Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Blocking Internet access using AD

Blocking Internet access using AD 11 years 1 month ago #10982

  • defsoul
  • defsoul's Avatar
  • Offline
  • Frequent Member
  • Posts: 53
  • Karma: 0
Is the a way using AD in windows 2000 server to block users or groups from having internet access,but have emails come through.We user a proxy to connect to the internet but i see even when the do not have administrative rights on the machines they are able to change or enter the proxy settings.

Is there software that i can use to archive this?Is there a way I can draw a list of all site that a user has visted.
The administrator has disabled public write access.

Re: Blocking Internet access using AD 11 years 1 month ago #10984

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Posts: 1302
  • Karma: 1
You can configure the proxy settings, lock down access to Tools/Options menu in IE and prevent access to the Control Panel using AD. The relevant keys are \Administrative Templates\Windows Components\Internet Explorer, \Administrative Templates\Remove Display in Control Panel However, if your users have admin rights on PCs they could always install Firefox and bypass your AD lockdown.

It really depends on how determined your users are and the privilege levels they have on their PCs. Ultimately, the best way is through a proxy server at the internet gateway. If you happen to have Microsoft ISA Server, it integrates seamlessly with AD, or you may could go for something like Wingate or Squid (free).
The administrator has disabled public write access.

Re: Blocking Internet access using AD 11 years 1 month ago #10985

  • stefke
  • stefke's Avatar
  • Offline
  • Frequent Member
  • Posts: 36
  • Karma: 0
Hi,

I can only agree with DaLight. The only way you can effectively block your users (or some users) from goin on the Internet is at the proxy server. As sugested by DaLight ISA offers full integration with AD or you could use some other proxy and use RADIUS for authentication.

Greetings,

stefan
The administrator has disabled public write access.

Re: Blocking Internet access using AD 11 years 1 month ago #10988

  • Biggystumps
  • Biggystumps's Avatar
  • Offline
  • Frequent Member
  • Posts: 34
  • Karma: 0
Is it possible for you to configure your networking equipment?,
the first thing that came to mind was using an ACL to block port 80 for your network.

If not, then the above mention of group policy preventing access or an ISA server is the way to go.
MCSE - MCSA
2003 certified
The administrator has disabled public write access.

Re: Blocking Internet access using AD 11 years 1 month ago #11000

  • jhun
  • jhun's Avatar
  • Offline
  • Senior Member
  • Posts: 356
  • Karma: 0
yes i have to agree with biggystumps on the ACL. not only would it be effective but it would also have no impact on the budget side.

if you really want AD to handle the restriction then Dalight and stefke are right on the group policy. you could use this link as your reference. it is a document specifying how to implement the restriction using group policy.

www.eastproject.org/Projects/SystemAdmin...nternet%20Access.doc

hope this helps...
The administrator has disabled public write access.

Re: Blocking Internet access using AD 11 years 1 month ago #11004

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Posts: 1302
  • Karma: 1
I agree that an ACL on your firewall blocking ports 80, 443 would be a good idea, although it would make selective filtering a bit difficult if you decided to allow some users to access the internet and you wanted to control access via user authentication rather than workstation IP address.
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.082 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup