+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 30 of 30
How do you do....it? Thread, Blocking Internet Access in Technical; I reckon he's just logged on as someone else......
  1. #16
    gwendes's Avatar
    Join Date
    Jan 2007
    Location
    London
    Posts
    1,495
    Thank Post
    161
    Thanked 30 Times in 29 Posts
    Rep Power
    26

    Re: Blocking Internet Access

    I reckon he's just logged on as someone else...

  2. #17
    tosh74's Avatar
    Join Date
    Dec 2006
    Location
    Scotland
    Posts
    136
    Thank Post
    27
    Thanked 43 Times in 27 Posts
    Rep Power
    23

    Re: Blocking Internet Access

    Quote Originally Posted by jcollings
    OK - currently we have a group called Webdeny - if you're in that security group IE won't run for you and the proxy server is changed to a bogus one. This has worked fine for ages but students seem to have found a way round it (not sure what yet).

    So 2 questions:
    1. How are they getting round it
    2. What ways do you use to block specific students when they've been bad boys (or girls)

    Cheers
    I create a sub OU (not internet access) with a new GPO and enter false proxy server settings. then under User Config/Admin Template/System/Don't Run Specified Windows Applications (add iexplore.exe, firefox.exe and firefoxportable.exe) to the list.

    Also make sure that the user cannot logon if their profile fails to load (ie student may remove network cable during logon so that GP settngs are not applied) Comp Settings/Admin Templates/System/User Profiles/ Log User off when roaming profile fails

  3. #18
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    5,009
    Thank Post
    120
    Thanked 282 Times in 260 Posts
    Rep Power
    108

    Re: Blocking Internet Access

    Get a proxy that allows you to block usernames.
    Use a software restriction on an OU to deny Internet Explorer (This will only work well with IE7 as there are ways around it with IE 6) then pop the users in there.
    Set up the logon scripts so you know when a particular user has logged on so you can observe them remotely to see what they are upto.

  4. #19

    Join Date
    Dec 2007
    Location
    Derbyshire. Ish.
    Posts
    262
    Thank Post
    29
    Thanked 22 Times in 15 Posts
    Rep Power
    24

    Re: Blocking Internet Access

    Quote Originally Posted by jcollings
    2. What ways do you use to block specific students when they've been bad boys (or girls)
    Like you, we have a domain group called "Webdeny" and proxy settings set at the machine and user level.

    However we have an ISA2004 server sat up on the edge of the network and seperating us from our RBC (the RBC hates it being there, as it stops them coming in when they want, but after they transmitted the Blaster worm or whatever it was to us in the summer of 2003 they just can't be trusted!)

    Members of the group webdeny are banned from going out onto the web by a rule on the ISA server unless it is for specific sites - we operate a whitelist of sites always used for educational purposes (such as mymaths.co.uk) so the naughty students are restricted from general internet use but can still do their work.

    Works well enough for us - they hate the fact that they can't get around it: they can run what they like on the PC, be it Firefox from a USB stick or IE, but the proxy just won't let them through if they've been bad boys or girls.

  5. #20

    Join Date
    Nov 2007
    Location
    North West
    Posts
    80
    Thank Post
    12
    Thanked 3 Times in 3 Posts
    Rep Power
    14

    Re: Blocking Internet Access

    I'd be inclined to agree with gwendes, we've had this before when we were asked to block someone from the internet only to find that they already were.

    We do our banning with Policy Central which can be told completely block IE, both the executabe and then all websites even if you did somehow get past not having a browser.

    On connecting to the room with netsupport we found the same user logged onto 3 machines

  6. #21

    tech_guy's Avatar
    Join Date
    May 2007
    Location
    That little bit in the middle of Little Old England
    Posts
    8,136
    Thank Post
    1,913
    Thanked 1,345 Times in 743 Posts
    Blog Entries
    3
    Rep Power
    395

    Re: Blocking Internet Access

    We have an OU that denies internet access - the whole school is going into it Friday morning because I'm pissed off with staff allowing the kids to do nothing but surf the net and look at rubbish all week.....

    :-)

  7. #22
    gaz350's Avatar
    Join Date
    Jul 2007
    Location
    Rutland, east.leicestershire :P
    Posts
    579
    Thank Post
    47
    Thanked 49 Times in 41 Posts
    Rep Power
    28

    Re: Blocking Internet Access

    i like your thinnking tech guy.
    im going to filter out all flash content!

  8. #23
    joe90bass's Avatar
    Join Date
    Oct 2007
    Location
    S Wales
    Posts
    1,349
    Thank Post
    322
    Thanked 107 Times in 96 Posts
    Rep Power
    50

    Re: Blocking Internet Access

    Same here, OU with no IP in the proxy settings for the naughty blighters. I am also fed up of staff letting kids play games, etc, and may also drop the enitre school into the OU, we've already had one TFT smashed as someone got frustrated at losing his game.......... Dread to think how many mice have been trashed by bored kids :twisted:

  9. #24

    Join Date
    Nov 2006
    Location
    Kendal
    Posts
    1,555
    Thank Post
    112
    Thanked 177 Times in 144 Posts
    Rep Power
    71

    Re: Blocking Internet Access

    Quote Originally Posted by gwendes
    I reckon he's just logged on as someone else...
    No he wasn't - that was the first thing I checked.

    Finally figured it (I think) - something to do with CLEO set up we'd just implemented whereby an auto config their end simply checks for our proxy and if it doesn't find it drops them out to their proxy - so we'd put bogus details in using script etc and the CLEO bit says "oh that isn't the right setting - have ours" thus giving them a route out. Sorted it now.

    On another note if I specify a GP to stop IE running why is it that Microsoft seem to think that only means by clicking the icon so they can still call it via Excel macro for example!??!

  10. #25
    sahmeepee's Avatar
    Join Date
    Oct 2005
    Location
    Greater Manchester
    Posts
    795
    Thank Post
    20
    Thanked 70 Times in 42 Posts
    Rep Power
    34

    Re: Blocking Internet Access

    Quote Originally Posted by jcollings
    On another note if I specify a GP to stop IE running why is it that Microsoft seem to think that only means by clicking the icon so they can still call it via Excel macro for example!??!
    Hmm, that made me wonder if the kiddiewinks can avoid blocks on iexplore.exe by doing:

    Data > Import External Data > New Web Query

    and browsing in that window instead. It seems to render using IE and will display Flash content. No right-click menu on web pages, but otherwise it seems unrestricted.

    Where possible it seems to make more sense to block them on the proxy.

    Also, might it be an idea to move this thread into security?

  11. #26
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    5,009
    Thank Post
    120
    Thanked 282 Times in 260 Posts
    Rep Power
    108

    Re: Blocking Internet Access

    Some of the indirect ways of running of running IE have it run as system which can bypasses certain things. This is apparently improved with IE 7.

  12. #27

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,660
    Thank Post
    859
    Thanked 646 Times in 429 Posts
    Rep Power
    498

    Re: Blocking Internet Access

    jcollings..

    Run GPResults to make sure that the proxy settings are still being applied to the security group.

    If you have GPMC installed it should tell you what GPO is being applied..

    We use SchoolGuardian and have a security group called G No Internet which blocks internet access to members of that group

    How do you apply the policy - are the users moved to another (sub-)OU or is the GPO set to only apply to the security group?

    We have a similar setup for denying USB drives where we have SUb-OU's in each Year's OU called "No Drives" - a GPo is then attached to this Sub-OU to disable pen drives and the "Enforced" flag is set..

    Craig.

  13. #28

    Join Date
    Dec 2007
    Location
    Derbyshire. Ish.
    Posts
    262
    Thank Post
    29
    Thanked 22 Times in 15 Posts
    Rep Power
    24

    Re: Blocking Internet Access

    Quote Originally Posted by georgebush
    On connecting to the room with netsupport we found the same user logged onto 3 machines

    Have a look at CConnect on the Windows server resource kit if you get a mo.

    We use this to restrict the maximum number of concurrent logons that will be accepted for any one student user ID.

    It also comes with a handy admin front end that shows you where the little scamps are logged on, and allows you to remotely log them off too.

  14. #29

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,660
    Thank Post
    859
    Thanked 646 Times in 429 Posts
    Rep Power
    498

    Re: Blocking Internet Access

    Quote Originally Posted by TheCrust
    Quote Originally Posted by georgebush
    On connecting to the room with netsupport we found the same user logged onto 3 machines

    Have a look at CConnect on the Windows server resource kit if you get a mo.

    We use this to restrict the maximum number of concurrent logons that will be accepted for any one student user ID.

    It also comes with a handy admin front end that shows you where the little scamps are logged on, and allows you to remotely log them off too.
    Other than LimitLogin - is there a non RM equvelant to this?

  15. #30
    Ryan's Avatar
    Join Date
    Jan 2008
    Location
    Scotland
    Posts
    537
    Thank Post
    12
    Thanked 16 Times in 15 Posts
    Blog Entries
    1
    Rep Power
    29
    Quote Originally Posted by tosh74 View Post
    I create a sub OU (not internet access) with a new GPO and enter false proxy server settings. then under User Config/Admin Template/System/Don't Run Specified Windows Applications (add iexplore.exe, firefox.exe and firefoxportable.exe) to the list.

    Also make sure that the user cannot logon if their profile fails to load (ie student may remove network cable during logon so that GP settngs are not applied) Comp Settings/Admin Templates/System/User Profiles/ Log User off when roaming profile fails
    Wow, just tried this (as we wanted to block a couple of little darlings from all web activity due to misuse while letting the rest carry on) - works perfectly. Nice one. I thought this'd be a huge operation, but all i need to do is drop them into the sub OU that denies the above - sweeeeet.

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. ISA 2006 + blocking internet for AD group
    By Paid_Peanuts in forum Windows
    Replies: 8
    Last Post: 7th December 2007, 06:46 PM
  2. disabling Internet Access help!
    By Gardinho in forum Windows
    Replies: 3
    Last Post: 5th July 2007, 02:17 PM
  3. Block internet access
    By Dean in forum Network and Classroom Management
    Replies: 20
    Last Post: 14th February 2007, 10:45 PM
  4. K9 free parental internet blocking software for home use
    By beeswax in forum Comments and Suggestions
    Replies: 1
    Last Post: 29th June 2006, 08:03 PM
  5. Internet Blocking Service
    By ajbritton in forum Learning Network Manager
    Replies: 4
    Last Post: 26th January 2006, 08:31 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •