Bart
Member
Registered: 19th Aug 02
Location: Midsomer Norton, Bristol Avon
User status: Offline
|
Is there a way I could block proxy server use from within an sbs 2003 environment?
Ive already configured the proxy server settings from within IE, but If I was to use proxy software I could access the internet fine.
I think i could do with blocking all HTTP access on all ports except 80.
I only use routing and remote access, no firewall.
|
Dan Lewis
Member
Registered: 31st Jan 05
Location: Leicestershire
User status: Offline
|
you can using gpo
define the proxy in the GPO then disable accses to the tools within ie
|
Bart
Member
Registered: 19th Aug 02
Location: Midsomer Norton, Bristol Avon
User status: Offline
|
If I dont actually have a proxy (i.e servers connect to internet via the sbs server), theres nothing I can put in there to define a proxy server is there? If i put the servers ip address in there, every webpage will reroute to the servers address.
|
jamesw
Member
Registered: 28th Jun 02
Location: Station Town, County Durham
User status: Offline
|
you can disable access to the connections tab in IE via GPO this is how we have done it, infact we have disabled access to most of the IE settings.
|
Bart
Member
Registered: 19th Aug 02
Location: Midsomer Norton, Bristol Avon
User status: Offline
|
I have already done this, but a user has installed a proxy at home and is using this (its live from IE) and not remote desktop.
He is also using a fake IP to connect to his machine at home. Its not port 80.
I would have throught on sbs there must be a way to lock down everything on http except port 80?
|
Dan Lewis
Member
Registered: 31st Jan 05
Location: Leicestershire
User status: Offline
|
i would go the disipline route tbh if there are things in place to stop it and users are bypassing and find other ways to get pass.
|
Aaron
Member
Registered: 9th Aug 04
Location: Cottingham, East Riding
User status: Offline
|
Find out what DynamicDNS name he/she is putting in their browser in order for them to use it as a proxy.
Then, on your own internal DNS, create an entry to send all requests to that URL/IP address to something like http://drivingni.com/design/AccessDenied.jpg
I've done this before 
|
Bart
Member
Registered: 19th Aug 02
Location: Midsomer Norton, Bristol Avon
User status: Offline
|
the trouble is he sat at his pc all the time. Theres no easy way for me to find this.
|
Aaron
Member
Registered: 9th Aug 04
Location: Cottingham, East Riding
User status: Offline
|
can you not check his IE history or use VNC?
|
Bart
Member
Registered: 19th Aug 02
Location: Midsomer Norton, Bristol Avon
User status: Offline
|
ive never tried using VNC before.
Is it part of Small business server or just windows 2003 full?
|
Aaron
Member
Registered: 9th Aug 04
Location: Cottingham, East Riding
User status: Offline
|
VNC is a small open source desktop sharing application.
Google for Real VNC. Then install it on his computer. You'll need to instal the viewer (part of the main .exe which you'll download) to view his screen.
Easy
|
Bart
Member
Registered: 19th Aug 02
Location: Midsomer Norton, Bristol Avon
User status: Offline
|
yes, but a little disheartening to the people to have go and install VNC on their machines 
|
Aaron
Member
Registered: 9th Aug 04
Location: Cottingham, East Riding
User status: Offline
|
Your call then mate, can't do much more for ya.
|
MikeD
Member
Registered: 18th Aug 02
Location: Whittlesey, Cambridgeshire
User status: Offline
|
so he has installed software on his home machine for a proxy? whats the software? and what port is he going out on?
|
Bart
Member
Registered: 19th Aug 02
Location: Midsomer Norton, Bristol Avon
User status: Offline
|
that im not sure of.Im just trying to see if i can log access on the draytek 2800.
|
Bart
Member
Registered: 19th Aug 02
Location: Midsomer Norton, Bristol Avon
User status: Offline
|
Ive a feeling this is being used: http://www.wampserver.com/en/index.php
|
Bart
Member
Registered: 19th Aug 02
Location: Midsomer Norton, Bristol Avon
User status: Offline
|
https://www.proxify.com is whats being used.
I think its because its https is why i cant block it. Any ideas?
|
