How best to restrict IE access thru AD in server 2008?

I have taken over for someone who recently got fired, and I know a bit about AD but GPOs are a mystery to me, although it doesn't seem terribly complicated. What I have been tasked to do is to restrict internet access by a certain user group. These users are already all in a group and all on the domain, and are already restricted locally from installing anything, so what I need to do is restrict the only browser left to them, IE, while whitelisting a few sites they need access to for work. How can this best be done?
7 answers Last reply
More about restrict access server 2008
  1. This probably isn't going to be of much help since you seem to know this already, but you're headed in the right direction. Group Policy is the way to do it. I would just Google Group Policy. Most of the information you need is on Microsoft's TechNet website, but it is much easier to find it using Google than searching TechNet directly. Once you read through a page or two you will find what you need. I messed around with it briefly a few years ago but I've forgotten everything now.
  2. I agree with the Technet article - If you wanted to restrict them from running IE completely then GPOs would be the way to go using software restrictions or AppLocker if you're running R2.

    However what you're trying to achieve is to restrict their access to certain sites, this is really a job for a proxy server, Forefront TMG if you want the MS option.

    Trend Micro IWSS or IWSVA would also meet your requirements plus give you malware protection for traffic that passes through it. IWSVA is a virtual appliance so will require a Hyper-V or ESXi installation to run on.

    For a low cost solution a modest PC running Ubuntu Server and Squid will do the job.
  3. A proxy server is what you really need. There are several out there(squid, ironport, ISA server-forefront?), there are even a few cloud services that will provide proxy services.
  4. ss202sl said:
    A proxy server is what you really need. There are several out there(squid, ironport, ISA server-forefront?), there are even a few cloud services that will provide proxy services.


    Interesting point about the cloud providers. This is something I have been researching to control/log access at our smaller offices, do you know of any providers that allow you to create your own rule sets.
  5. Zscaler is the one i was thinking about.
  6. I would recommend zScaler as well. It works fairly easy and is affordable.
Ask a new question

Read More

Security Internet Access Internet Explorer Servers Business Computing