Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Blocking Internet browsing access but not email in SBS 2000

Status
Not open for further replies.
tcwinont

tcwinont

Technical User
Aug 9, 2003
124
CA
Thanks in advance for looking at this.

I don't know if it's possible or not but here goes; I want to block Internet Access (typically Internet Explorer) but not email access (typically outlook express). I understand that programs use different ports to access the internet and would actually look for alternatives to 'sniff' out an open port. I've blocked port 8080 (I believe) on computer that I do not wish to grant internet access to but that would block outlook express as 'it shares internet connection' under the options pull down menu and connections tab.

For now I have computers setup to access the internet directly through a router. Should I be using my SBS 2000 box (a Dell) and Internet Security and Acceleration Server and somehow create a group policy?

Any advice or comments would be appreciated.

Thanks.
 
Sort by date Sort by votes
I should add to this; I have DCHP turned off and am using Static IP Addresses.
 
Upvote 0 Downvote
You should use the ISA services so you can selectively give access to diferrent users. You can use a group policy for setting the proxy settings in IE. If ISA is setup for caching, it will also save you money and would be quicker for pages already stored in the cache.

Email uses ports 110 (POP3) and 25 (SMTP). Block port 80 (http)and configure the browsers to use ISA proxy at port 8080.

smsg
 
Upvote 0 Downvote
Better yet would be to set up another network segment with a second NIC in the server. Put just your router and your server on the new segment and give it a different private range than your existing network: use 10.0.0.x/255.255.255.0 if your existing is 192.168.1.x/255.255.255.0

When you run ISA setup, it should see the two segments and let you set them up as "Internal" and "External" segments.

ISA should also create some default internet access groups/policies. To restrict a user, all you have to then is just assign them to the appropriate group.

Since the router is on a different physical network segment, a knowledgeable user can't change their IE settings to bypass ISA and get to the router directly.
 
Upvote 0 Downvote
tcwinont,

How many computer's do you have that you want to block Internet access to?

I'd take a look at Lakeside Software's, SysTrack ( SysTrack is an easy to use tool that can hault the execution of any unauthorized application such as IE, instant messanger, etc...

Check it out when you have a chance.
Good luck!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dpellegrini
  • Locked
  • Question
Website will load using hostname but not IP address
Replies
3
Views
1K
mangentle
mangentle
ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
1K
gbaughma
gbaughma
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
628
mangentle
mangentle
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
691
microsGuy16
microsGuy16
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
698
Aquiles Vidal
Aquiles Vidal

Part and Inventory Search

Sponsor

Back
Top