IT Employment

General discussion


Restrict Internet Access by User

By Sferrero ·
Im an IT admin at my organization and i was wondering how i would go about restricting internet access from a certain user on our domain.

I have one account that i do not want to be able to access the internet.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

A number of ways.

by tbragsda In reply to Restrict Internet Access ...

You can run a proxy server, or what I would suggest is something like superscout. It will generate reports on usage, sites visited etc, and can block by site types etc.

There are workstation options, but it makes more sence to do it from a server.

Collapse -


by djp81s8 In reply to A number of ways.

Get his MAC address reserve an IP. Block the IP.

Collapse -

use the

by Jaqui In reply to Restrict Internet Access ...

user account config to remove access to the external gateway for internet access.
( requires the server be configured to allow access on a user level for each device / service, rather than the most common of domain level controls )

netware is good for the user level controls.
*x is good for user level controls.

Collapse -

Novell Bordermanager.

by tbragsda In reply to use the

Ever use it? Was/is great! I dont have use it anymore, but loved it.

Collapse -


by Choppit In reply to Restrict Internet Access ...

If you're talking about restricting particular users then you'll need to ensure that user need to log in before accessing the web. As mentioned above,a proxy such as squid will allow you to do this. If you're trying to block a particular host then things are a little simpler. If the user is not PC savvy I sometimes set the browser proxy to the loopback address. Other times I block outgoing ports for particular hosts at the firewall.

Collapse -

What firewall do you use?

by jdclyde In reply to Restrict Internet Access ...

Firewalls can allow and deny what ever you want.

Just put in a deny from his pc's IP to the destination. (unless you use DHCP, one of MANY reasons we do NOT use DHCP for our PC's)

Could also go to that pc and add that domain to the denyed or put in the hosts file that domain name with the address for an internal website with a note that the page attempted to access is denied due to company policy and the attempt has been logged.

Collapse -


by mcseman In reply to Restrict Internet Access ...

I recommend using another Microsoft product called Internet Security and Acceleration (ISA). ISA will allow several simultaneous configurations including:
1. restriction by user name
2. restriction by group
3. restriction to specific sites
4. Restriction by time
and any other combination of the above.
Here is an example of a configuration I currently use to explain the flexability:
I have a group of users that have 24/7 unlimited access (admins, directors, etc). I have set up time restrictions for other users to allow everyone unlimited access between the hours of 7-8am, 12-1pm, and 5-6pm. Every user has limited internet access to certain sites such as windowsupdate, antivirus update, corporate web site. ISA is not only the 'proxy' server but it is an integrated firewall that plays nice with Active Directory, OWA, and POP servers.
I hope this helps.

Erik 'mcseman' Pryor

Collapse -

Restricting by User on XP Pro

by webaccount In reply to ISA


Is there any way to completely restrict internet access on xp with in the system or using downloads from

Are their any relatively inexpensive applications which can do this.



Collapse -

global policy

by wsmith In reply to Restricting by User on XP ...

you can do it for free with global policy and have IE refer to a proxy server that does not exist. I have a whole group of users that are not allowed Internet access and can move people in and out of group at will.

Collapse -

Global policy

by don In reply to global policy

can you give a more detailed description on how to go about this?

Related Discussions

Related Forums