Tip

Revoke user access to Internet via Group Policy method

If your organization has specific rules about Internet access, odds are someone is going to have their access revoked at some point. When this does happen, it's best to make the process of revoking or restoring access as transparent and painless as possible.

I've seen several ways to do this, but one of the cleanest and most "native" (i.e., the one that makes the best use of existing functions within Windows) is a

    Requires Free Membership to View

method that involves using Group Policy to enforce a novel restriction on the target user. The method sets the Internet proxy server for the user's system to a nonexistent proxy server and prevents the user from making any changes. The "proxy" is actually just the local host -- 127.0.0.1 -- so all proxy requests are redirected right back to the system that sent them.

Many third-party programs that attempt to access the Internet, whether for their own sake or to provide access for a user, can detect and make use of the Windows network proxy settings. They are the same settings as those configured in the Control Panel under Internet Options | Connections | LAN Settings. If these programs can have their connectivity settings changed by the end user (as is typically the case with Firefox), then this proxy-blocking technique may not work.

However, this method can get more complicated with some third-party programs. For instance, Firefox can automatically detect proxy settings, but it is difficult to lock down these settings since Firefox uses a local preferences configuration file rather than a Registry entry that can be Group Policy-enforced. It is possible to lock down the settings without using Group Policy, but this approach is not very elegant and more or less begs to be circumvented with time. (There is not yet an officially supported way to integrate Firefox with Active Directory or Group Policy.) Therefore, this is something you only want to use when you can manage every aspect of the target desktop's applications.


Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!

More information from SearchWinSystems.com


This was first published in February 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.