I have windows server 2008 with windows XP & windows Vista workstations connected to the same domain server. I already have internet on the server coming from the ISP. Now I want to provide the internet to some users only but I also want to control weather to give or not to give messenger services such as Yahoo, MSN, Gtak, etc... How can I do that if I don't have ISA?Jassim Rahma

use fore front threat management :) or a third party utility. http://www.microsoft.com/en-us/server-cloud/forefront/threat-management-gateway.aspxhttp://www.virmansec.com/blogs/skhairuddin

can you suggest some third party please? Jassim Rahma

I have windows server 2008 with windows XP & windows Vista workstations connected to the same domain server. I already have internet on the server coming from the ISP. Now I want to provide the internet to some users only but I also want to control weather to give or not to give messenger services such as Yahoo, MSN, Gtak, etc... How can I do that if I don't have ISA? Simple, assuming your users aren't administrators on their own boxes (which, as a start, is a BAD idea from a security standpoint), you may just use the software restriction policies and configure a policy which will only allow your users to run approved software; just have a look here; the idea is to setup a test OU inside your organization, add some boxes to it and use them as your testbed to apply and fine tune your policy so allowing whatever software you need to use and forbidding anything else; at that point, once you'll be satisfied about your policy, start by applying it to a "live" OU inside your organization, check the people there for whatever issue, correct the policy if needed and move on applying the policy to larger portions of your AD infrastucture; such an approach won't just allow you to take control about whatever apps your users will be allowed to run, but will also help you keeping your network secure and possibly avoiding a lot of malware [edit] Notice that the above doesn't exclude the idea or running an AD aware front-end filtering product like ForeFront; the GPO will just help "enforcing" things but you may still want to use something like ForeFront to have full control over the whole traffic and to setup granular access/traffic rules

can you suggest some third party please? You're on a Microsoft forum, didn't you realize it ? Anyhow, if you want a 3rd party app to filter such kind of traffic, have a look at this critter which is able to perform Layer-7 filtering but keep in mind that, when it comes to an AD infrastucture it's always a good idea implementing a solution which is aware of the AD and able to filter stuff based on AD groups/users/GPOs and so on (and 3rd party stuff usually lacks such a capability)

use fore front threat management :) or a third party utility. http://www.microsoft.com/en-us/server-cloud/forefront/threat-management-gateway.aspxhttp://www.virmansec.com/blogs/skhairuddin

hi Jassim use the inbuilt ipsec feature of windows it is very easy follow this link http://support.microsoft.com/servicedesks/webcasts/seminar/shared/asp/view.asp?url=/servicedesks/webcasts/en/wc032205/manifest.xml Thanks VirajPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

use the inbuilt ipsec feature of windows it is very easy Sure, it's easy, pity it won't solve the issue especially since some IM software can use ports 80 or 443 and you can't just "close" those ports :) you'll have to either use a Layer-7 capable filtering device or setup a software restriction policy to block those application (or use both methods)

Hello, personally I recommend using a TMG Forefront solution. Using it you can block users from accessing internet using firewall rules. For filtering chat access, you use Builtin categories used in TMG Forefront to block all chat websites. Maybe that helps if you don't want using TMG or ISA Server: http://www.grouppolicy.biz/tag/url/ This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator Microsoft Certified Trainer

Hello, you can use SQUID as a free proxy solution to control web access. Also you can use GPO to block specific programs, please check out software restriction policies. http://technet.microsoft.com/de-de/library/dd349795(WS.10).aspx http://technet.microsoft.com/en-us/library/bb457006.aspx http://support.microsoft.com/kb/324036Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

hi Jassim use the inbuilt ipsec feature of windows it is very easy follow this link http://support.microsoft.com/servicedesks/webcasts/seminar/shared/asp/view.asp?url=/servicedesks/webcasts/en/wc032205/manifest.xml Thanks VirajPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hello, personally I recommend using a TMG Forefront solution. Using it you can block users from accessing internet using firewall rules. For filtering chat access, you use Builtin categories used in TMG Forefront to block all chat websites. Maybe that helps if you don't want using TMG or ISA Server: http://www.grouppolicy.biz/tag/url/ This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator Microsoft Certified Trainer

Hello, you can use SQUID as a free proxy solution to control web access. Also you can use GPO to block specific programs, please check out software restriction policies. http://technet.microsoft.com/de-de/library/dd349795(WS.10).aspx http://technet.microsoft.com/en-us/library/bb457006.aspx http://support.microsoft.com/kb/324036Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.