Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Block lan access?

Status
Not open for further replies.
Tony414

Tony414

MIS
Feb 3, 2003
197
US
Hello,
First off. I'm not sure if I'm posting this in the right spot. So please forgive me.

Is there a way I can block or limit intranet (lan) traffic, and only allow access to the internet? 2003 server dc with xp pro for the desktops. We have two public machines, and I don't want these two machines to have access to shared resources or anyone else's pc. Any help would be greatly appreciaed.

Thanks,
Tony
 
Sort by date Sort by votes
Hi there, Tony.

Could this not be done using user permissions, or is there another reason you do not want file access on those machines. Dedicated internet machines, for example?

Russell.

"We can categorically state that we have not released man-eating badgers into the area" - Major Mike Shearer
 
Upvote 0 Downvote
Hi Russell,

These machines are only being used to access the internet for online regitration. I don't want someone to get on the and start poking around the local network. You know how us IT guys are :) They wouldn't need to use anything else on our local network.

So what your saying is just set the user permissions on the 2003 to not allow those two machines?

Tony
 
Upvote 0 Downvote
Hi Tony,

If they don't need any access at all, I'd probably firewall the machines to limit access to only the internet gateway.

Russell.

"We can categorically state that we have not released man-eating badgers into the area" - Major Mike Shearer
 
Upvote 0 Downvote
Hi Russell,

Now when you say firewall, do mean the windows firewall. Or our firewall on the network?

Tony
 
Upvote 0 Downvote
Where is this domain controller you're talking about? Unless it's on your kiosk LAN segment, blocking traffic would not allow these machines to talk to the DC.




Want to ask the best questions? Read Eric S. Raymond's essay "How To Ask Questions The Smart Way". TANSTAAFL!
 
Upvote 0 Downvote
One way of doing this is to make the two public computers kiosks. Create an extremely limited Active Directory account just for these computers that does not have access permissions to any of the network shares. Make the computers auto-login using this limited account (even if they users log-off, they'll get logged back in automatically). Google for tips on locking down computers so that they can only run a browser.

Or if your network hardware supports it, setup a VLAN segment for just the two computers.
 
Upvote 0 Downvote
Thanks for the excellent suggestions everyone. I will give them a try.

Tony
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

nakbrooks
  • Locked
  • Question
Configuring NAT on SonicWall TZ210 to access ADSL router from LAN
Replies
0
Views
112
nakbrooks
nakbrooks
DawnP
  • Locked
  • Question
Documentation Needed Showing Importance of Access Control
Replies
1
Views
74
Textron68
Textron68
JimmyJoB
  • Locked
  • Question
Vista Network Access Problem
Replies
0
Views
64
JimmyJoB
JimmyJoB
jkudz
  • Locked
  • Question
Remote Registry access without File/Print Sharing Enabled
Replies
1
Views
70
PcLinuxGuru
PcLinuxGuru
GKChesterton
  • Locked
  • Question
LAN, Internet filtering, 'walk-away' firewall solution
Replies
1
Views
58
pansophic
pansophic

Part and Inventory Search

Sponsor

Back
Top