Re: How can this be done

From: Steven L Umbach (
Date: 09/29/05

Date: Thu, 29 Sep 2005 12:36:48 -0500

You can block access to port 80 TCP outbound at your firewall for specific
source IP addresses or IP ranges which would only work well if clients had
static IP addresses, or you want to block a whole subnet/DHCP scope and
they can not modify their IP address. Using ipsec filtering Group Policy
can also disable the users ability to access http websites on the internet
if that is acceptable. You can also block access via ipsec filtering policy
or firewall to specific website IP addresses which can be difficult
depending on the number of IP address the mail service they use has which
could be substantial. A firewall solution like ISA 2004 has advanced http
application filtering which may be able to stop access with the proper rules
though I would post first in an ISA 2004 newsgroup to ask about that subject
before buying ISA 2004 and you can get a free Evaluation Edition of ISA 2004
if you want to try it. Such a solution would help if the users need to have
internet access but you want to block internet based email. --- example of ipsec filtering.

A non technical solution would be to have a user policy which prohibits the
use of internet based email. You would want a written policy that the users
sign with spelled out specific disciplinary action and a warning that their
traffic is being monitored. You would need the buy in on management and
personnel and a commitment to enforce or such policies do not work. ---

"Chris" <> wrote in message
> Hi,
> How can I block http email access on on my network? Is it possible to
> block
> http access to specific XP machines via grup policy? I am running windows
> 2003 server with XP clients. The problem I have is users adding their
> personal email accounts to outlook.
> Thanks