We used to have proxy services running on the file servers at each site. On each was a "No Internet" group (users from local container/file server) allowed only intranet, and 2-3 defined internet web sites. We now have a centralized proxy server, and have pointed remote sites to it. The No Internet groups are now unfilitered. In my attempt to curtail their internet usage I have tried the following:
1. On the new proxy server, created an alias pointed back to a No Internet Group and added it to a deny rule on new server.
2. Created a new No Internet group on the dedicated server, browsed to individual site/containers and added users to the group, then importing that group to the deny rule.
3. The Deny Specified Group ANY URL is at the top of the list.
4. The Allow Specified Goup Specified list follows, with Allow Any Any farther down.

Ideas anyone? Can blocking be done across containers?

Thank You,
LKocinski