General discussion

  • Creator
  • #2176858

    Restrict Internet Access by User


    by sferrero ·

    Im an IT admin at my organization and i was wondering how i would go about restricting internet access from a certain user on our domain.

    I have one account that i do not want to be able to access the internet.

All Comments

  • Author
    • #3334902

      A number of ways.

      by tbragsda ·

      In reply to Restrict Internet Access by User

      You can run a proxy server, or what I would suggest is something like superscout. It will generate reports on usage, sites visited etc, and can block by site types etc.

      There are workstation options, but it makes more sence to do it from a server.

      • #2619302


        by djp81s8 ·

        In reply to A number of ways.

        Get his MAC address reserve an IP. Block the IP.

    • #3330364

      use the

      by jaqui ·

      In reply to Restrict Internet Access by User

      user account config to remove access to the external gateway for internet access.
      ( requires the server be configured to allow access on a user level for each device / service, rather than the most common of domain level controls )

      netware is good for the user level controls.
      *x is good for user level controls.

      • #3331644

        Novell Bordermanager.

        by tbragsda ·

        In reply to use the

        Ever use it? Was/is great! I dont have use it anymore, but loved it.

    • #3330140


      by choppit ·

      In reply to Restrict Internet Access by User

      If you’re talking about restricting particular users then you’ll need to ensure that user need to log in before accessing the web. As mentioned above,a proxy such as squid will allow you to do this. If you’re trying to block a particular host then things are a little simpler. If the user is not PC savvy I sometimes set the browser proxy to the loopback address. Other times I block outgoing ports for particular hosts at the firewall.

    • #3330108

      What firewall do you use?

      by jdclyde ·

      In reply to Restrict Internet Access by User

      Firewalls can allow and deny what ever you want.

      Just put in a deny from his pc’s IP to the destination. (unless you use DHCP, one of MANY reasons we do NOT use DHCP for our PC’s)

      Could also go to that pc and add that domain to the denyed or put in the hosts file that domain name with the address for an internal website with a note that the page attempted to access is denied due to company policy and the attempt has been logged.

    • #3330553


      by mcseman ·

      In reply to Restrict Internet Access by User

      I recommend using another Microsoft product called Internet Security and Acceleration (ISA). ISA will allow several simultaneous configurations including:
      1. restriction by user name
      2. restriction by group
      3. restriction to specific sites
      4. Restriction by time
      and any other combination of the above.
      Here is an example of a configuration I currently use to explain the flexability:
      I have a group of users that have 24/7 unlimited access (admins, directors, etc). I have set up time restrictions for other users to allow everyone unlimited access between the hours of 7-8am, 12-1pm, and 5-6pm. Every user has limited internet access to certain sites such as windowsupdate, antivirus update, corporate web site. ISA is not only the ‘proxy’ server but it is an integrated firewall that plays nice with Active Directory, OWA, and POP servers.
      I hope this helps.

      Erik ‘mcseman’ Pryor

      • #2504781

        Restricting by User on XP Pro

        by webaccount ·

        In reply to ISA


        Is there any way to completely restrict internet access on xp with in the system or using downloads from

        Are their any relatively inexpensive applications which can do this.



        • #2547294

          global policy

          by wsmith ·

          In reply to Restricting by User on XP Pro

          you can do it for free with global policy and have IE refer to a proxy server that does not exist. I have a whole group of users that are not allowed Internet access and can move people in and out of group at will.

        • #2986966

          Global policy

          by don ·

          In reply to global policy

          can you give a more detailed description on how to go about this?

Viewing 4 reply threads