dmorlow
asked on
Block internet access to a whole room by a click of a button? Is it possible?
Hi, I'm an admin for a school. I had one teacher that asked me if I could implement something so internet could be disabled in her room quickly. When all done, I'd need like an icon or something on her screen she'd click and instantly internet would be blocked to her classroom and then another icon to permit it.
When I was in college, our instructor hated us browsing the web during class. The switch was in the classroom so he'd just unplug the uplink and replug it in when we were allowed to browse the web. This won't work in this situation, one, because there is no switch in the room (it's two rooms over), and, two, the students still need to be able to get to their home directory on the network.
I've been pondering a few different ways to do it. I know the best way to do it would be to stop the internet traffic at the firewall and have it stop it based on MAC address. But, as of now, I don't think there's a way to do this with the current firewall we have in place. Our ISP actually owns the firewall so I'm having them brainstorm a way but they haven't thought of a way to do it at the firewall without statically assigning IPs to all the computers.
Something I just tried doing was creating an OU and creating a Group Policy to assign a bogus proxy server to IE. My theory was then I'd just give the teacher the snapin to enable and disable the group policy. But the problem is the option for proxy is in the user part of the group policy and it is being applied to an OU with only computer accounts in it. In all my past experience, I've never been able to get a policy with only user settings to apply to all users signing onto a computer that is in the computer OU that the policy is set on. Should this be possible? Even if so, I'm sure it would take 5+ minutes for all computers to see the new policy and take effect so it wouldn't be instant on and off for the teacher.
Our network is only one subnet, so if I could disable the default gateway, they should still be able to access the servers locally if the default gateway didn't work. But I'm not sure how to disable the default gateway just for one classroom instantly.
Just brainstorming as I'm typing this, I just thought about sharing out the internet on the instructors computer and statically assigning the default gateway to the instructor's computer and then somehow blocking only HTTP traffic on the instructor's computer to the classroom. Maybe this would be possible. Then I'd have to set it in group policy for that classroom so they can't change the IP settings. I'm not sure if this is locked down rght now. Anyone have any thoughts on this?
When I was in college, our instructor hated us browsing the web during class. The switch was in the classroom so he'd just unplug the uplink and replug it in when we were allowed to browse the web. This won't work in this situation, one, because there is no switch in the room (it's two rooms over), and, two, the students still need to be able to get to their home directory on the network.
I've been pondering a few different ways to do it. I know the best way to do it would be to stop the internet traffic at the firewall and have it stop it based on MAC address. But, as of now, I don't think there's a way to do this with the current firewall we have in place. Our ISP actually owns the firewall so I'm having them brainstorm a way but they haven't thought of a way to do it at the firewall without statically assigning IPs to all the computers.
Something I just tried doing was creating an OU and creating a Group Policy to assign a bogus proxy server to IE. My theory was then I'd just give the teacher the snapin to enable and disable the group policy. But the problem is the option for proxy is in the user part of the group policy and it is being applied to an OU with only computer accounts in it. In all my past experience, I've never been able to get a policy with only user settings to apply to all users signing onto a computer that is in the computer OU that the policy is set on. Should this be possible? Even if so, I'm sure it would take 5+ minutes for all computers to see the new policy and take effect so it wouldn't be instant on and off for the teacher.
Our network is only one subnet, so if I could disable the default gateway, they should still be able to access the servers locally if the default gateway didn't work. But I'm not sure how to disable the default gateway just for one classroom instantly.
Just brainstorming as I'm typing this, I just thought about sharing out the internet on the instructors computer and statically assigning the default gateway to the instructor's computer and then somehow blocking only HTTP traffic on the instructor's computer to the classroom. Maybe this would be possible. Then I'd have to set it in group policy for that classroom so they can't change the IP settings. I'm not sure if this is locked down rght now. Anyone have any thoughts on this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER