2 easy and simple ways of doing it 1 --> create a OU with the users u do not want to have internet access --> create a new GP with a proxy which does not exist. Also deny the permissions for the users to change the settings of IE.
2 --> create a group and assign permissions to proxy server --> only the team which is in the list will be getting access Regards, Chandra -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Renouf, Phil Sent: 09 March 2005 10:58 To: [email protected] Subject: RE: [ActiveDir] deny internet The issue with that approach is that anyone can login to those PCs and access the internet so if the point is to try and restrict internet access to specific people this won't really cover that. You could put workstation restrictions on the users but once you get past a certain number of people (and it's not a very large number) this begins to be a pain in the ass. A proxy server is your best bet since it will also allow you to setup caching which will likely improve your web performance. I'm interested in seeing the IPSec setup too though. Phil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carr, Jonathan (OFT) Sent: Wednesday, March 09, 2005 8:26 AM To: [email protected] Subject: RE: [ActiveDir] deny internet you could use Cisco's ACL with DHCP reservations. that way the pc always get the same ip until you change the network card. You could also go into the configuration of the network card and give the "special" people a specific MAC and do the DHCP reservations that way ________________________________ From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED] Sent: Wed 3/9/2005 12:12 AM To: [email protected] Subject: RE: [ActiveDir] deny internet Get a Proxy Server and use it to control outbound internet access. Deji -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Tuesday, March 08, 2005 7:22 PM To: ActiveDir (E-mail) Subject: [ActiveDir] deny internet hi all. If I want to deny a user internet access but allow everything else, is this possible via GPO? On win2k and winXP? also to include other browsers besides IE a firewall solution is not possible right now and the clients are dhcp so cisco acl's won't always work. Can I gpo this or is it easier to give the client a static ip and acl it on the router? thanks List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
<<attachment: winmail.dat>>
