Internet Access Control on Terminal Services

I'm working with an program that lets me monitor clients on a terminal server using ica. I'm wanting to be able to block internet access to a specific user or a group if I need to and I'm just not coming up with many ideas as how to go about doing this.

Using port blocking is out because all the http requests are routed through port 80 for all users.

I have a "working" idea using proxy changes, but it forces me to close the users browser each time potentially losing unsaved work.

Is there a specific service for each user I could enable or disable? Does anyone have any interesting thoughts on this? Thanks!
:confused

 

ICA? Is this a Citrix enviornment?

 

Hi bolivartech,

1. Open Internet Explorer
2. Go to Tools/Internet Options/Connections tab/Lan Settings button.
3. Add a checkmark to use a Proxy Server for your Lan. Type in a bogus IP address (ie: 123.123.123.123).
4. Next, implement this restriction...

http://www.tweaklibrary.com/Softwar...onnections”-tab-from-Internet-Explorer/10233/

Techsent

 

No, it's a total microsoft setup. ICA.exe is the client that runs on the terminal sessions. In a normal environment it is setup as a service, but that doesn't work with terminals.

 

This is basically what my current script does, it also takes into account that you cannot change proxy settings in a current IE session and it must restart before it works. I like the tweak though, certainly will help make the script better knowing they can't go in and change the proxy settings on their own.

 

a quick "old school" fix:

change the permissions on iexplore.exe and deny read/execute for a new restricted group. Add people to the group.

Done.

A question: these people are already on the LAN, they're just using the TS for programs and whatnot? What version of Windows is the Server? You should be able to adjust the TS allowed applications settings and turn off user groups through Policy.

 

Doesn't each user have Terminal Services permissions in active directory? When running Citrix its still TS isn't it?

 

Thanks bolivartech. yes, thats a cool tweak.

Nice one KrushR.

Techsent