Lus Posted August 11, 2005 Share Posted August 11, 2005 hi i wana limit some computer to deny accessing website by useing GPO.is any imposible way by configuring "windows Firewall" via GPO for denying access to web site ? i think this configuration must denying user to connecting to web servers :----------GPO------------Windows Firewall = protect all network connection \ enablewindows firewall = define program exceptions --- adding software with Scope ---> program path : %program files%\internet explorer\iexplorer.exe Scope : 192.168.0.1(gateway address)windows firewall : do not allow exceptions \ enable-----------------------any idea ? Link to comment Share on other sites More sharing options...
berrick Posted August 11, 2005 Share Posted August 11, 2005 There are various ways perhaps you could achieve this different methods will depend on your network and complexity. One way if say using Cisco routers would be to use extended ACL's that way you could block on protocol, ports source/destination IP etc. Another way if these clients dont need to get off the local network could be to remove the default gateway and use a host file to block cerian url's for example127.0.0.1 www.doubleclick.netand use GPO to stop the users changing the local computers tcp/ip settings.another way is to use configure IPSec policy using ip filtering i have never done this so dont know how flexible it is. It would certianly block all trafic to and from a client! Try searching for more info if these topics are of interest. If you dont get any where let me no and i will see if i can find any links to do with the IPSec bit Link to comment Share on other sites More sharing options...
Hamins Posted August 13, 2005 Share Posted August 13, 2005 (edited) I want to do somethng similar to this. I want to deny users access to all website except a few. Is there any way of doing this through Windows2003 ? Edited August 13, 2005 by Hamins Link to comment Share on other sites More sharing options...
chilifrei64 Posted August 13, 2005 Share Posted August 13, 2005 GPO is not the way to go for this one guys.. your best bet is to get a linux box and set it up as a proxy server.. this will allow you to configure web filtering to your liking... Proxy servers are not easy to configure and it may take some time.. but GPO was not meant for web filtering and you will probably have a much harder time working with GPO than you will with a Proxy server Link to comment Share on other sites More sharing options...
Hamins Posted August 14, 2005 Share Posted August 14, 2005 Chilifrie, I understand what you're trying to say. However, I want to know if it's possible at all, or not ? Link to comment Share on other sites More sharing options...
Hamins Posted August 14, 2005 Share Posted August 14, 2005 Chilifrie, I understand what you're trying to say. However, I want to know if it's possible at all, or not ? Link to comment Share on other sites More sharing options...
chilifrei64 Posted August 15, 2005 Share Posted August 15, 2005 The only thing you can do with GPO in terms of filtering is deploying it through content advisor but that will not do what you are asking it to do.. this will only filter based on content and not specific sites.. also.. sites that dont put content adivsor tags in their page will not work either and since this is mainly MS filtering.. not many people do.. So no..Now this is not saying that it isnt possible.. BUT.. GPO was not built with web filtering in mind and there is no procedure in place to set this up BUT.. GPO is very powerful and if you get crazy enough with it it can probably be done, however i dont see how. Link to comment Share on other sites More sharing options...
berrick Posted August 15, 2005 Share Posted August 15, 2005 As i said earlier I'm sure it is possible to use the built in IP filtering to setup ipsec which can be controled via gpo..... BUT i havent tried it and not sure how difficult it would be to do/administor Link to comment Share on other sites More sharing options...
Lus Posted August 26, 2005 Author Share Posted August 26, 2005 thanks guys i used ICS for deploing internet over my network now i am useing NAT solution. i install Kerio Winroute 6. advantage NAT technology with kerio - permit or deny group of user or computers (with ip) to access to internet- centeral location for manageing internet access wihtout change GPO - web filtering - u can configure Kerio so each user have an accout for access to internetany better idea ? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now