- Posts: 53
- Thank you received: 0
Blocking Internet access using AD
19 years 1 month ago #10982
by defsoul
Blocking Internet access using AD was created by defsoul
Is the a way using AD in windows 2000 server to block users or groups from having internet access,but have emails come through.We user a proxy to connect to the internet but i see even when the do not have administrative rights on the machines they are able to change or enter the proxy settings.
Is there software that i can use to archive this?Is there a way I can draw a list of all site that a user has visted.
Is there software that i can use to archive this?Is there a way I can draw a list of all site that a user has visted.
19 years 1 month ago #10984
by DaLight
Replied by DaLight on topic Re: Blocking Internet access using AD
You can configure the proxy settings, lock down access to Tools/Options menu in IE and prevent access to the Control Panel using AD. The relevant keys are \Administrative Templates\Windows Components\Internet Explorer, \Administrative Templates\Remove Display in Control Panel However, if your users have admin rights on PCs they could always install Firefox and bypass your AD lockdown.
It really depends on how determined your users are and the privilege levels they have on their PCs. Ultimately, the best way is through a proxy server at the internet gateway. If you happen to have Microsoft ISA Server, it integrates seamlessly with AD, or you may could go for something like Wingate or Squid (free).
It really depends on how determined your users are and the privilege levels they have on their PCs. Ultimately, the best way is through a proxy server at the internet gateway. If you happen to have Microsoft ISA Server, it integrates seamlessly with AD, or you may could go for something like Wingate or Squid (free).
19 years 1 month ago #10985
by stefke
Replied by stefke on topic Re: Blocking Internet access using AD
Hi,
I can only agree with DaLight. The only way you can effectively block your users (or some users) from goin on the Internet is at the proxy server. As sugested by DaLight ISA offers full integration with AD or you could use some other proxy and use RADIUS for authentication.
Greetings,
stefan
I can only agree with DaLight. The only way you can effectively block your users (or some users) from goin on the Internet is at the proxy server. As sugested by DaLight ISA offers full integration with AD or you could use some other proxy and use RADIUS for authentication.
Greetings,
stefan
- Biggystumps
- Offline
- Junior Member
Less
More
- Posts: 34
- Thank you received: 0
19 years 1 month ago #10988
by Biggystumps
MCSE - MCSA
2003 certified
Replied by Biggystumps on topic Re: Blocking Internet access using AD
Is it possible for you to configure your networking equipment?,
the first thing that came to mind was using an ACL to block port 80 for your network.
If not, then the above mention of group policy preventing access or an ISA server is the way to go.
the first thing that came to mind was using an ACL to block port 80 for your network.
If not, then the above mention of group policy preventing access or an ISA server is the way to go.
MCSE - MCSA
2003 certified
19 years 1 month ago #11000
by jhun
Replied by jhun on topic Re: Blocking Internet access using AD
yes i have to agree with biggystumps on the ACL. not only would it be effective but it would also have no impact on the budget side.
if you really want AD to handle the restriction then Dalight and stefke are right on the group policy. you could use this link as your reference. it is a document specifying how to implement the restriction using group policy.
www.eastproject.org/Projects/SystemAdmin...nternet%20Access.doc
hope this helps...
if you really want AD to handle the restriction then Dalight and stefke are right on the group policy. you could use this link as your reference. it is a document specifying how to implement the restriction using group policy.
www.eastproject.org/Projects/SystemAdmin...nternet%20Access.doc
hope this helps...
19 years 1 month ago #11004
by DaLight
Replied by DaLight on topic Re: Blocking Internet access using AD
I agree that an ACL on your firewall blocking ports 80, 443 would be a good idea, although it would make selective filtering a bit difficult if you decided to allow some users to access the internet and you wanted to control access via user authentication rather than workstation IP address.
Time to create page: 0.131 seconds