Announcement

Collapse
No announcement yet.

How best to restrict IE access thru AD in server 2008?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How best to restrict IE access thru AD in server 2008?

    I have taken over for someone who recently got fired, and I know a bit about AD but GPOs are a mystery to me, although it doesn't seem terribly complicated. What I have been tasked to do is to restrict internet access by a certain user group. These users are already all in a group and all on the domain, and are already restricted locally from installing anything, so what I need to do is restrict the only browser left to them, IE, while whitelisting a few sites they need access to for work. How can this best be done?

  • #2
    Re: How best to restrict IE access thru AD in server 2008?

    Whitelists normally apply to firewalls and routers, not AD. Found an article which tired to explain some of the issues (http://social.technet.microsoft.com/...2-114a768da85c), but the end result is: use a firewall/router solution.

    ASA devices and software firewalls (ISA server and it's descendants) can limit single PCs to specific sites or protocols, just as you're after. This is a networking issue, not policy enforcement.
    *RicklesP*
    MSCA (2003/XP), Security+, CCNA

    ** Remember: credit where credit is due, and reputation points as appropriate **

    Comment


    • #3
      Re: How best to restrict IE access thru AD in server 2008?

      Originally posted by mornir View Post
      I have taken over for someone who recently got fired, and I know a bit about AD but GPOs are a mystery to me, although it doesn't seem terribly complicated. What I have been tasked to do is to restrict internet access by a certain user group. These users are already all in a group and all on the domain, and are already restricted locally from installing anything, so what I need to do is restrict the only browser left to them, IE, while whitelisting a few sites they need access to for work. How can this best be done?
      First thing Mornir what are you using for internet access? is it firewall/isa server/proxy? You need to make two groups one allow and second deny.
      you know the rest. You can add allow users to allow group and deny to deny group.
      Keep us updated.

      Comment

      Working...
      X