Free/cheap proxy server?
December 21, 2005 7:39 AM Subscribe
Free (or very cheap) proxy server that runs on W2k3? We just need it to block access to internet for some, not for others. Optimally, would like it to be tied into Active Directory (W2k3) so we don't have to use new username/passwords. Any suggestions? About 60 user company.
If it can monitor what they are going to visit, that would be great but not required. Or, even better, is there an "easy" group policy to implement that blocks IE access?
If it can monitor what they are going to visit, that would be great but not required. Or, even better, is there an "easy" group policy to implement that blocks IE access?
Best answer: Squid on windows is your best bet as far as proxies go. ISA Server is overkill for nearly everything, and has a bad habit of being full of security holes.
Now, as far as a group policy to block IE access.... an easy way to do that would be to make a group policy for people who aren't supposed to be on teh intarnet. That policy should force proxy settings, pointed to a host that does not exist. Since they can't change the proxy settings, voila- no internet.
Just associate the group policy to a group of non-internet accounts, and you should be good to go.
posted by AaronRaphael at 8:54 AM on December 21, 2005
Now, as far as a group policy to block IE access.... an easy way to do that would be to make a group policy for people who aren't supposed to be on teh intarnet. That policy should force proxy settings, pointed to a host that does not exist. Since they can't change the proxy settings, voila- no internet.
Just associate the group policy to a group of non-internet accounts, and you should be good to go.
posted by AaronRaphael at 8:54 AM on December 21, 2005
For Group Policy editing, you'll need to grab the Group Policy Management Console. I downloaded it myself, and it's made all the difference in my life. *swoon*
You'll also want to recognize that unless you plan on blocking Google, enterprising young people will still get to the pages they want to see.
posted by thanotopsis at 9:43 AM on December 21, 2005
You'll also want to recognize that unless you plan on blocking Google, enterprising young people will still get to the pages they want to see.
posted by thanotopsis at 9:43 AM on December 21, 2005
I've configured several firewall/proxies. Wingate ($824.95), Kerio Winroute ($997), and ISA Server ($1,499).
ISA Server is the most difficult to configure, WinRoute is by far the best solution that I've come across, it integrates with AD easily. We just have an 'Internet' group in AD, and allow that group access to the internet.
posted by patrickje at 10:55 AM on December 21, 2005
ISA Server is the most difficult to configure, WinRoute is by far the best solution that I've come across, it integrates with AD easily. We just have an 'Internet' group in AD, and allow that group access to the internet.
posted by patrickje at 10:55 AM on December 21, 2005
Response by poster: AaronRaphal, that is a GREAT idea. I was locking down registry hives and directories on the workstations and not allowing mozilla.exe or iexplore.exe to be run, but they are still getting on. That is a far easier way to do it. Thanks!
I'll try wingate if that doesn't work. Thanks, everyone.
And yes, I swoon over the GMPC, too. I love it!
posted by aacheson at 9:14 AM on December 22, 2005
I'll try wingate if that doesn't work. Thanks, everyone.
And yes, I swoon over the GMPC, too. I love it!
posted by aacheson at 9:14 AM on December 22, 2005
Response by poster: Oh my god, that pointing to a phantom proxy works like a CHARM. That's perfect!! Thanks so much!!!
posted by aacheson at 9:45 AM on December 22, 2005
posted by aacheson at 9:45 AM on December 22, 2005
« Older A practical way to learn Adobe Illustrator? | Single Cup Coffee Makers (need guidance) Newer »
This thread is closed to new comments.
posted by kuperman at 7:54 AM on December 21, 2005