Re: Policies w/o logging into Domain

From: karl [x y] (jamescagney90210@excite.com)
Date: 08/12/02 

From: "karl [x y]" <jamescagney90210@excite.com>
Date: Mon, 12 Aug 2002 08:25:05 -0400

I would think it would be better to restrict this using a firewall or
router, either by machine IP address, or better yet, by using a firewall or
proxy that can do user or machine authentication.

You could probably use the IEAK IE administration kit from Microsoft to
permanently set those values. Easier still, you could change the
permissions on the registry key containing the IE proxy information so that
no one but approved administrators can change the information. Anyone who
is has local admin permissions on the workstation can remove the permissions
you set.

If all your computers are on a single subnet, you could remove the default
gateway information either from DHCP or from their IP settings. However,
anyone who knows the default gateway address and how to change it [and has
the workstation permissions to change it, e.g. probably requires local
admin] can put the default gateway address back in. Using DHCP might make
this a little trickier to defeat.

"Keller" <keller999@attbi.com> wrote in message
news:0ac201c241c2$4ed0c1c0$a5e62ecf@tkmsftngxa07...
> To whomever may read this:
>
> Thanks for your help in advance. In order to restrict
> individual user's access to the internet, I've applied
> group policies disabling the net through a bogus proxy.
> This works just fine as long as the user logs into my
> domain. However, if they just log into their computer,
> all the policy settings are lost. I can change the local
> policy to do the same thing, but it applies for all
> users. I tried just disabling all the local user names,
> but the domain user has a bunch of restrictions (time
> change, installation, hardware adding) on the local
> machine that I don't want - I want the user to have
> limited access on the domain and full access on their
> machine, sans internet. If anyone knows how I might apply
> domain policies w/o the user logging into the domain, I
> would be greatly appreciative. Or, if you've got another
> solution, I'd certainly be more than happy to hear it.
> You've all been so helpful so far and I know that you'll
> come through for me again. Thanks, everyone.
>
> -Keller

Relevant Pages

  • Re: black ice usage question
    ... > to restrict the entire machine from accessing certain ports either. ... > good firewall will allow the user to restrict all access to only the ... > when it comes to outbound protection. ...
    (comp.security.firewalls)
  • Re: Controlling access to MSTSC.exe
    ... to get through the windows firewall. ... static configuration by using VLANS in conjunction with a VLAN Policy Server ... > programs where I will need the ability to restrict by ... >>> level policy (i.e. who can connect via remote desktop to the servers). ...
    (microsoft.public.windowsxp.setup_deployment)
  • Re: Sharepoint Security - Help!!!!!
    ... When they did the migration from one server to another it went from Standard ... differnt sharepoint document libraries that we have in our internal company ... permissions as to who could look in them. ... > How can I restrict access and double check that it isn't some other option. ...
    (microsoft.public.windows.server.sbs)
  • Re: Restricted Shells or Menu Based Shells
    ... > If you remove my permissions to a file I just upload my own file and use ... However, one need not restrict your use of your home directory, other ... owned by the untrusted group, ...
    (Focus-Linux)
  • Re: Limit user access to server
    ... to the Remote Desktop users group and make sure that group has the user ... >> needs then create your own local group and configure ntfs permissions ... For XP Pro and Windows 2003 Software Restriction ... >> Policies can also be used to restrict what applications a user can ...
    (microsoft.public.security)