Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Restricting Internet Access.

Status
Not open for further replies.
zedlepplin

zedlepplin

IS-IT--Management
May 3, 2005
4
0
0
US
I would like to restrict certain computers of Internet access. I would like to create a GPO and apply it to a OU a created called "Plant Computers" then place the respective computers in the OU so Internet access won;t be available.

Is this possible? If so how? Or if there is a better way...please explain.

Thanks,
Matt
 
Sort by date Sort by votes
In Group Policy you can specify that proxy settings are set per computer, and this will effectively keep users from changing them. If you set the proxy to a non-existant address via the IE Maintenance section of GP, the computer will not be able to access the Internet at all. Be careful, as any apps that use the IE settings to determine how to exit the network will get this dummy info and fail.
 
Upvote 0 Downvote
OK I guess i am missing something. I have added a GPO to the OU called "Plant Computers." Right clicked the OU > Properties > GPO tab > Add > defined the proxy settings and applied it to the OU. I refreshed the policy by typing gpupdate /force at a command prompt of the DC...Then I moved a testPC into the Plant Computers OU.

I log in to the network from the TestPC and I can still surf....

What am I missing?


Thanks,
Matt
 
Upvote 0 Downvote
Under the Computer Configuration->Administrative Templates->Windows Components->Internet Explorer of the GPO there is an entry for "Make proxy settings per machine (rather than per user)". Enable this to make it dependant on the GPO of the computer, rather than the user.

If you are pushing out proxy settings (or connection settings) via GPO on a domain level, you may have to mark this new GPO as 'No Override' to force it's settings over the domain ones.
 
Upvote 0 Downvote
Hmmm did that too...still nothing. I know I am just missing a check box or some setting....just can't put my finger on it.

Thanks for your advice....I do appreciate it
 
Upvote 0 Downvote
I think I should mention that these settings will only apply to IE, and will have absolutely no effect on Firefox, or other non-MS browsers. Since the proxy settings are in IE rather than the OS, there is little you can do on the client end if you use other browsers.

The alternative is to do this via networking (switches, vlans, proxies, firewall) and create reservations for those computers so that the IPs will not change. Yes, it is a pain. You can also set up individual subnets in DHCP and send out bogus gateway/proxy info for the members of that subnet.

Anyway, if the issue is with IE, I think it can still be hammered out with GP, otherwise it can be bigger changes to the infrastructure.
 
Upvote 0 Downvote
Yeah I hear ya about Firefox...

Still not working...I think I need to find out where it is getting the gpo from. I forgot the command...

Do you know what it is?

Thanks
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
87
mangentle
mangentle
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
73
hairlessupportmonkey
hairlessupportmonkey
StevenFromSouth
  • Locked
  • Question
VPN Connects but cannot access remote network computers or folders
Replies
1
Views
73
StevenFromSouth
StevenFromSouth
iCDT
  • Locked
  • Question
Remote Desktop Web Access ( No application available)
Replies
2
Views
76
hairlessupportmonkey
hairlessupportmonkey
Dave60608
  • Locked
  • Question
Accessing shared folders via a network
Replies
5
Views
124
strongm
strongm

Part and Inventory Search

Sponsor

Back
Top