Group Policy Restriction of internet

[mac_cnc]

I need to know how to use Group Policy in Win2k3 server to block internet for several users. I have read on Experts exchange how to make a new OU and add the users to it and apply a new policy to it to give it a proxy to nowhere. However when I add myself to this group to test nothing happens. Can someone give me more clear cut instructions to do this?

 

[MorfiusX]

In short, there is not an easy way to do this based on GPOs.

When you set the proxy via GPO, this can be changed by the user, but It will change back the next time they start IE. Also, a user could easily use FireFox or any other browser where GPOs do not apply. There are several convoluted ways to accomplish what you are seeking through GPO, but none of them are 100% affective.

The best solution would be to actually use a proxy. You would then disable outbound port 80/443 and force users to use this proxy. From that proxy, you could ban certain IPs, etc.

I don't know what size environment you have, but ISA Server has excellent Active Directory integration. You can completely configure access based on AD group membership. Just another thing to consider.

 

[Jay_2]

force users to have high security in IE then add no trusted sites. I think this will stop people being able to use the web.

 

[jonw757]

force settings for proxy in a GPO, point all protocols to 127.0.0.1. Remove the tab within IE that allows them to change it. If they have admin rights it will stop them for a solid minute to minute and a half.

 

[MorfiusX]

force settings for proxy in a GPO, point all protocols to 127.0.0.1. Remove the tab within IE that allows them to change it. If they have admin rights it will stop them for a solid minute to minute and a half.

IIRC, you can still change the registry value associated with this with out admin rights because part of it is stored in your user hive.