Limit Internet Access

  • Thread starter Thread starter mattmied
  • Start date Start date
M

mattmied

Hi:

I'd greatly appreciate any suggestions on how to limit
users on several computers to only browse a handful of
internet sites. I'm looking for the simplest solution.

I have about 30 win 2k machines connected to a win 2k
domain controller. On about five of these machines, I
would like to limit the use of the internet to about 5
sites, for example yahoo.

Thanks
 
I'd greatly appreciate any suggestions on how to limit
users on several computers to only browse a handful of
internet sites. I'm looking for the simplest solution.

I have about 30 win 2k machines connected to a win 2k
domain controller. On about five of these machines, I
would like to limit the use of the internet to about 5
sites, for example yahoo.
Click to expand...

You want a proxy server.

Jeff
 
A Proxy server like ISA server would be the simplest solution. See
www.microsoft.com/isaserver

--

Thanks,
Marc Reynolds
Microsoft Technical Support

This posting is provided "AS IS" with no warranties, and confers no rights.
 
You could enable ipsec filtering on those computers. Create a mirrored rule to
block all ip traffic, create another rule to allow all ip traffic for the lan
subnet, and then create another mirrored rule to permit the sites you want them
to access on outbound ports 80/443 tcp based on the sites ip address which you
can enter the site name in the ipsec rule and it will resolve the current
addresses for you. This could be done via an OU GPO or by changing the Local
Security Policy on each machine. Policies can be imported/exported also. You may
also be able to do the same on your firewall if the machines have static ip
addresses.--- Steve

http://www.microsoft.com/windows2000/techinfo/planning/security/ipsecsteps.asp
 
Thanks Steve,

I am going to give it a try.
-----Original Message-----
You could enable ipsec filtering on those computers. Create a mirrored rule to
block all ip traffic, create another rule to allow all ip traffic for the lan
subnet, and then create another mirrored rule to permit the sites you want them
to access on outbound ports 80/443 tcp based on the sites ip address which you
can enter the site name in the ipsec rule and it will resolve the current
addresses for you. This could be done via an OU GPO or by changing the Local
Security Policy on each machine. Policies can be
Click to expand...
imported/exported also. You may
 
Back
Top