Limit access to the internet by certain users

  • Thread starter Thread starter Ricky
  • Start date Start date
R

Ricky

Hello. We are running windows 2000 SP4 terminal services. A lot of
users have net stations. the fileserver itself which is running TS
needs access to the internet for updates for windows, and virus
updates. How can I disable access for certain users to the internet,
but keep it so the server (or console) still has access?
This system is part of a hosptial network, so we have no access to a
proxy server- that is controlled by the hospital.

also, does anyone know the proper way to join a PC to a domain and
give them limited access to the network, but full access to the local
PC? they also need to be able to shut down the PC.

thanks.
 
1. Reconfigure the default gateway on the machines that you don't want to be
able to get to the net (set it to something ridiculous). You can't limit
user's access to the Internet based on their userid unless you're running
ISA server.

2. Join the domain (any way you know that works) and then add the domain
user's accounts to the local administrators group on each workstation. That
way they'll be admins on their own PCs and just Users on the network.

Hope this helps.
 
If you do not want any users to have general internet access, then you can configure
ipsec filtering for that machine to allow only internet access to the specific sites
for Windows Update and the antivirus updates. Of course the users could still go to
those sites if they wanted to. Another thing to try is to issue bogus proxy server
settings via Group Policy user configuration to those users who you do not want to
access the internet via Internet Explorer.

Generally you are best off giving domain users membership in the users group that
they are added to by default when they are joined to a domain. They will be able to
shut down their workstations. "Full access" usually means that they would have local
administrator access and can do things like install unauthorized software, change
tcp/ip settings, disable antivirus software, change Local Security Policy, and change
ntfs/registry permissions anywhere on the machine. Limited access to the network is
accomplished by share/ntfs permissions and user right assignments for network access
on other machines by domain users and by using firewalls or ipsec polices to limit
machine access to domain resources. --- Steve
 
Back
Top