Guys I'd like to know if you can tell me of a way of restricting internet access in a network to specific users/ip-addresses. Please let me know if third party applications are available for this as well. Thanks in advance
This conversation is currently closed to new comments.
Small trick you can use, but it's not for "advanced users". You can create registry entry to change either network parameters (for ecxample, remove DNS server), or change Internet Explorer settings (for example, put 127.0.0.1 as "Proxy Server"). In addition you can disable users to access or change these settings (through Security Policy). Then just assign this "script" and "policy" to users, who shouldn't access Internet.
It will work for some users, but "smart" people can always find "way around".
Another way is in installing proxy server. It's the same idea as Microsoft ISA server, but you can build it on old computer using Linux and Squid. It works great, but it's may be a little bit complicated in configuration manner.
If you have another questions or comments, just e-mail me.
Good luck,
Michael Shavrov MCSE W2K, MCSE+I, CCNP, CCDP, Sun SCSA, Check Point CSSA, Security+
Yes one way is to use a GPO or more specifically 2 GPO's.
Step 1: Set up 2 domain groups, call one webdeny and one weballow
Step 2: Create 2 GPO's on the root of your AD structure again call one webdeny and the other weballow. Set up the no override option on these. Webdeny must be above weballow in the list.
Step 3: Edit these GPO's so that weballow GPO is only applied by the weballow groups and webdeny GPO is only applied by the webdeny group.
Step 4: Edit webdeny GPO to set the internet proxy settings for the user to 127.0.0.1
Step 5: Edit the weballow GPO to se the internet proxy settings to the address of your upstream proxy.
Step 6: Allocate all the users you wish to have internet access to the weballow group and those that you don't to the webdeny group.
If you want to disable access for someone in the weballow group just allocate them to the webdeny group no need to remove them from weballow as webdeny takes precedence.
We use a Linux Firewall/router called ClarkConnect. It allows blocking IP addresses from using the Web as well as filtering. Seems to be a pretty good package
If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
Internet Restriction