disabling internet except a few sites thru gpo 2008 server

By Cudmasters Los ·
i would like to control a container of users from accessing the internet,except a few sites thru gpo in internet 2008 standard. Is this possible.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Trusted Sites

by netwrk_admn In reply to disabling internet except ...

I've never done this myself, but I imagine if you can set a policy similar to allow internet browsing only trusted sites, and then set up your hard coded whitelist under trusted sites section. Lock it down.

This can help you get started:

This should only work with IE, if someone uses/installs Firefox/Chrome/etc, that may circumvent security.

Collapse -

Get MAC's of the PC's and modify DHCP Gateway parameters..

by cmatthews In reply to disabling internet except ... the gateway they get will be an easy-peasy proxy-filter.. (the other post was correct, there's may ways to circumvent)

To some here, limiting access sounds cruel (but hey, if they won't get back to work.. what can ya do?)

Take your pick they're all free, IPcop, Smoothwall, Endian, Untangle Gateway, etc..

There's a list of 20 here (I'm partial to Smoothwall with URLfilter):

Collapse -

A URL filter based on PC/user is correct

by netwrk_admn In reply to Get MAC's of the PC's and ...

I was being too narrow, using a sole GPO solution like he requested.

Limiting access is cruel but during times like March Madness here in the US, it's sometimes necessary. Wouldn't be so bad if my department could host web sites, ftp traffic AND streaming video on more than 1.5 mbps...

Collapse -

1.5 megs? That's a squeeze..

by cmatthews In reply to A URL filter based on PC/ ...

You might like to know URL filter has a cousin called ADVproxy. I haven't used the feature, but it's called "content based throttling"

I guess it recognizes mime types for binary files, cd images and multimedia.

Collapse -


by Cudmasters Los In reply to 1.5 megs? That's a squeez ...

thanks for the replies. I will try all of the suggestions. The CEO doesn't want some of the people to have access, I tried to use a software called browse control. The only problem is it doesn't work on a terminal server because the policy is set by the policy of whoever logs in first. It won't do individual policies. Thank God for my job. Locked by default office, can watch the games :) While I am working on this of coarse LOL

Collapse -


by Cudmasters Los In reply to thanks

netwrk_admn. What do you mean by set up a hard coded white list. I am assuming the actual websites? Thanks for the website. Awesome, i have always wanteded an explination on how those worked.

cmatthews@... Will the software that you referred me to work on a terminal server?

Collapse -

hard coded white-list

by netwrk_admn In reply to netwrk_admn,cmatthews@... ...

Yes, this would be a static list, of all 'good' URLs. I would stick to cmatthews solution, and just use a custom white-list.

Conversely, for this application, a blacklist is a list which bans certain websites.

Collapse -

Great info

by Cudmasters Los In reply to hard coded white-list

Thanks for the help!! quick reply!!!

Collapse -

Will the software that you referred me to work on a terminal server?

by cmatthews In reply to netwrk_admn,cmatthews@... ...

I have to ask some questions first:

1) Are the users you want to limit browsing from within the TSC sessions? (If so, no proxy required! You are in the drivers seat, and can policy/zone limit what they can do). If not..

2) Are you wanting to use TS as a "box" to run the proxy service? If so, you would have add another IP to the NIC (as the limited gateway) and run the proxy inside a virtual machine running on the server. (really has nothing to do with TS). But before you load down your TS with a CPU hogging VM, there is a better way..

3) Since the browsing these folks do is somewhat trivial (as opposed to mission critical), dust out an old PC with 256m RAM, a 4.3g HD, stuff in a second NIC, boot from the Smoothwall CD and PRESTO insta-proxy.

A caveat when installing an internal Proxy:
This would operate as a 2-interface NAT router which runs correctly when both NIC's are assigned IP's on 2 distinct subnets. Obviously, NIC#1 will have to be directly accessible by the clients and NIC#2 will need to be on another subnet. If you get stuck, provide some detail and I'll try to help..

If you still want to run something from a win-box, Scott Lemmon wrote Proxomitron, but passed away before perfecting it. Others have made variants listed here at Wikipedia:

Collapse -


by Cudmasters Los In reply to Will the software that yo ...

CMatt, sorry dude, i got a message saying "You have reached your maximum message level",on the last thread, so i thought the tread was done, didn't pay attention to this, glad i did. I have always wanted to know how to set up a proxy, so i will do that with a spare computer. i appreciated the help offer if i get stuck, i'm sure i will, i will kepp you updated to where i am at. In the mean time, i'm sure this is a stupid questin, but it doesn't matter what os i run for the proxy, is xp pro cool?

Related Discussions

Related Forums