Limiting which users have Internet Access

["Glenn Tofte" <gtofte@idcag.org>]

I am getting ready to deploy a Linux firewall/content filtering solution
(IPCop w/ Dansguardian) but I have one final hurdle:  We have some users
who are not allowed to have Internet access (the exception rather than
the rule).

OUR ENVIRONMENT:
70 Windows 2000/XP desktops
Windows 2000 Servers w/ Active Directory
Currently we are using M$ ISA for Internet accountability, which checks
against Active Directory to see if the user is a member of the Internet
Users Group before allowing access.

WE HAVE TRIED:
With IPCop I can block by IP address, but not by user.  This doesn't (by
itself)help  since the computers are shared between
Internet/Non-Internet users.

One thought that I had was to give the non-Internet users a null gateway
so they can access local resources, but not Internet resources.  We have
been trying to use "netsh" to toggle the gateway settings on the network
interfaces, but have not had much success.

Does anyone have any other ideas?

Thanks!

Glenn
__________________
Glenn W. Tofte
IDCAG
Info Systems Admin
217-854-4685 

-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.