This is one of the more difficult things to restrict and isn't readily done as a function of the Windows 2003 domain. Preventing FTP downloads is relatively straight forward -- simply block TCP destination ports 20 and 21 at your firewall from your internal users. This will prevent them from being able to connect to an FTP server on the Internet. Blocking downloads via HTTP is a little trickier. I recommend implementing content filtering at your Internet gateway to control what users are allowed to do with HTTP. In addition to being able to prevent downloading of files, it allows you to control how your users are able to browse the Internet, what sites they are allowed to visit, when they are allowed to visit. It also allows you to permit exceptions (for example allowing IT to download files). Here are some common content filtering software vendors:
In many cases, you simply create a rule in the above products that contains the URL keyword (*.exe, *.mp3, *.bin, *.avi, etc) that you want to prevent. Good luck!
Dig Deeper on Network intrusion detection and prevention and malware removal
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.