Sign in with
Sign up | Sign in
Your question

How best to restrict IE access thru AD in server 2008?

Last response: in Business Computing
Share
November 20, 2012 12:27:26 AM

I have taken over for someone who recently got fired, and I know a bit about AD but GPOs are a mystery to me, although it doesn't seem terribly complicated. What I have been tasked to do is to restrict internet access by a certain user group. These users are already all in a group and all on the domain, and are already restricted locally from installing anything, so what I need to do is restrict the only browser left to them, IE, while whitelisting a few sites they need access to for work. How can this best be done?
November 20, 2012 12:45:20 AM

This probably isn't going to be of much help since you seem to know this already, but you're headed in the right direction. Group Policy is the way to do it. I would just Google Group Policy. Most of the information you need is on Microsoft's TechNet website, but it is much easier to find it using Google than searching TechNet directly. Once you read through a page or two you will find what you need. I messed around with it briefly a few years ago but I've forgotten everything now.
Related resources
Anonymous
a b 8 Security
November 20, 2012 10:49:37 AM

I agree with the Technet article - If you wanted to restrict them from running IE completely then GPOs would be the way to go using software restrictions or AppLocker if you're running R2.

However what you're trying to achieve is to restrict their access to certain sites, this is really a job for a proxy server, Forefront TMG if you want the MS option.

Trend Micro IWSS or IWSVA would also meet your requirements plus give you malware protection for traffic that passes through it. IWSVA is a virtual appliance so will require a Hyper-V or ESXi installation to run on.

For a low cost solution a modest PC running Ubuntu Server and Squid will do the job.
a b 8 Security
November 20, 2012 10:57:05 AM

A proxy server is what you really need. There are several out there(squid, ironport, ISA server-forefront?), there are even a few cloud services that will provide proxy services.
Anonymous
a b 8 Security
November 20, 2012 11:03:36 AM

ss202sl said:
A proxy server is what you really need. There are several out there(squid, ironport, ISA server-forefront?), there are even a few cloud services that will provide proxy services.


Interesting point about the cloud providers. This is something I have been researching to control/log access at our smaller offices, do you know of any providers that allow you to create your own rule sets.
a b 8 Security
November 20, 2012 12:18:28 PM

Zscaler is the one i was thinking about.
November 20, 2012 12:29:14 PM

I would recommend zScaler as well. It works fairly easy and is affordable.
!