Restrict users to one or two websites? Jeff Church <jeff[ at ]jlctcs.com> 02.07.2007 21:26:00 Hello all, I have 4 computers which are remote point-of-sale terminals and they log into our system using terminal server. I would like to be able to restrict them to be able to get to the company website and our online timeclock sites ONLY. Where can this setting be done globally for either the terminal services users or even just by specifying the machine names? Thanks for your help, J

Re: Restrict users to one or two websites? jwgoerlich[ at ]gmail.com 05.07.2007 16:44:11 Are the company website and timeclock sites on the same subnet and segment as the terminals? J Wolfgang Goerlich On Jul 2, 5:26 pm, Jeff Church <j...[ at ]jlctcs.com> wrote: [Quoted Text] > Hello all, > I have 4 computers which are remote point-of-sale terminals and they log > into our system using terminal server. I would like to be able to restrict > them to be able to get to the company website and our online timeclock sites > ONLY. Where can this setting be done globally for either the terminal > services users or even just by specifying the machine names? > > Thanks for your help, > > J

Re: Restrict users to one or two websites? Jeff Church <jeff[ at ]jlctcs.com> 05.07.2007 17:44:20 No, the company website and the timeclock site are both hosted elsewhere on different servers. :-( On 7/5/07 9:44 AM, in article 1183653851.291462.140070[ at ]n60g2000hse.googlegroups.com, "jwgoerlich[ at ]gmail.com" <jwgoerlich[ at ]gmail.com> wrote: [Quoted Text] > Are the company website and timeclock sites on the same subnet and > segment as the terminals? > > J Wolfgang Goerlich > > On Jul 2, 5:26 pm, Jeff Church <j...[ at ]jlctcs.com> wrote: >> Hello all, >> I have 4 computers which are remote point-of-sale terminals and they log >> into our system using terminal server. I would like to be able to restrict >> them to be able to get to the company website and our online timeclock sites >> ONLY. Where can this setting be done globally for either the terminal >> services users or even just by specifying the machine names? >> >> Thanks for your help, >> >> J > >

Re: Restrict users to one or two websites? jwgoerlich[ at ]gmail.com 05.07.2007 18:24:51 Ok, so the gateway trick is out. Do you have manage the firewall? If so, then you could add rules to allow Http/Https (80/443) traffic only to those web servers and block all other web traffic. J Wolfgang Goerlich On Jul 5, 1:44 pm, Jeff Church <j...[ at ]jlctcs.com> wrote: [Quoted Text] > No, the company website and the timeclock site are both hosted elsewhere on > different servers. :-( > > On 7/5/07 9:44 AM, in article > 1183653851.291462.140...[ at ]n60g2000hse.googlegroups.com, > > > > "jwgoerl...[ at ]gmail.com" <jwgoerl...[ at ]gmail.com> wrote: > > Are the company website and timeclock sites on the same subnet and > > segment as the terminals? > > > J Wolfgang Goerlich > > > On Jul 2, 5:26 pm, Jeff Church <j...[ at ]jlctcs.com> wrote: > >> Hello all, > >> I have 4 computers which are remote point-of-sale terminals and they log > >> into our system using terminal server. I would like to be able to restrict > >> them to be able to get to the company website and our online timeclock sites > >> ONLY. Where can this setting be done globally for either the terminal > >> services users or even just by specifying the machine names? > > >> Thanks for your help, > > >> J- Hide quoted text - > > - Show quoted text -

Re: Restrict users to one or two websites? Jeff Church <jeff[ at ]jlctcs.com> 05.07.2007 19:27:51 But that would restrict my entire organization? On 7/5/07 11:24 AM, in article 1183659891.335409.234440[ at ]q69g2000hsb.googlegroups.com, "jwgoerlich[ at ]gmail.com" <jwgoerlich[ at ]gmail.com> wrote: [Quoted Text] > Ok, so the gateway trick is out. Do you have manage the firewall? If > so, then you could add rules to allow Http/Https (80/443) traffic only > to those web servers and block all other web traffic. > > J Wolfgang Goerlich > > On Jul 5, 1:44 pm, Jeff Church <j...[ at ]jlctcs.com> wrote: >> No, the company website and the timeclock site are both hosted elsewhere on >> different servers. :-( >> >> On 7/5/07 9:44 AM, in article >> 1183653851.291462.140...[ at ]n60g2000hse.googlegroups.com, >> >> >> >> "jwgoerl...[ at ]gmail.com" <jwgoerl...[ at ]gmail.com> wrote: >>> Are the company website and timeclock sites on the same subnet and >>> segment as the terminals? >> >>> J Wolfgang Goerlich >> >>> On Jul 2, 5:26 pm, Jeff Church <j...[ at ]jlctcs.com> wrote: >>>> Hello all, >>>> I have 4 computers which are remote point-of-sale terminals and they >>>> log >>>> into our system using terminal server. I would like to be able to restrict >>>> them to be able to get to the company website and our online timeclock >>>> sites >>>> ONLY. Where can this setting be done globally for either the terminal >>>> services users or even just by specifying the machine names? >> >>>> Thanks for your help, >> >>>> J- Hide quoted text - >> >> - Show quoted text - > >

Re: Restrict users to one or two websites? jwgoerlich[ at ]gmail.com 10.07.2007 11:16:03 Alright, let me see if I understand you. Your organization has a subnet with several computers, four of which are dedicated terminals. You want to allow all computers on this subnet to reach the company website and timeclock website (both of which are on a different subnet or the Internet). You want to block the four dedicated terminals from reaching other sites on the Internet. You could do this with firewall rules. Assuming you are using Dhcp, reserve four addresses for the terminals so that you know what IPs they are using. Block all except the company sites for those IP addresses. Alternatively, purchase web proxy software. Most firewall vendors have an option for this (for example, WatchGuard's is called Web Blocker). This may be more involved that you need, however. J Wolfgang Goerlich

Re: Restrict users to one or two websites? Jeff Church <jeff[ at ]jlctcs.com> 11.07.2007 18:48:44 I am indeed running a Cisco ASA 5510 VPN/Firewall/Router so could then build a rule for those specific MAC addresses I suppose. I am not as good as others on the ASA but am certain I have a trusted source to ask about this. I was however, hoping to be able to do it by Windows user so that if I or another administrator logged on to said machines we would be granted full access. Thanks for the point in the right direction. JLC On 7/10/07 4:16 AM, in article 1184066163.540292.28750[ at ]c77g2000hse.googlegroups.com, "jwgoerlich[ at ]gmail.com" <jwgoerlich[ at ]gmail.com> wrote: [Quoted Text] > Alright, let me see if I understand you. Your organization has a > subnet with several computers, four of which are dedicated terminals. > You want to allow all computers on this subnet to reach the company > website and timeclock website (both of which are on a different subnet > or the Internet). You want to block the four dedicated terminals from > reaching other sites on the Internet. > > You could do this with firewall rules. Assuming you are using Dhcp, > reserve four addresses for the terminals so that you know what IPs > they are using. Block all except the company sites for those IP > addresses. > > Alternatively, purchase web proxy software. Most firewall vendors have > an option for this (for example, WatchGuard's is called Web Blocker). > This may be more involved that you need, however. > > J Wolfgang Goerlich >