[RESOLVED] Taking away internet access for Network users
Results 1 to 10 of 10

Thread: [RESOLVED] Taking away internet access for Network users

  1. #1
    MAC
    Guest

    Post Taking away internet access for Network users

    I have a Windows 2000 PDC on my network. My boss today asked me to disable internet access for on user account. What is the best way to get this done. I have a couple of ideas, but a little help never hurt. Thanks.

  2. #2
    Registered User
    Join Date
    Aug 1999
    Location
    near the backdoor to hell
    Posts
    804

    Post

    easiest way:
    set thier default gateway to something other than what your internet router is. as long as you dont have some wacked out routing going on internally, you can do it and get away with it.

    best way:
    buy ISA Server - www.microsoft.com/isaserver



    [This message has been edited by kannibul (edited March 22, 2001).]

  3. #3
    iamtheman
    Guest

    Thumbs up

    Have to agree with Kannibul, those are your best two options.

    ------------------
    "Beer is proof that God loves us and wants us to be happy" -Benjamin Franklin

  4. #4
    QSECOFR
    Guest

    Post

    If you are using Microsoft Proxy Server, you can set permissions on who can/cannot access the web. That seems to work at my office. We have a group called Proxy Users, and if someone needs their access removed, we remove them from the group, and it takes their access away. It prompts them for a password for the proxy server.

    One downside: An authorized person can come to their workstation, and put in their user/pass/domain and let them access the web.

    ------------------
    OS/400...At least it's not Microsoft.

  5. #5
    DesertEagle
    Guest

    Post

    On one network I worked on, they had Windows NT 4.0 clients and a Raptor firewall. With Raptor (and others) the user must be part of the internet group or they will not be allowed through the firewall onto the Net. All we did was remove them from that group and no internet. The other way is a router with an ACL- Access Control List and restrict them based on IP address

    ------------------
    "COMPAQ - They Put the Sorry in PreSARIo"

  6. #6
    Registered User
    Join Date
    Jul 2000
    Location
    Huntington Beach, CA, USA
    Posts
    1,515

    Post

    Setup a Proxy server requiring authentication or allowing only from a set address.

    ------------------
    Death is lighter than a feather - duty heavier than a mountian.
    Death is lighter than a feather - duty heavier than a mountian.

    The answer to your question is: 00110100 00110010

  7. #7
    Registered User
    Join Date
    Aug 1999
    Location
    near the backdoor to hell
    Posts
    804

    Post

    <font face="Verdana, Arial" size="2">Originally posted by QSECOFR:

    One downside: An authorized person can come to their workstation, and put in their user/pass/domain and let them access the web.

    </font>
    yes, but then that person who logged them in would be responsible for any site the other person viewed...

  8. #8
    Flabooble! ilovetheusers's Avatar
    Join Date
    Nov 2000
    Location
    Downtown Banglaboobia
    Posts
    6,403

    Post

    How are you giving them access? Firewall or proxy server?

    If it's a proxy create an internet group that has access to the proxy and add everyone but him (and don't forget to remove the everyone group!). Then take others out as need be. You'd be best off without very many people having internet browsing or internet e-mail (provided you'r running your own mailservers). This is where the majority of the viruses are going to come from on your LAN. We restrict all access through groups here to keep problems to a minimum.

    If you have a router taking care of the internet connection you should be able to go into it's settings and disable individual computers on your network. Heck, my Linksys at home can do it, can't imagine a decent router for a business doesn't have that capability.

  9. #9
    Registered User
    Join Date
    Jan 2000
    Location
    New London,CT,USA
    Posts
    296

    Post

    Originally posted by QSECOFR:
    If you are using Microsoft Proxy Server, you can set permissions on who can/cannot access the web. That seems to work at my office. We have a group called Proxy Users, and if someone needs their access removed, we remove them from the group, and it takes their access away. It prompts them for a password for the proxy server.

    One downside: An authorized person can come to their workstation, and put in their user/pass/domain and let them access the web.

    This is the same we do it too, except it is called Internet Users group, only trouble is now these users that are allowed internet access also download and are using Aohell instant messenger, going to have to put a stop to that

    Where's that smoke coming from ?

  10. #10
    Registered User
    Join Date
    Feb 2001
    Location
    Long Beach, Ca. USA
    Posts
    16

    Post

    We do not already have a proxy server. I did get the access disabled by denying access to the web from the specific IP through our Firewall. It worked and it only took about 5 min. Anyway, thanks for all the feedback.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •