General discussion



By robertarm ·
Is there any way to lock down IE 6 using Windows 2000 Professional. I need a gateway because the PC uses Citrix to connect to their main application but they do not want the employee to have internet access or Yahoo IM acces.


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by erikdr In reply to LOCK OUT THE INTERNET IN ...

If they need to use IE, you can lock down the IE config to use a proxy server (e.g. MS ISA, or a Linux one, or...). Then, in the proxy configure it such that the user can only use the Citrix-gateway site and not any normal Internet one.

I'm afraid that once you make IE available and do need the Internet in a technical sense, there is no way to restrict the DNS range inside IE. That's why I propose the proxy route and that's also the usual advice of Microsoft...


<Erik> - The Netherlands

Collapse -

by erikdr In reply to

On second thought (also seeing answer 2):

IE6 contains a list of secure and unsecure sites, and you can block the unsecure ones. Users, normally, can add to the list of secure sites. Maybe you can lock down/prohibit THAT through some setting and hence restrict them to solely visiting the Citrix session...


Collapse -

by Iain z-uk In reply to LOCK OUT THE INTERNET IN ...

You do have a couple of other options, maybe not standard but quite simple you could filter the TCP/IP settings to only allow certain ports - the one citrix uses (sorry don't know anything about citrix), or if it is a particular website set up a host record and block dns.

If you want more info on either of these ideas just give some more info on how you use citrix and i'll see if i can help

Collapse -

by Iain z-uk In reply to

Also if you give a brief description of your network/internet access.


Collapse -

by ross.bale In reply to LOCK OUT THE INTERNET IN ...

Do users need to access/run anything on the local machine ?? If everything is on citrix, do not publish Internet Explorer or create a default Desktop on citrix as to what users can and can't access, then set the Citrix connection to run on startup so the user will have no choice or option apart from what you can control and manage via Citrix.

Collapse -

by davidr In reply to LOCK OUT THE INTERNET IN ...

As far as the local Win2KPro pc is concerned have you tried removing the DNS settings from your TCP/IP configuration? This will prevent them from access the internet from their local pc but shouldn't interfere with the citrix connection. If they have internet access within Citrix then you will have to lock down Citrix. The easiest way would be to publish the app. they need and set up their profile to connect to that published app only.

Related Discussions

Related Forums