Denying Internet access using DHCP

[Guest]

Hi everyone,

I want to deny Internet access to a certain Windows group on a Windows 2000
SBS domain. I think the best way to do this is through DHCP. I would like
to assign this particular group to a DHCP user class that has no router
setting, thus eliminating the ability to get out to the Internet.

When I create a new DHCP user class, it asks me for an ID in binary or
ASCII. Exactly what is it asking for? Also, how do I assign that user class
to my Deny Internet group so that only members of that group get assigned
that user class?

Thanks!

 

[Meinolf Weber]

Hello Ant-nee,

In SBS server is Internet security and acceleration server included. Thats
made exactly for your needs.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

 

[Kevin D. Goodknecht Sr. [MVP]]

Read inline please.

In

Hi everyone,

I want to deny Internet access to a certain Windows group on a
Windows 2000 SBS domain. I think the best way to do this is through
DHCP. I would like to assign this particular group to a DHCP user
class that has no router setting, thus eliminating the ability to get
out to the Internet.

When I create a new DHCP user class, it asks me for an ID in binary or
ASCII. Exactly what is it asking for? Also, how do I assign that
user class to my Deny Internet group so that only members of that
group get assigned that user class?

You would have to create reservations for all the PCs you don't want to have
a default gateway.

The simplest way is to create a new Organizational Unit in ADU&C and move
these PCs and or users into this OU, then create a new Group Policy and link
it to this OU, (in addition to the Default Domain Policy)

Edit this new GPO, set these policies.

If it is the computer itself set this policy in addition to the User policy
Computer Configuration
-Administrative templates
-Windows Components
-Internet Explorer--Make proxy settings per-machine(rather than
per-user) Only if it is all users of these computers
-Internet Control Panel--Disable connections page


User Configuration
-Windows Settings
-Internet Explorer Maintenance
-Connection--Proxy Settings Configure a bogus non-routable Proxy IP
address

IF you want the machines to still be able to get Windows updates add this
line to the Bypass proxy list.
*.microsoft.com;*.windowsupdate.com

If it is the users only move the users to this OU.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================