Re: Limiting employee Internet access

["Normal" <al@gatton.org>]

I handle that all through DHCP.. different overlapping subnets based on MAC
address, one subnet gets masq'd to the internet, the other gets redirected
to an internal web page that takes support requests ONLY.


----- Original Message -----
From: Glenn Tofte <gtofte@idcag.org>
To: <luci-discuss@luci.org>
Sent: Wednesday, May 05, 2004 11:08 AM
Subject: Limiting employee Internet access


> Thanks to all who gave me recommendations on how to restrict which
> employees access the Internet.  This helps me implement an open source
> solution (ipcop/dansguardian) into my predominantly M$ environment
> seamlessly!
>
> The solution that I have settled on is as follows:
>
> I have 2 scripts that change the route table (real gateway and null
> gateway).
> I apply these scripts through the Active Directory Group Policy by
> creating 2 Group Policies and apply each one to the appropriate group of
> users.
>
> Fixgateway.bat
> route change 0.0.0.0 MASK 0.0.0.0 10.1.0.254
>
> Breakgateway.bat
> route change 0.0.0.0 MASK 0.0.0.0 10.1.0.1
>
>
> PRO:
> 1.  Fast: The results are instantaneous!  Using netsh can take up to 4
> seconds per nic so if you have three nics it is an eternity.
>
> 2.  The user can't go anywhere no matter which app (in M$ Windows)they
> use.
>
> Obviously this solution wouldn't work if I had a mixed environment of
> *nix and M$ for the desktop.
>
> Glenn
> __________________
> Glenn W. Tofte
> IDCAG
> Info Systems Admin
> 217-854-4685
>
> -
> To unsubscribe, send email to majordomo@luci.org with
> "unsubscribe luci-discuss" in the body.


-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.