we have a file/print/web server, a Groupwise server, a Bordermgr
server (all
nw51sp5), and a W2K/Citrix server at the main office. Citrix logs in
to NW
tree via NW client as generic user with access to "GLAS" application.
remote office, connected to network via dedicated T1 line, has 2 W98
machines & 2 NT4 workstations. these four machines have no NW client,
don't
load client trust in login script or anything like that. they run
GLAS
after connecting to Citrix machine, Citrix displays its NW client
login
window to the user at that time.

there is no NT domain, no Active Directory, on this network. NT4
workstations and W98 workstations at remote site belong to
"workgroup".

we're currently trying to set up filtering to restrict internet access
to
certain sites, since we have so many public workstations (we're a
public
library). so, IE is configured with manual proxy settings, pointing
to BM
server, port 8080, auto-detect proxy turned off, bypass for local
addresses
turned on.

here's the problem: logging into the NT4 machines at the remote site
for
the sole purpose of browsing the web, not logging in to Citrix, or NWservers at all. when you log in to NT4 workstations at the remote
site as
local account w/ local admin rights, and IE proxy settings are in
place as
mentioned above, you get no internet access at all. remove proxy
settings
in IE, you have internet access. however, log in to the NT4 box as
basic
local user with rights to do very little on the local machine, and you

always have internet access, whether IE proxy settings are in place or
not.

so, it would seem that internet access is being granted or denied
based on
which account you use to log in to the NT4 box - but who would be
authenticating that? NW servers are not involved, & there's no domain
to
log in to, etc.

any ideas?