A policy to stop Internet usage

Using Windows XP Professional on a Windows 2000 Server Domain; how can I best
prohibit users from using the Internet (except for one weather web site)?

There is a problem the users need admin rights to use a business specific
software. I could if needed take the machine off the domain setting it to a
work group.

Is there a control or a policy I can use?

Looking for an idea - thanks

Terry wrote:
Using Windows XP Professional on a Windows 2000 Server Domain; how can I best
prohibit users from using the Internet (except for one weather web site)?

There is a problem the users need admin rights to use a business specific
software. I could if needed take the machine off the domain setting it to a
work group.

Is there a control or a policy I can use?

Looking for an idea - thanks

How are the machines connecting to the internet? You may be able to use
domain group policies or a proxy server but in my opinion the easiest
way would probably be to lock them out or restrict sites at the router.
Putting the machines in a workgroup will only exacerbate things, you
will lose all control on the machines, it would be a free for all...or
at least a free for all for users with administrative privileges.

John

John, thanks

Internet is a DSL from ATT and they control the router. If I use a Domain
Group Policy for certain users, would that policy aply even if the users have
admin rights on the local machine? And what is the process to write or change
a group polocy?

"John John - MVP" wrote:

Terry wrote:
Using Windows XP Professional on a Windows 2000 Server Domain; how can I best
prohibit users from using the Internet (except for one weather web site)?

There is a problem the users need admin rights to use a business specific
software. I could if needed take the machine off the domain setting it to a
work group.

Is there a control or a policy I can use?

Looking for an idea - thanks

How are the machines connecting to the internet? You may be able to use
domain group policies or a proxy server but in my opinion the easiest
way would probably be to lock them out or restrict sites at the router.
Putting the machines in a workgroup will only exacerbate things, you
will lose all control on the machines, it would be a free for all...or
at least a free for all for users with administrative privileges.

John

In article ,
says...

Using Windows XP Professional on a Windows 2000 Server Domain; how can I best
prohibit users from using the Internet (except for one weather web site)?

There is a problem the users need admin rights to use a business specific
software. I could if needed take the machine off the domain setting it to a
work group.

Is there a control or a policy I can use?

Looking for an idea - thanks

Why not just use a Global Blocking policy with exceptions for
*.Microsoft.com and *.Symantec.com (if you use Symantec) and others that
you approve of.

Try looking at http://www.opendns.com/

It will let you give them SOME access and you can block most of the
others.

One warning, if you block Web Mail, it will also block your SMTP server,
if you have one, from sending to those providers, so you have to white-
list the MX records - this lets you send email, but blocks them from
accessing the websites that provide access to it.


--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
(remove 999 for proper email address)

You would create a Group Policy and apply it to the proper
Organizational Unit (OU). Domain Policies cannot be overridden by local
administrators. See here for typical instructions:

http://www.chrisse.se/MAQB.asp?ID=17
How to restrict internet access Domain wide or for a single Site or OU
with Group Policies

The ATT DSL Router. I don't know which router(s) ATT supplies or
how they set up their customers but I kind of doubt that they control
the router. I'm quite sure that you can configure the router to suit
your needs, if you have the manual for the router you should be able to
find your way around and set it to your liking. That being said, ISP
supplied routers are usually basic (cheap) routers with very limited
features. For most parts you can usually disable all the routing
functions on these cheap routers and simply have the modem part of the
device enabled and then pass it through a decent business class
router/firewall appliance that can control internet access by IP or MAC
address. This in my opinion is about as safe and easy as it gets, only
users with the router password can make changes to the setup.

John


Terry wrote:
John, thanks

Internet is a DSL from ATT and they control the router. If I use a Domain
Group Policy for certain users, would that policy aply even if the users have
admin rights on the local machine? And what is the process to write or change
a group polocy?

"John John - MVP" wrote:

Terry wrote:
Using Windows XP Professional on a Windows 2000 Server Domain; how can I best
prohibit users from using the Internet (except for one weather web site)?

There is a problem the users need admin rights to use a business specific
software. I could if needed take the machine off the domain setting it to a
work group.

Is there a control or a policy I can use?

Looking for an idea - thanks
How are the machines connecting to the internet? You may be able to use
domain group policies or a proxy server but in my opinion the easiest
way would probably be to lock them out or restrict sites at the router.
Putting the machines in a workgroup will only exacerbate things, you
will lose all control on the machines, it would be a free for all...or
at least a free for all for users with administrative privileges.

John

From: "Terry"

| Using Windows XP Professional on a Windows 2000 Server Domain; how can I best
| prohibit users from using the Internet (except for one weather web site)?

| There is a problem the users need admin rights to use a business specific
| software. I could if needed take the machine off the domain setting it to a
| work group.

| Is there a control or a policy I can use?

| Looking for an idea - thanks


This is what a FireWall Appliance is all about.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp