Blocking internet but not intranet - KiXtart.org - official site

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Basic Scripting » Blocking internet but not intranet

Page 1 of 1

1

Topic Options

#115221 - 2004-02-29 12:14 AM Blocking internet but not intranet
nanda nanda Fresh Scripter Registered: 2004-02-28 Posts: 5 Loc: Atlanta, GA	I am very new to scripting and I have a problem that I think can be solved using this. I have around 800 users who need to be completely blocked from internet usage but still should be able to be on the intranet and another 400 users who should be able to browse both internet and intranet. Both kinds of users are mixed in different vlan's so I cannot distinguish using network addresses. All these users are on DHCP. I can create a group on the server and put all the users to be blocked from the internet in that group and then run a script for the rest of the users to change their DNS server to thir local machine or a dummy IP on the network. Can someone help me with this? Thanks,
Top

#115222 - 2004-02-29 12:39 AM Re: Blocking internet but not intranet
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	WHy would you need a script for that? Just apply permisions to the proxy for the group. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#115223 - 2004-02-29 12:42 AM Re: Blocking internet but not intranet
nanda nanda Fresh Scripter Registered: 2004-02-28 Posts: 5 Loc: Atlanta, GA	how do i do that on an nt sever
Top

#115224 - 2004-02-29 12:56 AM Re: Blocking internet but not intranet
Co Co MM club member Registered: 2000-11-20 Posts: 1342 Loc: NL	Don't you use a proxy server like Proxy2, ISA Server or another type of proxy? I can't imagine you don't use one when you have 1200 users... _________________________ Co
Top

#115225 - 2004-02-29 01:01 AM Re: Blocking internet but not intranet
nanda nanda Fresh Scripter Registered: 2004-02-28 Posts: 5 Loc: Atlanta, GA	No we don't use a proxy server. We are just using Checkpoint firewall where it goes out from one external IP and we can see all the reports too. All these users are not enabled on the firewall otherwise i would have blocked them on the firewall itself.
Top

#115226 - 2004-02-29 01:59 AM Re: Blocking internet but not intranet
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	your easiest way is to build up an proxy server. a cheap workstation will do. a linux will do much better than windows but if you don't have the knowledge, you may use windows too. make the proxy control the allow/deny by user/group of your wish and make the firewall allow access only from the proxy server. _________________________ ! download KiXnet
Top

#115227 - 2004-02-29 02:36 AM Re: Blocking internet but not intranet
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Quote: No we don't use a proxy server. I find it hard to believe that an IT department serving 1200 clients would NOT be using a proxy server! What I find even more amazing is that you would come up with a hair-brained scheme to destroy the DNS settings for 800 clients! Would they not need the DNS for internal systems? _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#115228 - 2004-02-29 03:35 AM Re: Blocking internet but not intranet
nanda nanda Fresh Scripter Registered: 2004-02-28 Posts: 5 Loc: Atlanta, GA	Internal Systems can get by with WINS and i am achiving the web caching etc on the firewall itself so never had a use for a proxy server. I will like to explore this option for diabling the DNS so please let me know if it can be done by using a script.
Top

#115229 - 2004-02-29 03:49 AM Re: Blocking internet but not intranet
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	I don't think you can get very far with just WINS unless you are on NT4 and intend to stay on an end-of-life product. Active Directory needs DNS. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#115230 - 2004-02-29 04:10 AM Re: Blocking internet but not intranet
nanda nanda Fresh Scripter Registered: 2004-02-28 Posts: 5 Loc: Atlanta, GA	Hmm.. thats a thought. So if I do install a proxy server can I enable it for my users using a script? We are planning a move to 2003 from NT4 around next month.
Top

#115231 - 2004-02-29 04:58 AM Re: Blocking internet but not intranet
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	You can do proxy settings by script and there are plenty of examples already posted but IMHO, GPOs in W2K3 are the way to go. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#115232 - 2004-02-29 05:41 AM Re: Blocking internet but not intranet
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	lol... imagine if you did not come here posting and you would had removed the DNS... heh, that would have nice thing to see. 800 clients _________________________ ! download KiXnet
Top

#115233 - 2004-02-29 05:58 AM Re: Blocking internet but not intranet
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	After having migrated a few thousand computers to AD, nothing surprises me. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#115234 - 2004-02-29 01:09 PM Re: Blocking internet but not intranet
Co Co MM club member Registered: 2000-11-20 Posts: 1342 Loc: NL	Nanda, Maybe you can do a migration training before upgrading Windows NT4 to Windows 2003 Edited by Co (2004-02-29 01:12 PM) _________________________ Co
Top

#115235 - 2004-03-01 10:58 AM Re: Blocking internet but not intranet
Richard H. Richard H. Administrator Registered: 2000-01-24 Posts: 4946 Loc: Leatherhead, Surrey, UK	Quote: So if I do install a proxy server can I enable it for my users using a script? Even better, check the "automatically detect settings" option if you are using IE. This allows you to set up a centralised management script. This allows you to do things like bypassing the proxy for internal sites. Search the web for information about "wpad.dat" for auto-configuration.
Top

#115236 - 2004-03-01 03:28 PM Re: Blocking internet but not intranet
Co Co MM club member Registered: 2000-11-20 Posts: 1342 Loc: NL	Also you can edit IE with IEAK.... _________________________ Co
Top

#115237 - 2004-03-01 04:46 PM Re: Blocking internet but not intranet
Jack Lothian Jack Lothian MM club member Registered: 1999-10-22 Posts: 1169 Loc: Ottawa,Ontario, Canada	You guys are talking over nanda's head. Nanda, This is not truly a forum for this type of question. Kixtart was not really designed for what you wish to achieve. Try asking this type of question on a more generic Windows OS management forum. There are many active on the web. (Sorry I can not provide links. I am not active enough these days to know the current links.) Edited by Jack Lothian (2004-03-01 04:48 PM) _________________________ Jack
Top

Page 1 of 1

1

Previous Topic

Previous Topic View All Topics

View All Topics

Index Next Topic

Next Topic

Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart

Hop to:

Shout Box

Who's Online

0 registered and 837 anonymous users online.

Newest Members

ManuvdWielNL, Sir_Barrington, batdk82, StuTheCoder, M_Moore
17887 Registered Users

Generated in 0.073 seconds in which 0.028 seconds were spent on a total of 12 queries. Zlib compression enabled.

click tracking