General discussion

Locked

Internet access on ISA server 2000

By demanteys ·
How do i block Internet to selected PC's on my LAN using ISA server 2000 installed on windows 2003 server.

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by ewgny In reply to Internet access on ISA s ...

The easiest way would be to use Group policy. I'm asuming that your ISA server is your proxy server. If you use group policy to have the user use a bogus proxy address (or in your case a computer), and restrict the users ability to change proxy settings, you can prevent the user or computer from having internet access.
see my answer to another question at this link
http://tinyurl.com/4haz8
And to make it specific to a computer rather than a user you will need to use a loopback policy. see my answer to this question at this link
http://tinyurl.com/6evhp

Collapse -

by nevernessit In reply to Internet access on ISA s ...

If it was only a small number of computers (and they aren't grouped) you could set it using IP address. This is only practical if you have a few machines that you want to block.
Just create your normal allow rules and create an exception rule for the computers you want blocked. Then specify the IP addresses (or even users) that should be blocked in a deny rule.

Collapse -

by d'solve IT In reply to Internet access on ISA s ...

Hi,

Both the answers before me tell you the way you can achieve this - I'm providing you with details. :-)

1. Go to the computer with ISA Server 2000 installed (or terminal session). Login as administrator.
2. Open the ISA server MMC.
Method A (using IP blocking - provided you are using static IP's for your client PC's)
3. Expand Policy Elements and click on Client Address Sets. Right Click to Add a New Set (or right click an empty space on the right-hand panel to add New Set)
4. In the Client Set window type a easily distinguishable Name (say - BlockedInternetUsers). You may provide a description in the field provided. Now click Add button to insert the IP range you wish to block). If the range of IP's are not consequetive, you will have to enter each address one by one (if it is only one IP address, enter this in both the From and To fields). Click OK after each insertion.
5. Click OK to exit the Client Set window.
6. Now highlight the Schedules (in the Policy Elements) and right-click to add New | Schedule.
7. A window called New Schedule will open. Provide a friendly name (say, BlockedInternetUsers_Time). You may enter a descripttion in the field provided). Now select the entire block (in the schedule grid provided) and click on the Indactive button. The default blue colour will change to white in the grid. Click OK.
8. Now go to Access Policy and expand this. Highlight Protocol Rules and right click to add New Protocol Rule.This opens the New Protocol Rule Wizard....
9. Enter a friendly name in the Protocol rule name (say, BlockedUsersIP) and click Next. Select the Deny radio button and click Next. Select All IP traffic from the Apply this rule to: dropdown and click Next. Select the BlockedInternetHours from the Use this schedule dropdown and click Next. Select the radio button Specific computers (client address sets) and click Next. Click Add and select the BlockedInternetUsers from left-hand panel, click Add to display this set on the right-

Collapse -

by d'solve IT In reply to

Method B (Users and Groups - Domains)
3. Go to the Domain Controller (or Terminal session) and create a Group (say, BlockedInternetUsers). Add to this group the users you want to block. Close the console.
4. Go to the ISA server MMC and skip to step 6, follow till step 8.
9. Enter a friendly name in the Protocol rule name (say, BlockedUsersIP) and click Next. Select the Deny radio button and click Next. Select All IP traffic from the Apply this rule to: dropdown and click Next. Select the BlockedInternetHours from the Use this schedule dropdown and click Next. Select the radio button Specific users and groups. Click Add to open the Select Users and Groups window. Change to the domain in the Look In zone (at the top) and now select the group you created earlier on the Domain Controller (BlockedInternetUsers), click Add and click OK. Click Next. Click Finish to Exit.
Complete step 10.

NOTE: if you are on a workgroup, then create a group on the ISA server itself and add all the barred users to this group. You must have created all these users on this server prior to this. Follow the rest of the above and select the local group in step 9.

Collapse -

by CG IT In reply to Internet access on ISA s ...

Use limit the PCs who have access to ISA server with the ISA server firewall client program. The computers need the proxy server settings in IE for internet access and they receive that information from the ISA server firewall client program. Simply don't install the firewall client program on the select PCs which you don't want internet access.

To further limit users abilities to enter proxy server info, create a GP which restricts users ability to Tools in IE.

Back to Networks Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums