Can anyone give me some advice on the following matter:

We have a small office network with 5 workstations (all on Win XP Pro or Home) that connect to a 16 port hub that is connected to a Linksys Etherfast Cable/DSL Router which is connected to our DSL Modem and a Windows 2000 Server. There are some network printers too.

We are experiencing some abuse of our flexible internet usage policy (even after direct review with the culprit) and we would like to control the workstations access to the internet. Each workstation has its own IP (ie 192.161.1.29 (the last two being the unique number to each workstation) and we have a static IP for our net access.

We need to be able to give the owners full access to the net, but want the employees to have limited access. We could block sites (ie EBAY, MSN Games, etc) or a more limited approach would be to only allow access to the work related sites.

I would like the software to run in the background if not completely unnoticed (ie the web page just will not pull up). I considered the CyberNanny type software, andheard that maybe a firewall might help. Not sure if the linksys provides any help, but my thinking was that if I block at the server, I cannot give full access to the owners, so I would have to block at the workstation.

Any recommendations would be appreciated.

Thanks in advance.

Bumping myself as I need something. Perhaps I could just block their entire pc from net access. How could I do that?

Thanks for any ideas or tips.

Hi
bumping stuff isn't normally necessary - we're just trying to get our brains in gear to be able to help :D
The quick and dirty way of doing this is to block things at the router - as long as your dodgy user hasn't got access to the pc that still requires internet access.
You could filter by IP address or by mac address on most routers, but of course, this blocks the PC, so anyone using it will be unable to access the internet.
I'm running through the MCSA at the minute, so I'll try and dig out what you need to do to block the actual account from the net.

Personally, in a work environment I'd want the person's crown jewels on a plate if they breached network security policies - it is not acceptable.

Thanks Deddard. I am a rookie here, following some bad habits from the BMW board ;-)

We are a small office and we try to be relaxed and flexible as we all have to co-exist and at this time of the year, I would hate to lose 1 key person who also represents 20% of my staff.

From what you said, at my router (the linksys and not sure how I would do it), I could block interent access, but it would be equal to all the PC's that connect through that which would not be a good option.

My first inclination was to get a cyber nanny (or equivalent) and load it on the workstations that do not need but limited access to a handful of websites. They do get email, so that has to still work too.

Thanks for any advice you can offer. I have revisited this a number of times when I found some "Abuse" of the policy. I think the block will hammer the message home without ruffling too many feathers.

Depending on the version of Server you have, you could setup a proxy server or you could use netnanny to control surfing....

I have Windows 2000 Server. However, I am not very versed in proxy servers and the like.

Does NetNanny load on the workstation and work in the background? I want it to appear as though the site just is not available and not a slew of netnanny splash screens.

I don't know enough about net-nanny or any of the other programs like it to tell you. There are different versions of server and you need to let us know the version.

You could also look at a smoothwall proxyserver.

Is this the information you needeD?

System Information report written at: 03/18/2005 08:12:58 PM
[System Summary]

Item Value
OS Name Microsoft Windows 2000 Server
Version 5.0.2195 Service Pack 4 Build 2195
OS Manufacturer Microsoft Corporation
System Name ALES_SERVER
System Manufacturer To Be Filled By O.E.M.
System Model To Be Filled By O.E.M.
System Type X86-based PC
Processor x86 Family 6 Model 8 Stepping 10 GenuineIntel ~1001 Mhz
BIOS Version Version 07.00.xx
Windows Directory C:\WINNT
System Directory C:\WINNT\system32
Boot Device \Device\Harddisk0\Partition1
Locale United States
User Name xxx_xxxxx\Administrator
Time Zone Eastern Standard Time
Total Physical Memory 523,696 KB
Available Physical Memory 299,240 KB
Total Virtual Memory 1,798,960 KB
Available Virtual Memory 1,430,468 KB
Page File Space 1,275,264 KB
Page File C:\pagefile.sys

You are not going to have an easy time of this. Support from MS for Windows 2000 server expires in June 2005.:(

They want you to upgrade to Server 2003. :mad:

Since it is only one user, try net-nanny and see what happens......

A friend of mine who runs a computer repair business said that Microsoft was going to keep support going for two more years. Is it because of the version I have that my support ends?

I am sort of leary of changing it since it really does its job.

I will let everyone know how the NetNanny works. May test it on my machine to see how stealth it operates.

Read This (http://www.microsoft.com/windows2000/support/lifecycle/). All you can get is hourly support, security hox fixes. IE7 will be a no go as only XP will be supported.....