Does anyone know where I might be able to find some software that can be
installed on a teminal server that would allow me to block all HTTP requests
from terminal server users on that machine - all "EXCEPT" for certain users?
If the user has to run an authentication applet of some sort that would be
fine. Best would be if the software would just "know" the logged on
username... and could integrate with AD users and groups...

I guess I would be looking at some type of firewalling software - preferably
for free....

Thanks,

Brad

Always for FREE!

--
Regards,

Richard Urban

aka Crusty (-: Old B@stard :-)

If you knew as much as you thought you know,
You would realize that you don't know what you thought you knew!


"Brad Pears" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Does anyone know where I might be able to find some software that can be
> installed on a teminal server that would allow me to block all HTTP
> requests from terminal server users on that machine - all "EXCEPT" for
> certain users? If the user has to run an authentication applet of some
> sort that would be fine. Best would be if the software would just "know"
> the logged on username... and could integrate with AD users and groups...
>
> I guess I would be looking at some type of firewalling software -
> preferably for free....
>
> Thanks,
>
> Brad
>

If you want to just block traffic and not filter it you could restrict access
to iexplore.exe for "Domain Users". Then, create a security group
"WebAccess" for example and put the users that can access the web in that
group, and give the group
read and execute rights to iexplore.exe. This solution is free

Hope this helps!

Dan

"Brad Pears" wrote:

> Does anyone know where I might be able to find some software that can be
> installed on a teminal server that would allow me to block all HTTP requests
> from terminal server users on that machine - all "EXCEPT" for certain users?
> If the user has to run an authentication applet of some sort that would be
> fine. Best would be if the software would just "know" the logged on
> username... and could integrate with AD users and groups...
>
> I guess I would be looking at some type of firewalling software - preferably
> for free....
>
> Thanks,
>
> Brad
>
>
>

"Brad Pears" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Does anyone know where I might be able to find some software that can be
> installed on a teminal server that would allow me to block all HTTP
> requests from terminal server users on that machine - all "EXCEPT" for
> certain users? If the user has to run an authentication applet of some
> sort that would be fine. Best would be if the software would just "know"
> the logged on username... and could integrate with AD users and groups...
>
> I guess I would be looking at some type of firewalling software -
> preferably for free....
>
> Thanks,
>
> Brad
>

This was cross-posted to windowsxp.general

If you have win xp pro installed, that will work I think,
but do no think win xp home will work.

I have done this in the past, problem is users know how to get around this.
They can browse the web using our corporate email client "Outlook 2002" and
since some application help is HTML based (i.e. the calculator etc...), some
have even figured out how to go into help on some apps and "jump to URL"
from there!!!!

Thanks anyway...
"Dan R" <(E-Mail Removed)> wrote in message
news:876E49A5-2DB2-4FA9-887C-(E-Mail Removed)...
> If you want to just block traffic and not filter it you could restrict
> access
> to iexplore.exe for "Domain Users". Then, create a security group
> "WebAccess" for example and put the users that can access the web in that
> group, and give the group
> read and execute rights to iexplore.exe. This solution is free
>
> Hope this helps!
>
> Dan
>
> "Brad Pears" wrote:
>
>> Does anyone know where I might be able to find some software that can be
>> installed on a teminal server that would allow me to block all HTTP
>> requests
>> from terminal server users on that machine - all "EXCEPT" for certain
>> users?
>> If the user has to run an authentication applet of some sort that would
>> be
>> fine. Best would be if the software would just "know" the logged on
>> username... and could integrate with AD users and groups...
>>
>> I guess I would be looking at some type of firewalling software -
>> preferably
>> for free....
>>
>> Thanks,
>>
>> Brad
>>
>>
>>

Got any ideas on a "Pay" product?

Brad
"Richard Urban" <(E-Mail Removed)> wrote in message
news:%23Sta$(E-Mail Removed)...
> Always for FREE!
>
> --
> Regards,
>
> Richard Urban
>
> aka Crusty (-: Old B@stard :-)
>
> If you knew as much as you thought you know,
> You would realize that you don't know what you thought you knew!
>
>
> "Brad Pears" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Does anyone know where I might be able to find some software that can be
>> installed on a teminal server that would allow me to block all HTTP
>> requests from terminal server users on that machine - all "EXCEPT" for
>> certain users? If the user has to run an authentication applet of some
>> sort that would be fine. Best would be if the software would just "know"
>> the logged on username... and could integrate with AD users and groups...
>>
>> I guess I would be looking at some type of firewalling software -
>> preferably for free....
>>
>> Thanks,
>>
>> Brad
>>
>
>

Hi Brad,

Perhaps I am wrong about this, but can't you remove the user from the small
business internet user group and voila...no more web browsing>

I may be wrong on this,\

RickD


"Brad Pears" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Does anyone know where I might be able to find some software that can be
> installed on a teminal server that would allow me to block all HTTP
requests
> from terminal server users on that machine - all "EXCEPT" for certain
users?
> If the user has to run an authentication applet of some sort that would be
> fine. Best would be if the software would just "know" the logged on
> username... and could integrate with AD users and groups...
>
> I guess I would be looking at some type of firewalling software -
preferably
> for free....
>
> Thanks,
>
> Brad
>
>

To selectively block by protocol or port use the IP Filter on the NIC setup.
By user use IPSec.

You can also do this by using policy to block access to WinHTTP and WinINET.
This should block ALL internet access. If you don't block at a low enough
level users can bypass by pointing at a proxy on another port like 808 or
8008 or 34008.

--
Jim Vierra
http://msdn.microsoft.com/theshow/Ep...48/default.asp
"Rick Dilley" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi Brad,
>
> Perhaps I am wrong about this, but can't you remove the user from the
> small
> business internet user group and voila...no more web browsing>
>
> I may be wrong on this,\
>
> RickD
>
>
> "Brad Pears" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Does anyone know where I might be able to find some software that can be
>> installed on a teminal server that would allow me to block all HTTP
> requests
>> from terminal server users on that machine - all "EXCEPT" for certain
> users?
>> If the user has to run an authentication applet of some sort that would
>> be
>> fine. Best would be if the software would just "know" the logged on
>> username... and could integrate with AD users and groups...
>>
>> I guess I would be looking at some type of firewalling software -
> preferably
>> for free....
>>
>> Thanks,
>>
>> Brad
>>
>>
>
>

I agree with Rick... since the OP seems to be crossposting to SBS2k NG they
I assume the TS box is on an SBS domain (which in turn has ISA). If so, just
remove the user from "Backoffice Internet Users" security group... and that
should be it.

--
Javier [SBS MVP]
www.msmvps.com/javier
<< SBS ROCKS !!! >>

"Rick Dilley" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi Brad,
>
> Perhaps I am wrong about this, but can't you remove the user from the
> small
> business internet user group and voila...no more web browsing>
>
> I may be wrong on this,\
>
> RickD
>
>
> "Brad Pears" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Does anyone know where I might be able to find some software that can be
>> installed on a teminal server that would allow me to block all HTTP
> requests
>> from terminal server users on that machine - all "EXCEPT" for certain
> users?
>> If the user has to run an authentication applet of some sort that would
>> be
>> fine. Best would be if the software would just "know" the logged on
>> username... and could integrate with AD users and groups...
>>
>> I guess I would be looking at some type of firewalling software -
> preferably
>> for free....
>>
>> Thanks,
>>
>> Brad
>>
>>
>
>

Do you mean the "Backoffice Internet Users" group?

We are not using ISA. I wonder if that group is specific to ISA...

Interesting thought though!

Thanks,

Brad
"Rick Dilley" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi Brad,
>
> Perhaps I am wrong about this, but can't you remove the user from the
> small
> business internet user group and voila...no more web browsing>
>
> I may be wrong on this,\
>
> RickD
>
>
> "Brad Pears" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Does anyone know where I might be able to find some software that can be
>> installed on a teminal server that would allow me to block all HTTP
> requests
>> from terminal server users on that machine - all "EXCEPT" for certain
> users?
>> If the user has to run an authentication applet of some sort that would
>> be
>> fine. Best would be if the software would just "know" the logged on
>> username... and could integrate with AD users and groups...
>>
>> I guess I would be looking at some type of firewalling software -
> preferably
>> for free....
>>
>> Thanks,
>>
>> Brad
>>
>>
>
>