+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 20
Windows Server 2008 R2 Thread, Restricting internet in one computer lab but retaining server access in Technical; Once again I need your zen like experience people. There are 8 computer labs/rooms in the college. We have a ...
  1. #1

    Join Date
    Mar 2011
    Location
    Waterford
    Posts
    32
    Thank Post
    14
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Restricting internet in one computer lab but retaining server access

    Once again I need your zen like experience people.

    There are 8 computer labs/rooms in the college. We have a Server 2008R2 domain controller for AD, DHCP and DNS and Untangle Lite running on another HP server doing the filtering. The Untangle boxes takes a feed from the internet router into one network card and is connected to the main network through a second network card.

    There is an exam on Saturday morning and the students will need to save data to their home folders for later collection by the teacher and they will also need to print to the lab printer which is done through the server.

    However, they can't have internet access.

    Is there a way through group policy to isolate this computer lab so it doesn't have internet access but does have normal domain/network access while leaving the other labs alone? This is a part time course exam so it is the only one on in the college at that time. I know I could just unplug the router but the daytime/fulltime exams are coming up in a couple of weeks and I will have to do the same for some of them.

    I read somewhere else that you could change the gateway that the server puts out in DHCP but this would affect all computers....or is there a way to change the DHCP settings for one set of computers? I didn't think so but then again I'm not qualified in servers, just teaching myself as I go along and certain things are needed.

    I also read somewhere that I could use GP to put a random proxy into IE but Firefox may be on some of the PCs or Chrome so if I change the policy for IE would any other browser automatically pick up on that?

    Any ideas or pointers would be appreciated.

    Thanks
    K

  2. #2

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,241
    Thank Post
    239
    Thanked 1,567 Times in 1,249 Posts
    Rep Power
    339
    I would do the following -

    Create a new GPO with duff proxy settings and create a software restriction policy to prevent IE, Chrome and FF from running. Prepare and test in advance and all should be fine.

    Ideally all workstations in the Computer Lab in question should be under one OU, then you can link the newly created GPO to that.

  3. Thanks to Michael from:

    KevWCFE (20th April 2012)

  4. #3

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,680
    Thank Post
    3,210
    Thanked 1,030 Times in 955 Posts
    Rep Power
    361
    Quote Originally Posted by Michael View Post
    I would do the following -

    Create a new GPO with duff proxy settings and create a software restriction policy to prevent IE, Chrome and FF from running. Prepare and test in advance and all should be fine.

    Ideally all workstations in the Computer Lab in question should be under one OU, then you can link the newly created GPO to that.
    Surely there are other ones that could do with being blocked i.e. opera portable, not sure about safari or other web browsers

    Opera, Portable Edition | PortableApps.com - Portable software for USB, portable and cloud drives

  5. #4

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,241
    Thank Post
    239
    Thanked 1,567 Times in 1,249 Posts
    Rep Power
    339
    True, but I don't think taking in flash memory sticks into an exam would be considered 'OK'.

  6. #5


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,506
    Thank Post
    227
    Thanked 848 Times in 727 Posts
    Rep Power
    287
    give em a static ip withoput a gateway?

  7. #6

    Join Date
    May 2011
    Location
    Jus North of London, close but not too close
    Posts
    717
    Thank Post
    170
    Thanked 53 Times in 51 Posts
    Rep Power
    34
    Quote Originally Posted by sted View Post
    give em a static ip withoput a gateway?
    If your using DHCP on 2008 R2 you could make all the machines reservations then just put a fake IP address for the Gateway. Within DHCP right click the machine and Create Reservation. Once reservation is set you can then change the options to look at a fake gateway.

  8. Thanks to Davit2005 from:

    KevWCFE (20th April 2012)

  9. #7


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,506
    Thank Post
    227
    Thanked 848 Times in 727 Posts
    Rep Power
    287
    can you how? just had a quick look and i cant see how

  10. #8

    Join Date
    May 2010
    Location
    Peterborough
    Posts
    26
    Thank Post
    1
    Thanked 1 Time in 1 Post
    Rep Power
    0
    we use group memebership with tmg and apply these user to this group. works for our controlled exams and doesnt change any setting on machines
    Last edited by TomC; 18th April 2012 at 10:41 AM.

  11. #9
    Valyyn's Avatar
    Join Date
    Jun 2011
    Location
    Portsmouth
    Posts
    201
    Thank Post
    21
    Thanked 61 Times in 43 Posts
    Rep Power
    54
    I'm assuming that each lab is in its own OU in active directory, but wouldn't the easiest solution be to create a group policy that sets the proxy to an IP that doesn't exist on the network? (Or 127.0.0.1).

    That way the machines would still have access to everything on the network (you could even allow intranet pages if you wished by making them a proxy exception).

    Edit: Actually as I write this I do realise the problem - this would only really affect IE, so if you're using firefox or anything else and they're NOT set to "Use system settings" for the proxy then they would still work...

  12. #10
    chazzy2501's Avatar
    Join Date
    Jan 2008
    Location
    South West
    Posts
    1,774
    Thank Post
    213
    Thanked 263 Times in 213 Posts
    Rep Power
    67
    you could include a bat file that uses the route add command and reroute the gateway to point somewhere useless.

    "route add gatewayip 127.0.0.1 metric 1" this would take effect until reset.

    replace gatewayip for your gateway address.
    Last edited by chazzy2501; 18th April 2012 at 12:21 PM.

  13. #11

    Join Date
    May 2011
    Location
    Jus North of London, close but not too close
    Posts
    717
    Thank Post
    170
    Thanked 53 Times in 51 Posts
    Rep Power
    34
    Quote Originally Posted by sted View Post
    can you how? just had a quick look and i cant see how
    In 2008 R2 DHCP msc, Right click lease in address leases > Click on add to Reservation. Then open Reservations and in left pane right click the reservation that you made and click configure options. Jus change the gateway ip address.

  14. Thanks to Davit2005 from:

    sted (18th April 2012)

  15. #12

    Join Date
    Mar 2011
    Location
    Waterford
    Posts
    32
    Thank Post
    14
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Quote Originally Posted by Michael View Post
    I would do the following -

    Create a new GPO with duff proxy settings and create a software restriction policy to prevent IE, Chrome and FF from running. Prepare and test in advance and all should be fine.

    Ideally all workstations in the Computer Lab in question should be under one OU, then you can link the newly created GPO to that.
    Thanks Michael, sorry for delay in thanking you, had a busy week and only getting a chance to implement this now. I will try your suggestion of preventing browsers from running. I know there are other browsers but those three are the only ones installed and as students can't install anything I think that should cover it.

    I'll let you know if it works. Here I am at 4pm trying it out...typical

  16. #13

    Join Date
    Mar 2011
    Location
    Waterford
    Posts
    32
    Thank Post
    14
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Cheers Sted,

    Its something I thought of alright but I would rather something that is turn on and offable to quote a famous turtle so I'm going to try Michael's solution. Plus at 4 pm the day before the exam a quick solution through GP is handiest for now.

    thanks

  17. #14

    Join Date
    Mar 2011
    Location
    Waterford
    Posts
    32
    Thank Post
    14
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Thanks Davitt, that sounds like and interesting solution and not something I was aware of. I might give that a try the next time but as the GP solution from Michael is something I'm a little familiar with I'll try that for now.

    Thanks for the suggestion and I'll let you know how it goes if I get around to trying it.

  18. #15

    Join Date
    Mar 2011
    Location
    Waterford
    Posts
    32
    Thank Post
    14
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Quote Originally Posted by TomC View Post
    we use group memebership with tmg and apply these user to this group. works for our controlled exams and doesnt change any setting on machines
    Hi TomC, excuse my ignorance but what is TMG. Is it third party software or something built in to Server 2008?

    Thanks for the info

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Disabling internet in one room.
    By eejit in forum Network and Classroom Management
    Replies: 161
    Last Post: 4th August 2010, 02:21 PM
  2. All-in-One computers. Any suggestions?
    By reggiep in forum Hardware
    Replies: 35
    Last Post: 25th June 2010, 01:28 PM
  3. Computer Products Introduces The CP All In One LCD PC
    By CPLTD in forum Our Advertisers
    Replies: 6
    Last Post: 13th July 2008, 09:26 AM
  4. all-in-one computers
    By Chris in forum Hardware
    Replies: 22
    Last Post: 10th April 2008, 03:40 PM
  5. Restrict internet access but allow certain sites - GPO
    By thegrassisgreener in forum Windows
    Replies: 3
    Last Post: 7th November 2007, 03:39 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •