+ Post New Thread
Results 1 to 14 of 14
How do you do....it? Thread, restrict internet access for one user in Technical; Hi We want to restrict internet access for one user to all websites except a list of about 10 websites ...
  1. #1

    Join Date
    Mar 2008
    Posts
    85
    Thank Post
    8
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    restrict internet access for one user

    Hi

    We want to restrict internet access for one user to all websites except a list of about 10 websites that he is allowed to access.

    Ideall we would like to do this for any desktop he logs on to but it will be suffucient to do it on the desktop he uses 99% of the time.

    What's th easiest way to do this?

    TIA

  2. #2
    rh91uk's Avatar
    Join Date
    Sep 2008
    Location
    UK
    Posts
    876
    Thank Post
    137
    Thanked 132 Times in 114 Posts
    Rep Power
    35
    I guess you are running (or should be running!) a proxy filtering system. If so, do you have AD integration? If so, surely create a new OU, move that user to it, then set up the proxy to deny all websites except a specific list/whitelist you set up?

    This is the only way I see it being possible?

    Cheers.

  3. #3


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    We have done this using a mixture of Smoothwall, Active Directory and SIMS.
    The Head of year is responsible for ticking a box in SIMS. Overnight a script runs and puts the user into a separate AD group depending upon the SIMS selection. Smoothwall then does whitelist filtering depending upon the group mapping.

  4. 2 Thanks to CyberNerd:

    deKay (12th August 2009), rh91uk (12th August 2009)

  5. #4
    deKay's Avatar
    Join Date
    Sep 2006
    Location
    Narrrfok
    Posts
    66
    Thank Post
    6
    Thanked 11 Times in 7 Posts
    Rep Power
    18
    Would love to know about your script that does that!

  6. #5
    rh91uk's Avatar
    Join Date
    Sep 2008
    Location
    UK
    Posts
    876
    Thank Post
    137
    Thanked 132 Times in 114 Posts
    Rep Power
    35
    Quote Originally Posted by deKay View Post
    Would love to know about your script that does that!
    As would I! :-)

  7. #6


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    The principal is this:

    Create an Active Directory Group called 'banned' (for example).
    Create an Active Directory Group called 'student_internet' (for example).
    Populate AD with students UPN's from SIMS (you already done this when you did SIMS-Moodle integration, right?)
    Configure smoothwall so that anyone in the 'student_internet' has a certain level of filtering and so that anyone in 'banned' can only access whitelisted site.

    Manually you can easily change users between groups - but this is extra administrator hassle that you don't need, plus it is a teachers job.

    The next bit was done by our SIMS man, I'll get him to double check the accuracy of this but basically:
    Create a SIMS user defined field and tick box. write a VBScript that connects to the SIMS database and reads the user defined field. If the box is ticked for that user (idenfified by UPN) remove them from the 'student_internet' group and add them to teh 'banned' group. place script in windows cron (or whatever cron is called in windows)

  8. Thanks to CyberNerd from:

    rh91uk (12th August 2009)

  9. #7
    deKay's Avatar
    Join Date
    Sep 2006
    Location
    Narrrfok
    Posts
    66
    Thank Post
    6
    Thanked 11 Times in 7 Posts
    Rep Power
    18
    Quote Originally Posted by CyberNerd View Post
    The principal is this:
    write a VBScript that connects to the SIMS database and reads the user defined field.
    This is the bit I'd like to know about - the rest I can manage myself (and, in fact, we'd do something different with the results) - do you have an example snippit of code I could look at please?

  10. #8


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by deKay View Post
    This is the bit I'd like to know about - the rest I can manage myself (and, in fact, we'd do something different with the results) - do you have an example snippit of code I could look at please?
    I'll put you in touch with the author - he's going into business to provide support for exactly this sort of thing.

  11. Thanks to CyberNerd from:

    deKay (12th August 2009)

  12. #9

    Join Date
    Mar 2008
    Posts
    85
    Thank Post
    8
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    We have SBS 2003 but we don't use a proxy

  13. #10


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    This is a very good proxy for filtering:
    SmoothWall | Products School Guardian 2008

  14. #11

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,658
    Thank Post
    858
    Thanked 646 Times in 429 Posts
    Rep Power
    498
    Another way - Create a new group (Banned for example)

    Create a group policy object and set the Proxy server to "localhost" or "127.0.0.1" and change the security filtering from "Authenticated Users" to your Banned group
    Enforce the Group Policy to ensure it is always set.. Assign the new GPO to the OU containing the users

    What should now happen is that anyone that is a member of the "Banned" group will not be allowed outside as the proxy settings is pointing to their own PC!

  15. #12

    Join Date
    Nov 2006
    Location
    Kendal
    Posts
    1,555
    Thank Post
    112
    Thanked 177 Times in 144 Posts
    Rep Power
    71
    Quote Originally Posted by Gatt View Post
    Another way - Create a new group (Banned for example)

    Create a group policy object and set the Proxy server to "localhost" or "127.0.0.1" and change the security filtering from "Authenticated Users" to your Banned group
    Enforce the Group Policy to ensure it is always set.. Assign the new GPO to the OU containing the users

    What should now happen is that anyone that is a member of the "Banned" group will not be allowed outside as the proxy settings is pointing to their own PC!
    But then the user can't even get to the 10 or so sites the OP talked about wanting to allow.

  16. #13

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,658
    Thank Post
    858
    Thanked 646 Times in 429 Posts
    Rep Power
    498
    Damn! - Serious case of not reading the OP fully before typing the reply :-S

  17. #14
    kestrel1's Avatar
    Join Date
    Jul 2005
    Location
    New Forest
    Posts
    294
    Thank Post
    3
    Thanked 11 Times in 11 Posts
    Rep Power
    20
    We have a proxy server that runs Netmanager Precedence Technologies - NetManager: Introduction. I can add a user to a blacklisted group & this can take effect immediately. Rooms can be blocked or just have a whitelist of websites as required. There is loads more that can be done with Netmanager & it is being developed to hopefully integrate print quota management. Been using it for years & not had a problem. Runs on netbsd.

SHARE:
+ Post New Thread

Similar Threads

  1. Restrict user logon before a certain time
    By DSapseid in forum Windows
    Replies: 10
    Last Post: 23rd January 2009, 12:53 PM
  2. Replies: 0
    Last Post: 14th October 2008, 12:39 PM
  3. Restrict internet access but allow certain sites - GPO
    By thegrassisgreener in forum Windows
    Replies: 3
    Last Post: 7th November 2007, 03:39 PM
  4. Restrict Access to OWA based on TIME
    By ICTNUT in forum How do you do....it?
    Replies: 4
    Last Post: 3rd June 2007, 06:37 PM
  5. Restrict Access To USB Devices
    By MuppetQueen in forum Wireless Networks
    Replies: 25
    Last Post: 15th December 2005, 04:53 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •