Disable internet for Domain Users Via DNS

By prabu001 ·
i am having a win2k server with AD.i need to disable internet to all users in AD.the problem is when i give DNS setting of the server's IP the system connects to internet.i want to disable internet.right now i dint configure the DNS to users.and so the login was also slow because of no DNS configured for users.
plz help.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -


by scott_heath In reply to Disable internet for Doma ...

So you want no one to have Internet access at all? You could just kill the circuit to the internet. :)

Are you wanting this restricted for specific users. if so then use a proxy or firewall rules. You could place internt user and non-internet users on different subnets and then have the firewall block the non-internet user subnet from sending out packets.

Collapse -

Install a firewall on the server.

by DaveDXB In reply to ?

Configure the firewall to allow all traffic within your internal network (192.168.*.*) and to block everything else.

Collapse -

Firewall ???

by prabu001 In reply to Install a firewall on the ...

if i block means then everybody on the network cant able to access internet ,am i right?
i am having the "prefferd dns" setting as my win2k IP.can i disable the Dns on the win2k only internal domain login can be done and internet access is blocked.

Collapse -

no need to go to firewall and all

by pravin3000a In reply to Firewall ???

Hi Prabhu,

You can just remove forwarder in DNS options so internet access will not be there.

It seems you are novice to this field
1)If you don' configure the DNS your domain login will be with cached profiles no new user will be able to login
2)if you want block for perticular uses you can add any other DNS (ISP's DNS) as secondry DNS.

Although if you are familier to Firewall configuration you can open port 80 trafic only for those you want to provide internet.

There are many things but if you want block every one at all just remove forwarder from DNS,or else block all the traffic on port 53.

Collapse -

Default Gateway

by Baron Orlando In reply to Disable internet for Doma ...

If you're using AD, you definitely don't want to mess with the DNS settings. Keep those set to your internal DNS server.

Assuming you want to deny internet access to a group of computers, a very easy way would be to change the "default gateway" address that gets passed out by the DHCP server. If the domain computers don't know the address of the router that connects to the internet, they won't be able to access it.

Collapse -


by scott_heath In reply to Default Gateway

This doesn't work if you have more than one network at your site.

Collapse -

Multiple Networks

by Baron Orlando In reply to Note:

How many subnets do you have?

Are you wanting to block specific users' internet access, specific computers, or all users/computers in a subnet?

Is Windows 2003 your DHCP server?

Collapse -

Disable internet for 2000 server

by prabu001 In reply to Multiple Networks

thanx for reply.
everything is static ip only.
i am having two servers win2000 & win2003.i configured one AD on each servers.those who connected via 2000 & 2003 will have internet access.both servers r in same network but with two domains.i want the procedure to disable the internet in win2000 that users who r connected to 2000 server should not have access to well as i need to give my server ip as the "preferred dns".right now when "preferred dns" is filled with win2000 IP then those who connects to win2000 can be able to access there any way to tap this problem by disabling DNS on win2k server?

Collapse -

Try using Group Policy to control Internet access

by butchkn In reply to Disable internet for Doma ...

make a user GP to create a windows settings\Internet explorer maintenance\Connection Proxy Settings to provide the users assigned to this GPO a none existant proxy server

Collapse -

AD needs DNS

by -Q-240248 In reply to Disable internet for Doma ...

Find a different method, as described by previous posts. You can do it all in your router.

Related Discussions

Related Forums