Network Infrastructure RRS feed

  • Question

  • I have a infrastructure design where i have one AD domain with 20 client computers

    Server- Windows server 2008

    clients- Windows 7 & Windows XP


    I want to block some users from connecting to the internet yet they should be able to access intranet resources. Others should be able to connect to the internet

    i dont want to use ISA. It would be great if this can be accomplished using Group policies

    Friday, July 8, 2011 7:11 PM

All replies

  • There are tow ways to block internet access without using ISA server.


    1.Deny IE proxy setting by Group policy

    If your internet access use Proxy address.It would be possible to block Internet access.

    Firstly,you should create 2 group policy ,one is allow-internet access ,next one is deny-internet access

    • Go GP management > expend user configuration > Windows Settings > Internet Explorer Maintenance > Connection > at right pane double click Proxy Settings > add right proxy address for allow user and leave blank for deny user
    • Go GP management > expend user configuration > Administrative Template: policy XXXXXXX > window componet >  Internet explore > pls find DISABLE CHANGING PROXY SETTINGS and click enable
    • set these two policies on regarding group.


    2.DHCP reservation

    This method is very simple and strange forward.You just need to change Gateway address.

    If you want to allow to internet access.you give correct gateway address

    if you want to deny to internet access, you give wrong gateway address via DHCP ip reservation.


    Hope This help

    • Proposed as answer by Ye Yint Depar Monday, July 11, 2011 3:45 AM
    Monday, July 11, 2011 3:43 AM