Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Wanet Telecoms Ltd on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Restrictions

Status
Not open for further replies.
StateSQLboy

StateSQLboy

MIS
Apr 11, 2003
50
US
I have a client who wants to be able to keep certain users from browsing the web, but still be able to retrieve emails. It has been many moons since I have messed with setting system policies on NT 4.0. Is there any way using the policy editor to keep these people from using Internet Explorer or Netscape. Or should I block them from using port 80? Someone please help
 
Sort by date Sort by votes
Why do you not run a registry command to change the proxy server address to one which does not exist and that will stop them using the internet. That is presuming that you are going through a proxy.
 
Upvote 0 Downvote
All I want to do is block 5 users from using IE. Does MS have anything similar to Novell's Bordermanager?? I am already planning on setting a policy on the local machines to keep them from escaping through the logon.
 
Upvote 0 Downvote
I have used two different methods to prevent users from surfing the web...

1. Supervisor was caught surfing porn sites (wish they had fired his a$$), they wanted to let him have e-mail, but no surfing. I pulled his DNS and put in the IP for the mail servers. If your mail servers are stable, this is the most fool proof method.

2. Not as easy, you have to specify all programs user is allowed to run! Click on Start, Programs, Administrative Tools(Common), System Policy Editor. Then you will probably need to create a new user, and under System, Restrictions you will "Run Allowed Programs." Start listing everything they need...Acrobat reader, MSword, etc.. And you need to specify the program name, not the common name Microsft Word.

And to be honest, I haven't been entirely succesful with the second method. I have VNCed and found users who should be restricted happily surfing the web. I have been impressed with the methods they have found to surf. Method one: make a link inside a MS Word document, two: click on a link inside an e-mail, Three: click on a Link saved in there favorites...the list goes on and on. Even when I can restrict the users from Word, Excell, Outlook, etc., they copy a link to there documents from a floppy (at least that's my guess.)

I don't like method one, because when I want to update a workstation, I have to add back DNS, then rip it out again (at least I seem to recall having to do that in NT, wonder if it wouldn't be nessecary in XP?) However, the supervisor that I ripped the DNS out of (didn't have elevated priveleges) didn't figure out (AFAIK) how to surf the web. I _think_ method one is pretty foolproof, if you consider the users priveleges.

If anybody has comments on how to implement system polices, and prevent the user bypass methods mentioned above, PLEASE let me know!

Good luck,

Jeff
 
Upvote 0 Downvote
Just block port 80 on your firewall for those IP addresses, use access-list.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
671
mangentle
mangentle
DrB0b
  • Locked
  • Question
Creating strick remote log on restrictions
Replies
0
Views
83
DrB0b
DrB0b
mrmovie
  • Locked
  • Question
Port restrictions for passive MS FTP
Replies
0
Views
50
mrmovie
mrmovie
Enkrypted
  • Locked
  • Question
Routing and Remoting Day/Time restrictions
Replies
3
Views
96
brundleseth
brundleseth
nicksheppard
  • Locked
  • Question
SBS restrictions
Replies
1
Views
60
mofusjtf
mofusjtf

Part and Inventory Search

Sponsor

Back
Top