If your organization has specific rules about Internet access, odds are someone is going to have their access revoked...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
at some point. When this does happen, it's best to make the process of revoking or restoring access as transparent and painless as possible.
I've seen several ways to do this, but one of the cleanest and most "native" (i.e., the one that makes the best use of existing functions within Windows) is a method that involves using Group Policy to enforce a novel restriction on the target user. The method sets the Internet proxy server for the user's system to a nonexistent proxy server and prevents the user from making any changes. The "proxy" is actually just the local host -- 127.0.0.1 -- so all proxy requests are redirected right back to the system that sent them.
Many third-party programs that attempt to access the Internet, whether for their own sake or to provide access for a user, can detect and make use of the Windows network proxy settings. They are the same settings as those configured in the Control Panel under Internet Options | Connections | LAN Settings. If these programs can have their connectivity settings changed by the end user (as is typically the case with Firefox), then this proxy-blocking technique may not work.
However, this method can get more complicated with some third-party programs. For instance, Firefox can automatically detect proxy settings, but it is difficult to lock down these settings since Firefox uses a local preferences configuration file rather than a Registry entry that can be Group Policy-enforced. It is possible to lock down the settings without using Group Policy, but this approach is not very elegant and more or less begs to be circumvented with time. (There is not yet an officially supported way to integrate Firefox with Active Directory or Group Policy.) Therefore, this is something you only want to use when you can manage every aspect of the target desktop's applications.
Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!
More information from SearchWinSystems.com
- Advice: Upgrading Group Policy for Windows XP
- Topics: Web browsing
- RSS: Sign up for our RSS feed to receive expert advice every day.