Block internet, allow intranet in Terminal Services/Citrix

[BHornbeck]

I am trying to setup a GP that would block internet access, but allow intranet access in Terminal Services. I have been able to create the GP to do this, BUT - it is applied computer configuration. There are other users on the Terminal Server that will need access to the internet.

How can I apply a computer policy to one user group, but not to another user group, when the groups will be on the same server at the same time?

[BHornbeck]

I came up with an alternative to using the 'Computer Configuration'.

Under the User Configuration, I set the Proxy sever to 127.0.0.1, and then setup an exceptions list for our intranet. I set the Home page and listed the other intranet pages in the Favorites list. I also removed access to manually change the Proxy settings. I then assigned this to the same OU's as our 'good' Proxy GPO. It had to be applied after the 'good' GPO to work right (smaller # in list). Then read access to the GPO was given to the group "No Internet".

Proxy setting:
User Configuration/ Windows Settings/ Internet Explorer Maintenance/ Connection/ Proxy Settings

Note for exceptions list: be sure to us the wild card “*” to complete the addresses (i.e. http://*.example.com, or 10.1.10.*). That was part of my troubles.

Disable connection settings:
User Configuration/ Administrative Templates/ Disable changing connections settings