Windows Server 2003/2008 Group Policy Question

A

AMD_RULES

2[H]4U
Joined
Mar 26, 2007
Messages
3,010
I do not have a network at work (yet) but I was wondering how and if there is a way that you can disable an internet browser usage on a specific user group, but that user group can still access the internet for software that requires the internet?

Thanks :)
 
you can block HTTP traffic, the software you are running shouldn't need that port.
 
The right way to do this, if you want to use GPO's is to use proxy redirection, force everyones browser to some bogus proxy. Done.

If you don't want to go this route, you can always block at the network device as well, block all port 80 traffic, you can add bogus DNS servers through DHCP and not allow network config changes through GP. Theres a lot of different ways to do what you want to do :)

personally idd just block at the edge, but if you want to use GPO go with the bogus proxy redirection.
 
Here's the senario. There are a total of six users on the network. Three will have full Admin accounts. The other three accounts need to be setup so that they cannot surf the web, but the "electronic claim" feature of the software can get to the internet. (Medical office)

Is there anyway to "disable" Internet explorer on the group policy? I would like to have IE installed on the physical machine, just certain users not able to use/access it.
 
Set up a null proxy in internet explorer through a few GPO's, and hope that the medical software does not use the IE settings. Thats the lazy way.

Check through all of the group policies, otherwise make your own policy template (i did this before, it werent easy to say the least)
 
AMD_RULES said:
Here's the senario. There are a total of six users on the network. Three will have full Admin accounts. The other three accounts need to be setup so that they cannot surf the web, but the "electronic claim" feature of the software can get to the internet. (Medical office)

Is there anyway to "disable" Internet explorer on the group policy? I would like to have IE installed on the physical machine, just certain users not able to use/access it.
Click to expand...
again, read my post. I outlined it nicely.

http://searchwindowsserver.techtarget.com/tip/0,289483,sid68_gci1099219,00.html
^ google is your friend :D;)
 
yeah i fucked around with the null proxy on a few tests machines, i do not think its the "right" way but it would do what you want it too.
 
could also do it with a firewall that has AD support, then u can block users to websites etc.
 
AMD_RULES said:
With this set, the actual machine can still be connected to the internet? :confused:
Click to expand...

Try it out for yourself and see ;). No, if you put set your browser to use a proxy server and put all zeros for the IP address, you can't go anywhere.
 
Yeah the bogus proxy will work. If memory serves in the GPO you can set exceptions as well. So if you want to block most internet traffic for all of them but still allow them to get to a specific site or intranet site then you can allow that.
 
You must log in or register to reply here.
Back
Top