Preventing all users from browsing the internet

Discussion in 'Networking & Security' started by mcravenufo, Apr 25, 2008.

  1. mcravenufo

    mcravenufo Ravenufo's Macs

    Messages:
    5,114
    Joined:
    Feb 28, 2001
    I have 1 box that gets used by lots of users.
    I need to prevent users from browsing the internet on this one box.
    This is an XP Pro box and I am the administrator. I figure I would create another user with the limited internet but I do not know how to prevent the user from browsing the internet.
     
  2. Nenu

    Nenu [H]ardened

    Messages:
    18,572
    Joined:
    Apr 28, 2007
    Removing the default gateway from the IP's config may be all you need.
    It may be necessary to use another hardware profile unless you just add it back in when you want to use the PC.
     
  3. mcravenufo

    mcravenufo Ravenufo's Macs

    Messages:
    5,114
    Joined:
    Feb 28, 2001
    I can't believe I don't know this but if I remove the gateway from one user will the information still be present in all other users?
     
  4. StarTrek4U

    StarTrek4U Gawd

    Messages:
    1,011
    Joined:
    Jan 8, 2003
    You could also do something like remove IE, unless your users are really crafty they probably won't be able to get online.
     
  5. mcravenufo

    mcravenufo Ravenufo's Macs

    Messages:
    5,114
    Joined:
    Feb 28, 2001
    I still need to have internet access. So when I use the PC I would log out the user and log in under my administrator account. When I leave the PC I would like to log in the user again so that they don't have internet access.
     
  6. YeOldeStonecat

    YeOldeStonecat [H]ardForum Junkie

    Messages:
    11,330
    Joined:
    Jul 19, 2004
    Don't make their account a member of the local admin group...just leave them as a standard user on this box. Of course you want the local Administrator password (as well as the domain admin password) to not be known by anyone else. Log in as admin...set a static IP address outside the normal DHCP pool, fill in the subnet mask...leave the gateway blank..empty, fill in the DNS if you are running active directory (a local domain)..WINS if necessary. Now the machine can't surf the net. And other logins cannot change the network settings because they are not members of the local admin group.

    Quickest and easiest way...takes just a few seconds.
     
  7. mcravenufo

    mcravenufo Ravenufo's Macs

    Messages:
    5,114
    Joined:
    Feb 28, 2001
  8. Captain Colonoscopy

    Captain Colonoscopy 2[H]4U

    Messages:
    3,862
    Joined:
    Feb 19, 2004
    Only problem with that is no one can access the internets at all.

    Another option would be to set a non-existent proxy in IE.
     
  9. doctah

    doctah Limp Gawd

    Messages:
    393
    Joined:
    Feb 8, 2008
    why not just disable the nic? you can re-enable it when you want to use it. Shouldn't have to reboot and a limited account would not have access. Sounds like a 2 click fix?

    ...or look through the services. I'm sure there is a "net start/stop " command that could kill network access. I don't think a limited user has access to run "net" commands or get into the services applet. If they do, I'm sure you could disable it via group policy.

    I built a computer for a lady who wanted to keep her kid off the internet at night. I offered her 2 simple solutions:

    Solution 1: USB wifi adapter (unplug, no play)
    Solution 2: A belt

    She picked #1 :)
     
  10. YeOldeStonecat

    YeOldeStonecat [H]ardForum Junkie

    Messages:
    11,330
    Joined:
    Jul 19, 2004
    True..but he didn't state he needed anyone to..OP just implied "1x computer that I need to prevent users from..."
     
  11. iamfett

    iamfett [H]Lite

    Messages:
    116
    Joined:
    Apr 17, 2008
    Years ago, I use to work a part time second job at a music store.
    We had a computer that we used for looking up music info (allmusic.com) and ordering music from online vendors for customers.
    Well anyways, the store had a problem with teenage employees wanting to surf the net all day (including looking at porn while customers were in the store), and putting off their responsibilities.
    So, the store manager (who's still a friend of mine to this day) installed a program called "Net Nanny". Net Nanny is a password protected program with a predefined list of words (most of them obscene) that scans the web page/site before the browser opens it. If the page/site contains one of the words on that list, Net Nanny won't let the page open.
    You can also add/edit words of your choice to the list. The store manager added one word.
    He added the word "the". And it basically shut the internet down.
    When those of us who were more responsible needed access, we'd open Net Nanny, enter the password, disable the program, do what we had to do, then re enable Net Nanny when we were done.
    I use to smile every time an employee would tell me that the internet was down again.