Revoke user access to Internet via Group Policy method

Revoke user access to Internet via Group Policy method

Serdar Yegulalp, Contributor

If your organization has specific rules about Internet access, odds are someone is going to have their access revoked at some point. When this does happen, it's best to make the process of revoking or restoring access as transparent and painless as possible.

I've seen several ways to do this, but one of the cleanest and most "native" (i.e., the one that makes the best use of existing functions within Windows) is a method that involves using Group Policy to enforce a novel restriction on the target user. The method sets the Internet proxy server for the user's system to a nonexistent proxy server and prevents the user from making any changes. The "proxy" is actually just the local host -- 127.0.0.1 -- so all proxy requests are redirected right back to the system that sent them.

Many third-party programs that attempt to access the Internet, whether for their own sake or to provide access for a user, can detect and make use of the Windows network proxy settings. They are the same settings as those configured in the Control Panel under Internet Options | Connections | LAN Settings. If these programs can have their connectivity settings changed by the end user (as is typically the case with Firefox), then this proxy-blocking technique may not work.

However, this method can get more complicated with some third-party programs. For instance, Firefox can automatically detect proxy settings, but it is

    Requires Free Membership to View

    Login

    By submitting your registration information to SearchWindowsServer.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchWindowsServer.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

difficult to lock down these settings since Firefox uses a local preferences configuration file rather than a Registry entry that can be Group Policy-enforced. It is possible to lock down the settings without using Group Policy, but this approach is not very elegant and more or less begs to be circumvented with time. (There is not yet an officially supported way to integrate Firefox with Active Directory or Group Policy.) Therefore, this is something you only want to use when you can manage every aspect of the target desktop's applications.

Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!

More information from SearchWinSystems.com


This was first published in February 2006

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

    Back to top