-
March 22nd, 2001, 03:58 PM
#1
Taking away internet access for Network users
I have a Windows 2000 PDC on my network. My boss today asked me to disable internet access for on user account. What is the best way to get this done. I have a couple of ideas, but a little help never hurt. Thanks.
-
March 22nd, 2001, 06:46 PM
#2
easiest way:
set thier default gateway to something other than what your internet router is. as long as you dont have some wacked out routing going on internally, you can do it and get away with it.
best way:
buy ISA Server - www.microsoft.com/isaserver
[This message has been edited by kannibul (edited March 22, 2001).]
-
March 22nd, 2001, 08:47 PM
#3
Have to agree with Kannibul, those are your best two options.
------------------
"Beer is proof that God loves us and wants us to be happy" -Benjamin Franklin
-
March 22nd, 2001, 11:12 PM
#4
If you are using Microsoft Proxy Server, you can set permissions on who can/cannot access the web. That seems to work at my office. We have a group called Proxy Users, and if someone needs their access removed, we remove them from the group, and it takes their access away. It prompts them for a password for the proxy server.
One downside: An authorized person can come to their workstation, and put in their user/pass/domain and let them access the web.
------------------
OS/400...At least it's not Microsoft.
-
March 23rd, 2001, 09:08 AM
#5
On one network I worked on, they had Windows NT 4.0 clients and a Raptor firewall. With Raptor (and others) the user must be part of the internet group or they will not be allowed through the firewall onto the Net. All we did was remove them from that group and no internet. The other way is a router with an ACL- Access Control List and restrict them based on IP address
------------------
"COMPAQ - They Put the Sorry in PreSARIo"
-
March 23rd, 2001, 10:33 AM
#6
Setup a Proxy server requiring authentication or allowing only from a set address.
------------------
Death is lighter than a feather - duty heavier than a mountian.
Death is lighter than a feather - duty heavier than a mountian.
The answer to your question is: 00110100 00110010
-
March 24th, 2001, 01:03 PM
#7
<font face="Verdana, Arial" size="2">Originally posted by QSECOFR:
One downside: An authorized person can come to their workstation, and put in their user/pass/domain and let them access the web.
</font>
yes, but then that person who logged them in would be responsible for any site the other person viewed...
-
March 27th, 2001, 06:34 PM
#8
Flabooble!
How are you giving them access? Firewall or proxy server?
If it's a proxy create an internet group that has access to the proxy and add everyone but him (and don't forget to remove the everyone group!). Then take others out as need be. You'd be best off without very many people having internet browsing or internet e-mail (provided you'r running your own mailservers). This is where the majority of the viruses are going to come from on your LAN. We restrict all access through groups here to keep problems to a minimum.
If you have a router taking care of the internet connection you should be able to go into it's settings and disable individual computers on your network. Heck, my Linksys at home can do it, can't imagine a decent router for a business doesn't have that capability.
-
March 28th, 2001, 09:49 AM
#9
Originally posted by QSECOFR:
If you are using Microsoft Proxy Server, you can set permissions on who can/cannot access the web. That seems to work at my office. We have a group called Proxy Users, and if someone needs their access removed, we remove them from the group, and it takes their access away. It prompts them for a password for the proxy server.
One downside: An authorized person can come to their workstation, and put in their user/pass/domain and let them access the web.
This is the same we do it too, except it is called Internet Users group, only trouble is now these users that are allowed internet access also download and are using Aohell instant messenger, going to have to put a stop to that
Where's that smoke coming from ?
-
March 30th, 2001, 08:57 AM
#10
We do not already have a proxy server. I did get the access disabled by denying access to the web from the specific IP through our Firewall. It worked and it only took about 5 min. Anyway, thanks for all the feedback.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks