Using Active Directory Users to limit Internet Access

M

Murali

Limp Gawd
Joined
Nov 2, 2004
Messages
282
I want to limit internet access to only certain users... For example, lets say I have 3 users: Joe, Sam, and Will. I don't want Sam and Will to be able to use the internet, but I want to be sure Joe can.

Can I do this with active directory alone?
 
Murali said:
I want to limit internet access to only certain users... For example, lets say I have 3 users: Joe, Sam, and Will. I don't want Sam and Will to be able to use the internet, but I want to be sure Joe can.

Can I do this with active directory alone?
Click to expand...

You could create a group policy that would prevent certain users from running particular applications (including by hash so simply renaming the files won't evade the blocks).

Inlcude all the Internet apps in your normal load. If the users have local admin rights, they could get around it by installing other Internet apps (blocking iexplore.exe doesn't keeping them from running Opera if they can install it), but if they have limited to user rights that would be sufficient.
 
You could also set the other users to use a bogus proxy server in their internet connections properties which should do the trick.
 
IanG said:
You could also set the other users to use a bogus proxy server in their internet connections properties which should do the trick.
Click to expand...

How do you GPO Firefox connection settings? That would work for an IE only environment.
 
do you have a firewall?
you could give each of thePC's a static IP and on the firewall, tell it to only accept HTTP traffic from the PC you want to allow onto the web. i don't think there is any way around this

otherwise you'd have to make sure that none of them had local admin rights and then restrict iexplore.exe from running on 2 of them. or use the bogus proxy suggestion above
 
nessus said:
You could create a group policy that would prevent certain users from running particular applications (including by hash so simply renaming the files won't evade the blocks).

Inlcude all the Internet apps in your normal load. If the users have local admin rights, they could get around it by installing other Internet apps (blocking iexplore.exe doesn't keeping them from running Opera if they can install it), but if they have limited to user rights that would be sufficient.
Click to expand...

I say go for the method mentioned above, just created a GP to block the apps you don't want run on the system, and add users to that GPO. As far as users installing other apps, they shouldn't have that capability anyways.

Kwincy
 
You must log in or register to reply here.
Back
Top