Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Internet Access

Status
Not open for further replies.
bazzert

bazzert

Technical User
Nov 13, 2002
216
GB
In the school where I work the various computer suites are arranged into logical OU's. I have been asked if its possible to deny internet access to individual suites on a per lesson basis (i.e. only deney access to maybe one suite and leave the others active).

My first thought was through group policy though at the moment I can't seen to find a way. Is there a way through IPSEC? I'm sure I read something about this a while ago.
 
Sort by date Sort by votes
1 way through GP is to edit the proxy settings for that OU to give them a bogus proxy information.

Or you might want to look into something such as ISA server from MS.

 
Upvote 0 Downvote
OK, found one soulution in a piece of software. From my initial look its very good. You can disable internet connection by individual machine name (so all of one suite can be disabled if you wish to by placing in a group), good part is this can on the fly the machine doesn't need to be restarted. In fact it can be done while someones browsing and it stops them. Software also includes filtering and application blocking.

Application requires a control panel on the server and a client app to be installed (invisible to user).


Think I'll be spending some of the schools money.
 
Upvote 0 Downvote
Just a couple of thoughts, could you not deny access to IE via Group policy?

Also, do you have a router/firewall that you could disable access to certain computers? Lots now enable scheduling so you allow access at certain times...

 
Upvote 0 Downvote
Can be done at the firewall easily if each group (suite)of machines has a different subnet IP block, as you can simply block external access to that subnet range of addresses at the firewall, and change it as you need to from a master console.

Probably will not work in your environment,as you probably use a common DHCP from a central location for all the systems. The best solution is to put the specific systems in a given suite into a specific group, and then use group policy to limit or turn on the access for that specific group.

HTH

David
 
Upvote 0 Downvote
Unfortunately this is an inherited environment and the internet blocking has to be in place ASAP.

We do have common DHCP from a central location so would need some work to setup.

Actually quite like software as its just a tick box to deny either whole of a suite or a single machine and its instant so you can deny even when users are logged on as machines don't need to be restarted
 
Upvote 0 Downvote
Yes you can do it from group policy, i've posted many times, just do a search.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
631
mangentle
mangentle
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
371
hairlessupportmonkey
hairlessupportmonkey
StevenFromSouth
  • Locked
  • Question
VPN Connects but cannot access remote network computers or folders
Replies
1
Views
331
StevenFromSouth
StevenFromSouth
iCDT
  • Locked
  • Question
Remote Desktop Web Access ( No application available)
Replies
2
Views
315
hairlessupportmonkey
hairlessupportmonkey
Dave60608
  • Locked
  • Question
Accessing shared folders via a network
Replies
5
Views
646
strongm
strongm

Part and Inventory Search

Sponsor

Back
Top