1

We have a user that likes to download movies with torrents in our office and it just kills the overall network performance. Unfortunately we need this user and don't want to confront him directly about this so we're looking at options to limit how much his user account, computer, or IP uses as far as bandwidth. I've done some Google searches and surprisingly didn't find anything that could help. Is this not possible with an AD policy?

I don't want to touch our router, I don't want to confront him, I don't want to use QoS (it's currently disabled everywhere), I don't want to use a 3rd party app. Best case scenario is I can setup an AD policy.

Can anyone give me any tips or point me in the right direction? You would think in this day and age there is something built into the Windows server platform to do this very easily.

BTW we're using Windows Server 2008 and 2008 R2.

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
Daryl
  • 27
  • 1
  • 1
  • 2
  • Do you have a corporate IT policy about what is allowed on the network and what is acceptable usage of corporate resources? – Brent Pabst Feb 12 '13 at 19:37
  • 5
    `Unfortunately we need this user and don't want to confront him directly about this so` You have an HR problem, not an IT problem. That said, if you want some non-confrontational ideas about how to break this user's fingers (or the like) so he's no longer capable of torrenting or downloading movies, I can help you there. – HopelessN00b Feb 12 '13 at 19:37
  • 1
    Why can't you touch the router? – Shane Madden Feb 12 '13 at 19:37
  • 4
    Have you thought about setting his computer's NIC to 10mbps? – Chopper3 Feb 12 '13 at 19:39
  • @Chopper3 If the guy has access to run a torrent on his machine, my guess is that he could easily reset the NIC if he wanted. You'd have to change his switch port to force it to 10mbps or hell even half-duplex ;) – Brent Pabst Feb 12 '13 at 19:43
  • Sorry, guess that's what I meant – Chopper3 Feb 12 '13 at 19:43
  • 1
    No problem, I figured you did, just wanted to clarify it for those who didn't. – Brent Pabst Feb 12 '13 at 19:44
  • 2
    Let's face it, this user is almost certainly breaking the law by torrenting movies, and by allowing this to continue, does that not make you and/or your company an accessory to this crime, and therefore liable to prosecution? Sorry, but I don't agree with what you are doing here. You don't need to confront this member of staff, you need to give him the boot. – Bryan Feb 12 '13 at 20:39
  • Fire their ass. – Tom O'Connor Feb 12 '13 at 21:32
  • As many others have pointed out, you have a Human Resources problem (a user is breaking the law using your corporate network). You've further made this question a total set-up (can't touch the router, can't turn on QoS, can't tell the user to knock it off or they'll be fired) which means there are no technical avenues open to you short of simply disabling their network access entirely (cut their LAN cable). I suggest visiting [workplace.se] for some tips on how to get management to deal with this situation properly -- this is a problem technology can't really solve for you. – voretaq7 Feb 12 '13 at 21:37

4 Answers4

4

There is no real way to solve an HR problem like this with IT policies and hacks. The best possible solution would be to implement a solution from OpenDNS or many others to simply block content on your network that has nothing to do with your company.

Torrents should not be allowed on a corporate network, there are by far way TOO many possible security holes that you would have to constantly plug.

Your tools to combat this should consist of a strong Acceptable Use Policy (AUP) or verbage in your employee handbook. This gives you more leverage when working with your HR team to control users and their actions while using corporate resources. You can combine this with OpenDNS to enforce the rules in some regards. Either way, enforcement comes down to human policies and intervention, not technical.

Brent Pabst
  • 6,069
  • 2
  • 24
  • 36
3

There is no native tool in Windows Server that allows you to throttle a user's bandwidth. This is largely because that's a function of a firewall or network device, not a server.

If you want to address the issue with technology, you need to do so on your firewall, router or switch and simply throttle whatever port he's plugged into, as well as blocking torrents at your firewall. That's a security hole anyone could drive an 18 wheeler though.

The other, better option (probably best done in addition to changes at your firewall) is to have HR deal with it, as, at its core, it's an HR problem. You have some asshole who doesn't see anything wrong with impacting every other user and creating large workloads for IT by abusing the corporate infrastructure for personal gain. And it honestly doesn't matter how much you think you need him, because people like that always cause more problems than they fix.

EDIT:

As @Cole brought up, the legal consequences of having a user torrenting something from a corporate internet connection are pretty steep, and you should probably mention that to the appropriate person in your corporation. If that doesn't bring appropriate action, I'd log his torrent activities and email it the appropriate trade group (MPAA/RIAA/BSA/etc.) who definitely WILL initiate "corrective" action through the courts.

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
  • 1
    The personal (and legal) consequences of reporting your employer to non-governmental agencies who will initiate legal action against them are often... shall we say "career limiting". Bringing the issue up internally is certainly something you should do (in writing, and get signed confirmation that the message was received and understood), but you should be *very* careful about setting external legal threats loose on your employer. Even when it's the right thing to do, it can often be the wrong career move. (Now if you leave the company this becomes a different matter...) – voretaq7 Feb 12 '13 at 21:41
  • @voretaq7 Very true. Not just limited to NGAs either, as legal protections for whistle-blowers are weak at best [in the US, at least]. It's obviously an action best used as a last resort, and best done with a copious dose of discretion and anonymity. – HopelessN00b Feb 13 '13 at 13:13
0

The easiest way for you to solve this problem will be paying for a DSL line for that user and routing him over that.

He will then no longer use your main Internet connection.

Voilá! Problem solved.

MikeyB
  • 39,291
  • 10
  • 105
  • 189
0

I know you said you don't want a 3rd party product, but for future viewers, there is NetLimiter: http://www.netlimiter.com/ and it's cheap enough to deal with a single problematic user especially when you really don't have access to the router/switch/firewall.

TheCleaner
  • 32,627
  • 26
  • 132
  • 191