Jump to content

Control Internet access in Active Directory envmnt

JasonGW

By JasonGW
in Windows 2000/2003/NT4

 Share

Recommended Posts

JasonGW

JasonGW

Posted
Posted (edited)

I've been evaluating software and methods, but haven't really found a way to do precisely what I want to do. We've currently got a Linux box in place that does our proxying (Squid) but it's overly complicated and isn't doing the best job. I want, ideally, to come up with a Windows solution for my firewall box.

In a nutshell, here is what I want:

1. By default, ALL users are prevented from accessing the internet

2. Only members of the Active Directory group "InternetBrowsing" are permitted to browse

3. Sites with objectionable content are blocked unilaterally

4. HTTP, HTTPS, FTP and FTPS clients should be able to connect where appropriate

5. More limited users should have predefined sites they can visit but NO blanket access

Any assistance would be appreciated.

Thanks!

Jason

EDIT: I KNOW Active Directory doesn't have these capabilities out of the box, and that's not what I'm after. What I want is a software that can do the above functions and can use the Active Directory user database to keep track of appropriate permissions for individual users.

Edited by JasonGW
Link to comment
Share on other sites

JasonGW

JasonGW

Posted
  • Author
Posted
I don't think AD can do that out the box...you'll still need another program to accomplish that. I think that's what Microsoft's ISA Server is supposed to do...

Oh, I know that :) That's what I'm looking for, some recommendations on software that I can use to accomplish the above goals. I probably can't get my supervisor to spend the $3000+ on ISA server, though. We only have about 80 users on the network with only 30 of those actually needing internet access, so ISA isn't really justified.

thanks!

Jason

Link to comment
Share on other sites
InTheWayBoy

InTheWayBoy

Posted
Posted

I see...in that case then I'm sure there has to be a better, cheaper way. However, I can't think of any off the top of my head. I would think something along the lines of a centrally managed firewall might work best for you. Something you could deploy to all the computers and lock down to your settings. I was looking in to Kerio WinRoute Firewall for that earlier, but haven't really done much investigating.

Link to comment
Share on other sites
JasonGW

JasonGW

Posted
  • Author
Posted
I see...in that case then I'm sure there has to be a better, cheaper way. However, I can't think of any off the top of my head. I would think something along the lines of a centrally managed firewall might work best for you. Something you could deploy to all the computers and lock down to your settings. I was looking in to Kerio WinRoute Firewall for that earlier, but haven't really done much investigating.

Yeah I'm playing with that right now, hopefully it will work out. Ideally I'd prefer *not* to install a client component, but if I gotta, I gotta.

Jason

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...