Blocking IP traffic depending on the user....

  • Thread starter Thread starter Brad Pears
  • Start date Start date
B

Brad Pears

Does anyone know where I might be able to find some software that can be
installed on a teminal server that would allow me to block all HTTP requests
from terminal server users on that machine - all "EXCEPT" for certain users?
If the user has to run an authentication applet of some sort that would be
fine. Best would be if the software would just "know" the logged on
username... and could integrate with AD users and groups...

I guess I would be looking at some type of firewalling software - preferably
for free....

Thanks,

Brad
 
Always for FREE!

--
Regards,

Richard Urban

aka Crusty (-: Old B@stard :-)

If you knew as much as you thought you know,
You would realize that you don't know what you thought you knew!
 
If you want to just block traffic and not filter it you could restrict access
to iexplore.exe for "Domain Users". Then, create a security group
"WebAccess" for example and put the users that can access the web in that
group, and give the group
read and execute rights to iexplore.exe. This solution is free :)

Hope this helps!

Dan
 
Brad Pears said:
Does anyone know where I might be able to find some software that can be
installed on a teminal server that would allow me to block all HTTP
requests from terminal server users on that machine - all "EXCEPT" for
certain users? If the user has to run an authentication applet of some
sort that would be fine. Best would be if the software would just "know"
the logged on username... and could integrate with AD users and groups...

I guess I would be looking at some type of firewalling software -
preferably for free....

Thanks,

Brad
Click to expand...

This was cross-posted to windowsxp.general

If you have win xp pro installed, that will work I think,
but do no think win xp home will work.
 
I have done this in the past, problem is users know how to get around this.
They can browse the web using our corporate email client "Outlook 2002" and
since some application help is HTML based (i.e. the calculator etc...), some
have even figured out how to go into help on some apps and "jump to URL"
from there!!!!

Thanks anyway...
 
Got any ideas on a "Pay" product?

Brad
Richard Urban said:
Always for FREE!

--
Regards,

Richard Urban

aka Crusty (-: Old B@stard :-)

If you knew as much as you thought you know,
You would realize that you don't know what you thought you knew!
Click to expand...
 
Hi Brad,

Perhaps I am wrong about this, but can't you remove the user from the small
business internet user group and voila...no more web browsing>

I may be wrong on this,\

RickD
 
To selectively block by protocol or port use the IP Filter on the NIC setup.
By user use IPSec.

You can also do this by using policy to block access to WinHTTP and WinINET.
This should block ALL internet access. If you don't block at a low enough
level users can bypass by pointing at a proxy on another port like 808 or
8008 or 34008.
 
I agree with Rick... since the OP seems to be crossposting to SBS2k NG they
I assume the TS box is on an SBS domain (which in turn has ISA). If so, just
remove the user from "Backoffice Internet Users" security group... and that
should be it.
 
Do you mean the "Backoffice Internet Users" group?

We are not using ISA. I wonder if that group is specific to ISA...

Interesting thought though!

Thanks,

Brad
 
Yes, That is the correct name....

RickD

Brad Pears said:
Do you mean the "Backoffice Internet Users" group?

We are not using ISA. I wonder if that group is specific to ISA...

Interesting thought though!

Thanks,

Brad
Click to expand...
 
If you are not using ISA at all though, will removing them from this group
still prevent web browsing?

Brad
 
Hi Brad,

If you don't have ISA, you don't have the Backoffice Internet Group.

--
Regards,

Marina
Microsoft SBS-MVP
One of the Magical M&M's
 
We do have ISA - it's just not "turned on" right now...

We are using a Watchguard Firebox instead.

I think my questions have been answered!

Thanks,

Brad
 
Rick, could you maybe expand on how one would use IPsec to block ports for a
specific user? I took a look in there but did not see where you would supply
a particular group or user who would be "blocked"...

I have never used IPSec on the TCP protocol either so I am likely just
stupid.

Thanks, Brad
 
Brad,

I am sorry for the misunderstanding. My suggestion is related to SBS2000
with ISA enabled.
If you remove a user from the back office internet users group in the user's
user profile, then they do not have internet access....

RickD

I have not implented IPSEC!
 
Back
Top