[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Limiting employee Internet access

To: <luci-discuss@luci.org>
Subject: Limiting employee Internet access
From: "Glenn Tofte" <gtofte@idcag.org>
Date: Wed, 5 May 2004 11:08:14 -0500
Organization: Linux Users of Central Illinois
Reply-To: luci-discuss@luci.org
Sender: luci-discuss-owner@luci.org
Thread-Index: AcQyuyvcVwuKDZgMTyS+WtkMhb3KwQ==
Thread-Topic: Limiting employee Internet access

Thanks to all who gave me recommendations on how to restrict which
employees access the Internet.  This helps me implement an open source
solution (ipcop/dansguardian) into my predominantly M$ environment
seamlessly!

The solution that I have settled on is as follows:

I have 2 scripts that change the route table (real gateway and null
gateway).
I apply these scripts through the Active Directory Group Policy by
creating 2 Group Policies and apply each one to the appropriate group of
users.

Fixgateway.bat
route change 0.0.0.0 MASK 0.0.0.0 10.1.0.254

Breakgateway.bat
route change 0.0.0.0 MASK 0.0.0.0 10.1.0.1


PRO:
1.  Fast: The results are instantaneous!  Using netsh can take up to 4
seconds per nic so if you have three nics it is an eternity.

2.  The user can't go anywhere no matter which app (in M$ Windows)they
use.

Obviously this solution wouldn't work if I had a mixed environment of
*nix and M$ for the desktop.

Glenn
__________________
Glenn W. Tofte
IDCAG
Info Systems Admin
217-854-4685 

-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.

Follow-Ups:
- Re: Limiting employee Internet access
  - From: "Normal" <al@gatton.org>

Prev by Date: Re: Limiting which users have Internet Access
Next by Date: Re: Limiting which users have Internet Access
Prev by thread: Company looking for Linux Admins (fwd)
Next by thread: Re: Limiting employee Internet access
Index(es):
- Date
- Thread