Restrict internet access to only three specific sites for employee account, but allow full access to manager account RRS feed

  • Question

  • Hello all,

       Working with a client who wishes to have a laptop usable by both staff and management at his restaurant. He wants the management to have an unrestricted Administrator account, but wants the staff to have a restricted user account such that they can only use the web browsers to navigate to three specific sites. (btw, the laptop is on a domain) Have been doing research on this for hours now and can't seem to find a solution to what should be a simple problem. All the software suggested costs money, which the owner is not interested in. Any help?

    Wednesday, May 11, 2016 1:43 PM


All replies

  • If you are on a domain simply make a GPO and apply it to the Restaurant users and exclude the manager. Try following this KB:


    If you find I have answered your question please mark it as the answer.

    • Proposed as answer by ZigZag3143x Thursday, May 19, 2016 10:58 AM
    Wednesday, May 11, 2016 6:23 PM
  • Hi nbComputerSolutions,

    As ShaneAdair said, if you are on a domain, we could use the GPO to achieve. Also we could use the ISA to control internet access. Similarly we should create a group to set access permissions. Then setting GPO to the OU and setting up ISA Server network. At last, we could add a firewall rule.

    Hope it will be helpful to you.

    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, May 12, 2016 12:19 PM
  • Hello,

      This is sounding like the correct solution but I have run into another snag. I installed Group Policy Management tool and am attempting to make a GPO as you and your link indicate. When I open GPM, however, all there is in the left pane is "Group Policy Management". There is no forest and if I attempt to add a forest, nothing I type is accepted because "The specified domain either does not exist or could not be contacted." Any ideas?

    Thursday, May 12, 2016 6:14 PM
  • Hi nbComputerSolutions,

    This issue can occur because the Sysvol directory is not shared out on the domain controller. Please check the link below try to repair.


    Hope it will be helpful to you.

    Please mark the reply as an answer if you find it is helpful.

    If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Thursday, May 19, 2016 9:18 AM