| Author | Messages | |
mdzikowski
Posts:71
 | | 05/29/2009 3:17 PM |
| First post 
Domain: Windows 2003
Clients: Windows XP
Browser: Internet Explorer 6
Policy applied to AD computers / Users
How are some of you using GPO in a Windows 2003 domain to restrict access to a select set of websites and blocking access to all others? I've been googling and some forum postings suggest content advisor. How can I do this? Any help would rock. Is this possible?
Mike Dzikowski
WinTel Engineer
Henry Ford Health System | OneIT
2571 Product Drive | Rochester Hills, MI 48309
xxxxxxxxxxxxxxxx
248.853.4891
==============================================================================
CONFIDENTIALITY NOTICE: This email contains information from the sender that may be CONFIDENTIAL, LEGALLY PRIVILEGED, PROPRIETARY or otherwise protected from disclosure. This email is intended for use only by the person or entity to whom it is addressed. If you are not the intended recipient, any use, disclosure, copying, distribution, printing, or any action taken in reliance on the contents of this email, is strictly prohibited. If you received this email in error, please contact the sending party by reply email, delete the email from your computer system and shred any paper copies.
Note to Patients: There are a number of risks you should consider before using e-mail to communicate with us. See our Privacy Policy and Henry Ford My Health at www.henryford.com for more detailed information. If you do not believe that our policy gives you the privacy and security protection you need, do not send e-mail or Internet communications to us.
==============================================================================
| | | |
| derekodiorne
Posts:15
| | 05/29/2009 3:25 PM |
| I have done this on my citrix servers in a windows 2000 domain by
setting a policy to use a proxy (set to 127.0.0.1 port 80 for traffic)
and then specifying exceptions in the "do not use proxy..." part of the
policy with specific sites listed.
----------------------------
Thanks,
Derek Odiorne
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Dzikowski, Michael
Sent: 05/29/2009 10:16 AM
To: 'xxxxxxxxxxxxxxxx'
Subject: [gptalk] Restrict internet access to select white list of
websites
First post :-)
Domain: Windows 2003
Clients: Windows XP
Browser: Internet Explorer 6
Policy applied to AD computers / Users
How are some of you using GPO in a Windows 2003 domain to restrict
access to a select set of websites and blocking access to all others?
I've been googling and some forum postings suggest content advisor. How
can I do this? Any help would rock. Is this possible?
Mike Dzikowski
WinTel Engineer
Henry Ford Health System | OneIT
2571 Product Drive | Rochester Hills, MI 48309
xxxxxxxxxxxxxxxx
248.853.4891
========================================================================
======
CONFIDENTIALITY NOTICE: This email contains information from the sender
that may be CONFIDENTIAL, LEGALLY PRIVILEGED, PROPRIETARY or otherwise
protected from disclosure. This email is intended for use only by the
person or entity to whom it is addressed. If you are not the intended
recipient, any use, disclosure, copying, distribution, printing, or any
action taken in reliance on the contents of this email, is strictly
prohibited. If you received this email in error, please contact the
sending party by reply email, delete the email from your computer system
and shred any paper copies.
Note to Patients: There are a number of risks you should consider before
using e-mail to communicate with us. See our Privacy Policy and Henry
Ford My Health at www.henryford.com for more detailed information. If
you do not believe that our policy gives you the privacy and security
protection you need, do not send e-mail or Internet communications to
us.
========================================================================
======
| | | |
| mdzikowski
Posts:71
| | 05/29/2009 3:29 PM |
| thank you for the reply.
by setting a policy to use a proxy (set to 127.0.0.1 port 80 for traffic) - arent you effectively disabling all internet access? i want to be able to restrict, but not disable all.
I have a set of 10 sites that these users need to get to, but not to anything else on the internet. some of the sites are external and some are internal.
| | | |
| derekodiorne
Posts:15
| | 05/29/2009 3:37 PM |
| Yes you are disabling all. You also have the option to enable "do nut
use proxy for local (intranet) addresses" which I enabled to allow
internal sites.
----------------------------
Thanks,
Derek Odiorne
________________________________
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
Sent: 05/29/2009 10:30 AM
To: Odiorne, Derek
Subject: SubscribedEmail (e10a0ad4-18e2-42c5-8427-763206962515)
At 05/29/2009 3:29 PM a message was posted to a thread you were
tracking.
RE: [gptalk] Restrict internet access to select white list of websites
by mdzikowski
thank you for the reply.
by setting a policy to use a proxy (set to 127.0.0.1 port 80 for
traffic) - arent you effectively disabling all internet access? i want
to be able to restrict, but not disable all.
I have a set of 10 sites that these users need to get to, but not to
anything else on the internet. some of the sites are external and some
are internal.
To view the complete thread and reply, please visit:
http://gpoguy.com/MailList/tabid/58/view/topic/postid/546/ptarget/548/De
fault.aspx
You were sent this email because you opted to receive email
notifications when someone responded to this thread. To unsubscribe to
this thread please visit your user profile page delete this post from
your subscribed topics.
Thank you,
GPOGUY.COM -- THE Group Policy Resource Site!
| | | |
| JamieNelson
Posts:166
| | 06/01/2009 2:40 PM |
| Another approach that has been brought up on this list before is the use
of IPSec rules. See the following links for details:
http://www.petri.co.il/block_internet_but_allow_intranet_with_ipsec.htm
http://www.petri.co.il/block_web_browsing_with_ipsec.htm
Jamie Nelson | Lead Analyst | BI&T Desktop Management | Devon Energy
Corporation | Work: 405.552.8054 | http://www.dvn.com
<http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Dzikowski, Michael
Sent: Friday, May 29, 2009 9:53 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Restrict internet access to select white list of
websites
OH I misread that...I see...add an exception... nice...
Mike Dzikowski
WinTel Engineer
Henry Ford Health System | OneIT
2571 Product Drive | Rochester Hills, MI 48309
xxxxxxxxxxxxxxxx
248.853.4891
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Odiorne, Derek
Sent: Friday, May 29, 2009 10:22 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Restrict internet access to select white list of
websites
I have done this on my citrix servers in a windows 2000 domain by
setting a policy to use a proxy (set to 127.0.0.1 port 80 for traffic)
and then specifying exceptions in the "do not use proxy..." part of the
policy with specific sites listed.
----------------------------
Thanks,
Derek Odiorne
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Dzikowski, Michael
Sent: 05/29/2009 10:16 AM
To: 'xxxxxxxxxxxxxxxx'
Subject: [gptalk] Restrict internet access to select white list of
websites
First post J
Domain: Windows 2003
Clients: Windows XP
Browser: Internet Explorer 6
Policy applied to AD computers / Users
How are some of you using GPO in a Windows 2003 domain to restrict
access to a select set of websites and blocking access to all others?
I've been googling and some forum postings suggest content advisor. How
can I do this? Any help would rock. Is this possible?
Mike Dzikowski
WinTel Engineer
Henry Ford Health System | OneIT
2571 Product Drive | Rochester Hills, MI 48309
xxxxxxxxxxxxxxxx
248.853.4891
========================================================================
======
CONFIDENTIALITY NOTICE: This email contains information from the sender
that may be CONFIDENTIAL, LEGALLY PRIVILEGED, PROPRIETARY or otherwise
protected from disclosure. This email is intended for use only by the
person or entity to whom it is addressed. If you are not the intended
recipient, any use, disclosure, copying, distribution, printing, or any
action taken in reliance on the contents of this email, is strictly
prohibited. If you received this email in error, please contact the
sending party by reply email, delete the email from your computer system
and shred any paper copies.
Note to Patients: There are a number of risks you should consider before
using e-mail to communicate with us. See our Privacy Policy and Henry
Ford My Health at www.henryford.com for more detailed information. If
you do not believe that our policy gives you the privacy and security
protection you need, do not send e-mail or Internet communications to
us.
========================================================================
======
========================================================================
======
CONFIDENTIALITY NOTICE: This email contains information from the sender
that may be CONFIDENTIAL, LEGALLY PRIVILEGED, PROPRIETARY or otherwise
protected from disclosure. This email is intended for use only by the
person or entity to whom it is addressed. If you are not the intended
recipient, any use, disclosure, copying, distribution, printing, or any
action taken in reliance on the contents of this email, is strictly
prohibited. If you received this email in error, please contact the
sending party by reply email, delete the email from your computer system
and shred any paper copies.
Note to Patients: There are a number of risks you should consider before
using e-mail to communicate with us. See our Privacy Policy and Henry
Ford My Health at www.henryford.com for more detailed information. If
you do not believe that our policy gives you the privacy and security
protection you need, do not send e-mail or Internet communications to
us.
========================================================================
======
Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged.
If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of all or any portion of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system.
| | | |
|
|