denied acces to internet for a user

[Aswin01]

In server:
2 network cards:

1 - inet
2 - network

Can i configure that the server will denied acces to a user? or group users?

 

[SteveTheGeek]

Is the server the gateway for your internet, or are you talking about users logged on to the server locally?
-Steve

 

[Aswin01]

the server is the gateway. He has 2 network cards.
users log in, get ip (dhcp) and have inet. How can i configure that one person (or computer) has no internet.

 

[SteveTheGeek]

You could make those users' computers either fixed-IP and don't put in a gateway address, or work with DHCP to do the same thing. Offhand I can't think of a way to control routing on a per-user basis at the server itself.
-Steve

 

[Janufa]

I am not an expert, but:

i would do the same

and\or put the user in new OU! and define there.
for instance
You can prohibit the user to change to tcp\ip settings
Do this in user config admin templates-network-network connections

You also can disabele for this OU the webclient an or the remote services.
Do this in comp.config-serivices

I checked this on a W2k3 server,

 

[Aswin01]

This is the situation:
it is for a basic school.

Teacher and pupils are in the computer class.
Some pupil is bad (how do you say that... ) so the teacher do something that that pupil dont have internet...

sorry for my bad english

mail: aswin.coolsaet@skynet.be

 

[peterve]

You will need additional software to set it up properly.
Firewall your server so no-one can get out to the internet by default. Then set up a proxy server. The teacher can allow or deny access to certain users 'on the fly'

MS ISA server is both a firewall and a proxy;
but I'm sure there are other apps that can do the same (Wingate, ...) although I haven't tested them on Win2003

Good Luck

--------------------------------------------------------------------

http://kickme.to/dpsecurity

--------------------------------------------------------------------
How can I believe in God when just last week I got my tongue caught in the roller of an electric typewriter?
---------------------------------------------------------------------

 

[Janufa]

i am sorry but this is no sence.

gpo delivers a lot to answer this.

isa is ok, but a heavy answer, and not needed to lockout a
bad user.

 

[peterve]

trust me... without firewall there is no real way to block outbound traffic...
Using GPO's, you can restrict a lot... but not everything...
It's easier to use a firewall, and set up a proxy using groups. If a student is part of a group, then he is allowed internet access (but only through the proxy, which gives you the additional advantage of filtering & logging). If you remove the user from the group, his internet access is revoked at the same time...
There is no way you can make this waterproof using GPO's

--------------------------------------------------------------------

http://kickme.to/dpsecurity

--------------------------------------------------------------------
How can I believe in God when just last week I got my tongue caught in the roller of an electric typewriter?
---------------------------------------------------------------------

 

[Janufa]

you are right

 

[Janufa]

But this guy does have only one Server who does everything, Is ISA on the same server not much, or can it run?

 

[peterve]

it can... depending on the number of users; and depending on the hardware specs...


--------------------------------------------------------------------

http://kickme.to/dpsecurity

--------------------------------------------------------------------
How can I believe in God when just last week I got my tongue caught in the roller of an electric typewriter?
---------------------------------------------------------------------