How can I limit a users bandwidth in Windows Server 2008 R2

windows active-directory windows-server-2008-r2 bandwidth user-management

18,725

Solution 1

There is no real way to solve an HR problem like this with IT policies and hacks. The best possible solution would be to implement a solution from OpenDNS or many others to simply block content on your network that has nothing to do with your company.

Torrents should not be allowed on a corporate network, there are by far way TOO many possible security holes that you would have to constantly plug.

Your tools to combat this should consist of a strong Acceptable Use Policy (AUP) or verbage in your employee handbook. This gives you more leverage when working with your HR team to control users and their actions while using corporate resources. You can combine this with OpenDNS to enforce the rules in some regards. Either way, enforcement comes down to human policies and intervention, not technical.

Solution 2

There is no native tool in Windows Server that allows you to throttle a user's bandwidth. This is largely because that's a function of a firewall or network device, not a server.

If you want to address the issue with technology, you need to do so on your firewall, router or switch and simply throttle whatever port he's plugged into, as well as blocking torrents at your firewall. That's a security hole anyone could drive an 18 wheeler though.

The other, better option (probably best done in addition to changes at your firewall) is to have HR deal with it, as, at its core, it's an HR problem. You have some asshole who doesn't see anything wrong with impacting every other user and creating large workloads for IT by abusing the corporate infrastructure for personal gain. And it honestly doesn't matter how much you think you need him, because people like that always cause more problems than they fix.

EDIT:

As @Cole brought up, the legal consequences of having a user torrenting something from a corporate internet connection are pretty steep, and you should probably mention that to the appropriate person in your corporation. If that doesn't bring appropriate action, I'd log his torrent activities and email it the appropriate trade group (MPAA/RIAA/BSA/etc.) who definitely WILL initiate "corrective" action through the courts.

18,725

Daryl

Updated on September 18, 2022

Comments

Daryl over 1 year

We have a user that likes to download movies with torrents in our office and it just kills the overall network performance. Unfortunately we need this user and don't want to confront him directly about this so we're looking at options to limit how much his user account, computer, or IP uses as far as bandwidth. I've done some Google searches and surprisingly didn't find anything that could help. Is this not possible with an AD policy?

I don't want to touch our router, I don't want to confront him, I don't want to use QoS (it's currently disabled everywhere), I don't want to use a 3rd party app. Best case scenario is I can setup an AD policy.

Can anyone give me any tips or point me in the right direction? You would think in this day and age there is something built into the Windows server platform to do this very easily.

BTW we're using Windows Server 2008 and 2008 R2.
- Brent Pabst about 11 years
  
  Do you have a corporate IT policy about what is allowed on the network and what is acceptable usage of corporate resources?
- HopelessN00b about 11 years
  
  Unfortunately we need this user and don't want to confront him directly about this so You have an HR problem, not an IT problem. That said, if you want some non-confrontational ideas about how to break this user's fingers (or the like) so he's no longer capable of torrenting or downloading movies, I can help you there.
- ravi yarlagadda about 11 years
  
  Why can't you touch the router?
- Chopper3 about 11 years
  
  Have you thought about setting his computer's NIC to 10mbps?
- Brent Pabst about 11 years
  
  @Chopper3 If the guy has access to run a torrent on his machine, my guess is that he could easily reset the NIC if he wanted. You'd have to change his switch port to force it to 10mbps or hell even half-duplex ;)
- Chopper3 about 11 years
  
  Sorry, guess that's what I meant
- voretaq7 about 11 years
  
  As many others have pointed out, you have a Human Resources problem (a user is breaking the law using your corporate network). You've further made this question a total set-up (can't touch the router, can't turn on QoS, can't tell the user to knock it off or they'll be fired) which means there are no technical avenues open to you short of simply disabling their network access entirely (cut their LAN cable). I suggest visiting The Workplace for some tips on how to get management to deal with this situation properly -- this is a problem technology can't really solve for you.
Giordano Ferrari about 11 years

And I doubt any company wants to deal with the legality issues associated with a user torrenting.
Brent Pabst about 11 years

@Cole Very true, I'm sure the RIAA and MPAA would love to have a chat with the management team and their financial folks.