We are planning to migrate from workgroup to Active Directory ( Windows Server 2008 R2: domain controller, DNS and Windows XP/7: workstation ). At this moment some computers are not allowed to access Internet ( we achieve this but letting blank the fields for DNS from network configuration window). Users does not have administrative privileges so they cannot change the settings. This works well no matter what Internet browser the users uses.
Can we do this in an Active Directory environment?
Best Answer
I think you're going about this the wrong way. uSlackr's idea would work. You can set a proxy server in group policy, but as Nixphoe said, that would only work for IE. Nixphoe's idea breaks the function of Active Directory so should be avoided. Every method for doing this using Active Directory is going to have some drawbacks.
The solution (even if it's not the answer you want) is to do this at your firewall. Most good firewalls have the ability to block internet access for a group of IP addresses. Just make sure those computers get the correct IP addresses but putting them in their own special VLAN on the switches or creating DHCP reservations for them.