Cannot Apply Varied Proxy Server 2.0 Domain Filtering to Different Users, Groups, or Computers (286149)


The information in this article applies to:

  • Microsoft Proxy Server 2.0
This article was previously published under Q286149

SYMPTOMS

When Domain Filtering is turned on in Proxy Server 2.0, you find that the filter applies to all Proxy users and that you cannot apply different domain filters to different users, groups of users, or computer accounts.

CAUSE

This behavior is by design.

RESOLUTION

To work around this behavior, create a configuration that uses two Proxy Servers and three groups of users, each with a different level of Internet access:
  • Full access user group
  • Limited access user group
  • No access user group

MORE INFORMATION

To set up the three groups of users and the two Proxy Servers, follow these steps:


Set up "Internet Users" groups for users who have full Internet access:

  1. In User Manager for Domains, create one Global Group called "Internet Users".
  2. In User Manager on the first Proxy Server (ProxyA), create one Local Group called "Internet Users".
  3. Place the users who have full Internet access into the Global Group "Internet Users".
  4. Place the Global Group "Internet Users" into the Local Group "Internet Users" on the Proxy Server.

Set up the first Proxy Server (ProxyA):

  1. On ProxyA, start the Microsoft Management Console (MMC).
  2. Right-click Web Proxy service, and then click Properties.
  3. Click the Permissions tab.
  4. Select the WWW protocol, and then click Edit.
  5. Click ProxyA\InternetUsers, and then grant this group access.

Set up the second Proxy Server (ProxyB):

  1. On ProxyB, start the MMC.
  2. Right-click Web Proxy service, and then click Properties.
  3. Click the Domain Filters tab.
  4. Click Enable Filtering.
  5. Click By default, access to all Internet sites will be DENIED except those listed below.
  6. Click Add.
  7. Enter the domain name or IP addresses that you want to grant access to.

Chain the Proxy Servers:

  1. On ProxyB, start the MMC.
  2. Right-click Web Proxy service, and then click Properties.
  3. Click the Routing tab.
  4. Click Use Web Proxy or Array.
  5. Specify the upstream Proxy or Web Server.
  6. Enter ProxyA's IP address and port 80.
  7. Specify the credentials of a user who is in the Internet Users group, or a special account that is a member of that group.

Set up the client browsers:

  1. Configure the browsers for users in the Full and No Access categories to point to http://ProxyA, port 80.
  2. Configure the browsers for users in the Limited Access group to point to http://ProxyB, port 80.
  3. Use the Internet Explorer Administration Kit (IEAK) to lock down the browser Proxy settings.
Modification Type:MajorLast Reviewed:2/2/2001
Keywords:kbprb KB286149
©2002 Microsoft Corporation. All rights reserved.