Limit Internet Access

[mablower]

I need to be able to setup a security policy for Students who are abusing their internet privilages at our schools. There only a few, but I need to be able to block all internet access except the student informaiton server in our subnet and our school websites (outside of our subnet at the county schools).

On my Win2k server I've implemented Organizational Units for students at each school with a nested OU for blocking net access inside each School OU.

And I've set the filter to block TCP/UCP traffic.

but the GP does not block/deny access.

I'm missing something?

[kev147]

I would suggest linking an allow IE GPO to the AD sites which contain the subnets that you want to allow access.

I would then put out a GPO to everywhere else that sets their proxy serer to 127.0.0.1 which will disallow IE.

[mablower]

I need to block all Internet Access, it sound like this suggestion will only allow the Internet Explorer traffic. We support Netscape and Firefox as well.

...for XP/SP2 which does this.

MACHINE
Administrative Templates\System\Internet Communication Management | Restrict Internet communication

Specifies whether Windows can access the Internet to accomplish tasks that require Internet resources. If this setting is enabled, all of the the policy settings listed in the Internet Communication settings section will be set to enabled.

If this setting is disabled, all of the the policy settings listed in the 'Internet Communication settings' section will be set to disabled. If this setting is not configured, all of the the policy settings in the 'Internet Communication settings' section will be set to not configured.