Eliminate access to Internet via group policy

[Dick Wade]

Hello all,
Is there a way in Windows 2000 Server and Professional to limit access to
the Internet via group policy. I have a group that needs full Internet
access and another Security group that I've called NOIE that I'm trying to
have access only the Intranet webpage on my Inetpub/wwwroot/webpage location
on my IIS server. Is there any way to accomplish this? My full Internet
users have the default home webpage set to the one they most need to access.

Thanks,
Dick

 

[straighteight]

Sounds like you'd benefit from throwing a Proxy server into the
equation (I know they're horrible things, but hear me out

Using group policy you can roll out the proxy settings and tell it
which addresses are local and should bypass the proxy server. Using
Groups you can define who is permitted to use the proxy server, so your
IE users will get out through the proxy, your non IE users won't have
permission, but if they try to access an intranet site which you have
stated in GPO for everyone, it will work, as they don't need to go
through proxy. You could then apply an extra policy to enforce the
homepage for the NOIE users, which allows your IE users to set their
own.

Using strictly Group policy, I am guessing you may be able to set up
the intranet sites as "trusted sites", and enforce their IE that they
may only connect to trusted sites. I'm not sure how that would work or
if you can control that much from GPO, but its the only thing i can
think of off hand.