IE, while it has zone control, is not really designed for what you want to do. that's why firewall's and proxy's were invented ;) the problem you have is that you can't make any exceptions based on client IP because the client IP will always be the terminal server. You could, I suppose, do some fancy scripting that populates the restricted sites dynamically when a user logs in. Otherwise, group policy own't help you. Your best bet would be the either the scripting solution or possibly a 3rd party solution (not sure which though since everything depends on client iP). Jeff On 1/26/06, BRUTON, Malcolm, FM <Malcolm.BRUTON@xxxxxxxx> wrote: > > Jeff > > I wish it was that simple. It's not about Web browsing. It's > about retricting which sites they can access that are internal when the > users are external. > > We want to share servers between internal and external users. We want the > internal users to be able to access all sites includng our internal web > based apps. When the same user is external say in a web cafe we do not want > them to be able to access our internal web sites. > > We can't do it via group membership so we must do via IP.... > > We curently split our servers so internal access is to one set and > external is to another set with IE completly disabled. > > We could achive this by moving our servers into a DMZ and applting > firewall restrictions but then we have to open up lots of ports in DMZ for > Citrix server to work with our the management stuff. Less than ideal. > > Hoping we can use some form of IP restiction with IE blocking to achive > this. Playing with PAC files but struggling. > > I get the feeling I am missing something really simple..... > > PS we are on XP FRE3 and hopefully moving to PS4 laster this year > > Malcolm > > > > -----Original Message----- > *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On > Behalf Of *Jeff Pitsch > *Sent:* 25 January 2006 15:48 > *To:* thin@xxxxxxxxxxxxx > *Subject:* [THIN] Re: Applying Restrictions Via IP > > Citrix policies can be applied by IP no problem. > > IE browsing would be best controlled through your firewall...hint hint > > Jeff Pitsch > > > On 1/25/06, BRUTON, Malcolm, FM <Malcolm.BRUTON@xxxxxxxx> wrote: > > > > And I would like the same for something like IE. As in certain IP > > addresses can browse but others can't.... > > > > -----Original Message----- > > *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On > > Behalf Of *Russell Robertson > > *Sent:* 25 January 2006 13:32 > > *To:* thin@xxxxxxxxxxxxx > > *Subject:* [THIN] Applying Restrictions Via IP > > > > > > I'd like to switch on client drive mapping but only for some of our > > external users (using WI3.0/CSG2.0). The idea being that we trust some > > external sites but not all (e.g., web café would not be trusted). > > > > We thought we could do this via IP address, has anyone done this sort of > > thing before and could pass on advice? > > > > Thanks > > > > Russell > > *Russell Robertson > > Skibo Technologies > > T: +44 (0)1224 355250 > > * > > > > *E: **russell.robertson@xxxxxxxxx* <russell.robertson@xxxxxxxxxx>* > > W: **www.skibo.com* <http://www.skibo.com/>** > > > > *Microsoft Certified Partners > > Citrix Solutions Advisers > > Northern Business Star Awards Finalists 2005* > > > > > > > > > > *********************************************************************************** > > The Royal Bank of Scotland plc. Registered in Scotland No 90312. > > Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB. > > Authorized and regulated by the Financial Services Authority > > > > This e-mail message is confidential and for use by the > > addressee only. If the message is received by anyone other > > than the addressee, please return the message to the sender > > by replying to it and then delete the message from your > > computer. Internet e-mails are not necessarily secure. The > > Royal Bank of Scotland plc does not accept responsibility for > > changes made to this message after it was sent. > > > > Whilst all reasonable care has been taken to avoid the > > transmission of viruses, it is the responsibility of the recipient to > > ensure that the onward transmission, opening or use of this > > message and any attachments will not adversely affect its > > systems or data. No responsibility is accepted by The Royal > > Bank of Scotland plc in this regard and the recipient should carry > > out such virus and other checks as it considers appropriate. > > Visit our websites at: > > http://www.rbos.com > > http://www.rbsmarkets.com > > > > ******************************************************************************** > > > >