• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Limiting internet access on a Windows 2000 domain

B

Booty

Senior member
I simply want to know how I can control access to websites using Windows Server 2000/Active Direct. I'm completely new to using stuff like Group Policies, etc. I could do this using our firewall, but I'd rather block it at the domain level if possible - I'd like to set up a limited user account that can only log on to 2-3 specific websites. Ideally, actually, that'd be the only thing on the system they'd have access to, so I guess I'm looking to learn how to really lock down the workstations around here using, I guess, group policy.

I am completely new at this - I'm looking into some different books so I can learn this stuff, but for now I kinda have to get this done quick, so... please help! 🙂

 
Nothing? I looked through the default domain policy and found all kinds of cools stuff, but the closest thing I found to what I'm looking for was to mess with the internet security options... you know, restrcted sites, trusted sites, etc. Not what I'm looking for.

Can I use the login script to dump a hosts file in that blocks everything? Would that get the job done for now?

I'm googling my butt off, but haven't found what I'm looking for yet.
 
You can't do this with GPOs. GPOs have no function of blocking specific sites. However you can lock the machine down to only run IE. We do this for a few kiosk machines we have in our cafeterias at work. They are only allowed to run IE, Acrobat Reader, and Word.
 
You would have to do this with an internet proxy.

You could use a GPO to lock them out so they have to use IE and than push the proxy settings for IE so that it only uses the proxy server, but the GPO itself wouldnt really be doing the blocking.
 
Okay, well, we don't have a seperate proxy machine, but I think we can do that on the firewall - so here's the million dollar question, then:

When applying a new GPO like this, I take it I create a new GPO, tweak it how I want it, etc... but I'm a little gunshy when it comes to applying it. I want to make sure it ONLY gets applied to the specific user(s). So can anyone just verify the steps to take here so that I don't end up locking out the whole domain from stuff they need. Either that, or if anyone has a link to a good newbie guide... I've been searching, but haven't been able to find one.

Also, I'd love some book recommendations - on both server 2000 and 2003 (since we'll eventually go to 2003). I'm going to need to start learning this stuff, as I will be taking over network admin duties here within a couple months.
 
A few excellent resources for GPOs

Understanding Group Policy in Windows 2000 - The basics of GPOs in Windows 2000.
Group Policy, Profiles and IntelliMirror -Probably the best GPO book out there.
Microsoft Group Policy Management Console - Needs an XP machine to run but make managing GPOs MUCH easier. Includes RSOP (Resulting Set of Policy) so if you have mulitple polcies in place you can see the results of them.
Microsoft RSOP Documentation - Explains the Ins and Outs of RSOP
Group Policy Common Scenarios - Lots of scenarios and how you use GPOs for them
Software Restriction Policies - How to use the Software Restriction Policies effectively.
TechTarget GPO Learning Guide - Seems to be more geared toward beginners so you may want to start here, although the MS documentation is much more detailed.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top