[gptalk] Re: restrict internet access for several users

  • From: "Maugris Beauchamps" <rmgmaug38xq@xxxxxxxxx>
  • To: gptalk@xxxxxxxxxxxxx
  • Date: Tue, 20 Mar 2007 22:17:35 -0700

It is possible to use the setting "bypass proxy server for local
addresses".  There is also a second item where you can list sites
deemed to be part of the intranet,  This is essentially the "Proxy
Override" value under the key:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
By using that you can create a white list of sites.  Using GP to set
this list limits the length of the whitelist you can thus provide.  To
work around this, I keep a list in a text file, and apply it in a
login script.  I use GP to turn off the connections tab so users can't
set it back.  To date I've not noticed anyone using a rogue browser,
but I'll look to see tomorrow.


On 3/19/07, Tom Strader <tstrader@xxxxxxxxxx> wrote:


What if the users need access to specific Internet sites? If you set a dummy
Proxy server, it inhibits all traffic, correct?
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of tools@xxxxxxxxxx
Sent: Monday, March 19, 2007 11:08 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: restrict internet access for several users


Whenever this question comes up, the best answer is usually to use a Proxy
Server to control this. If you have ISA from MS then you can use its
capability to integrate into AD to control access for specific users and
groups. However, in the absence of a proxy server solution, you can kludge a
solution using IE Maintenance Policy. Basically use the feature in IE
Maintenance policy to set a proxy server setting in IE to set a "dummy"
proxy server. By setting that, IE essentially fails when trying to access
any sites for the users who receive that policy.


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Dave Clapham
Sent: Monday, March 19, 2007 8:03 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] restrict internet access for several users

I need to restrict internet access for 7 users on our school network.  They
still need access to the file server but only to disable the internet.  Our
users will login to several different computers through out the day so I am
not able to lock a certain computer down.  We are running Active Directory
on Windows Server 2003 with XP Pro SP2 on the workstations.

I have been through the User Configuration and can only find a policy that
will remove the IE icon from the desktop and quick launch.  This might work
if I could find a way to disable the IE on the Start Menu as well but am
open to other ways also.


Dave Clapham

Pawnee Heights School

Rozel, Kansas
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/

Other related posts: