Block internet access group policy windows server 2008

I need to find a way that even telnet, ftp etc. Update for clarification: I would like to block internet access only for some users, not or all on this server. The best solution is probably to do this on the network level with a proxy. You can force all Internet-bound traffic through the proxy using WCCP or the like and not configure anything on the hosts themselves. Otherwise, I think you might be able to configure the Windows firewall to disallow this outbound traffic via GPO which would catch all outbound traffic.

Furthermore, since it's a server, it likely has a static IP and you could just block outbound traffic at your perimeter firewall - assuming you are actaully trying to block Internet access from the server itself - it wasn't clear to me if you mean for all users using the server and GPO to accomplish or if you just wanted to block access from your servers. Set it for those user's MAC address so they always get that incorrect gateway address. You could use a proxy for this or you could set up an ACL access control list on your router to block outbound traffic from the workstations in question.

I hate to give an expensive commercial recommendation, but the Barracuda Web Filter does everything you're asking and can definitely tie into your AD topology. It has content and protocol awareness, so you could restrict downloads, telnet, ftp, etc. The only realistic option probably is to disable direct internet acces, thus forcing all internet traffic through a proxy. Then configure this proxy to require authentication ideally against the Active Directory[AD].

That way, everyone has to authenticate to go online. I have never implemented this, but I believe it should work. At least Squid lets you authenticate against an AD ; I assume other proxies can do the same. Sign up to join this community. The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group.

Create a free Team What is Teams? Learn more. Asked 10 years, 1 month ago. Active 2 years, 9 months ago. Viewed 15k times. The only problem is that anyone can come in and simply overwrite the settings. Join me as I document my trials and tribulations of the daily grind of System Administration. Action: Update. More Posts. Get Alexa Ranking using Powershell. Thank you both! This tutorial suggests using Windows Firewall managed through Active Directory to block all internet IP addresses in additional to enforcing a non-existent proxy.

These technologies come inbuilt with Windows. You can apply this group policy to individual users or whole OUs as you see fit and will work well across all devices.

Hence why we are blocking all the non-private IP ranges, in other words we are blocking the entireity of IP addresses on the wider internet and not even specifying the private RFC and RFC ranges. Next we will need to setup the fake proxy as per the majority of advise out there regarding such things. You may need to download the IE admin pack first though. Make this setting enabled and click Ok. Thank you for this article. Is it possible to adapt the GPO settings to achieve that? This would be very difficult and the only way you could do it I can think of would be to use a proper proxy to enforce gmail.

Doing it from IPs saying that Google have many of them would allow things like Google Search and other Google services inadvertantly. A great way to block internet for clients via GPO. But there is an error which can be quite nerve wrecking.