rewriten repost a little ot

Hi all, going try and make it a little clearer this time
(you can ignore what I had below, reading it myself I
wasn't sure what I was trying to say). What I need to do
is block every one in the company except for about 6 user
from either logging in to the pc altogether (this would be
the last resort) or just using the internet on those
computers (I would prefer to do this), there are 3
computers that I wont to block. The problem is people
using the pc on the weekend/overtime for the internet, and
then I'm down there about ever 2 weeks to ghost them to
get rib of all the crap, mainly spy ware that's on them.
The company won't give me the funding to get software to
do this. I know I can set what pc people login to but that
would be a huge job here, 330 user accounts and 200 pc,
with no current system in place. I hope this is a bit
clearer

Thanks again
Argus



. Reply (E-mail) Forward (E-mail)

Subject: a little o.t.
From: "Argus" <anonymous@discussions.microsoft.com>
Sent: 9/3/2004 4:19:41 AM




As im still learning i was hoping someone in here could
help with with this problem (and yes i have done a couple
of serches on it with no joy). I'm working in a domain
with about 200 clients and about 330 users. Must do not
have internet access, but i have the problem that people
require access to most pc on the network. The company wont
by any 3rd party software to control internet use. Well
problem is that i need to stop people accessing 4 pcs
exept for about 8 people. is there a way i can set it to
only allow log in from these people or mybe everyone can
login still but only those 8 can access interent. Thanks
for you help

Argus
.

harryph
Mon Sep 06 09:59:42 CDT 2004

from memory NO without third party software, but im not
sure on that,


>-----Original Message-----
>Hi all, going try and make it a little clearer this time
>(you can ignore what I had below, reading it myself I
>wasn't sure what I was trying to say). What I need to do
>is block every one in the company except for about 6 user
>from either logging in to the pc altogether (this would
be
>the last resort) or just using the internet on those
>computers (I would prefer to do this), there are 3
>computers that I wont to block. The problem is people
>using the pc on the weekend/overtime for the internet,
and
>then I'm down there about ever 2 weeks to ghost them to
>get rib of all the crap, mainly spy ware that's on them.
>The company won't give me the funding to get software to
>do this. I know I can set what pc people login to but
that
>would be a huge job here, 330 user accounts and 200 pc,
>with no current system in place. I hope this is a bit
>clearer
>
>Thanks again
>Argus
>
>
>
>.. Reply (E-mail) Forward (E-mail)
>
> Subject: a little o.t.
> From: "Argus" <anonymous@discussions.microsoft.com>
>Sent: 9/3/2004 4:19:41 AM
>
>
>
>
>As im still learning i was hoping someone in here could
>help with with this problem (and yes i have done a couple
>of serches on it with no joy). I'm working in a domain
>with about 200 clients and about 330 users. Must do not
>have internet access, but i have the problem that people
>require access to most pc on the network. The company
wont
>by any 3rd party software to control internet use. Well
>problem is that i need to stop people accessing 4 pcs
>exept for about 8 people. is there a way i can set it to
>only allow log in from these people or mybe everyone can
>login still but only those 8 can access interent. Thanks
>for you help
>
>Argus
>..
>
>
>.
>

anonymous
Mon Sep 06 10:15:14 CDT 2004

is there a group police hiden away that could do it?
>-----Original Message-----
>from memory NO without third party software, but im not
>sure on that,
>
>
>>-----Original Message-----
>>Hi all, going try and make it a little clearer this time
>>(you can ignore what I had below, reading it myself I
>>wasn't sure what I was trying to say). What I need to do
>>is block every one in the company except for about 6
user
>>from either logging in to the pc altogether (this would
>be
>>the last resort) or just using the internet on those
>>computers (I would prefer to do this), there are 3
>>computers that I wont to block. The problem is people
>>using the pc on the weekend/overtime for the internet,
>and
>>then I'm down there about ever 2 weeks to ghost them to
>>get rib of all the crap, mainly spy ware that's on them.
>>The company won't give me the funding to get software to
>>do this. I know I can set what pc people login to but
>that
>>would be a huge job here, 330 user accounts and 200 pc,
>>with no current system in place. I hope this is a bit
>>clearer
>>
>>Thanks again
>>Argus
>>
>>
>>
>>.. Reply (E-mail) Forward (E-mail)
>>
>> Subject: a little o.t.
>> From: "Argus" <anonymous@discussions.microsoft.com>
>>Sent: 9/3/2004 4:19:41 AM
>>
>>
>>
>>
>>As im still learning i was hoping someone in here could
>>help with with this problem (and yes i have done a
couple
>>of serches on it with no joy). I'm working in a domain
>>with about 200 clients and about 330 users. Must do not
>>have internet access, but i have the problem that people
>>require access to most pc on the network. The company
>wont
>>by any 3rd party software to control internet use. Well
>>problem is that i need to stop people accessing 4 pcs
>>exept for about 8 people. is there a way i can set it to
>>only allow log in from these people or mybe everyone can
>>login still but only those 8 can access interent. Thanks
>>for you help
>>
>>Argus
>>..
>>
>>
>>.
>>
>.
>

Argus
Mon Sep 06 10:22:09 CDT 2004

not that i could see harrph
>-----Original Message-----
>is there a group police hiden away that could do it?
>>-----Original Message-----
>>from memory NO without third party software, but im not
>>sure on that,
>>
>>
>>>-----Original Message-----
>>>Hi all, going try and make it a little clearer this
time
>>>(you can ignore what I had below, reading it myself I
>>>wasn't sure what I was trying to say). What I need to
do
>>>is block every one in the company except for about 6
>user
>>>from either logging in to the pc altogether (this would
>>be
>>>the last resort) or just using the internet on those
>>>computers (I would prefer to do this), there are 3
>>>computers that I wont to block. The problem is people
>>>using the pc on the weekend/overtime for the internet,
>>and
>>>then I'm down there about ever 2 weeks to ghost them to
>>>get rib of all the crap, mainly spy ware that's on
them.
>>>The company won't give me the funding to get software
to
>>>do this. I know I can set what pc people login to but
>>that
>>>would be a huge job here, 330 user accounts and 200 pc,
>>>with no current system in place. I hope this is a bit
>>>clearer
>>>
>>>Thanks again
>>>Argus
>>>
>>>
>>>
>>>.. Reply (E-mail) Forward (E-mail)
>>>
>>> Subject: a little o.t.
>>> From: "Argus" <anonymous@discussions.microsoft.com>
>>>Sent: 9/3/2004 4:19:41 AM
>>>
>>>
>>>
>>>
>>>As im still learning i was hoping someone in here could
>>>help with with this problem (and yes i have done a
>couple
>>>of serches on it with no joy). I'm working in a domain
>>>with about 200 clients and about 330 users. Must do not
>>>have internet access, but i have the problem that
people
>>>require access to most pc on the network. The company
>>wont
>>>by any 3rd party software to control internet use. Well
>>>problem is that i need to stop people accessing 4 pcs
>>>exept for about 8 people. is there a way i can set it
to
>>>only allow log in from these people or mybe everyone
can
>>>login still but only those 8 can access interent.
Thanks
>>>for you help
>>>
>>>Argus
>>>..
>>>
>>>
>>>.
>>>
>>.
>>
>.
>

Argus
Mon Sep 06 12:52:56 CDT 2004

sry dident see you last post, we use a checkpoint firewall
on proxy on the network. hope this helps u help me

Thanks
Argus
>-----Original Message-----
>circa Mon, 6 Sep 2004 06:46:53 -0700, in
>microsoft.public.cert.exam.mcse, Argus
>(anonymous@discussions.microsoft.com) said,
>> Hi all, going try and make it a little clearer this
time
>> (you can ignore what I had below, reading it myself I
>> wasn't sure what I was trying to say). What I need to
do
>> is block every one in the company except for about 6
user
>> from either logging in to the pc altogether (this would
be
>> the last resort) or just using the internet on those
>> computers (I would prefer to do this), there are 3
>> computers that I wont to block. The problem is people
>> using the pc on the weekend/overtime for the internet,
and
>> then I'm down there about ever 2 weeks to ghost them to
>> get rib of all the crap, mainly spy ware that's on
them.
>> The company won't give me the funding to get software
to
>> do this. I know I can set what pc people login to but
that
>> would be a huge job here, 330 user accounts and 200 pc,
>> with no current system in place. I hope this is a bit
>> clearer
>>
>> Thanks again
>> Argus
>>
>>
>Do you use a proxy server for Internet access? I think I
may have
>asked you this the first time you posted. HOW are the
users accessing
>the 'net? Directly? Via NAT? Through a firewall? Through
a proxy.
>
>I can tell you how to do this if you give me the
information I asked
>you for this time and last.
>
>Laura
>--
>Experience is the name every one gives to their mistakes.
>-Oscar Wilde
>.
>

Argus
Mon Sep 06 13:18:02 CDT 2004

sorry i mean thers no proxy on the network, nat
"Argus" <anonymous@discussions.microsoft.com> wrote in message
news:6ea101c4943a$57291260$a301280a@phx.gbl...
> sry dident see you last post, we use a checkpoint firewall
> on proxy on the network. hope this helps u help me
>
> Thanks
> Argus
>>-----Original Message-----
>>circa Mon, 6 Sep 2004 06:46:53 -0700, in
>>microsoft.public.cert.exam.mcse, Argus
>>(anonymous@discussions.microsoft.com) said,
>>> Hi all, going try and make it a little clearer this
> time
>>> (you can ignore what I had below, reading it myself I
>>> wasn't sure what I was trying to say). What I need to
> do
>>> is block every one in the company except for about 6
> user
>>> from either logging in to the pc altogether (this would
> be
>>> the last resort) or just using the internet on those
>>> computers (I would prefer to do this), there are 3
>>> computers that I wont to block. The problem is people
>>> using the pc on the weekend/overtime for the internet,
> and
>>> then I'm down there about ever 2 weeks to ghost them to
>>> get rib of all the crap, mainly spy ware that's on
> them.
>>> The company won't give me the funding to get software
> to
>>> do this. I know I can set what pc people login to but
> that
>>> would be a huge job here, 330 user accounts and 200 pc,
>>> with no current system in place. I hope this is a bit
>>> clearer
>>>
>>> Thanks again
>>> Argus
>>>
>>>
>>Do you use a proxy server for Internet access? I think I
> may have
>>asked you this the first time you posted. HOW are the
> users accessing
>>the 'net? Directly? Via NAT? Through a firewall? Through
> a proxy.
>>
>>I can tell you how to do this if you give me the
> information I asked
>>you for this time and last.
>>
>>Laura
>>--
>>Experience is the name every one gives to their mistakes.
>>-Oscar Wilde
>>.
>>

Donald
Mon Sep 06 14:15:28 CDT 2004

What operating system are these machines running? And what domain setup are
you using?


"Argus" <anonymous@discussions.microsoft.com> wrote in message
news:6b9e01c49417$f7aaa190$a501280a@phx.gbl...
> Hi all, going try and make it a little clearer this time
> (you can ignore what I had below, reading it myself I
> wasn't sure what I was trying to say). What I need to do
> is block every one in the company except for about 6 user
> from either logging in to the pc altogether (this would be
> the last resort) or just using the internet on those
> computers (I would prefer to do this), there are 3
> computers that I wont to block. The problem is people
> using the pc on the weekend/overtime for the internet, and
> then I'm down there about ever 2 weeks to ghost them to
> get rib of all the crap, mainly spy ware that's on them.
> The company won't give me the funding to get software to
> do this. I know I can set what pc people login to but that
> would be a huge job here, 330 user accounts and 200 pc,
> with no current system in place. I hope this is a bit
> clearer
>
> Thanks again
> Argus
>
>
>
> . Reply (E-mail) Forward (E-mail)
>
> Subject: a little o.t.
> From: "Argus" <anonymous@discussions.microsoft.com>
> Sent: 9/3/2004 4:19:41 AM
>
>
>
>
> As im still learning i was hoping someone in here could
> help with with this problem (and yes i have done a couple
> of serches on it with no joy). I'm working in a domain
> with about 200 clients and about 330 users. Must do not
> have internet access, but i have the problem that people
> require access to most pc on the network. The company wont
> by any 3rd party software to control internet use. Well
> problem is that i need to stop people accessing 4 pcs
> exept for about 8 people. is there a way i can set it to
> only allow log in from these people or mybe everyone can
> login still but only those 8 can access interent. Thanks
> for you help
>
> Argus
> .
>
>

Argus
Mon Sep 06 14:17:26 CDT 2004

The machines are running windows 2000 (hopfuly soon to be upgraded to xp)
and all severs are '03, all conted to internet from cisco router from a
checkpoint firewall
"Donald" <bagman2002@bigplanet.com> wrote in message
news:1094494300.46478@boromir...
> What operating system are these machines running? And what domain setup
> are
> you using?
>
>
> "Argus" <anonymous@discussions.microsoft.com> wrote in message
> news:6b9e01c49417$f7aaa190$a501280a@phx.gbl...
>> Hi all, going try and make it a little clearer this time
>> (you can ignore what I had below, reading it myself I
>> wasn't sure what I was trying to say). What I need to do
>> is block every one in the company except for about 6 user
>> from either logging in to the pc altogether (this would be
>> the last resort) or just using the internet on those
>> computers (I would prefer to do this), there are 3
>> computers that I wont to block. The problem is people
>> using the pc on the weekend/overtime for the internet, and
>> then I'm down there about ever 2 weeks to ghost them to
>> get rib of all the crap, mainly spy ware that's on them.
>> The company won't give me the funding to get software to
>> do this. I know I can set what pc people login to but that
>> would be a huge job here, 330 user accounts and 200 pc,
>> with no current system in place. I hope this is a bit
>> clearer
>>
>> Thanks again
>> Argus
>>
>>
>>
>> . Reply (E-mail) Forward (E-mail)
>>
>> Subject: a little o.t.
>> From: "Argus" <anonymous@discussions.microsoft.com>
>> Sent: 9/3/2004 4:19:41 AM
>>
>>
>>
>>
>> As im still learning i was hoping someone in here could
>> help with with this problem (and yes i have done a couple
>> of serches on it with no joy). I'm working in a domain
>> with about 200 clients and about 330 users. Must do not
>> have internet access, but i have the problem that people
>> require access to most pc on the network. The company wont
>> by any 3rd party software to control internet use. Well
>> problem is that i need to stop people accessing 4 pcs
>> exept for about 8 people. is there a way i can set it to
>> only allow log in from these people or mybe everyone can
>> login still but only those 8 can access interent. Thanks
>> for you help
>>
>> Argus
>> .
>>
>>
>
>

Neil
Mon Sep 06 14:28:54 CDT 2004

babbling on and on again "Argus" <anonymous@discussions.microsoft.com>
spewed in news:6b9e01c49417$f7aaa190$a501280a@phx.gbl:

> Hi all, going try and make it a little clearer this time
> (you can ignore what I had below, reading it myself I
> wasn't sure what I was trying to say). What I need to do
> is block every one in the company except for about 6 user
> from either logging in to the pc altogether (this would be
> the last resort) or just using the internet on those
> computers (I would prefer to do this), there are 3
> computers that I wont to block.

ok, how about setting these PCs to only allow specific users to log on
locally. that would handle the "PC altogether" issue. since you mentioned
to Luara that you are using Firewall-1, why aren't you using the stuff
that is built in there. IIRC, there are access rules that you can
utilized in that product. maybe time to give www.checkpoint.com a peek...

> The problem is people
> using the pc on the weekend/overtime for the internet, and
> then I'm down there about ever 2 weeks to ghost them to
> get rib of all the crap, mainly spy ware that's on them.
> The company won't give me the funding to get software to
> do this.

ok, there are tons of free anti-spyware tools - adaware, spyware s&d,
etc. but hey if the company isn't willing to cough up for software, I
guess they will just have to cough up for your paycheck instead.

> I know I can set what pc people login to but that
> would be a huge job here, 330 user accounts and 200 pc,
> with no current system in place. I hope this is a bit
> clearer
>
> Thanks again
> Argus
>


dunno if it helps you any but ...

--
Neil MCNGP #30
the "curious" hair on the soap of society

MightyKitten
Mon Sep 06 15:15:13 CDT 2004

"Argus" <anonymous@discussions.microsoft.com> schreef in bericht
news:6b9e01c49417$f7aaa190$a501280a@phx.gbl
> Hi all, going try and make it a little clearer this time
> (you can ignore what I had below, reading it myself I
> wasn't sure what I was trying to say). What I need to do
> is block every one in the company except for about 6 user
> from either logging in to the pc altogether (this would be
> the last resort) or just using the internet on those
> computers (I would prefer to do this), there are 3
> computers that I wont to block. The problem is people
> using the pc on the weekend/overtime for the internet, and
> then I'm down there about ever 2 weeks to ghost them to
> get rib of all the crap, mainly spy ware that's on them.
> The company won't give me the funding to get software to
> do this. I know I can set what pc people login to but that
> would be a huge job here, 330 user accounts and 200 pc,
> with no current system in place. I hope this is a bit
> clearer
>
> Thanks again
> Argus
>

Does the sysem need to be into the domain? If not: use is as a loose PC in a
workgroup (same name as the domain) and create an account for the
administrator, and theose 6 people who need the internet.

A computer without the domain still can:
Use DNS, DHCP and orther TCP IP services of the server and other network
host (printers, firewalls, ect)

IIRC you can even place a domain menber in the local user/groups of the
Workgroup PC, provided you add thoses users as domain administrator (using
\\domainname\administratorname and the right password) Tis would also mean
those users can use their network directory (but you'l have to find a work
around for the log-on script. It will not run, because you will not be
conected to the doain as such. Placing a batchfile calling the script from
the server should do the trick).

--

A complete other solution would be to make an image of the pc, burn it to a
bootable cd that will autmatically restore the image (It can be done using
either ghost or pqdi (powerquest) tools and some batch scripting.

If user messes up, user can ask for cd, put cd in computer, turn computer
on. And while he is waiting, he can get you a coke/pepsi and some snacks,

--

A third option would, as already sugested, be a firewall or proxi server
with password protection.


I wont say these solutions are the best or greatest, but the'll give you
something to think about and come up with a (of course) better idea.


Jeroen de Bruijn

--

http://www.it-hulp.nl/
http://fotoalbum.it-hulp.nl/

gmx.net is the mailserver of mightykitten
start subject with *ping* or the antispam monster will eat it.

Wayne
Mon Sep 06 20:33:12 CDT 2004

Then it's too easy! Set a rule on the Checkpoint firewall that says:
Source: IP Address of the pc's you want to block
Destination: Any
Service: http https ftp
Action: Block
Track: Log

Wayne
Brisbane, Oz

"Argus" <anonymous@discussions.microsoft.com> wrote in message
news:6ea101c4943a$57291260$a301280a@phx.gbl...
> sry dident see you last post, we use a checkpoint firewall
> on proxy on the network. hope this helps u help me
>
> Thanks
> Argus
> >-----Original Message-----
> >circa Mon, 6 Sep 2004 06:46:53 -0700, in
> >microsoft.public.cert.exam.mcse, Argus
> >(anonymous@discussions.microsoft.com) said,
> >> Hi all, going try and make it a little clearer this
> time
> >> (you can ignore what I had below, reading it myself I
> >> wasn't sure what I was trying to say). What I need to
> do
> >> is block every one in the company except for about 6
> user
> >> from either logging in to the pc altogether (this would
> be
> >> the last resort) or just using the internet on those
> >> computers (I would prefer to do this), there are 3
> >> computers that I wont to block. The problem is people
> >> using the pc on the weekend/overtime for the internet,
> and
> >> then I'm down there about ever 2 weeks to ghost them to
> >> get rib of all the crap, mainly spy ware that's on
> them.
> >> The company won't give me the funding to get software
> to
> >> do this. I know I can set what pc people login to but
> that
> >> would be a huge job here, 330 user accounts and 200 pc,
> >> with no current system in place. I hope this is a bit
> >> clearer
> >>
> >> Thanks again
> >> Argus
> >>
> >>
> >Do you use a proxy server for Internet access? I think I
> may have
> >asked you this the first time you posted. HOW are the
> users accessing
> >the 'net? Directly? Via NAT? Through a firewall? Through
> a proxy.
> >
> >I can tell you how to do this if you give me the
> information I asked
> >you for this time and last.
> >
> >Laura
> >--
> >Experience is the name every one gives to their mistakes.
> >-Oscar Wilde
> >.
> >

MightyKitten
Fri Sep 10 15:31:20 CDT 2004

"Laura A. Robinson" <geekwench@snippit.hotmail.com> schreef in bericht
news:MPG.1baa9a3c7662d09d98abf6@msnews.microsoft.com
> circa Mon, 6 Sep 2004 22:15:13 +0200, in
> microsoft.public.cert.exam.mcse, MightyKitten (MightyKitten@
> 127.0.0.1.zap) said,
>> Does the sysem need to be into the domain? If not: use is as a loose
>> PC in a workgroup (same name as the domain) and create an account
>> for the administrator, and theose 6 people who need the internet.
>>
>> A computer without the domain still can:
>> Use DNS, DHCP and orther TCP IP services of the server and other
>> network host (printers, firewalls, ect)
>>
>> IIRC you can even place a domain menber in the local user/groups of
>> the Workgroup PC, provided you add thoses users as domain
>> administrator (using \\domainname\administratorname and the right
>> password) Tis would also mean those users can use their network
>> directory (but you'l have to find a work around for the log-on
>> script. It will not run, because you will not be conected to the
>> doain as such. Placing a batchfile calling the script from the
>> server should do the trick).
>>
>> --
>>
>> A complete other solution would be to make an image of the pc, burn
>> it to a bootable cd that will autmatically restore the image (It can
>> be done using either ghost or pqdi (powerquest) tools and some batch
>> scripting.
>>
>> If user messes up, user can ask for cd, put cd in computer, turn
>> computer on. And while he is waiting, he can get you a coke/pepsi
>> and some snacks,
>>
>> --
>>
>>
> How does this prevent all users except the six from accessing the
> Internet, yet still allow them to use the computers?
>
> Laura


The OP clearly states

<quote>
What I need to do
is block every one in the company except for about 6 user
from either *logging in to the pc altogether (this would be
the last resort)* or just using the internet on those
computers (I would prefer to do this)


It is a last resotr method.

Jeroen de Bruijn

--

http://www.it-hulp.nl/
http://fotoalbum.it-hulp.nl/

gmx.net is the mailserver of mightykitten
start subject with *ping* or the antispam monster will eat it.