I know enough Linux to be dangerous and I am always trying to find = reasons to learn more. My wife and I use it at home but just for = browsing, email and the occasional letter. I will look into that. Thanks! Greg -----Original Message----- From: Magnus [mailto:magnus@xxxxxxxx] Sent: Thursday, April 03, 2003 10:25 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Blocking Internet Access by Group If you know linux a bit you can use squid pretty easy to configure and = you can point it to your dc for NT and AD groups -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On = Behalf Of Lee, David (CITY TREASURY) Sent: Thursday, April 03, 2003 9:28 AM To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] Re: Blocking Internet Access by Group I have not seen the latest versions, but the old Wingate product allows proxying based on NT group membership, at a fraction of the cost of MS = Proxy / ISA server. It also seemed a lot more reliable than Proxy = Server.....have a look at Http://www.wingate.com -----Original Message----- From: Greg Reese [mailto:GReese@xxxxxxxxxxxxxxxx] Sent: 03 April 2003 15:12 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Blocking Internet Access by Group I have some budget but not enough for anything that comes from =3D = Microsoft. -----Original Message----- From: Angus Macdonald [mailto:Angus.Macdonald@xxxxxxxxxxxxxxxxxxx] Sent: Thursday, April 03, 2003 9:13 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Blocking Internet Access by Group That depends on whether or not you have a budget ;-) We use MS proxy server, which allows proxying based on NT group =3D membership. The firewall is configured to only accept internet traffic = from the =3D proxy server. -----Original Message----- From: Greg Reese [mailto:GReese@xxxxxxxxxxxxxxxx] Sent: 03 April 2003 15:06 To: thin@xxxxxxxxxxxxx Subject: [THIN] Blocking Internet Access by Group On NT TSE 4.0 I blocked internet access by group by setting permissions = =3D =3D3D on wsock32.dll. The group "non-internet users" was set to no = access on =3D =3D3D it. That stopped them from accessing the internet through = Internet =3D3D Explorer, Ms Outlook, Windows Explorer and all the other ways they = got =3D =3D3D around my attempts to block them. I find it interesting that my = users =3D =3D3D can't add an attachment to email or rename a file without having = their =3D =3D3D hands held but deny them access to yahoo and they find a million = ways =3D =3D3D around it. but I digress... The above solution does not work in Windows 2000. If I change =3D3D permissions on wsock32.dll the desktop goes nuts. My Watchguard firewall will block access but only by requiring a =3D3D password to be entered in a page for access. That is more trouble that = =3D =3D3D it is worth. All I want to do is have the internet blocked based on group membership. = =3D =3D3D If they are in the group, no external access. I have tried to find an add on or something but keep coming up empty. Does any one have any ideas on how I can do this? I have windows 2000 all the way around, a Watchguard Firebox II, and = =3D3D internet explorer 5.5 on all the servers. Thanks! Greg ******************************************************** This Week's Sponsor - Emergent Online EOL's Universal Printer new Features include: Network Printing, Pagestreaming, 2400 DPI. No Client Software Required! http://www.go-eol.com/ ********************************************************** For Archives, to Unsubscribe, Subscribe or=3D20 set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm ******************************************************** This Week's Sponsor - Emergent Online EOL's Universal Printer new Features include: Network Printing, Pagestreaming, 2400 DPI. No Client Software Required! http://www.go-eol.com/ ********************************************************** For Archives, to Unsubscribe, Subscribe or=3D20 set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm ******************************************************** This Week's Sponsor - Emergent Online EOL's Universal Printer new Features include: Network Printing, Pagestreaming, 2400 DPI. No Client Software Required! http://www.go-eol.com/ ********************************************************** For Archives, to Unsubscribe, Subscribe or=20 set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm ******************************************************** This Week's Sponsor - Emergent Online EOL's Universal Printer new Features include: Network Printing, Pagestreaming, 2400 DPI. No Client Software Required! http://www.go-eol.com/ ********************************************************** For Archives, to Unsubscribe, Subscribe or=20 set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm ******************************************************** This Week's Sponsor - Emergent Online EOL's Universal Printer new Features include: Network Printing, Pagestreaming, 2400 DPI. No Client Software Required! http://www.go-eol.com/ ********************************************************** For Archives, to Unsubscribe, Subscribe or=20 set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm ******************************************************** This Week's Sponsor - Emergent Online EOL's Universal Printer new Features include: Network Printing, Pagestreaming, 2400 DPI. No Client Software Required! http://www.go-eol.com/ ********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm