How can I restrict only XP machines to access internet in Server 2012 R2 Domain environment using GPO? I need to allow those XP machines to access local Intranet sites in the Domain environment just like other Win 7 machines. The DC's are Server 2012 R2.
I don't want to install external firewall unless this is not possible with configuring GPO's.
A couple of things that you can try with Group Policy are the following:
-Set up a fake proxy, and add the internal servers URLS in the "Bypass Proxy Server for Local Addresses" list. This can be easily circunvent if your users manage to install another browser that is not affected by group policies.
-You can add a bogus route to 0.0.0.0, and then appropiate routes for all your internal subnets. You can achieve this using Group policy preferences and adding to the registry the list of routes under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip \Parameters\PersistentRoutes or by adding a logon script with the apropiate route add commands.
You can also enforce a fake DNS server and distribute a custom hosts file with the required servers from a network share, however, this may be become hard to manage in the long term.
