General discussion


Entry level question but...

By rmillz ·
I have recently started my first job as the network admin for a company. The owner wants to limit who can and can not use the internet. I keep thinking there is a way to do this through permissions in AD but can't seem to remember how. If anyone could tell me how to allow/deny internet use on specific computers/users it would be greatly appreciated. The company has approximately 50 computers and is using active directory on Windows Server 2003 Enterprise Edition. Thanks in advance.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -


by BFilmFan In reply to Entry level question but. ...

Those are controlled by the administrative template Inetres.adm.

This article covers using admin templates in a GPO:

Note that this will not stop smart individuals from using another browser to access the Internet.

Your best bet is to use a proxy-server/firewall/bastion host to control access.

Collapse -

On a per-computer basis, it's easy

by Server Queen In reply to Entry level question but. ...

On a per-computer basis, to keep users from going outside your local LAN and/or using the Internet, just put an incorrect gateway address - or no gateway address - in their TCP/IP setup. Or you can set IE to use a fake proxy server - go to Connections, LAN Settings, and set the proxy address to for all protocols.

If you need to do it on a per-user basis rather than per-computer, set up a new OU for users, and create a new policy, then move users into this No IE OU. This can be done in GPO by forcing the proxy settings on, locking down that LAN Settings page in IE, then prevent applications iexplore.exe, opera.exe, and firefox.exe. That does not, however, prevent users from going to My Computer and putting in a URL, or using Help and putting in a URL, but a fake proxy should.

Collapse -

limit internet access

by ibrar3 In reply to Entry level question but. ...

I don,t think there may be or not be such kind of option in AD but u can do it on a single computer individually.
go to internet explr
go to connection
GO to LAN settings
Double Clik on that
Clik on bottom use proxy server for Lan
Give some number randamly and apply it.

Collapse -

Internet access

by doug m. In reply to Entry level question but. ...

In our organization we have defined groups of people. Remember, you want to manage groups, not
individuals. You have a group of users who have access to the Internet and a group who does not.
For example, we have domain users, and we have Internet access users. You can make a person a member of the domain users without giving them Internet access. We limit Internet access by using an AUP (acceptable usage policy) They either sign it or no access. Simple yet effective.

Related Discussions

Related Forums