Questions

Blocking Internet

+
0 Votes
Locked

Blocking Internet

mhdfazil
Dear All
please guide me to block internet through windows server 2003 group policy. your earliest reply is appreciated.

thanks
fazil
  • +
    0 Votes
    rjluvkc

    Group policy allows you to configure proxy settings for IE. You can direct them to 127.0.0.1, or configure your DHCP server to point to that same ip for their gateway address, if you do not have the need for routing to other subnets on your network. I am sure there are other ideas, this seems the simplest to me. Need a little more info from you if this doesnt help.

    +
    0 Votes
    mhdfazil

    Hai friend
    nice to hear from u. im not aware on doing this in GP. can u pls direct me to configure proxy through GPolicy for IE and mozilla

    +
    0 Votes
    Jacky Howe

    In Active Directory Users and Computers create a Security Group in Security Group NoIe.

    Right mouse click on the Domain Name and make an Organisational Unit named NoIe. Right mouse click on it and select Group Policy click on Open.

    Right mouse click on Group Policy Objects select New and type in NoIe.

    Right mouse click on NoIe and select Edit.

    Navigate to User Configuration \Windows Settings \Internet Explorer Maintenance \Connection \Proxy Settings.

    Set all instances of proxies to "127.0.0.1" or any non-valid proxy address.

    Navigate to User Configuration \Administrative templates \Windows Components \Internet Explorer \Internet Control Panel and disable the Pages that you do not want the User to access especially the Connections Page.

    Close the Editor.

    Right mouse click on the NoIe Organisational Unit and select Link an Existing GPO and select NoIe.

    Add the Users that you do not want to access the Internet to the Security Group NoIe.

    Add the Users that you do not want to access the Internet to the Organisational Unit NoIe.

    Left mouse click on Start and select Run

    Type in gpupdate /force and select OK.

    When it has finished updating press n.

    Works with XP and Vista

    Another alternative

    Configuring Clients to Proxy using Group Policy or Login Script

    http://www.stbernard.com/ip4kb/iPrism/Networking/Sessions-Clients/Browsers/IP0346.htm


    Create setproxy.reg (any filename can be used)

    Open notepad & type in as follows:

    Windows Registry Editor Version 5.00 (or the appropriate version of regedit, if different)

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyServer"="<Your Proxy IP Address>:<Proxy Port>" "ProxyEnable"=dword:00000001


    Copy setproxy.reg to login script folder.

    Add the following line to the login script.

    Regedit /s setproxy.reg

    +
    0 Votes
    rjluvkc

    If you want to block by machine (you can use GPO for machine as well)...in your DHCP scope you can create a reservation by mac address and set the gateway to 127.0.0.1 as well. As long as users dont have admin rights,they will not be able to change the gateway. Keep in mind, no matter who uses that pc, they will not have a gateway. If you have many pcs, this is not practical. Do as Jacky stated.

  • +
    0 Votes
    rjluvkc

    Group policy allows you to configure proxy settings for IE. You can direct them to 127.0.0.1, or configure your DHCP server to point to that same ip for their gateway address, if you do not have the need for routing to other subnets on your network. I am sure there are other ideas, this seems the simplest to me. Need a little more info from you if this doesnt help.

    +
    0 Votes
    mhdfazil

    Hai friend
    nice to hear from u. im not aware on doing this in GP. can u pls direct me to configure proxy through GPolicy for IE and mozilla

    +
    0 Votes
    Jacky Howe

    In Active Directory Users and Computers create a Security Group in Security Group NoIe.

    Right mouse click on the Domain Name and make an Organisational Unit named NoIe. Right mouse click on it and select Group Policy click on Open.

    Right mouse click on Group Policy Objects select New and type in NoIe.

    Right mouse click on NoIe and select Edit.

    Navigate to User Configuration \Windows Settings \Internet Explorer Maintenance \Connection \Proxy Settings.

    Set all instances of proxies to "127.0.0.1" or any non-valid proxy address.

    Navigate to User Configuration \Administrative templates \Windows Components \Internet Explorer \Internet Control Panel and disable the Pages that you do not want the User to access especially the Connections Page.

    Close the Editor.

    Right mouse click on the NoIe Organisational Unit and select Link an Existing GPO and select NoIe.

    Add the Users that you do not want to access the Internet to the Security Group NoIe.

    Add the Users that you do not want to access the Internet to the Organisational Unit NoIe.

    Left mouse click on Start and select Run

    Type in gpupdate /force and select OK.

    When it has finished updating press n.

    Works with XP and Vista

    Another alternative

    Configuring Clients to Proxy using Group Policy or Login Script

    http://www.stbernard.com/ip4kb/iPrism/Networking/Sessions-Clients/Browsers/IP0346.htm


    Create setproxy.reg (any filename can be used)

    Open notepad & type in as follows:

    Windows Registry Editor Version 5.00 (or the appropriate version of regedit, if different)

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyServer"="<Your Proxy IP Address>:<Proxy Port>" "ProxyEnable"=dword:00000001


    Copy setproxy.reg to login script folder.

    Add the following line to the login script.

    Regedit /s setproxy.reg

    +
    0 Votes
    rjluvkc

    If you want to block by machine (you can use GPO for machine as well)...in your DHCP scope you can create a reservation by mac address and set the gateway to 127.0.0.1 as well. As long as users dont have admin rights,they will not be able to change the gateway. Keep in mind, no matter who uses that pc, they will not have a gateway. If you have many pcs, this is not practical. Do as Jacky stated.