How can I block internet but allow email access
-
Thursday, May 17, 2012 8:12 PMI am running Windows 2003 Server R2 SP 2 domain controller with AD. I am trying to blocl internet access some of my users but allow them to recieve email. How can I do that?
All Replies
-
Thursday, May 17, 2012 8:15 PM
Hello,
For that, I would recommend using Forefront TMG. More about it: http://www.microsoft.com/en-us/server-cloud/forefront/threat-management-gateway.aspx
However, you can block URLs based on the use of group policies: http://www.grouppolicy.biz/2010/07/how-to-use-group-policy-to-allow-or-block-urls/
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.Microsoft Student Partner 2010 / 2011
Microsoft Certified Professional
Microsoft Certified Systems Administrator: Security
Microsoft Certified Systems Engineer: Security
Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft Certified Technology Specialist: Windows 7, Configuring
Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer- Marked As Answer by Shaon ShanMicrosoft Contingent Staff, Moderator Friday, May 18, 2012 9:28 AM
-
Thursday, May 17, 2012 8:36 PM
Aside from Mr X's recommendation, there are other 3rd party proxy applications/appliances you can integrate into your network. Another solution is to replace your edge internet router with one that can do URL filtering. That will allow you to control internet access. Finally, another option is host based. There are a lot of client applications that you can install to manage internet usage at the host system rather than the network.
Microsoft's TMG solution is very cost effective and does a great job at managing internet usage.
Guides and tutorials, visit ITGeared.com.
- Marked As Answer by Shaon ShanMicrosoft Contingent Staff, Moderator Friday, May 18, 2012 9:28 AM
-
Friday, May 18, 2012 12:05 AM
Mr X and Jorge's suggestions is actually the best bet. If you don't have or plan on installing a TMG/proxy, the way I've done it in the past for a small company is create a separate OU, then create a GPO, and go into the User Configuration section, Windows Settings, Internet Explorer Maintenance, Connection, Proxy Settings, and put a fake proxy server address. As you can see in my screenshot below, I used 127.0.0.1. This will block EVERYTHING.
Make sure only the users you want to block from complete internet access are in the OU this GPO is applied to. Otherwise, it will block everyone if you link it to the wrong GPO. For example, you do NOT want to link this GPO to the domain level, or no one will be able to access the internet.
.
.
Late Edit: This will not block email if you are using Outlook with an Exchange server, POP or IMAP account. If they are accessing email using a web browser such as for webmail (OWA), it will block that.
.
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.phpThis post is provided AS-IS with no warranties or guarantees and confers no rights.
- Edited by Ace Fekay [MCT]MVP Friday, May 18, 2012 12:13 AM - See Late Edit
- Marked As Answer by Shaon ShanMicrosoft Contingent Staff, Moderator Friday, May 18, 2012 9:28 AM
.png)
