[THIN] Re: Blocking Internet Access by Group

  • From: "Greg Reese" <GReese@xxxxxxxxxxxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Thu, 3 Apr 2003 10:27:42 -0500

I know enough Linux to be dangerous and I am always trying to find =
reasons to learn more.  My wife and I use it at home but just for =
browsing, email and the occasional letter.

I will look into that.

Thanks!

Greg

-----Original Message-----
From: Magnus [mailto:magnus@xxxxxxxx]
Sent: Thursday, April 03, 2003 10:25 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Blocking Internet Access by Group



If you know linux a bit you can use squid  pretty easy to configure and =
you
can point it to your dc for NT and AD groups

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On =
Behalf
Of Lee, David (CITY TREASURY)
Sent: Thursday, April 03, 2003 9:28 AM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: Blocking Internet Access by Group



I have not seen the latest versions, but the old Wingate product allows
proxying based on NT group membership, at a fraction of the cost of MS =
Proxy
/ ISA server.  It also seemed a lot more reliable than Proxy =
Server.....have
a look at  Http://www.wingate.com

-----Original Message-----
From: Greg Reese [mailto:GReese@xxxxxxxxxxxxxxxx]
Sent: 03 April 2003 15:12
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Blocking Internet Access by Group



I have some budget but not enough for anything that comes from =3D =
Microsoft.

-----Original Message-----
From: Angus Macdonald [mailto:Angus.Macdonald@xxxxxxxxxxxxxxxxxxx]
Sent: Thursday, April 03, 2003 9:13 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Blocking Internet Access by Group



That depends on whether or not you have a budget ;-)

We use MS proxy server, which allows proxying based on NT group =3D
membership. The firewall is configured to only accept internet traffic =
from
the =3D proxy server.

-----Original Message-----
From: Greg Reese [mailto:GReese@xxxxxxxxxxxxxxxx]
Sent: 03 April 2003 15:06
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Blocking Internet Access by Group



On NT TSE 4.0 I blocked internet access by group by setting permissions =
=3D
=3D3D on wsock32.dll.  The group "non-internet users" was set to no =
access on
=3D =3D3D it.  That stopped them from accessing the internet through =
Internet
=3D3D Explorer, Ms Outlook, Windows Explorer and all the other ways they =
got =3D
=3D3D around my attempts to block them.  I find it interesting that my =
users =3D
=3D3D can't add an attachment to email or rename a file without having =
their =3D
=3D3D hands held but deny them access to yahoo and they find a million =
ways =3D
=3D3D around it.

but I digress...

The above solution does not work in Windows 2000.  If I change =3D3D
permissions on wsock32.dll the desktop goes nuts.

My Watchguard firewall will block access but only by requiring a =3D3D
password to be entered in a page for access.  That is more trouble that =
=3D
=3D3D it is worth.

All I want to do is have the internet blocked based on group membership. =
=3D
=3D3D  If they are in the group, no external access.

I have tried to find an add on or something but keep coming up empty.

Does any one have any ideas on how I can do this?

I have windows 2000 all the way around, a Watchguard Firebox II, and =
=3D3D
internet explorer 5.5 on all the servers.

Thanks!

Greg
********************************************************
This Week's Sponsor - Emergent Online
EOL's Universal Printer new Features include:
Network Printing, Pagestreaming, 2400 DPI.
No Client Software Required!
http://www.go-eol.com/
**********************************************************

For Archives, to Unsubscribe, Subscribe or=3D20
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
********************************************************
This Week's Sponsor - Emergent Online
EOL's Universal Printer new Features include:
Network Printing, Pagestreaming, 2400 DPI.
No Client Software Required!
http://www.go-eol.com/
**********************************************************

For Archives, to Unsubscribe, Subscribe or=3D20
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
********************************************************
This Week's Sponsor - Emergent Online
EOL's Universal Printer new Features include:
Network Printing, Pagestreaming, 2400 DPI.
No Client Software Required!
http://www.go-eol.com/
**********************************************************

For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
********************************************************
This Week's Sponsor - Emergent Online
EOL's Universal Printer new Features include:
Network Printing, Pagestreaming, 2400 DPI.
No Client Software Required!
http://www.go-eol.com/
**********************************************************

For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

********************************************************
This Week's Sponsor - Emergent Online
EOL's Universal Printer new Features include:
Network Printing, Pagestreaming, 2400 DPI.
No Client Software Required!
http://www.go-eol.com/
**********************************************************

For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
********************************************************
This Week's Sponsor - Emergent Online
EOL's Universal Printer new Features include:
Network Printing, Pagestreaming, 2400 DPI.
No Client Software Required!
http://www.go-eol.com/
**********************************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

Other related posts:

  1. Home
  2. thin
  3. Archive
  4. 04-2003