Block Internet
I'm relitively new to Windows 2000 and Domain management.
I've already crashed our server once: (Luckily I wasn't hired only becuase of my Network Administration skills)
I want to make an account not be able to get on to the internet.
I already have blocked access to Internet Explorer (the only program we use) And the user cannot install anything. But they can still access the internet by opening up 'My computer' and type in a web address.
I've read a little about this, but due to my lack of knowledge in Windows Server 2000, am not able to implint this.
One of the things I read that seemed like a good idea was to create a group called 'no Internet' then setting a group policy to hand out a bogus proxy server.
Is any of this possible without additional software?
[856 byte] By [
Sabin_33] at [2007-11-20 2:45:27]
# 1 Re: Block Internet
Without implementing a firewall or using additional software, you're left with few "native" options.
The proxy change will work, but it's not really the best choice.
If the user doesn't need to access any external resources, and all of its resources are on the same subnet, you should just remove the GATEWAY from the IP config. This will prevent the computer from talking outside the subnet. Again, this can be circumvented, but for your situation it will be the quickest and easiest thing to do. It will also be more reliable than the proxy option.
If the user does need access to other services outside of the subnet, you can use the CONTENT ADVISOR in IE as an alternative to the proxy hack. Tools -> Internet Options -> [Content].
Also, make the user a member of the Users or better yet, the Guests account on the local machine. This can be done through Group Policy also.
I've been here before, so I'd like to give you some advice: There are a lot of ways to access and modify shared resources (such as internet access) in Windows. You could spend days or weeks going through Group Policy / Registry settings and think that you have locked everything down. The truth is that no matter what you do, there is always a way around it if the user has physical access to the machine. The only way to achieve peace of mind is to make sure your SERVERS and other NETWORK RESOURCES are SECURE so that a compromised machine doesn't take out crucial business processes.
# 2 Re: Block Internet
Thanks Craig.
I'll go through the Content Adivisor in IE.
Can Guests or Restricted users change these settings though?
I can't believe I can't just use a script to block some services for certian users.
