Preventing all users from browsing the internet

mcravenufo

mcravenufo

Ravenufo's Macs
Joined
Feb 28, 2001
Messages
5,590
I have 1 box that gets used by lots of users.
I need to prevent users from browsing the internet on this one box.
This is an XP Pro box and I am the administrator. I figure I would create another user with the limited internet but I do not know how to prevent the user from browsing the internet.
 
Removing the default gateway from the IP's config may be all you need.
It may be necessary to use another hardware profile unless you just add it back in when you want to use the PC.
 
Nenu said:
Removing the default gateway from the IP's config may be all you need.
It may be necessary to use another hardware profile unless you just add it back in when you want to use the PC.
Click to expand...

I can't believe I don't know this but if I remove the gateway from one user will the information still be present in all other users?
 
You could also do something like remove IE, unless your users are really crafty they probably won't be able to get online.
 
I still need to have internet access. So when I use the PC I would log out the user and log in under my administrator account. When I leave the PC I would like to log in the user again so that they don't have internet access.
 
mcravenufo said:
I can't believe I don't know this but if I remove the gateway from one user will the information still be present in all other users?
Click to expand...

Don't make their account a member of the local admin group...just leave them as a standard user on this box. Of course you want the local Administrator password (as well as the domain admin password) to not be known by anyone else. Log in as admin...set a static IP address outside the normal DHCP pool, fill in the subnet mask...leave the gateway blank..empty, fill in the DNS if you are running active directory (a local domain)..WINS if necessary. Now the machine can't surf the net. And other logins cannot change the network settings because they are not members of the local admin group.

Quickest and easiest way...takes just a few seconds.
 
YeOldeStonecat said:
Don't make their account a member of the local admin group...just leave them as a standard user on this box. Of course you want the local Administrator password (as well as the domain admin password) to not be known by anyone else. Log in as admin...set a static IP address outside the normal DHCP pool, fill in the subnet mask...leave the gateway blank..empty, fill in the DNS if you are running active directory (a local domain)..WINS if necessary. Now the machine can't surf the net. And other logins cannot change the network settings because they are not members of the local admin group.

Quickest and easiest way...takes just a few seconds.
Click to expand...

Only problem with that is no one can access the internets at all.

Another option would be to set a non-existent proxy in IE.
 
why not just disable the nic? you can re-enable it when you want to use it. Shouldn't have to reboot and a limited account would not have access. Sounds like a 2 click fix?

...or look through the services. I'm sure there is a "net start/stop " command that could kill network access. I don't think a limited user has access to run "net" commands or get into the services applet. If they do, I'm sure you could disable it via group policy.

I built a computer for a lady who wanted to keep her kid off the internet at night. I offered her 2 simple solutions:

Solution 1: USB wifi adapter (unplug, no play)
Solution 2: A belt

She picked #1 :)
 
Years ago, I use to work a part time second job at a music store.
We had a computer that we used for looking up music info (allmusic.com) and ordering music from online vendors for customers.
Well anyways, the store had a problem with teenage employees wanting to surf the net all day (including looking at porn while customers were in the store), and putting off their responsibilities.
So, the store manager (who's still a friend of mine to this day) installed a program called "Net Nanny". Net Nanny is a password protected program with a predefined list of words (most of them obscene) that scans the web page/site before the browser opens it. If the page/site contains one of the words on that list, Net Nanny won't let the page open.
You can also add/edit words of your choice to the list. The store manager added one word.
He added the word "the". And it basically shut the internet down.
When those of us who were more responsible needed access, we'd open Net Nanny, enter the password, disable the program, do what we had to do, then re enable Net Nanny when we were done.
I use to smile every time an employee would tell me that the internet was down again.
 
You must log in or register to reply here.
Back
Top