Link to home
Start Free TrialLog in
Avatar of Ivrnet
Ivrnet

asked on

Block internet access for one user on a computer.

Hi, I have a client who has a small network. They have some evening staff who they want to block from using the internet. However, daytime staff using the same computer need to be able to access the internet. The daytime staff and evening staff log on to the computer using different usernames.

Can someone suggest a solution that we can implement without purchasing additional software or hardware? I'm thinking it could be done with local group policy, would this work? If so, please specify details. Thanks.
Avatar of lancelot9627
lancelot9627

You can do this from most routers if you set it up so that computer has a static IP.  What type of router do you have?
Avatar of Ivrnet

ASKER

No, I want only one user account on the computer to be restricted. A router would restrict the whole computer.
Otherwise you could just block them from using the IE executable.
Sorry, was being vague, I meant set up a IP-based restriction regulated by time of day through the router; not block it all of the time.  Looks like Sagron found what you want though.
Avatar of Ivrnet

ASKER

Sagron, could you please specify how you would block one user account from accessing the executable? If the router doesn't have the capability we need, then we would likely want to do it this way.

Thanks.
ASKER CERTIFIED SOLUTION
Avatar of Sagron
Sagron

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Was looking through some information and saw that several people use a different method which takes care of anything like user installing a different browser or such. Basically it just redirects any web requests to itself (localhost). Seems like a better way to go than just blocking the application.
Here's a site with that method (it's quite a bit shorter too):

http://windowsitpro.com/article/articleid/85079/jsi-tip-10092-how-can-i-block-internet-access-for-a-specific-user-account.html

Let me know if you need any further help with it.
Ryan
Avatar of Ivrnet

ASKER

They're not on a domain. It's just a small network, only 7 computers. Will this suggestion work with local group policy?
You can, there's also a fairly simple registry change you can make that will disable it on a per-user basis if you are able to log into the user's account - the ways i posted with group policy editor will make that the default for everyone... if you have access it would probably be "safer" as far as not messing with any other accounts goes. Let me know and if you want the registry method I can give you the steps.
I may have replied too quickly, didn't see you're running XP... the gpedit one http://www.wyckedone.net/2005-06-24/controlling-application-access-via-windows-group-policies/ will work, though others will not due to windows xp limitations (vista fixes some of these limitations). The registry change is pretty easy to do, though if the user is knowledgable enough they can undo it.
Here's the registry method in case you're interested:

Start Registry Editor.(Start->Run->regedit)

Go to, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

Set the value of ProxyEnable to 1. (if doesnt exists, create a new DWORD value)

Change the value of ProxyServer and set it to an IP address and port that is invalid on your network such as 127.0.0.1:803 (i.e. IP:Port). (if doesnt exists, create a new STRING value)

Go to, HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel

Create two new DWORD values and name them as Connwiz Admin Lock and Connection Settings. Set the values of both to 1.