Prevent Internet Access Terminal Services 1

[aquias]

Hello everyone,

I have an AD Domain setup and currently running. What I'm looking to do is to have Terminal Services users authenticate for use of a few specific applications. I have the majority of the system locked out the way I want, but I've hit one specific wall.

When a user launches Windows Explorer they'll still be able to surf the web by placing a URL in the address bar, is there a policy to prevent this?

Currently, I do have the system configured to prevent access to Windows Explorer, but everytime I believe I'm locked down I find a minor back door, this is going to be my "catch all" policy until I'm comfortable that it is truly locked out to my liking.

 

[Albion]

I had this problem with my shop users. I just setup a group policy for that user group in which I set the proxy server to 0.0.0.0. Then I set it so that the users couldn't access the proxy server settings. This stops any access from Windows Explorer or Internet Explorer.

Here are the group policies that you will need to set.

User Configuration -> Windows Settings -> Internet Explorer Maintenance -> Connection -> Proxy Settings (Enable proxy and set it to 0.0.0.0:80, check use same proxy server for all addresses, check do not use proxy server for local addresses if you have an intranet.)

User Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> disable changing proxy settings (Enable this)

You may also want to set

User Configuration -> Administrative Templates -> Windows Components -> Windows Media Player -> Networking -> Configure XXXX Proxy (Enable and set all three)

To disallow them from getting out to the net through Media Player.

-Al

 

[aquias]

Simple...and effective! Thanks Albion!