Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Giving machines internet access but no network access

Status
Not open for further replies.
gbl

gbl

MIS
Sep 6, 2001
262
CA
We have a windows 2000 server and approximately 25 machines, most of which are win2k or xp pro, but still with some windows 98 clients. All are part of one domain. The main domain server is configured so that users can access the internet which has been shared from the main server. We need to add three users who must not be part of our domain nor have access to any network resource but the internet.
Even though they are not members of our domain, they could still see our network (such as by going to a prompt command and type ipconfig or pinging an address in the office.
I understand that since we will be keeping windows 98 computers in our network we cannot go to full 2000 level security as it would prevent the 98 clients from seeing the other computers, including our file server and mail server.
I am sure that they would not be able to navigate into our server and find files but am not satisfied with this alone. Any suggestions as to what should be done to give these users internet access without access to our network?
Thank you.
 
Sort by date Sort by votes
Do you have a managable switch that would allow you to implement VLANs? That would allow you to segregate the traffic.
 
Upvote 0 Downvote
I am not sure what you mean by a manageable switch. Perhaps you can give me an example. We are running our computers off a netgear switch FS750, if this is what you mean.
 
Upvote 0 Downvote
Sounds like you probably don't have one.

A managable switch has com port that allows you to console in and enter an IP address. You can then configure the switch by telnetting or browsing (most often) to that IP address. By setting up VLAN's you can essentially seperate the switch into multiple virtual switches because the traffic on one VLAN cannot see the traffic on another. Of course you would need to be able to set certain ports to be members of multiple VLAN's. This would apply to the port that connects to the Internet router or firewall.

-gbiello
 
Upvote 0 Downvote
Are they going to be using the 98 machine's or 2000? If 2000 you can setup a local account on the individual PC and have them log in that way, then the will still have access to stuff on the machine i.e Office and not be on the network. That is what I do for our temps
 
Upvote 0 Downvote
Why don't you setup an internal DNS server and another external DNS server. The internal DNS server forwards to the external DNS server. You do this so you can have those PC's that need internet and intranet access pointing to the internal DNS server. Those PC's that are to have only internet access point only to the external DNS server.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
192
DTGMI
DTGMI
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
197
mangentle
mangentle
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
122
hairlessupportmonkey
hairlessupportmonkey
dpellegrini
  • Locked
  • Question
Website will load using hostname but not IP address
Replies
3
Views
424
mangentle
mangentle
StevenFromSouth
  • Locked
  • Question
VPN Connects but cannot access remote network computers or folders
Replies
1
Views
114
StevenFromSouth
StevenFromSouth

Part and Inventory Search

Sponsor

Back
Top