the Internet. Here are the details.

1. Some users need no access to the Internet or our
intranet.

2. Some users need access to our INTRANET, but blocked
from accessing the Internet.

Here is my feeble solution for 1st case.
Used GPO to block use of iexplore.exe & msimn.exe (Outlook
Express). This closed the front doors, but left two back
doors.

Windows Explorer (explorer.exe) can be used to browse the
Internet, and Adobe Acrobat Reader can be used to browse
the Internet.

How can I close these back doors to the Internet?

I do not have a solution for item 2. I do not know how to
block the Internet, but allow access to the local intranet.

AdThanksVance

Charlie
Click to expand...

I have been searching for the best way to do the same
on thick clients in a workgroup environment (no AD/Domain).

Best I could come up with so far is found here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;267930

I am not sure of pros/cons of trying it on a Terminal Server, but
on a thick client, it has worked out okay - at least all the applications
worked after it was done.

Using local policies seemed to break applications if they relied on
IE/ActiveX,
but I am probably just not savvy enough to figure out how to get those apps
to
work with policies enabled.

HTH
 
The best way to solve this is to install a firewall, which allows
you to define which users or users groups have access to the
Internet. I believe that ISA server has this functionality.

A quick-and-dirty way of solving the problem could be to create a
GPO which defines a proxy server which points to your main
Intranet website, in combination with locking IE down, to prevent
users from changing the proxy settings. All user groups that apply
the GPO can only access the Intranet, but not the Internet.
Exclude Administrators and other user groups that should have
access to the Internet from this GPO.
 
Back
Top