Guest Fritz Posted July 16, 2007 Posted July 16, 2007 A customer of mine is having an issue with employees abusing web access on two specific systems in the building. I don't want to remove the default gateway from the TCP/IP since that takes out the system's internet connectivity altogether so instead I thought of removing execute permissions from iexplore.exe and firefox.exe for users w/o admin privilege. Is this a good way to handle the problem? If not, what do you recommend? Thanks!
Guest Lanwench [MVP - Exchange] Posted July 16, 2007 Posted July 16, 2007 Re: Need to remove web access from some users Fritz <fritz@dontbite.com> wrote: > A customer of mine is having an issue with employees abusing web > access on two specific systems in the building. I don't want to > remove the default gateway from the TCP/IP since that takes out the > system's internet connectivity altogether so instead I thought of > removing execute permissions from iexplore.exe and firefox.exe for > users w/o admin privilege. Is this a good way to handle the problem? > If not, what do you recommend? > Thanks! No, this isn't the way to go. I'd recommend ISA or another proxy server product for this.
Guest Fritz Posted July 16, 2007 Posted July 16, 2007 Re: Need to remove web access from some users ISA? I'm not going to implement a new firewall just for that. If anything I'll just give the machines static IPs and block port 80 at the PIX level. "Lanwench [MVP - Exchange]" <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in message news:u$pBst9xHHA.3940@TK2MSFTNGP05.phx.gbl... > Fritz <fritz@dontbite.com> wrote: >> A customer of mine is having an issue with employees abusing web >> access on two specific systems in the building. I don't want to >> remove the default gateway from the TCP/IP since that takes out the >> system's internet connectivity altogether so instead I thought of >> removing execute permissions from iexplore.exe and firefox.exe for >> users w/o admin privilege. Is this a good way to handle the problem? >> If not, what do you recommend? >> Thanks! > > No, this isn't the way to go. I'd recommend ISA or another proxy server > product for this. >
Guest Lanwench [MVP - Exchange] Posted July 16, 2007 Posted July 16, 2007 Re: Need to remove web access from some users Fritz <fritz@dontbite.com> wrote: > ISA? I'm not going to implement a new firewall just for that. If > anything I'll just give the machines static IPs and block port 80 at > the PIX level. OK - but don't forget about all the other ports they could use to get into trouble. I'd go with DHCP reservations before static IPs, just to keep them more manageable. > > > "Lanwench [MVP - Exchange]" > <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in > message news:u$pBst9xHHA.3940@TK2MSFTNGP05.phx.gbl... >> Fritz <fritz@dontbite.com> wrote: >>> A customer of mine is having an issue with employees abusing web >>> access on two specific systems in the building. I don't want to >>> remove the default gateway from the TCP/IP since that takes out the >>> system's internet connectivity altogether so instead I thought of >>> removing execute permissions from iexplore.exe and firefox.exe for >>> users w/o admin privilege. Is this a good way to handle the >>> problem? If not, what do you recommend? >>> Thanks! >> >> No, this isn't the way to go. I'd recommend ISA or another proxy >> server product for this.
Guest Ian Betts Posted July 16, 2007 Posted July 16, 2007 Re: Need to remove web access from some users Might sound a bit tame but why not try child protection in Vista, should do the job OK. -- Ian "Fritz" <fritz@dontbite.com> wrote in message news:ubpFnM9xHHA.140@TK2MSFTNGP02.phx.gbl... >A customer of mine is having an issue with employees abusing web access on >two specific systems in the building. I don't want to remove the default >gateway from the TCP/IP since that takes out the system's internet >connectivity altogether so instead I thought of removing execute >permissions from iexplore.exe and firefox.exe for users w/o admin >privilege. Is this a good way to handle the problem? If not, what do you >recommend? > > Thanks! > >
Recommended Posts