Security Basics mailing list archives
RE: Stop browsing the web through GP?
From: "Faisal Masood" <faisyuet () wol net pk>
Date: Thu, 18 Sep 2003 01:40:31 +0500
Well as said earlier, restrict access to IE or better use some good firewall where you can restrict individuals. I've been using MS ISA Firewall for the last 2 years for restricting users to access certain sites & to manage net access effectively. Using group policy .... well there is no such option. But off the way you can do one thing. Open Group Policy of the OU whose users you want to restrict. There check Internet Explorer settings. There is a setting where can specify LAN settings for the browser of that OU users. Say if u have a gateway / firewall named NetServer listening for proxy requests at 3128. In GPO, IE settings enter some dummy entries say.... DummyServer with any port e.g 3128. Also make sure to set a GPO setting where users can't change their IE LAN settings. So now what happens, when users from that OU try a connect to a site, they would get no reply as their request would be going to non-existent proxy. Using this method those users can browse your local sites. Give it a try ;) Regards Faisal Masood (FM) Lahore, Pakistan -----Original Message----- From: Dave M. [mailto:curb_security () aon at] Sent: Tuesday, September 16, 2003 10:50 PM To: security-basics () securityfocus com Subject: Re: Stop browsing the web through GP? Spencer D'oro wrote:
I have a Windows Server 2003 domain. I am looking for a way to keep users in a partcular OU from browsing the web. I want to accomplish this through Group Policy, but I can't find anything in the ADM templates for Users or for Computers. Is there another ADM template I am missing? Or is the policy all ready present and I am missing it? I have tried searching on Tech-Net and Google and I haven't been able to find anything. Please help. Loki --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 -----------------------------------------------------------------------
----
Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm -----------------------------------------------------------------------
-----
I suggest to configure the proxy that nobody can acces the inet. Its also possible to restrict the acces to IE regards Dave ------------------------------------------------------------------------ --- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- Stop browsing the web through GP? Spencer D'oro (Sep 12)
- Re: Stop browsing the web through GP? Birl (Sep 15)
- Re: Stop browsing the web through GP? Dave M. (Sep 16)
- RE: Stop browsing the web through GP? Faisal Masood (Sep 17)
- RE: Stop browsing the web through GP? Phillip McCollum (Sep 22)
- RE: Stop browsing the web through GP? Faisal Masood (Sep 17)
- <Possible follow-ups>
- RE: Stop browsing the web through GP? McGill, Lachlan (Sep 15)
- RE: Stop browsing the web through GP? Simon Taplin (Sep 16)
- RE: Stop browsing the web through GP? Wesley T. Scott (Sep 15)
- RE: Stop browsing the web through GP? Thomas F. Szabo (Sep 15)
- RE: Stop browsing the web through GP? Steven A. Fletcher (Sep 16)
- RE: Stop browsing the web through GP? Angie Urtel (Sep 16)