We need to disable internet access from an AD account that has administrative rights, but still allow any standard AD user the ability to access the internet.
I am using Jamf Pro 10.13.1, I tried using a Configuration Profile with the Proxy payload, by enabling the Enable Web Proxy (HTTP) and Enable Secure Web Proxy (HTTPS) options and entering in a fake web proxy address. We do not use a proxy so the thought was by entering in a fake address a user will not be able to get to the internet via a browser.
This worked in principle, but unfortunately it applies to any AD user who logs in even though I only applied it to the AD group that has administrative rights, I tried applying at the Computer level using exceptions and at the User Level using exceptions but to no avail.
I need to implement it via a profile, otherwise an admin account could undo any manual setting.
Basically we want to prevent a user who is logged in as an admin using a Domain User account from getting out to the internet, but allow any standard domain user to be able to browse the internet.
