I have a Windows 2000 PDC on my network. My boss today asked me to disable internet access for on user account. What is the best way to get this done. I have a couple of ideas, but a little help never hurt. Thanks.
Printable View
I have a Windows 2000 PDC on my network. My boss today asked me to disable internet access for on user account. What is the best way to get this done. I have a couple of ideas, but a little help never hurt. Thanks.
easiest way:
set thier default gateway to something other than what your internet router is. as long as you dont have some wacked out routing going on internally, you can do it and get away with it.
best way:
buy ISA Server - www.microsoft.com/isaserver
[This message has been edited by kannibul (edited March 22, 2001).]
Have to agree with Kannibul, those are your best two options.
------------------
"Beer is proof that God loves us and wants us to be happy" -Benjamin Franklin
If you are using Microsoft Proxy Server, you can set permissions on who can/cannot access the web. That seems to work at my office. We have a group called Proxy Users, and if someone needs their access removed, we remove them from the group, and it takes their access away. It prompts them for a password for the proxy server.
One downside: An authorized person can come to their workstation, and put in their user/pass/domain and let them access the web.
------------------
OS/400...At least it's not Microsoft.
On one network I worked on, they had Windows NT 4.0 clients and a Raptor firewall. With Raptor (and others) the user must be part of the internet group or they will not be allowed through the firewall onto the Net. All we did was remove them from that group and no internet. The other way is a router with an ACL- Access Control List and restrict them based on IP address
------------------
"COMPAQ - They Put the Sorry in PreSARIo"
https://forums.windrivers.com/
Setup a Proxy server requiring authentication or allowing only from a set address.
------------------
Death is lighter than a feather - duty heavier than a mountian.
yes, but then that person who logged them in would be responsible for any site the other person viewed...Quote:
<font face="Verdana, Arial" size="2">Originally posted by QSECOFR:
One downside: An authorized person can come to their workstation, and put in their user/pass/domain and let them access the web.
</font>
How are you giving them access? Firewall or proxy server?
If it's a proxy create an internet group that has access to the proxy and add everyone but him (and don't forget to remove the everyone group!). Then take others out as need be. You'd be best off without very many people having internet browsing or internet e-mail (provided you'r running your own mailservers). This is where the majority of the viruses are going to come from on your LAN. We restrict all access through groups here to keep problems to a minimum.
If you have a router taking care of the internet connection you should be able to go into it's settings and disable individual computers on your network. Heck, my Linksys at home can do it, can't imagine a decent router for a business doesn't have that capability.
This is the same we do it too, except it is called Internet Users group, only trouble is now these users that are allowed internet access also download and are using Aohell instant messenger, going to have to put a stop to thatQuote:
Originally posted by QSECOFR:
If you are using Microsoft Proxy Server, you can set permissions on who can/cannot access the web. That seems to work at my office. We have a group called Proxy Users, and if someone needs their access removed, we remove them from the group, and it takes their access away. It prompts them for a password for the proxy server.
One downside: An authorized person can come to their workstation, and put in their user/pass/domain and let them access the web.
:) :)
We do not already have a proxy server. I did get the access disabled by denying access to the web from the specific IP through our Firewall. It worked and it only took about 5 min. Anyway, thanks for all the feedback.