Windows server 2003
yes can - if create new group policy object, can use software restriction policies deny access applications.
this guide shows how create new gpo:
http://technet.microsoft.com/en-us/library/cc776678%28v=ws.10%29.aspx
this guide talks through setting software restriction:
http://support.microsoft.com/kb/324036/en-gb
if block ie, firefox, chrome etc users - not able access web.
alternatively - can consider allowing them open app, not access net. this, create group policy set proxy local machine , disallowing user change it:
1. create new policy in gpmc right-clicking your domain , pressing new. name policy no internet.
2. right-click no internet , press enforced check it.
3. select no internet in left-hand pane, select authenticated users under security filtering , press remove, , ok prevent policy applying.
4. using group policy implement internet explorer settings, navigate user configuration / windows settings / internet explorer maintenance in no internet policy.
2. right-click internet explorer maintenance , press preference mode.
note: if policy defined, must press reset browser settings, reset internet explorer maintenance group policy, before press preference mode.
3. navigate through connections , double-click proxy settings (preference mode).
4. check enable proxy settings, use same proxy server addresses, , not use proxy server local (intranet) addresses. (the box above checkbox set exceptions internal network)
5. type 127.0.0.1 address of proxy , 80 port.
6. press ok.
7. close no internet group policy.
note: prevent user changing proxy settings, implement disable changing proxy settings or disable connections page in no internet policy.
prevent user accessing internet:
1. select no internet group policy under domain , press add under security filtering.
2. use advanced dialog locate , select user, pressing ok.
3. press ok.
4. if user logged on, force policy update.
Windows Server > Network Access Protection
Comments
Post a Comment