With the upcoming end of support for Windows XP, we are looking for a way to block Internet Access to only our XP machines. We would love to get rid of them but our parent company has software that only works on XP and on the host machine only (No XP Mode or virtualization).
There doesn't seem to be a GPO that can be created specifically for computers only (not users). It looks like it will be complicating on SEP 12 as well as our Barracuda device.
Has anyone been looking and found any good ways of handling this? We would like for the XP machines to be able to access the Intranet. I am open to ideas. I am leaning towards IPSec or SEP and putting the XP machines into their own OU or SEP group. Thoughts? Ideas?