Microsoft KB Archive/286149

= Cannot Apply Varied Proxy Server 2.0 Domain Filtering to Different Users, Groups, or Computers =

Article ID: 286149

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Proxy Server 2.0 Standard Edition

-



This article was previously published under Q286149



SYMPTOMS
When Domain Filtering is turned on in Proxy Server 2.0, you find that the filter applies to all Proxy users and that you cannot apply different domain filters to different users, groups of users, or computer accounts.



CAUSE
This behavior is by design.



RESOLUTION
To work around this behavior, create a configuration that uses two Proxy Servers and three groups of users, each with a different level of Internet access:


 * Full access user group
 * Limited access user group
 * No access user group



MORE INFORMATION
To set up the three groups of users and the two Proxy Servers, follow these steps:

Set up &quot;Internet Users&quot; groups for users who have full Internet access:


 * 1) In User Manager for Domains, create one Global Group called &quot;Internet Users&quot;.
 * 2) In User Manager on the first Proxy Server (ProxyA), create one Local Group called &quot;Internet Users&quot;.
 * 3) Place the users who have full Internet access into the Global Group &quot;Internet Users&quot;.
 * 4) Place the Global Group &quot;Internet Users&quot; into the Local Group &quot;Internet Users&quot; on the Proxy Server.

Set up the first Proxy Server (ProxyA):


 * 1) On ProxyA, start the Microsoft Management Console (MMC).
 * 2) Right-click Web Proxy service, and then click Properties.
 * 3) Click the Permissions tab.
 * 4) Select the WWW protocol, and then click Edit.
 * 5) Click ProxyA\InternetUsers, and then grant this group access.

Set up the second Proxy Server (ProxyB):


 * 1) On ProxyB, start the MMC.
 * 2) Right-click Web Proxy service, and then click Properties.
 * 3) Click the Domain Filters tab.
 * 4) Click Enable Filtering.
 * 5) Click By default, access to all Internet sites will be DENIED except those listed below.
 * 6) Click Add.
 * 7) Enter the domain name or IP addresses that you want to grant access to.

Chain the Proxy Servers:


 * 1) On ProxyB, start the MMC.
 * 2) Right-click Web Proxy service, and then click Properties.
 * 3) Click the Routing tab.
 * 4) Click Use Web Proxy or Array.
 * 5) Specify the upstream Proxy or Web Server.
 * 6) Enter ProxyA's IP address and port 80.
 * 7) Specify the credentials of a user who is in the Internet Users group, or a special account that is a member of that group.

Set up the client browsers:


 * 1) Configure the browsers for users in the Full and No Access categories to point to http://ProxyA, port 80.
 * 2) Configure the browsers for users in the Limited Access group to point to http://ProxyB, port 80.
 * 3) Use the Internet Explorer Administration Kit (IEAK) to lock down the browser Proxy settings.

Keywords: kbprb KB286149

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.