Please tell me the solution of the following if you can. Scenario : Server: I am using Windows 2003 Server with Domain Controller with Active Directory installed. All users are the member of domain. Client : Windows XP (majority) Window 98 (1 or 2) Requirement : I have to enable internet in some clients and have to restrict the use of internet in some client. Question 1 : I dont want to use any external tools like ISA, Wingate, Winproxy etc. Is there any solution without using any external tool, I acheive the above task i.e to enable internet in some client and restrict internet in some client. Question 2: If I use Wingate than I have to enter the proxy entry in each client or not ? Is there any external tool available in which I dont need to enter proxy entry in each client or dont need to install proxy client in each client ? Summary : In short I have to enable internet in few clients and disable internet in few clients and I do not want to install or enter proxy entry and proxy client. Ahmed Imran

Yes you can: you can use IPSEC as a firewall, you can setup a GPO on the doamin level and setup IPsec to block HTTP(ports) or DNS(many more) and apply it to the machine names in which you don't want them to have Internet access to(use a OU for this). IT WORKS WELL.. you can also use GPO's to filter out MSN etc all kinds of things.. just remember IPSec is machine base on t user base

One other thing, you would need to setup a GPO on the domain so the users can't diable IPSec in there services. and it can the same gpo as your IPSec firewall