Restricting network/domain user's internet access

[Unleashed]

Hi guys,
At work we have a domain run by a server on Small Business Server 2003. We need to stop one user from using the internet except when given permission... Perhaps a password control would be sufficient.
Unfortunately they still need to access the full internal network, and the internet connection is provided via the LAN.
So, my question is this:
Is there a way of stopping access to everything except internal IP addresses?
Thanks!

Conrad

 

[madmatt]

You could use a bogus proxy through Group Policy.

gpedit.msc
User Configuration
Windows Settings
Internet Explorer Maintenance
Connection
Proxy Settings

 

[Unleashed]

Aha, that's what I need but the only thing is when it comes to disabling it to give him access at lunch he'll see how to do it... Is there any way to do similar but from the server rather than locally?
Thanks Matt!

 

[madmatt]

Put the user in a different OU (e.g. "Restricted Users") and enable/disable the policy using AD.

 

[Unleashed]

D'oh! How did I not think of that.
Thank you!

 

[fitz]

don't even have to put them into an OU, just set the security to only apply the policy to that one user.. or create a group and apply it just that group. Then when he needs access, remove him from the group.. and add him back in when he's done.