Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

I need help using GPO 1

Status
Not open for further replies.
techwomantoo

techwomantoo

IS-IT--Management
Apr 18, 2005
5
US
I work for a school district and I have some kids that have lost their right to access the internet. I use MS Win 2003 Server and created the group "no internet access" then I set the proxy to a fake address on a different subnet and then add bypass proxy for intranet use BUT it doesn't work! what am I doing wrong? Is it the port number? Are there two areas called Proxy settings? All suggestions are welcome.
 
Sort by date Sort by votes
Did you set this under the Internet Explorer Maintenance section?

Also -- setting this proxy only restricts access from IEXPLORE.EXE. The explorer shell/Windows Update shortcut/etc. might still be able to get out - I don't recall.

At any rate, a non-MSTF browser or HTTP application (not to mention any non-browser app) will still be able to get out. This GPO trick just makes it harder for them to.

If you really need to lock down web access, you need to do some kind of Content Filtering between the LAN and your internet gateway.
 
Upvote 0 Downvote
Yes, I set this under the Internet Explorer Maintenance Section. I only need to restrict a group of kids from internet access but the still need to use the intranet and a program called Plato that is lan based so I don't think content filtering will work. Its the user not the computer I need to stop. Thank you for your assistance!
 
Upvote 0 Downvote
Content filtering doesn't mean that you would restrict them from intranet applications, nor that you couldn't get certain programs to work.

I mention it only because I've tried and have seen others try to limit net access in labs and made themselves crazy -- because there are limits on what you can do with GPO to make this happen.

So with the current IE setting -- IEXPLORE.EXE can get out to the internet and browse?

Is anything greyed out in the Internet Options menu on the locked-down users' desktop? (you should probably be locking them out of all of it, anyway).

Just to test, you might also try setting the proxy to 127.0.0.1 instead of something else. That's the one address you KNOW won't be running an HTTP proxy on your client machines...
 
Upvote 0 Downvote
How do I use content filtering per user instead of per computer?
 
Upvote 0 Downvote
Content filtering solutions that can be implemented per-user would generally require some kind of client to be installed on each computer; you would then put in a username/password, or (with good products) have that client check with an NT group membersip, RADIUS server, etc. to see if the logged in user has permission to bypass the content filter.

Larger content filtering products should all have something like this. (Look into Websense, Computer Associates' eTrust, WatchGuard appliance firewalls, etc).
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
248
gbaughma
gbaughma
dpellegrini
  • Locked
  • Question
Website will load using hostname but not IP address
Replies
3
Views
463
mangentle
mangentle
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
417
gbaughma
gbaughma
ADB100
  • Locked
  • Question
Single Windows 7 Ultimate workstation not applying Registry, Drive Map or Printers GPO settings
Replies
1
Views
148
technome
technome
andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
110
RRankin355
RRankin355

Part and Inventory Search

Sponsor

Back
Top