Internet

  • Thread starter Thread starter Kowalski
  • Start date Start date
K

Kowalski

How can i prevent some people from accessing the internet
on an easy way. They need access to intranet and two
servers on the internet. We use an dhcp server and
automatic give the computers dns server etc.

thx kow
 
You can use our Internet Security and Acceleration server (ISA) for this purpose. ISA integrates into Windows security and allows you to specify who has
access to what based on account name or group membership. If your clients have statically assigned IP addresses, then you could also use RRAS with
packet filtering to limit who has access to what. This can be quite troublesome though if you are not comfortable with configuring RRAS and packet filters.
There are also a host of 3rd party products that will do this. Many hardware NAT routers will offer limited functionality for this as well.

Thank you,
Mike Johnston
Microsoft Network Support

--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated.
 
In
Kowalski said:
How can i prevent some people from accessing the internet
on an easy way. They need access to intranet and two
servers on the internet. We use an dhcp server and
automatic give the computers dns server etc.

thx kow
Click to expand...

Probably the easiest and least expensive way using DNS is to use a root "."
zone make it standard primary. Then delegated only the two domains you want
to give access to. Make sure you have a group policy to keep users from
changing network settings and only allow clients access to your internal DNS
server.

Set DNS up by this example for microsoft.com
1 Create your "." Root zone. This will make your DNS server authoritative
for the entire name space.

2 Create a new domain in that root zone named "com". This will make your DNS
server authoritative for the entire "com" TLD.

3 In the "com" domain create a new Delegation named "microsoft" then make
that delegation point to these name servers.
dns1.cp.msft.net internet address = 207.46.138.20
dns1.tk.msft.net internet address = 207.46.245.230
dns3.uk.msft.net internet address = 213.199.144.151
dns1.dc.msft.net internet address = 64.4.25.30
dns1.sj.msft.net internet address = 65.54.248.222

Delegations must point to the Authoritative DNS servers to work. This will
make microsoft.com the only domain accessable using this DNS server. Add
additional TLDs ( .net, .org, .whatever) then delegate only the domain
second level names you are going to allow access to.

You can do this for all domains you want acccessed.


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
http://www.lonestaramerica.com/
============================
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
--
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================
 
K> How can i prevent some people from accessing the internet
K> on an easy way.

Give their machines IP addresses in one of the RFC 1918 non-public address
ranges, which will prevent their access to Internet entirely; or employ
firewall rules, which will allow for more fine-grained control if that is
needed.

This is not really the newsgroup for such questions, because altering one's
DNS service is not the means for achieving this end. You'll gain a false
sense of security in thinking that you have done something, but you won't
actually be preventing people from accessing Internet (or Internet from
accessing them, moreover) at all.
 
Back
Top