Networks

General discussion

Gravatar
Locked

Internet Restriction

By chuks ·
Guys I'd like to know if you can tell me of a way of restricting internet access in a network to specific users/ip-addresses. Please let me know if third party applications are available for this as well. Thanks in advance

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
+ Follow this Discussion ·
| Thread display: Collapse - | Expand +

All Comments

gravatar
Collapse -

by carlos.nino In reply to Internet Restriction

Sure there is, but please specify which network, servers, etc.

gravatar
Collapse -

by chuks In reply to Internet Restriction

Oops....forgot to mention that its a Microsoft 2000 LAN with about 50 users. I know you can do it with ISA 2000 but is there any other tool out there?

gravatar
Collapse -

by singh In reply to Internet Restriction

You could setup acccess group in your firewall/routers

gravatar
Collapse -

by singh In reply to Internet Restriction

You could setup acccess group in your firewall/routers

gravatar
Collapse -

by mshavrov In reply to Internet Restriction

Small trick you can use, but it's not for "advanced users". You can create registry entry to change either network parameters (for ecxample, remove DNS server), or change Internet Explorer settings (for example, put 127.0.0.1 as "Proxy Server"). In addition you can disable users to access or change these settings (through Security Policy). Then just assign this "script" and "policy" to users, who shouldn't access Internet.

It will work for some users, but "smart" people can always find "way around".

Another way is in installing proxy server. It's the same idea as Microsoft ISA server, but you can build it on old computer using Linux and Squid. It works great, but it's may be a little bit complicated in configuration manner.

If you have another questions or comments, just e-mail me.

Good luck,

Michael Shavrov
MCSE W2K, MCSE+I, CCNP, CCDP, Sun SCSA, Check Point CSSA, Security+

gravatar
Collapse -

by plexer In reply to Internet Restriction

Yes one way is to use a GPO or more specifically 2 GPO's.

Step 1: Set up 2 domain groups, call one webdeny and one weballow

Step 2: Create 2 GPO's on the root of your AD structure again call one webdeny and the other weballow. Set up the no override option on these. Webdeny must be above weballow in the list.

Step 3: Edit these GPO's so that weballow GPO is only applied by the weballow groups and webdeny GPO is only applied by the webdeny group.

Step 4: Edit webdeny GPO to set the internet proxy settings for the user to 127.0.0.1

Step 5: Edit the weballow GPO to se the internet proxy settings to the address of your upstream proxy.

Step 6: Allocate all the users you wish to have internet access to the weballow group and those that you don't to the webdeny group.

If you want to disable access for someone in the weballow group just allocate them to the webdeny group no need to remove them from weballow as webdeny takes precedence.

If none of this makes sense let me know.

gravatar
Collapse -

by plexer In reply to

Is this question going to be closed? or is there more info you can supply if the answers aren't acceptable.

gravatar
Collapse -

by mchilders In reply to Internet Restriction

We use a Linux Firewall/router called ClarkConnect. It allows blocking IP addresses from using the Web as well as filtering. Seems to be a pretty good package

Back to Networks Forum
8 total posts (Page 1 of 1)  

Start or search

Related Discussions

Related Forums