This is from memory as I don't have my BES in front of me so you may need to mess around with it a bit.
You ned to use the push/pull roles in MDS. Basically you add rules for all internet addresses such as
www.*, http*, or specific sites such as
Google and set them to deny or allow.
You then add groups and apply users to the groups and groups to the rules.
For example if I wanted my users to surf the intranet only I might add
www.*,
https://* etc to my deny rules and then add my intranet server with the following syntax to my allow rules:
.*://.*\.123\.com.*
- the .* for wildcard to allow for http or https
- then ://
- then .* for a wildcard (www, ww2, home, etc.). The . infront of the * says any character except new line.
- then \ to turn off the special meaning of the next character so it will see the . as a period
- then .123 (or what ever your Intranet domain is named)
- then \ to turn off the special meaning of the next character again
- then .com
- then .*any character after that
E.g. .*://.*\.mycompany\.com.*
I would then add my users to a single group and apply all the rules to the group.
Use the above syntax for both 4.0 and 4.1 servers and remember to restart the MDS service after any changes.
Hope this helps.
Sfez