Click here to get back home

Block a Win2k3 username from the internet
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Block a Win2k3 username from the internet two 06-08-2007
Posted by two on June 8, 2007, 9:55 am
Please log in for more thread options
 Hi guys, ALL i want to do is block a windows username from accessing the
internet, sounds simple i know. but how the hell do you do it?

Cheers
Paul



Posted by RedForeman on June 8, 2007, 10:16 am
Please log in for more thread options
> Hi guys, ALL i want to do is block a windows username from accessing the
> internet, sounds simple i know. but how the hell do you do it?
>
> Cheers
> Paul

I read where you could limit the user's ability to launch IE, but they
could circumvent that by d'ling FF or bring it from home....

Could you GPO the user into an OU that had a firewall policy that
blocked ALL ports except internal?

ISA I think, blocks internet access by user names...

Got ISA??

RedForeman


Posted by two on June 8, 2007, 10:20 am
Please log in for more thread options
No i dont have ISA. only have WIn2k3 R2 standard


Paul


>> Hi guys, ALL i want to do is block a windows username from accessing the
>> internet, sounds simple i know. but how the hell do you do it?
>>
>> Cheers
>> Paul
>
> I read where you could limit the user's ability to launch IE, but they
> could circumvent that by d'ling FF or bring it from home....
>
> Could you GPO the user into an OU that had a firewall policy that
> blocked ALL ports except internal?
>
> ISA I think, blocks internet access by user names...
>
> Got ISA??
>
> RedForeman
>



Posted by Roger Abell [MVP] on June 8, 2007, 2:02 pm
Please log in for more thread options
>> Hi guys, ALL i want to do is block a windows username from accessing the
>> internet, sounds simple i know. but how the hell do you do it?
>>
>> Cheers
>> Paul
>
> I read where you could limit the user's ability to launch IE, but they
> could circumvent that by d'ling FF or bring it from home....
>

Of course, if the user does not have privs to install . . .

> Could you GPO the user into an OU that had a firewall policy that
> blocked ALL ports except internal?
>

FW is per machine policy, not per user, and it is inbound, not
outbound. IPsec could be used to limit a machine to a restricted
set of (local) IPs if all users of that machine should be so limited.

> ISA I think, blocks internet access by user names...
>
> Got ISA??

Yep. The desired effect is usually tasked to a proxy that
gates access to the external network.

>
> RedForeman
>



Posted by RedForeman on June 8, 2007, 4:40 pm
Please log in for more thread options
> > ISA I think, blocks internet access by user names...
>
> > Got ISA??
>
> Yep. The desired effect is usually tasked to a proxy that
> gates access to the external network.

So is that why I've heard proxies being called the 'gatekeepers' ?

ISA is pretty nice and pretty robust.. the SBS version usually sucks
BADLY... the ISA2004 is VERY feature rich....

RedForeman


Similar ThreadsPosted
Block Non-Domain users from the internet December 20, 2007, 5:02 pm
HELP Needed: Win2k3 - How to restrict Internet access after log on expires. June 23, 2006, 10:24 am
how i can let one Username logon to domain? April 21, 2006, 5:08 pm
How To Get Username and Domain Name in Windows 2003? June 10, 2005, 5:03 pm
Changing the Administrator account username for security? June 15, 2005, 10:20 am
for internet December 18, 2006, 7:21 am
internet restriction July 22, 2005, 2:33 am
Internet access December 8, 2007, 11:53 am
Monitoring of Internet Usage by Staff March 2, 2006, 6:17 am
Internet Crimes are on the Rise and Deadlier than Ever May 7, 2006, 1:41 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap