Limiting Internet Access on an AD Domain

owensdj

Golden Member
Jul 14, 2000
1,711
6
81
Is there a way to prevent specific users from having the ability to access the Internet on a Windows 2000 Server Active Directory domain network? The workstations are Windows XP Pro.
 

owensdj

Golden Member
Jul 14, 2000
1,711
6
81
Sideswipe001, no proxy server. There's a single Win2K Server that functions as the DNS and DHCP server for the client machines and a Netgear router for the DSL Internet access.
 

wlee

Senior member
Oct 10, 1999
585
0
71
If you can't spend any $$$, but have a spare machine and a few NICS, then you could use SmoothWall In the free-ware ver, there is no GUI for the access list, but it's easy enough to make the entries using WinSCP. Also have a look at Martybugs for more info on setting up more advanced security features.
 

Sideswipe001

Golden Member
May 23, 2003
1,116
0
0
My business here bought Windows 2000 small buisness server - came with Windows 2000 server, Exchange 2000, SQL, and ISA server. The only "microsoft" way to do it that I know of is through ISA server, which would foce all of your computer to go through your server's proxy to get the internet. You need 2 NICs to set that up though. One connected to the Router, and one connected to the LAN. You will have to look up alternate 3rd party ways to do it if you don't have/want ISA server.
 

loup garou

Lifer
Feb 17, 2000
35,132
1
81
ISA would be perfect for this, but couldn't you make a group policy for those users, point them to a non-existant proxy server (unused local address) and lock out the proxy controls in IE? Not 100% locked down (hell not even 1%), but it should stop the casual user.
 

owensdj

Golden Member
Jul 14, 2000
1,711
6
81
werk, I've heard something about maybe using Group Policies to do this, but I also need to be able to block e-mail client access as well as web browser access. There are certain users who don't need Internet access for their job who are bringing viruses and other problems into the network by their e-mail and web browser use, if possible.
 

loup garou

Lifer
Feb 17, 2000
35,132
1
81
You could also specify in your GPO to disallow running of the IE and OE executables. I believe there may be a setting to disable OE entirely as well, but I'm not sure.

Someone feel free to correct my suggestions if incorrect, I am not a GP guru.