Blocking IP traffic depending on the user....

B

Brad Pears

Does anyone know where I might be able to find some software that can be
installed on a teminal server that would allow me to block all HTTP requests
from terminal server users on that machine - all "EXCEPT" for certain users?
If the user has to run an authentication applet of some sort that would be
fine. Best would be if the software would just "know" the logged on
username... and could integrate with AD users and groups...

I guess I would be looking at some type of firewalling software - preferably
for free....

Thanks,

Brad
 
R

Richard Urban

Always for FREE!

--
Regards,

Richard Urban

aka Crusty (-: Old B@stard :)

If you knew as much as you thought you know,
You would realize that you don't know what you thought you knew!
 
G

Guest

If you want to just block traffic and not filter it you could restrict access
to iexplore.exe for "Domain Users". Then, create a security group
"WebAccess" for example and put the users that can access the web in that
group, and give the group
read and execute rights to iexplore.exe. This solution is free :)

Hope this helps!

Dan
 
S

Stephen Harris

Brad Pears said:
Does anyone know where I might be able to find some software that can be
installed on a teminal server that would allow me to block all HTTP
requests from terminal server users on that machine - all "EXCEPT" for
certain users? If the user has to run an authentication applet of some
sort that would be fine. Best would be if the software would just "know"
the logged on username... and could integrate with AD users and groups...

I guess I would be looking at some type of firewalling software -
preferably for free....

Thanks,

Brad
Click to expand...

This was cross-posted to windowsxp.general

If you have win xp pro installed, that will work I think,
but do no think win xp home will work.
 
B

Brad Pears

I have done this in the past, problem is users know how to get around this.
They can browse the web using our corporate email client "Outlook 2002" and
since some application help is HTML based (i.e. the calculator etc...), some
have even figured out how to go into help on some apps and "jump to URL"
from there!!!!

Thanks anyway...
 
B

Brad Pears

Got any ideas on a "Pay" product?

Brad
Richard Urban said:
Always for FREE!

--
Regards,

Richard Urban

aka Crusty (-: Old B@stard :)

If you knew as much as you thought you know,
You would realize that you don't know what you thought you knew!
Click to expand...
 
R

Rick Dilley

Hi Brad,

Perhaps I am wrong about this, but can't you remove the user from the small
business internet user group and voila...no more web browsing>

I may be wrong on this,\

RickD
 
J

Jim Vierra

To selectively block by protocol or port use the IP Filter on the NIC setup.
By user use IPSec.

You can also do this by using policy to block access to WinHTTP and WinINET.
This should block ALL internet access. If you don't block at a low enough
level users can bypass by pointing at a proxy on another port like 808 or
8008 or 34008.
 
J

Javier Gomez [SBS MVP]

I agree with Rick... since the OP seems to be crossposting to SBS2k NG they
I assume the TS box is on an SBS domain (which in turn has ISA). If so, just
remove the user from "Backoffice Internet Users" security group... and that
should be it.
 
B

Brad Pears

Do you mean the "Backoffice Internet Users" group?

We are not using ISA. I wonder if that group is specific to ISA...

Interesting thought though!

Thanks,

Brad
 
R

Rick Dilley

Yes, That is the correct name....

RickD

Brad Pears said:
Do you mean the "Backoffice Internet Users" group?

We are not using ISA. I wonder if that group is specific to ISA...

Interesting thought though!

Thanks,

Brad
Click to expand...
 
B

Brad Pears

If you are not using ISA at all though, will removing them from this group
still prevent web browsing?

Brad
 
M

Marina Roos [SBS-MVP]

Hi Brad,

If you don't have ISA, you don't have the Backoffice Internet Group.

--
Regards,

Marina
Microsoft SBS-MVP
One of the Magical M&M's
 
B

Brad Pears

We do have ISA - it's just not "turned on" right now...

We are using a Watchguard Firebox instead.

I think my questions have been answered!

Thanks,

Brad
 
B

Brad Pears

Rick, could you maybe expand on how one would use IPsec to block ports for a
specific user? I took a look in there but did not see where you would supply
a particular group or user who would be "blocked"...

I have never used IPSec on the TCP protocol either so I am likely just
stupid.

Thanks, Brad
 
R

Rick Dilley

Brad,

I am sorry for the misunderstanding. My suggestion is related to SBS2000
with ISA enabled.
If you remove a user from the back office internet users group in the user's
user profile, then they do not have internet access....

RickD

I have not implented IPSEC!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Monitor Network Activity by user on Terminal Server? 1
logging internet traffic of users 5
IM Traffic Blocking Software 1
IPSec without encryption between intranet and standalone 7
How do I Block all traffic except RDP traffic to Terminal Server 2
Best method / software for graphical output from dynamic excel data 0
Firewall blocks ALL outgoing traffic though rules for passing exis 1
Blocking terminal services to non admin users 8

Top