Ivrnet
asked on
Block internet access for one user on a computer.
Hi, I have a client who has a small network. They have some evening staff who they want to block from using the internet. However, daytime staff using the same computer need to be able to access the internet. The daytime staff and evening staff log on to the computer using different usernames.
Can someone suggest a solution that we can implement without purchasing additional software or hardware? I'm thinking it could be done with local group policy, would this work? If so, please specify details. Thanks.
Can someone suggest a solution that we can implement without purchasing additional software or hardware? I'm thinking it could be done with local group policy, would this work? If so, please specify details. Thanks.
You can do this from most routers if you set it up so that computer has a static IP. What type of router do you have?
ASKER
No, I want only one user account on the computer to be restricted. A router would restrict the whole computer.
Looks like this will do what you need:
http://geekinparadise.com/2008/01/12/block-internet-access-for-specific-user-using-group-policy/
http://geekinparadise.com/2008/01/12/block-internet-access-for-specific-user-using-group-policy/
Otherwise you could just block them from using the IE executable.
Sorry, was being vague, I meant set up a IP-based restriction regulated by time of day through the router; not block it all of the time. Looks like Sagron found what you want though.
ASKER
Sagron, could you please specify how you would block one user account from accessing the executable? If the router doesn't have the capability we need, then we would likely want to do it this way.
Thanks.
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Was looking through some information and saw that several people use a different method which takes care of anything like user installing a different browser or such. Basically it just redirects any web requests to itself (localhost). Seems like a better way to go than just blocking the application.
Here's a site with that method (it's quite a bit shorter too):
http://windowsitpro.com/article/articleid/85079/jsi-tip-10092-how-can-i-block-internet-access-for-a-specific-user-account.html
Let me know if you need any further help with it.
Ryan
Here's a site with that method (it's quite a bit shorter too):
http://windowsitpro.com/article/articleid/85079/jsi-tip-10092-how-can-i-block-internet-access-for-a-specific-user-account.html
Let me know if you need any further help with it.
Ryan
ASKER
They're not on a domain. It's just a small network, only 7 computers. Will this suggestion work with local group policy?
You can, there's also a fairly simple registry change you can make that will disable it on a per-user basis if you are able to log into the user's account - the ways i posted with group policy editor will make that the default for everyone... if you have access it would probably be "safer" as far as not messing with any other accounts goes. Let me know and if you want the registry method I can give you the steps.
I may have replied too quickly, didn't see you're running XP... the gpedit one http://www.wyckedone.net/2005-06-24/controlling-application-access-via-windows-group-policies/ will work, though others will not due to windows xp limitations (vista fixes some of these limitations). The registry change is pretty easy to do, though if the user is knowledgable enough they can undo it.
Here's the registry method in case you're interested:
Start Registry Editor.(Start->Run->regedit)
Go to, HKEY_CURRENT_USER\Software \Microsoft \Windows\C urrentVers ion\Intern et Settings
Set the value of ProxyEnable to 1. (if doesnt exists, create a new DWORD value)
Change the value of ProxyServer and set it to an IP address and port that is invalid on your network such as 127.0.0.1:803 (i.e. IP:Port). (if doesnt exists, create a new STRING value)
Go to, HKEY_CURRENT_USER\Software \Policies\ Microsoft\ Internet Explorer\Control Panel
Create two new DWORD values and name them as Connwiz Admin Lock and Connection Settings. Set the values of both to 1.
Start Registry Editor.(Start->Run->regedit)
Go to, HKEY_CURRENT_USER\Software
Set the value of ProxyEnable to 1. (if doesnt exists, create a new DWORD value)
Change the value of ProxyServer and set it to an IP address and port that is invalid on your network such as 127.0.0.1:803 (i.e. IP:Port). (if doesnt exists, create a new STRING value)
Go to, HKEY_CURRENT_USER\Software
Create two new DWORD values and name them as Connwiz Admin Lock and Connection Settings. Set the values of both to 1.