All my Windows 2000 Servers are centralize at one
location.

I have a Domain (Active Directory)and one server
configured with DNS(Windows 2000)

My DNS server is configure to access the internet.

So, the local XP users who don't need access to the
Internet, I just take out the Gateway and this blocks
them from the internet, but they still have access to our
Intranet Web site.(This is exactly what I want)

But, what can I do for my WAN users that don't need
access to the Internet but need access to the Intranet?
(I do not have any servers on my WAN sites)

If I take out the gateway, they can't get access to any
of my servers.(no Good)

If I take out the DNS, they won't be able to logon to the
Domain.(no Good)

I tried the HOST file with the Gateway and no DNS, but my
group policies do not get transfered. (no Good)

I don't want to add a Proxy Server.

Is there something I can configure on the XP client or on
the DNS server, so that my WAN users can have access to
my Intranet but not the Internet?

Thanks.

The default gateway entry just adds a default route
to the Win2K routing table. As a happy coincidence,
you can make your own entries to that table directly.

If you do a "route print" (in a CMD prompt) you'll see
the current routing table. If you have a default gateway
set, that will be the first entry (0.0.0.0....).

The "route add" command is what you want to use.
Use it to add a specific route to just your Intranet subnet,
without adding a default gateway for everything. You
can use the -p (I think) qualifier to make the entry
persistent across reboots. Do a route /? to see.

You need to be a local admin of course to affect the
routing table. I wrote an EPAL-based program to
do this in login scripts in an admin user context for
this very reason -- let me know if you need it and
I'll forward the code. (It's better if you don't as this
gets complicated fast.)

Steve Duff, MCSE
Ergodic Systems, Inc.

"Serge" <(E-Mail Removed)> wrote in message news:0bde01c37171$a2982930$(E-Mail Removed)...
> All my Windows 2000 Servers are centralize at one
> location.
>
> I have a Domain (Active Directory)and one server
> configured with DNS(Windows 2000)
>
> My DNS server is configure to access the internet.
>
> So, the local XP users who don't need access to the
> Internet, I just take out the Gateway and this blocks
> them from the internet, but they still have access to our
> Intranet Web site.(This is exactly what I want)
>
> But, what can I do for my WAN users that don't need
> access to the Internet but need access to the Intranet?
> (I do not have any servers on my WAN sites)
>
> If I take out the gateway, they can't get access to any
> of my servers.(no Good)
>
> If I take out the DNS, they won't be able to logon to the
> Domain.(no Good)
>
> I tried the HOST file with the Gateway and no DNS, but my
> group policies do not get transfered. (no Good)
>
> I don't want to add a Proxy Server.
>
> Is there something I can configure on the XP client or on
> the DNS server, so that my WAN users can have access to
> my Intranet but not the Internet?
>
> Thanks.