|
Posted by reptil on December 8, 2007, 11:53 am
Please log in for more thread options
Please help me with advice.
Now I have PIX firewall and he pass or stop IP adresses on internet,
but now I have situation that on one computer I have 10 users , but
only 2 users I must to pass to internet.
If I have server2003 and domain is it possible?
I saw that group policy have under user configuration option Internet
explorer restrictions, but if the use mozilla or something else group
policy not will be useful. How resolve this problem. Is there any
third-party software for make restricions on domain accounts.
Other idea is through group policy for each user set default gateway
and second DNS blank. Is it possible with group policy?
thnx for help
|
|
Posted by Mathieu CHATEAU on December 9, 2007, 1:19 pm
Please log in for more thread options
Hello,
the only "smart" way is to use a web proxy, that will authenticate and only
let legitimate users surf the web.
Then, on the pix, block all outside connecctions from workstations, and let
the proxy going out for http/https/ftp.
Microsoft ISA can be used, or third party proxy (squid, clearswift...)
--
Cordialement,
Mathieu CHATEAU
English blog: http://lordoftheping.blogspot.com
French blog: http://www.lotp.fr
show/hide quoted text
> Please help me with advice.
> Now I have PIX firewall and he pass or stop IP adresses on internet,
> but now I have situation that on one computer I have 10 users , but
> only 2 users I must to pass to internet.
> If I have server2003 and domain is it possible?
> I saw that group policy have under user configuration option Internet
> explorer restrictions, but if the use mozilla or something else group
> policy not will be useful. How resolve this problem. Is there any
> third-party software for make restricions on domain accounts.
> Other idea is through group policy for each user set default gateway
> and second DNS blank. Is it possible with group policy?
> thnx for help
|
|
Posted by reptil on December 9, 2007, 1:34 pm
Please log in for more thread options Thank you for advice. I know for that. That is the way, also for limit
broadband on IP's, users.... but I don't have proxy (read, limited)
and trying to make some restrictions without extra money. So I'm
asking for advice if it's possible anyway.
thnx
On Sun, 9 Dec 2007 19:19:07 +0100, "Mathieu CHATEAU"
show/hide quoted text
>Hello,
>the only "smart" way is to use a web proxy, that will authenticate and only
>let legitimate users surf the web.
>Then, on the pix, block all outside connecctions from workstations, and let
>the proxy going out for http/https/ftp.
>Microsoft ISA can be used, or third party proxy (squid, clearswift...)
|
|
Posted by Mathieu CHATEAU on December 9, 2007, 3:03 pm
Please log in for more thread options What is your pix model ? 501 ?
You may tweak IE with bad proxy through GPO (and firefox through a custom
ADM), but that won't stop bad guys (or people with more knowledge).
Does these 2 people have their own personal computers ? If so, you can
easily restrict by ip addresses.
--
Cordialement,
Mathieu CHATEAU
English blog: http://lordoftheping.blogspot.com
French blog: http://www.lotp.fr
show/hide quoted text
> Thank you for advice. I know for that. That is the way, also for limit
> broadband on IP's, users.... but I don't have proxy (read, limited)
> and trying to make some restrictions without extra money. So I'm
> asking for advice if it's possible anyway.
> thnx
> On Sun, 9 Dec 2007 19:19:07 +0100, "Mathieu CHATEAU"
>>Hello,
>>the only "smart" way is to use a web proxy, that will authenticate and
>>only
>>let legitimate users surf the web.
>>Then, on the pix, block all outside connecctions from workstations, and
>>let
>>the proxy going out for http/https/ftp.
>>Microsoft ISA can be used, or third party proxy (squid, clearswift...)
|
|
Posted by reptil on December 10, 2007, 4:57 am
Please log in for more thread options 515E
Ok, :))), that is problem. If I restrict IE or firefox there is possibillity
for download on all other ports.
This 2 people use a same computers like other 10 people in this room because we
work in 3 shifts and this 2 people work just in 1st shift.
Now I have restricted IP's on PIX, so I'm finding new solution, but the best
solution is as I think it is with proxy.
Thnx for advices
show/hide quoted text
>What is your pix model ? 501 ?
>You may tweak IE with bad proxy through GPO (and firefox through a custom
>ADM), but that won't stop bad guys (or people with more knowledge).
>Does these 2 people have their own personal computers ? If so, you can
>easily restrict by ip addresses.
|
| Similar Threads | Posted | | allow non compliant NAP computers to access the internet | November 15, 2008, 7:25 am |
| Do you patch servers that do not access the internet ? | March 10, 2009, 11:28 am |
| HELP Needed: Win2k3 - How to restrict Internet access after log on expires. | June 23, 2006, 10:24 am |
| for internet | December 18, 2006, 7:21 am |
| internet restriction | July 22, 2005, 2:33 am |
| Internet Explorer | November 8, 2009, 7:53 pm |
| Monitoring of Internet Usage by Staff | March 2, 2006, 6:17 am |
| Internet Crimes are on the Rise and Deadlier than Ever | May 7, 2006, 1:41 pm |
| Block a Win2k3 username from the internet | June 8, 2007, 9:55 am |
| Block Non-Domain users from the internet | December 20, 2007, 5:02 pm |
|
XML Sitemap
> Now I have PIX firewall and he pass or stop IP adresses on internet,
> but now I have situation that on one computer I have 10 users , but
> only 2 users I must to pass to internet.
> If I have server2003 and domain is it possible?
> I saw that group policy have under user configuration option Internet
> explorer restrictions, but if the use mozilla or something else group
> policy not will be useful. How resolve this problem. Is there any
> third-party software for make restricions on domain accounts.
> Other idea is through group policy for each user set default gateway
> and second DNS blank. Is it possible with group policy?
> thnx for help