Block Internet Access

Archived from groups: microsoft.public.win2000.group_policy (More info?)

The most common way I see people doing this is to use GPO to set a proxy
server address that points to a non-existent proxy server, and then prevent
the user from changing that. Seems to work well.

"Someone" <anonymous@discussions.microsoft.com> wrote in message
news:462a01c42ba5$4f8b1650$a501280a@phx.gbl...
> I want to block access to the Internet. How can I use the
> Group policy to do this. Thanks.
 
Archived from groups: microsoft.public.win2000.group_policy (More info?)

There is a much better way of doing this.

How to restrict internet access with group policies:
http://www.chrisse.se/MAQB.asp?ID=17

--
Regards
Christoffer Andersson

No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips
"Darren Mar-Elia" <fermentedgrape@yahoo.com> skrev i meddelandet
news:%23dl7Ws6KEHA.1032@tk2msftngp13.phx.gbl...
> The most common way I see people doing this is to use GPO to set a proxy
> server address that points to a non-existent proxy server, and then
prevent
> the user from changing that. Seems to work well.
>
> "Someone" <anonymous@discussions.microsoft.com> wrote in message
> news:462a01c42ba5$4f8b1650$a501280a@phx.gbl...
> > I want to block access to the Internet. How can I use the
> > Group policy to do this. Thanks.
>
>
 
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Thanks Christoffer. This method is good if you know the URLs of all of the
internal sites that are accessible, but what if its an indefinite list or
what if you want to say "all internal sites". Are there any wildcard
capabilities here?


"Chriss3" <noSpamHere@chrisse.se> wrote in message
news:O79NCz6KEHA.912@tk2msftngp13.phx.gbl...
> There is a much better way of doing this.
>
> How to restrict internet access with group policies:
> http://www.chrisse.se/MAQB.asp?ID=17
>
> --
> Regards
> Christoffer Andersson
>
> No email replies please - reply in the newsgroup
> ------------------------------------------------
> http://www.chrisse.se - Active Directory Tips
> "Darren Mar-Elia" <fermentedgrape@yahoo.com> skrev i meddelandet
> news:%23dl7Ws6KEHA.1032@tk2msftngp13.phx.gbl...
> > The most common way I see people doing this is to use GPO to set a proxy
> > server address that points to a non-existent proxy server, and then
> prevent
> > the user from changing that. Seems to work well.
> >
> > "Someone" <anonymous@discussions.microsoft.com> wrote in message
> > news:462a01c42ba5$4f8b1650$a501280a@phx.gbl...
> > > I want to block access to the Internet. How can I use the
> > > Group policy to do this. Thanks.
> >
> >
>
>
 
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Thanks Chris and Darren.
The problem is I don't want to use IEAK.
I used the group policy object to now point it to our ISA
Proxy Server. However, How can I protect the group policy
object from modification by users access to AD from w2k.
I used Delegation option, but the changes did not take
effect. Is this because I am still in mixed mode.
Thanks.

>-----Original Message-----
>Thanks Christoffer. This method is good if you know the
URLs of all of the
>internal sites that are accessible, but what if its an
indefinite list or
>what if you want to say "all internal sites". Are there
any wildcard
>capabilities here?
>
>
>"Chriss3" <noSpamHere@chrisse.se> wrote in message
>news:O79NCz6KEHA.912@tk2msftngp13.phx.gbl...
>> There is a much better way of doing this.
>>
>> How to restrict internet access with group policies:
>> http://www.chrisse.se/MAQB.asp?ID=17
>>
>> --
>> Regards
>> Christoffer Andersson
>>
>> No email replies please - reply in the newsgroup
>> ------------------------------------------------
>> http://www.chrisse.se - Active Directory Tips
>> "Darren Mar-Elia" <fermentedgrape@yahoo.com> skrev i
meddelandet
>> news:%23dl7Ws6KEHA.1032@tk2msftngp13.phx.gbl...
>> > The most common way I see people doing this is to
use GPO to set a proxy
>> > server address that points to a non-existent proxy
server, and then
>> prevent
>> > the user from changing that. Seems to work well.
>> >
>> > "Someone" <anonymous@discussions.microsoft.com>
wrote in message
>> > news:462a01c42ba5$4f8b1650$a501280a@phx.gbl...
>> > > I want to block access to the Internet. How can I
use the
>> > > Group policy to do this. Thanks.
>> >
>> >
>>
>>
>
>
>.
>
 
Archived from groups: microsoft.public.win2000.group_policy (More info?)

When you said you used the delegation option, are you talking about through
GPMC? What changes to delegation did you make exactly? That will help know
how to make sure things are working as expected.


"Someone" <anonymous@discussions.microsoft.com> wrote in message
news:467a01c42bb2$4bd882b0$a301280a@phx.gbl...
> Thanks Chris and Darren.
> The problem is I don't want to use IEAK.
> I used the group policy object to now point it to our ISA
> Proxy Server. However, How can I protect the group policy
> object from modification by users access to AD from w2k.
> I used Delegation option, but the changes did not take
> effect. Is this because I am still in mixed mode.
> Thanks.
>
> >-----Original Message-----
> >Thanks Christoffer. This method is good if you know the
> URLs of all of the
> >internal sites that are accessible, but what if its an
> indefinite list or
> >what if you want to say "all internal sites". Are there
> any wildcard
> >capabilities here?
> >
> >
> >"Chriss3" <noSpamHere@chrisse.se> wrote in message
> >news:O79NCz6KEHA.912@tk2msftngp13.phx.gbl...
> >> There is a much better way of doing this.
> >>
> >> How to restrict internet access with group policies:
> >> http://www.chrisse.se/MAQB.asp?ID=17
> >>
> >> --
> >> Regards
> >> Christoffer Andersson
> >>
> >> No email replies please - reply in the newsgroup
> >> ------------------------------------------------
> >> http://www.chrisse.se - Active Directory Tips
> >> "Darren Mar-Elia" <fermentedgrape@yahoo.com> skrev i
> meddelandet
> >> news:%23dl7Ws6KEHA.1032@tk2msftngp13.phx.gbl...
> >> > The most common way I see people doing this is to
> use GPO to set a proxy
> >> > server address that points to a non-existent proxy
> server, and then
> >> prevent
> >> > the user from changing that. Seems to work well.
> >> >
> >> > "Someone" <anonymous@discussions.microsoft.com>
> wrote in message
> >> > news:462a01c42ba5$4f8b1650$a501280a@phx.gbl...
> >> > > I want to block access to the Internet. How can I
> use the
> >> > > Group policy to do this. Thanks.
> >> >
> >> >
> >>
> >>
> >
> >
> >.
> >
 
Archived from groups: microsoft.public.win2000.group_policy (More info?)

I used the Delegate Control Wizard. No matter which user
or Group used, the changes did not take effect.
Thanks.
>-----Original Message-----
>When you said you used the delegation option, are you
talking about through
>GPMC? What changes to delegation did you make exactly?
That will help know
>how to make sure things are working as expected.
>
>
>"Someone" <anonymous@discussions.microsoft.com> wrote in
message
>news:467a01c42bb2$4bd882b0$a301280a@phx.gbl...
>> Thanks Chris and Darren.
>> The problem is I don't want to use IEAK.
>> I used the group policy object to now point it to our
ISA
>> Proxy Server. However, How can I protect the group
policy
>> object from modification by users access to AD from
w2k.
>> I used Delegation option, but the changes did not take
>> effect. Is this because I am still in mixed mode.
>> Thanks.
>>
>> >-----Original Message-----
>> >Thanks Christoffer. This method is good if you know
the
>> URLs of all of the
>> >internal sites that are accessible, but what if its an
>> indefinite list or
>> >what if you want to say "all internal sites". Are
there
>> any wildcard
>> >capabilities here?
>> >
>> >
>> >"Chriss3" <noSpamHere@chrisse.se> wrote in message
>> >news:O79NCz6KEHA.912@tk2msftngp13.phx.gbl...
>> >> There is a much better way of doing this.
>> >>
>> >> How to restrict internet access with group policies:
>> >> http://www.chrisse.se/MAQB.asp?ID=17
>> >>
>> >> --
>> >> Regards
>> >> Christoffer Andersson
>> >>
>> >> No email replies please - reply in the newsgroup
>> >> ------------------------------------------------
>> >> http://www.chrisse.se - Active Directory Tips
>> >> "Darren Mar-Elia" <fermentedgrape@yahoo.com> skrev i
>> meddelandet
>> >> news:%23dl7Ws6KEHA.1032@tk2msftngp13.phx.gbl...
>> >> > The most common way I see people doing this is to
>> use GPO to set a proxy
>> >> > server address that points to a non-existent proxy
>> server, and then
>> >> prevent
>> >> > the user from changing that. Seems to work well.
>> >> >
>> >> > "Someone" <anonymous@discussions.microsoft.com>
>> wrote in message
>> >> > news:462a01c42ba5$4f8b1650$a501280a@phx.gbl...
>> >> > > I want to block access to the Internet. How can
I
>> use the
>> >> > > Group policy to do this. Thanks.
>> >> >
>> >> >
>> >>
>> >>
>> >
>> >
>> >.
>> >
>
>
>.
>
 
Archived from groups: microsoft.public.win2000.group_policy (More info?)

OK. So if you're trying to prevent someone from changing a GPO, you won't be
able to do it through the delegation of Control Wizard. That is only
designed to delegate access to AD objects and its incomplete for delegating
a GPO. I would recommend using either the ACL Editor on the GPO itself, or
better yet, use the GPMC, which has a nice, neat Delegation tab built in
that encapsulates the various permissions in easy to understand ways.


"Someone" <anonymous@discussions.microsoft.com> wrote in message
news:472e01c42bbd$77064750$a001280a@phx.gbl...
> I used the Delegate Control Wizard. No matter which user
> or Group used, the changes did not take effect.
> Thanks.
> >-----Original Message-----
> >When you said you used the delegation option, are you
> talking about through
> >GPMC? What changes to delegation did you make exactly?
> That will help know
> >how to make sure things are working as expected.
> >
> >
> >"Someone" <anonymous@discussions.microsoft.com> wrote in
> message
> >news:467a01c42bb2$4bd882b0$a301280a@phx.gbl...
> >> Thanks Chris and Darren.
> >> The problem is I don't want to use IEAK.
> >> I used the group policy object to now point it to our
> ISA
> >> Proxy Server. However, How can I protect the group
> policy
> >> object from modification by users access to AD from
> w2k.
> >> I used Delegation option, but the changes did not take
> >> effect. Is this because I am still in mixed mode.
> >> Thanks.
> >>
> >> >-----Original Message-----
> >> >Thanks Christoffer. This method is good if you know
> the
> >> URLs of all of the
> >> >internal sites that are accessible, but what if its an
> >> indefinite list or
> >> >what if you want to say "all internal sites". Are
> there
> >> any wildcard
> >> >capabilities here?
> >> >
> >> >
> >> >"Chriss3" <noSpamHere@chrisse.se> wrote in message
> >> >news:O79NCz6KEHA.912@tk2msftngp13.phx.gbl...
> >> >> There is a much better way of doing this.
> >> >>
> >> >> How to restrict internet access with group policies:
> >> >> http://www.chrisse.se/MAQB.asp?ID=17
> >> >>
> >> >> --
> >> >> Regards
> >> >> Christoffer Andersson
> >> >>
> >> >> No email replies please - reply in the newsgroup
> >> >> ------------------------------------------------
> >> >> http://www.chrisse.se - Active Directory Tips
> >> >> "Darren Mar-Elia" <fermentedgrape@yahoo.com> skrev i
> >> meddelandet
> >> >> news:%23dl7Ws6KEHA.1032@tk2msftngp13.phx.gbl...
> >> >> > The most common way I see people doing this is to
> >> use GPO to set a proxy
> >> >> > server address that points to a non-existent proxy
> >> server, and then
> >> >> prevent
> >> >> > the user from changing that. Seems to work well.
> >> >> >
> >> >> > "Someone" <anonymous@discussions.microsoft.com>
> >> wrote in message
> >> >> > news:462a01c42ba5$4f8b1650$a501280a@phx.gbl...
> >> >> > > I want to block access to the Internet. How can
> I
> >> use the
> >> >> > > Group policy to do this. Thanks.
> >> >> >
> >> >> >
> >> >>
> >> >>
> >> >
> >> >
> >> >.
> >> >
> >
> >
> >.
> >
 
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Well you can use zones and lock them down to identify all internal websites
for example. I don't believe content advisor can do a such thing, but I will
check it out=)

--
Regards
Christoffer Andersson

No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips
"Darren Mar-Elia" <fermentedgrape@yahoo.com> skrev i meddelandet
news:%23qZNN46KEHA.3944@tk2msftngp13.phx.gbl...
> Thanks Christoffer. This method is good if you know the URLs of all of the
> internal sites that are accessible, but what if its an indefinite list or
> what if you want to say "all internal sites". Are there any wildcard
> capabilities here?
>
>
> "Chriss3" <noSpamHere@chrisse.se> wrote in message
> news:O79NCz6KEHA.912@tk2msftngp13.phx.gbl...
> > There is a much better way of doing this.
> >
> > How to restrict internet access with group policies:
> > http://www.chrisse.se/MAQB.asp?ID=17
> >
> > --
> > Regards
> > Christoffer Andersson
> >
> > No email replies please - reply in the newsgroup
> > ------------------------------------------------
> > http://www.chrisse.se - Active Directory Tips
> > "Darren Mar-Elia" <fermentedgrape@yahoo.com> skrev i meddelandet
> > news:%23dl7Ws6KEHA.1032@tk2msftngp13.phx.gbl...
> > > The most common way I see people doing this is to use GPO to set a
proxy
> > > server address that points to a non-existent proxy server, and then
> > prevent
> > > the user from changing that. Seems to work well.
> > >
> > > "Someone" <anonymous@discussions.microsoft.com> wrote in message
> > > news:462a01c42ba5$4f8b1650$a501280a@phx.gbl...
> > > > I want to block access to the Internet. How can I use the
> > > > Group policy to do this. Thanks.
> > >
> > >
> >
> >
>
>