Internet Related Group Policies

[amagab]

I want to create three new Group Policies related to the internet:

GP1) Restrict all internet access

GP2) Restrict internet access except ONE IP ADDRESS (on local network)

GP3) Restrict downloading from the internet

Many thanks!

 

[mmthomas]

If you really want to deny all internet access, this is better done at your firewall than in your group policy. Probably the best you can do in group policy is set one up to mandate a fake proxy for internet access. However I'm not sure if it will allow access to only one internal IP address.

In your group policy, go to User Config > Policies > Windows Settings > Internet Explorer Maintenance > Connection > Proxy Settings.
Enable proxy settings.
Put in a non-existent address for your proxy.
In the exceptions, put in your one IP-address.
Uncheck "Do not use proxy server for local (intranet) addresses".

I don't guarantee that that will work, though, as I haven't tried it myself. You may end up needing to implement some kind of web proxy. On the upside, your current firewall may come with a proxy option already.

 

[mmthomas]

I forgot your third. In group policy, same as above except under Security rather than Connection, then Security Zones and Content Ratings. Click button to "Import the current security zones and privacy settings" and then modify setting. In the modify settings, you can modify the security for Internet or Local Intranet to disable file downloads or what not. But if you enable this, you'll need to make sure that you've got all the other settings that end users may need to run what they need to on the internet, because that is going to push out everything configured, not just your download setting. Again, downloads can be controlled through proxy software as well. Also, if you are denying all internet access, you don't need to also deny downloads.