Access Network Printer Only

E

Ehren8879

Supreme [H]ardness
Joined
Sep 24, 2004
Messages
4,499
I'm looking for a simple solution that will allow a PC to have access to the network printer (local access), but not have access to the internet. I've considered a couple options such as omit DNS settings, but this will still allow connection via IP.

I've also thought about doing this from within the router, but this also needs to be easy to reverse temporarily for quickbooks updates and other program updates (easy for the user).


Any input is appreciated.
 
does this network comprise of a single router which is only used for internet access? i.e. you don't have other routers on the network for access to resources upstream on a wan or anything? if so, just give the machine a static ip address (outside of your dhcp scope) and omit the default gateway configuration. can't get much simpler than that.
 
Single router setup.

Sounds good, the thought of omitting the gateway had crossed my mind, but I didn't know if that would bork the LAN access. I will try that, thanks.

The user should be able to enter and remove that.
 
Put a fake proxy in the internet settings. They will still be able to access local network items
 
Ehren8879 said:
Thanks, but this won't work for me. PC will still be "seen" by the internet.
Click to expand...

no, the router will be seen.

If you're behind a router that does NAT, the computer itself isn't necessarily "seen" on the intarwebs.

and omitting the default gateway will not cause any ill side-effects to local network access.
 
What I meant to say is that so the PC cannot "see" the internet. It's more security than is necessary, but that's what was requested.

I'm gonna omit the gateway.


I appreciate all the input!
 
Ehren8879 said:
What I meant to say is that so the PC cannot "see" the internet. It's more security than is necessary, but that's what was requested.
Click to expand...

It wouldn't be able to see the internet with a fake proxy, but alright
 
k1pp3r said:
It wouldn't be able to see the internet with a fake proxy, but alright
Click to expand...

Actually, Internet Explorer wouldn't be able to see web sites with a fake proxy... But applications that don't require Internet Explorer or don't pay attention to the proxy settings would still access the internet just fine.. Install Firefox....bring the installer in on a USB thumbdrive, or loaded as part of a Portable Apps install... and magic! Internet (web) access.... fake proxy totally ignored and bypassed.

Hence, the idea of removing the default gateway is much better. Of course, make sure the user doesn't have the ability to update TCP/IP settings or they will (eventually) figure out how to bypass the config by talking to their computer literate brother-in-law or neighbor kid. :)
 
jpochedl said:
Actually, Internet Explorer wouldn't be able to see web sites with a fake proxy... But applications that don't require Internet Explorer or don't pay attention to the proxy settings would still access the internet just fine.. Install Firefox....bring the installer in on a USB thumbdrive, or loaded as part of a Portable Apps install... and magic! Internet (web) access.... fake proxy totally ignored and bypassed.

Hence, the idea of removing the default gateway is much better. Of course, make sure the user doesn't have the ability to update TCP/IP settings or they will (eventually) figure out how to bypass the config by talking to their computer literate brother-in-law or neighbor kid. :)
Click to expand...

Exactly.
 
jpochedl said:
Actually, Internet Explorer wouldn't be able to see web sites with a fake proxy... But applications that don't require Internet Explorer or don't pay attention to the proxy settings would still access the internet just fine.. Install Firefox....bring the installer in on a USB thumbdrive, or loaded as part of a Portable Apps install... and magic! Internet (web) access.... fake proxy totally ignored and bypassed.

Hence, the idea of removing the default gateway is much better. Of course, make sure the user doesn't have the ability to update TCP/IP settings or they will (eventually) figure out how to bypass the config by talking to their computer literate brother-in-law or neighbor kid. :)
Click to expand...

UNLESS the machine is completely locked down with GP, ;)

Your computer literate neighbour kid can play on my computers all day if he wants.
 
QwertyJuan said:
UNLESS the machine is completely locked down with GP, ;)

Your computer literate neighbour kid can play on my computers all day if he wants.
Click to expand...

Yeah, that's fine on YOUR network... But maybe you missed where the OP stated that this was a simple network, no AD, and therefore no GP... Yeah, you could lock the machines down with local policies, but how much of a PITA is that? especially for someone like the OP who doesn't appear to know about system policies? If you're not familiar with policies, then you're likely not even in the mind-set of "locking down" a PC..... How many people who don't know about windows policies understand how to disable USB Mass Storage Devices (or would even think about that being a problem)?
 
jpochedl said:
Yeah, that's fine on YOUR network... But maybe you missed where the OP stated that this was a simple network, no AD, and therefore no GP... Yeah, you could lock the machines down with local policies, but how much of a PITA is that? especially for someone like the OP who doesn't appear to know about system policies? If you're not familiar with policies, then you're likely not even in the mind-set of "locking down" a PC..... How many people who don't know about windows policies understand how to disable USB Mass Storage Devices (or would even think about that being a problem)?
Click to expand...

SteadyState??
 
You must log in or register to reply here.
Back
Top