All-1. Is there a way to control/allow/block internet access for a group of computers easily. I am the administrator in a high school. We have 6 classrooms that have been converted into PC labs for some of our Business Ed classes. Most days, the instruction does not call for access to the internet. I would like to block internet access as a default. However, there are days when instruction calls for access to the internet. I would like to be able to open access on those days at teacher request for that classroom of PCs. The students may need to get to our file server to save their work even on days when they do not need the internet. We are in a Server 2008 environment. It would be awesome if I could open and close theaccess at will.2. Also, is there a way to keep any one user from logging on to the domain more than once concurrently? Some students never signed the Acceptable User Agreement for login credentials, but other students will allow them to use their credentials. I would like for that to be stopped as well.Any help is appreciated!!!

hi there,you can block the internet access in the following waysa) you can use software based firewall such as ISA firewall, you can configure the required policies on the ISA firewawll and block the users outgoing port for 80 ( for internet ) . So an ideal way to block the internet access is firewall ( either software or hardware ) b) there are Group Policy entries that will prohibit specified applications from running. You can disable IEXPLORE for specific logon groups. However if they can login to the local machine 'Group Policy' won't work.If you disable IE and they install another browser they still have 'Internet' access.A better solution is gateway/firewall rules. Put the restricted employees on one subnet and block ports 80 and 443.procedure to block internet using gpo 1. Create a new policy in GPMC by right-clicking your domain and pressing New. Name the policy No Internet. 2. Right-click No Internet and press Enforced to check it. 3. Select No Internet in the left-hand pane, select Authenticated Users under Security Filtering and press Remove, and OK to prevent the policy from applying. 4. Using Group Policy to implement Internet Explorer settings, navigate to User Configuration / Windows Settings / Internet Explorer Maintenance in the No Internet policy. 2. Right-click Internet Explorer Maintenance and press Preference Mode. NOTE: If a policy is already defined, you must press Reset Browser Settings, which will reset any Internet Explorer Maintenance Group Policy, before you press Preference Mode. 3. Navigate through Connections and double-click Proxy Settings (Preference Mode). 4. Check Enable proxy Settings, Use the same proxy server for all addresses, and Do not use proxy server for local (intranet) addresses. (The box above this checkbox is where you set exceptions for your internal network) 5. Type 127.0.0.1 into Address of proxy and 80 into Port. 6. Press OK. 7. Close the No Internet group Policy. NOTE: To prevent a user from changing their proxy settings, implement Disable changing proxy settings or Disable the Connections page in the No Internet policy. To prevent a user from accessing the internet: 1. Select the No Internet group Policy under your domain and press Add under Security Filtering. 2. Use the Advanced dialog to locate and select the user, pressing OK. 3. Press OK. 4. If the user is logged on, force the policy to update. c) using hardware firewall such as CISCO and configure the appropriate ACL list and you can allow and block the internet access as desired. d) another best article which i can point to you is microsoft article,it shows you howto configure windows firewall which is inbuilt on windowsclients using gpo. http://technet.microsoft.com/en-us/library/bb490626.aspxhope thois helpssainath Windows Driver Development

BlueCoat (www.bluecoat.com) also makes a free Internet filter called K9 for end-users. I'm not sure if their license would work for a school, but it's worth an investigation. As far as restricting multiple logons, I'm not aware of a way to do this the way you propose. You can restrict a user account to a single machine which will prevent students from using the same account on multiple machines.Eric Irvin, MCP, MCSA, MCSE, MCITP:Enterprise Admin, CISSP http://www.diggingup.com