Need recommendations about how to prevent specific users
from accessing the Internet. Here are the details.

1. Some users need no access to the Internet or our
intranet.

2. Some users need access to our INTRANET, but blocked
from accessing the Internet.

Here is my feeble solution for 1st case.
Used GPO to block use of iexplore.exe & msimn.exe (Outlook
Express). This closed the front doors, but left two back
doors.

Windows Explorer (explorer.exe) can be used to browse the
Internet, and Adobe Acrobat Reader can be used to browse
the Internet.

How can I close these back doors to the Internet?

I do not have a solution for item 2. I do not know how to
block the Internet, but allow access to the local intranet.

AdThanksVance

Charlie

"Charlie Hill" <(E-Mail Removed)> wrote in message
news:196f01c499dd$33203f30$(E-Mail Removed)...
>
> Need recommendations about how to prevent specific users
> from accessing the Internet. Here are the details.
>
> 1. Some users need no access to the Internet or our
> intranet.
>
> 2. Some users need access to our INTRANET, but blocked
> from accessing the Internet.
>
> Here is my feeble solution for 1st case.
> Used GPO to block use of iexplore.exe & msimn.exe (Outlook
> Express). This closed the front doors, but left two back
> doors.
>
> Windows Explorer (explorer.exe) can be used to browse the
> Internet, and Adobe Acrobat Reader can be used to browse
> the Internet.
>
> How can I close these back doors to the Internet?
>
> I do not have a solution for item 2. I do not know how to
> block the Internet, but allow access to the local intranet.
>
> AdThanksVance
>
> Charlie
>

I have been searching for the best way to do the same
on thick clients in a workgroup environment (no AD/Domain).

Best I could come up with so far is found here:
http://support.microsoft.com/default...b;en-us;267930

I am not sure of pros/cons of trying it on a Terminal Server, but
on a thick client, it has worked out okay - at least all the applications
worked after it was done.

Using local policies seemed to break applications if they relied on
IE/ActiveX,
but I am probably just not savvy enough to figure out how to get those apps
to
work with policies enabled.

HTH

The best way to solve this is to install a firewall, which allows
you to define which users or users groups have access to the
Internet. I believe that ISA server has this functionality.

A quick-and-dirty way of solving the problem could be to create a
GPO which defines a proxy server which points to your main
Intranet website, in combination with locking IE down, to prevent
users from changing the proxy settings. All user groups that apply
the GPO can only access the Intranet, but not the Internet.
Exclude Administrators and other user groups that should have
access to the Internet from this GPO.

--
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
--- please respond in newsgroup, NOT by private email ---

"Charlie Hill" <(E-Mail Removed)> wrote on 14 sep 2004:

>
> Need recommendations about how to prevent specific users
> from accessing the Internet. Here are the details.
>
> 1. Some users need no access to the Internet or our
> intranet.
>
> 2. Some users need access to our INTRANET, but blocked
> from accessing the Internet.
>
> Here is my feeble solution for 1st case.
> Used GPO to block use of iexplore.exe & msimn.exe (Outlook
> Express). This closed the front doors, but left two back
> doors.
>
> Windows Explorer (explorer.exe) can be used to browse the
> Internet, and Adobe Acrobat Reader can be used to browse
> the Internet.
>
> How can I close these back doors to the Internet?
>
> I do not have a solution for item 2. I do not know how to
> block the Internet, but allow access to the local intranet.
>
> AdThanksVance
>
> Charlie