The point is that this is a pain in the ass and isn't really practical. It also requires admin access to the ISA server to enable/disable access. This would also get to be a pain in the ass.Originally Posted by GrumbleDook
Set up scopes for each room and reserve IPs against MAC addresses ...
That gets round the issue of DHCP causing a problem.
In our school we have different OUs in Active Directory for each classroom. We also have an OU called "Disabled Internet".
We move computer objects from the Room's OU to the Disabled Internet OU when we want to prevent access to the internet for that room.
The Disabled Internet OU has a GPO in force which changes the Internet Explorer proxy settings.
HTH
How do you get that policy to be effective inkyscribe? Do you have policies set on the Students OU and the room OU??
Im guessing it's a loopback policy.
I wondered if that was the case. Do you do loopbach Chris? where do you enable it if so - i'm not sure which OU to set it on...
Im at home now so I cant look at the section but it is under the machine section of the GPO. This would be set in the GPO that is targeted at the users OU. "Enable loopback policy processing" Then you choose merge or replace. Most cases you want merge.
People have mixed results sometimes with loopback policys though so be warnedeg sometimes not applying.
I have tried it here with mixed results - so funny you should say that about it not always applying! hehe! At one point I had a script that wouldn't run - and it stopped loopback processing happening altogether - quite a nightmare!
Thing is though - I used to just have Student OU's - and I made a seperate 'no internet OU' which I used as described above. But since enabling loopback that doesn't work- so if I made a room OU with no internet that'd work you recon?? But then I have different software images and different start menus re-directed to these rooms. It's all too complicated!!! :brain explodes:!!! Aaargh!!!
Oh the joy of GP
Nath
No it isn't loopback.
We have a policy in place at the domain level - this sets the correct proxy settings which the client machines pick up.
Any machines in the "disabled internet" OU have a GPO which (deliberately) contains the wrong proxy settings, thereby effectively disabling their internet connection.
It must be loopback, since proxy settings are a per user policy.
doh, you're right too. I have it set to loopback / merge
Didn't i see somewhere a option to make it machine-based over user based?
(probably in my imagination but so what else is new lol)
Nath
There is a setting to make proxy settings per machine rather than per user I believe, but I think this just acts like a default and will be overidden by the user section of a GPO due to the order in which GPOs are applied.
ahh i see
Shame lol
N.
At the end of the day this is all actually a teaching and discipline issue.
If the teacher is teaching such a boring & unchallenging lesson that the kids are so bored that they start to surf the net & play games etc, that is the teachers problem! Also if AUP is not enforced the kids will take it a mile in the blink on a eye!This therefore means enforcement of the school AUP. A few of our schools have come down hard a few times initially (and now whenever a serious breach occurs) the message soon got around! But this in turn means SMT support, and we all know how strong that is when it relates to IT in schools! :P
We are looking into software for our schools to buy that monitors internet usage and also has desktop level filtering and all this controlled from a central point with nice reporting capabilities i.e. policy central & netintelligence to name but a few suppliers. This is in addition to our LEA level filtering. The software will allow the schools that buy the software to fulfil their due diligence and enforce the AUP effectively.
There are currently 2 users browsing this thread. (0 members and 2 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote