Re: Disable Internet surfing
From: Mike (mjl000@hotmail.com)
Date: 02/04/03
- Next message: Ace Fekay [MVP]: "Re: getting UserName from an IP address"
- Previous message: Jeff: "Re: tracking user log on"
- In reply to: Roby: "Re: Disable Internet surfing"
- Next in thread: Jean Luc: "Re: Disable Internet surfing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Mike" <mjl000@hotmail.com> Date: Tue, 04 Feb 2003 04:53:26 GMT
Iit sounds like you probably don't have a server, just a workgroup. Without
group policies, you really can't prevent 9x clients from doing many things.
Creating duplicate individual Local Policies is just looney. If your corp
has local servers, it should be possible to setup Group Policies which can
limit many things, maybe even programs by name (iexplore.exe) - on 2000/XP
this is possible, but not sure about 9x.
Even if the management doesn't want to spend dollars, perhaps there is a PC
that can be spared. Either setup a spare PC (with 2 NIC's) as a
firewall/router or setup a workstation with 2 NIC's as an ICS host (the
poorest solution, but workable).
By using NT4/2000/XP it's possible to filter the ports on a NIC. The
filters only function for incoming packets on a NIC, so on your LAN side you
can set the filters to only allow the ports for POP/SMTP, Norton AV updates,
network news, or any other protocol you desire while eliminating port 80 or
just allow all ports and only block port 80. Remember, the client PC sends
a request from an ephemeral port number which is randomly selected, but
sends the request to port 80, so traffic to the ICS host will be to port 80
and the ICS host should block it if set as a blocking filter.
There are significant disadvantages to not setting up the correct type of
equipment to provide an appropriate solution. One of the great limitations
with ICS is its stripped down DNS (and DHCP) which doesn't properly handle
NSLOOKUP's. The other is it's a PC, which means that it must be on and
functional (in the network with appropriate settings) to provide service.
Last, honestly inform the management that without some additional software
or equipment it's not really possible to setup a good working solution that
will result in low maintenance costs. Some type of firewall/proxy/router is
the easiest way to do something like this and not a high cost for a small
company. Consider something from Linksys.
"Roby" <zzysh@nospamplease.biz> wrote in message
news:00f501c2cbc2$403b3070$d7f82ecf@TK2MSFTNGXA14...
>
> >-----Original Message-----
> >If you are on a company network, I would set up a proxy
> server or firewall
> >that allows you to manage group acccess. This will be
> the easiest solution
> >to manage.
> >
> >MA
>
> Thank you, Michael. However I forgot to say that the
> executives don't want to spend money neither in firewall
> devices nor proxies. I just wanted a simple solution for a
> few clients, I thought of Local Policies for W2K clients
> but that cannot be done on Windows 98 systems.
> What do you think?
>
>
>
- Next message: Ace Fekay [MVP]: "Re: getting UserName from an IP address"
- Previous message: Jeff: "Re: tracking user log on"
- In reply to: Roby: "Re: Disable Internet surfing"
- Next in thread: Jean Luc: "Re: Disable Internet surfing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
