Restrict Internet by User

[Guest]

Our company would like to restrict internet access on a "by user" basis. I
have set up a GPO with a bogus Proxy on an OU and this works fine for LAN
users. However, VPN clients can still get on when connected to the VPN (which
makes sense since the Connection Manager takes over Internet settings). How
can I accomplish my goal without purchasing a Proxy server or specialized
software (we are a not-for-profit organization)?

We are using Windows 2000 Servers and a mix of Win 2k and Win XP clients.

Your help is greatly appreciated.

Thank you,

 

[Jason Tan]

Dear Eddy,

Thanks for posting!

I understand that you want to restrict the internet access on the VPN
clients without any Proxy server in Windows 2000 domain. If I have
misunderstood your concerns, please feel fee to let me know.

Based on my experience, I suggest you assign static IP Address for each VPN
user and restrict/Block the IP Address on the basis of Firewall.

You may assign the static IP Address for the VPN users as the following:

1. Run dsa.msc.(Active Directory Users and Computers)
2. Select the VPN user account and Right-Click to select the Properties.
3. Select the Dial-in tab and check the "Assign a Static IP Address". Input
a static IP Address.

You may block the IP Address based on your internal firewall.

Hope the information helps.

Best Regards,

Jason Tan

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.





--------------------
| Thread-Topic: Restrict Internet by User
| thread-index: AcXrmILBtq/DdCOvROe3aNQTxrmKVA==
| X-WBNR-Posting-Host: 68.165.252.66
| From: "=?Utf-8?B?RWRkeSAtIE1DU0U=?=" <[email protected]>
| Subject: Restrict Internet by User
| Date: Thu, 17 Nov 2005 09:01:11 -0800
| Lines: 15
| Message-ID: <[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.win2000.ras_routing
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.win2000.ras_routing:17345
| X-Tomcat-NG: microsoft.public.win2000.ras_routing
|
| Our company would like to restrict internet access on a "by user" basis.
I
| have set up a GPO with a bogus Proxy on an OU and this works fine for LAN
| users. However, VPN clients can still get on when connected to the VPN
(which
| makes sense since the Connection Manager takes over Internet settings).
How
| can I accomplish my goal without purchasing a Proxy server or specialized
| software (we are a not-for-profit organization)?
|
| We are using Windows 2000 Servers and a mix of Win 2k and Win XP clients.
|
| Your help is greatly appreciated.
|
| Thank you,
|
| --
| Eddy - MCSE
|

 

[Guest]

This is exactly what I needed. Thank you.

 

[Jason Tan]

Hi Eddy,

I appreciate your update and response, and I am glad to hear that the
information helps. If you have any other questions or concerns, please do
not hesitate to contact us. It is always our pleasure to be of assistance.

Have a nice day!

Best Regards,

Jason Tan

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.




--------------------
| Thread-Topic: Restrict Internet by User
| thread-index: AcXsl5P/saANXNJpQImuN6aECbM9XQ==
| X-WBNR-Posting-Host: 69.121.2.25
| From: "=?Utf-8?B?RWRkeSAtIE1DU0U=?=" <[email protected]>
| References: <[email protected]>
<[email protected]>
| Subject: RE: Restrict Internet by User
| Date: Fri, 18 Nov 2005 15:27:02 -0800
| Lines: 93
| Message-ID: <[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.win2000.ras_routing
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.win2000.ras_routing:17358
| X-Tomcat-NG: microsoft.public.win2000.ras_routing
|
| This is exactly what I needed. Thank you.
| --
| Eddy - MCSE
|
|
| "Jason Tan (MSFT)" wrote:
|
| > Dear Eddy,
| >
| > Thanks for posting!
| >
| > I understand that you want to restrict the internet access on the VPN
| > clients without any Proxy server in Windows 2000 domain. If I have
| > misunderstood your concerns, please feel fee to let me know.
| >
| > Based on my experience, I suggest you assign static IP Address for each
VPN
| > user and restrict/Block the IP Address on the basis of Firewall.
| >
| > You may assign the static IP Address for the VPN users as the following:
| >
| > 1. Run dsa.msc.(Active Directory Users and Computers)
| > 2. Select the VPN user account and Right-Click to select the
Properties.
| > 3. Select the Dial-in tab and check the "Assign a Static IP Address".
Input
| > a static IP Address.
| >
| > You may block the IP Address based on your internal firewall.
| >
| > Hope the information helps.
| >
| > Best Regards,
| >
| > Jason Tan
| >
| > Microsoft Online Partner Support
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| >
| > When responding to posts, please "Reply to Group" via your newsreader
so
| > that others may learn and benefit from your issue.
| >
| > =====================================================
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| >
| >
| >
| >
| > --------------------
| > | Thread-Topic: Restrict Internet by User
| > | thread-index: AcXrmILBtq/DdCOvROe3aNQTxrmKVA==
| > | X-WBNR-Posting-Host: 68.165.252.66
| > | From: "=?Utf-8?B?RWRkeSAtIE1DU0U=?=" <[email protected]>
| > | Subject: Restrict Internet by User
| > | Date: Thu, 17 Nov 2005 09:01:11 -0800
| > | Lines: 15
| > | Message-ID: <[email protected]>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | Newsgroups: microsoft.public.win2000.ras_routing
| > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > | Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.win2000.ras_routing:17345
| > | X-Tomcat-NG: microsoft.public.win2000.ras_routing
| > |
| > | Our company would like to restrict internet access on a "by user"
basis.
| > I
| > | have set up a GPO with a bogus Proxy on an OU and this works fine for
LAN
| > | users. However, VPN clients can still get on when connected to the
VPN
| > (which
| > | makes sense since the Connection Manager takes over Internet
settings).
| > How
| > | can I accomplish my goal without purchasing a Proxy server or
specialized
| > | software (we are a not-for-profit organization)?
| > |
| > | We are using Windows 2000 Servers and a mix of Win 2k and Win XP
clients.
| > |
| > | Your help is greatly appreciated.
| > |
| > | Thank you,
| > |
| > | --
| > | Eddy - MCSE
| > |
| >
| >
|