Internet/Intranet Access

Archived from groups: microsoft.public.win2000.security (More info?)

I have users on a Win 2000 network that need to access an intranet site, but
not the internet. Restricting access to the iexplore.exe file on the local
workstations isn't an option as it is needed to run the intranet site. Can
this be done in the user account sections or do I need to go to the router?
Any suggestions would be great.

Libby
2 answers Last reply
More about internet intranet access
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    If you don't want/can't block at the firewall you create an IP Security
    Policy and push it to the appropriate workstations via group policy. The IP
    Security Policy would have 2 rules 1) block all outgoing connections to port
    80 and 443 except for 2) allow outgoing port 80/443 connections if
    destination address is within your subnets or internal dns domain. Note,
    this option isn't user specific - it follows the computer.

    --
    Regards,
    Randy Franklin Smith, CISA, SSCP, Security MVP
    Creator of the Ultimate Windows Security training courses

    "Libby" <lkennedy@dclchem.com> wrote in message
    news:%23uJCd9N%23EHA.3124@TK2MSFTNGP11.phx.gbl...
    >I have users on a Win 2000 network that need to access an intranet site,
    >but
    > not the internet. Restricting access to the iexplore.exe file on the
    > local
    > workstations isn't an option as it is needed to run the intranet site.
    > Can
    > this be done in the user account sections or do I need to go to the
    > router?
    > Any suggestions would be great.
    >
    > Libby
    >
    >
    >
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    If you do that by the way, you will break Windows Update. This is only a
    problem if you are using Windows Update as opposed to Software Update
    Services. I guess you could always create some rules to allow WU traffic
    out but it starts to get cumbersome.

    "Randy Franklin Smith [MVP]" <rsmith@ultimatewindowssecurity.com> wrote in
    message news:%23SsC86Q%23EHA.2568@TK2MSFTNGP11.phx.gbl...
    > If you don't want/can't block at the firewall you create an IP Security
    > Policy and push it to the appropriate workstations via group policy. The
    > IP Security Policy would have 2 rules 1) block all outgoing connections to
    > port 80 and 443 except for 2) allow outgoing port 80/443 connections if
    > destination address is within your subnets or internal dns domain. Note,
    > this option isn't user specific - it follows the computer.
    >
    > --
    > Regards,
    > Randy Franklin Smith, CISA, SSCP, Security MVP
    > Creator of the Ultimate Windows Security training courses
    >
    > "Libby" <lkennedy@dclchem.com> wrote in message
    > news:%23uJCd9N%23EHA.3124@TK2MSFTNGP11.phx.gbl...
    >>I have users on a Win 2000 network that need to access an intranet site,
    >>but
    >> not the internet. Restricting access to the iexplore.exe file on the
    >> local
    >> workstations isn't an option as it is needed to run the intranet site.
    >> Can
    >> this be done in the user account sections or do I need to go to the
    >> router?
    >> Any suggestions would be great.
    >>
    >> Libby
    >>
    >>
    >>
    >
    >
Ask a new question

Read More

Intranet Internet Windows