How to Enforce internet access through proxy setting only

[Guest]

Hi
I am trying to restrict internet access on mobile user (laptop installed
with WIN XP, IE) via corporate network only.
The mobile users are suppose to connect via the VPN tunnel (client) when
they are not in office to the corporate network and access the internet from
there only. My concern is how to stop them from accessing internet when they
are able to hook up to their ISP when they are not in the office (security
issues)?
Could anyone advise how this can be achieved by just some settings in
Windows? A 3rd party software is not desirable.

Thanks in advance for all your advice!
asterisks~

 

[Steve Parry]

In

Hi
I am trying to restrict internet access on mobile user (laptop
installed with WIN XP, IE) via corporate network only.
The mobile users are suppose to connect via the VPN tunnel (client)
when they are not in office to the corporate network and access the
internet from there only. My concern is how to stop them from
accessing internet when they are able to hook up to their ISP when
they are not in the office (security issues)?
Could anyone advise how this can be achieved by just some settings in
Windows? A 3rd party software is not desirable.

Thanks in advance for all your advice!
asterisks~

Try using the policy editor

Start
Run
type
gpedit.msc
click OK
<Group Policy opens>
Navigate to
User configuration
Windows Settings
Internet Explorer Maintenance
Connection
In right hand pane open
Proxy Settings
add your required proxy details

then to stop users changing settings within IE navigate to

User configuration
Administrative Templates
Windows Components
Internet Explorer
right hand pane
enable the "Disable changing proxy settings"

Help info from that option:

"Prevents users from changing proxy settings.

If you enable this policy, the proxy settings appear dimmed. These settings
are in the Proxy Server area of the Local Area Network (LAN) Settings dialog
box, which appears when the user clicks the Connections tab and then clicks
the LAN Settings button in the Internet Options dialog box.

If you set the "Disable the Connections page" policy (located in \User
Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel), you do not need to set this policy,
because the "Disable the Connections page" policy removes the Connections
tab from the interface."

Also note other settings in there that you can use to lock down you IE
install.

 

[Guest]

Hi
Thanks for the advice, I guess I should have mentioned that the proxy
setting would be dictated by the automatic configuration script (stated in IE
- Internet Option - Connections - LAN settings) which is hosted on a
corporate server.

I've tried above but it seemed that once IE is unable to locate this file
(since it is not accessible by mobile user externally to corporate network),
it would ignore this script setting (which is unavailable when user choose to
connect to their ISP).
Next, IE would try to see if there is a proxy setting defined in IE (hard
code IP address). If the proxy address is stated in IE, it would adhere to
it, else it would ignore and use the ISP proxy address instead.

The hard-coded IP address in IE's proxy setting is less desirable as the
automatic configuration script needs to be used (to allow flexibility to
change the proxy setting by the administrator).

Thus, the above doesn't stop the mobile user from accessing internet via
their ISP if the "automatic configuration script" option is required. Could
you advise how to resolve this?