Group Policy

[2Tall]

I would like to deny a group of computers access to the Internet. Why? The Computers in question are used internally for testing hardware and do not require Internet Access (I do not want to use a Anti Virus license) although they do require access to the corporate LAN.

I have a domain local security group to which I have added the computers.

I have added this group to the GPO filter.

I have manually configured the Proxy Settings on the affected computers and have then simply hidden the connections tab via group policy (Computers). However this is not bullet proof and only applies to IE.

Are there any custom GP templates I could install to assist, or does anyone have advice on how I can acheive my goal?

Many Thanks,

Phil.

[eyeball]

can you give the computers a default gateway that doesnt exist and get around it that way?

[touchstone_81]

Blocking internet access may be better achieved using a firewall rather than AD. But if you dont happen to have a well protected firewall you could still block http traffic by using IPSEC policies in gpedit.

Step 1 -- set up a filter list defining any traffic originating from the workstations in question to any IP at port 80(port 443 for ssl),

step 2 -- setup a block filter action and finally create an ip security policy linking the filter list and actions. After that all that remains to be done is to assign the policy and wait for it take effect or do a manual refresh if you are the impatient type.

remember this will block access to any intranet websites operating on port 80 otherwise they should be fine.One way to get around this is to set up a another filter list with a permit action for a particular intranet webserver.

Note: If you are using a proxy to go through to the internet then the rule you set up must block all destination traffic to the proxy server port.eg: 9090

[2Tall]

Thanks for the replies, I will have a look into the IPSEC Policy. Another guy has mentioned Local Loop Back so that is something else to look at.

Many Thanks,

Phil.