none
Restrict Internet Access to a Workstation Through GPO

    Question

  • Hi-
     I am having issues with restricting internet access to select workstations.  I saw the restrict internet access under Computer Config > Admin Templates > System > Internet Communication

    I enabled the Restrict Internet Communication setting and by default it enabled all Internet Communication settings within the subfolder.

    This is still not restricting this workstation to being able to access the internet.  Do you know what I am doing wrong?

    I am not able to select a bogus proxy server through the computer configuration since it is only available in user config.  That was my other work around to try to implement this issue.

    Please get back to me as soon as possible.  Thanks
    Wednesday, February 04, 2009 8:56 PM

Answers

  •  

    Hi,

     

    As far as I know, the Restrict Internet communication policy is used to specify whether Windows can access the Internet to accomplish tasks that require Internet resources rather than to prevent the user from accessing the Internet.

     

    For example, the Internet Communication setting: Turn off Event Viewer “Events.asp” links is used to specify whether “Event.asp” hyperlinks are available for events within the Event Viewer application. If you enable this setting, event description URL links are not activated and the text “More Information” is not displayed at the end of the description.

     

    To restrict Internet access, I suggest that you deploy a proxy server or a firewall in the network. In addition, you may implement group policy to force the users who are not allowed to access the Internet to use an invalid proxy.

    Friday, February 06, 2009 9:56 AM
    Moderator
  • You could use Windows Firewall settings to disable everything in the GPO that is applied to these computers.
    Tuesday, February 10, 2009 10:29 PM

All replies

  •  

    Hi,

     

    As far as I know, the Restrict Internet communication policy is used to specify whether Windows can access the Internet to accomplish tasks that require Internet resources rather than to prevent the user from accessing the Internet.

     

    For example, the Internet Communication setting: Turn off Event Viewer “Events.asp” links is used to specify whether “Event.asp” hyperlinks are available for events within the Event Viewer application. If you enable this setting, event description URL links are not activated and the text “More Information” is not displayed at the end of the description.

     

    To restrict Internet access, I suggest that you deploy a proxy server or a firewall in the network. In addition, you may implement group policy to force the users who are not allowed to access the Internet to use an invalid proxy.

    Friday, February 06, 2009 9:56 AM
    Moderator
  • To be able to restrict internet access, I have read that you can just point the proxy settings in IE to a fake proxy server and this will achieve the same results.   I have stations now that I just leave the default gateway blank and they are not able to reach the internet.  I am trying to accomplish this through GPO and use organizational units instead of going to each computer to take away access.  As you know users get smart and figure out why their internet isn't working. 

    Do you have any other suggestions of being able to do this through gpo?
    Tuesday, February 10, 2009 10:19 PM
  • You could use Windows Firewall settings to disable everything in the GPO that is applied to these computers.
    Tuesday, February 10, 2009 10:29 PM
  • Hi,

    To restrict internet access you have to use a proxy server (like ISA from Microsoft), which will also give you more options. By gpo, you can set a fake proxy server, bu this will only work on Internet Explorer and not on other internet browsers.
    Have a nice day! The Masterplan - MCSE,MCITP-EA http://winmasterplan.blogspot.com
    Wednesday, February 11, 2009 1:15 PM
  • Do you know where in gpo you would find this, I have seen the proxy server settings under user, but i need it by computer?  So on certain computers I can restrict internet access.  If the user travels to an internet approved computer then they are able to access the internet.
    Friday, February 13, 2009 4:45 PM
  • Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall....
    Friday, February 13, 2009 8:54 PM
  • Hi,

    For this please follow the Microsft Press book Configuring Windows Server 2008 Network Infrastructure (70-642), Chapter 8: Configuring Windows Firewall and Network Access Protection, EXERCISE 2 Configuring Outbound Filtering, Page no. 441. But for the best practice, use Microsoft Forefront TMG 2010. Forefront TMG 2010 uses Microsoft Reputation Service (MRS), is a cloud-based new service, hosted by Microsoft to categorize URLs that is helping to provide better level of web security to an end users. For more information check the blog http://www.msserverpro.com . And check the article on "Controlling Web Access with URL Filtering in TMG 2010".

    Sunday, November 20, 2011 5:55 PM