Internet/Intranet Access

[Libby]

I have users on a Win 2000 network that need to access an intranet site, but
not the internet. Restricting access to the iexplore.exe file on the local
workstations isn't an option as it is needed to run the intranet site. Can
this be done in the user account sections or do I need to go to the router?
Any suggestions would be great.

Libby

 

[Randy Franklin Smith [MVP]]

If you don't want/can't block at the firewall you create an IP Security
Policy and push it to the appropriate workstations via group policy. The IP
Security Policy would have 2 rules 1) block all outgoing connections to port
80 and 443 except for 2) allow outgoing port 80/443 connections if
destination address is within your subnets or internal dns domain. Note,
this option isn't user specific - it follows the computer.

 

[Randy Franklin Smith [MVP]]

If you do that by the way, you will break Windows Update. This is only a
problem if you are using Windows Update as opposed to Software Update
Services. I guess you could always create some rules to allow WU traffic
out but it starts to get cumbersome.