So you’ve set up SBS 2003 and it’s working a little TOO good and you want to restrict some people from using the Internet.  So how do you do that?

Got SBS 2003 Premium? 

Remove the folks from the Internet users security group.  As they log into different machines, this restriction will follow them as they log into different machines.

Got SBS 2003 Standard?

Well, hopefully they will be using the same workstation otherwise this won’t work as Standard only can restrict by physical location.  In the RRAS firewall, you can use the RRAS filtering to restrict access by IP.  Click on RRAS, then on IP routing, then on NAT/Basic Firewall, then on Network Connections, then on Properties, then on Outbound filters.

Got that?

Or you could just buy the Standard to Premium upgrade and get SQL as well.


One Response to Okay, now I don’t want them to use the Internet

  1. Dave says:

    GPO is the answer my friends! Simply make a "no internet" group, apply a GPO to them only, and make their IE proxy server Take their ability to edit the connections tab or even view it in that same GPO. These settings are under USER, Windows Componants, and IE settings. You can also put what sites not to use proxy for, for those specific sites you want them to visit…. Don’t forget to allow those sites under security too.

    Another work around is ratings.pol and noaccess.rat. You can put the sites in they can visit there. But it worked better under 9x and can cause some headaches in XP.