Tom - We use IPSec within Group Policies to do this. Here are some resources you might want to look over to learn more: http://www.microsoft.com/serviceproviders/columns/using_ipsec.asp http://www.analogx.com/contents/articles/ipsec.htm http://www.hernanracciatti.com.ar/ipfront/about.htm
If you can spend some time reading up about IPSec policies I think you will see they can do exactly what you want, and you don't even need to buy a Proxy Server (although you might want one anyway for other reasons). Good luck! Jeff -----Original Message----- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 08, 2005 7:22 PM To: ActiveDir (E-mail) Subject: [ActiveDir] deny internet hi all. If I want to deny a user internet access but allow everything else, is this possible via GPO? On win2k and winXP? also to include other browsers besides IE a firewall solution is not possible right now and the clients are dhcp so cisco acl's won't always work. Can I gpo this or is it easier to give the client a static ip and acl it on the router? thanks List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ Confidential This e-mail and any files transmitted with it are the property of Belkin Corporation and/or its affiliates, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipients or otherwise have reason to believe that you have received this e-mail in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/