Announcement

Collapse
No announcement yet.

how to avoid a user from accessing internet in a domain network

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • how to avoid a user from accessing internet in a domain network

    hi everybody
    can any one tell me how to avoid a user from accessing internet in a domain network, i have NAT server configured to allow all the systems to connect to internet, but i want to restrict a user from accessing internet.

    thank you

  • #2
    Re: how to avoid a user from accessing internet in a domain network

    Sorry, need more info about your setup. (Crystal ball is still out being repaired)
    1 1 was a racehorse.
    2 2 was 1 2.
    1 1 1 1 race 1 day,
    2 2 1 1 2

    Comment


    • #3
      Re: how to avoid a user from accessing internet in a domain network

      give you're users a fake proxy which they can't disable.
      Marcel
      Technical Consultant
      Netherlands
      http://www.phetios.com
      http://blog.nessus.nl

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"

      Comment


      • #4
        Re: how to avoid a user from accessing internet in a domain network

        Originally posted by harikrishnat
        hi everybody
        can any one tell me how to avoid a user from accessing internet in a domain network, i have NAT server configured to allow all the systems to connect to internet, but i want to restrict a user from accessing internet.

        thank you
        Don't configure them with a Default Gateway.

        Is there any specific reason for this??

        Comment


        • #5
          Re: how to avoid a user from accessing internet in a domain network

          You could use IPSec policies, however that will only be good for specifi computers, not users.

          I'd go for a decent FW that can do that (ISA is one, for example).
          Cheers,

          Daniel Petri
          Microsoft Most Valuable Professional - Active Directory Directory Services
          MCSA/E, MCTS, MCITP, MCT

          Comment


          • #6
            Re: how to avoid a user from accessing internet in a domain network

            Originally posted by harikrishnat
            hi everybody
            can any one tell me how to avoid a user from accessing internet in a domain network, i have NAT server configured to allow all the systems to connect to internet, but i want to restrict a user from accessing internet.

            thank you
            Most users are unaware but you could set their internet through a proxy server, just but any garbage in there.

            That should do it, unless you have hundereds of users, then you will need another approach.

            Comment


            • #7
              Re: how to avoid a user from accessing internet in a domain network

              No default gateway
              127.0.0.1 as DG
              ISA 2004 server integrated to AD lets you control who gets out as well as who get in.
              TIA

              Steven Teiger [SBS-MVP(2003-2009)]
              http://www.wintra.co.il/
              sigpic
              Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

              We donít stop playing because we grow old, we grow old because we stop playing.

              Comment


              • #8
                Re: how to avoid a user from accessing internet in a domain network

                If you change your Default gateway then The computer won't be able to access to internet.
                You have talked about "Avoid a user not a computer".
                ISA will cost you another server with it's special settings. You could do it
                as much user as you want, without affecting Computers or other users. Just Use GP.Note wat "Dumber"
                has told you.

                Comment


                • #9
                  Re: how to avoid a user from accessing internet in a domain network

                  There is a good firewall named "Kerio WinRoute"! got many similarities with ISA server, but easier to configure. You can forbid anything you want! you can create groups of user and IP addresses etc,... and forbid them to access, for example, anything on port 80 (HTTP)....

                  I'm just repeating previous suggestion, but now you will have a good tool to solve your problem...


                  Or you can change settings on your router (FW options) ... what kind of device you have? what conn. type to connect to the internet?
                  Last edited by kojo1984; 6th October 2006, 21:20.

                  Comment

                  Working...
                  X