We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now


Group Policy - Lock a user down so all he can do is see our Intranet page

swabeui asked
Medium Priority
Last Modified: 2013-12-04

I have a couple users at my company that I need to lock down so they can only see our Intranet.  I have looking into the Kiosk mode for IE, but it would allow the user to still browse other pages other then our Intranet page.  Additionally, it would not be intuitive to the user how to logoff or shutdown since the start menu is hidden.

Watch Question

Pete LongTechnical Architect
Distinguished Expert 2019

why use a policy? just put in a firewall that blocks all TCP port 80 (web) traffic from that particular pc to the outside of your network


I thought about this (in fact I have implemented similar policies already), but the computers in question are shared and other users do not have to share the same restrictions.  I would also have to make the IPs static or at least assigned in DHCP which I would rather not do if I don't have to right now.
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview
Another option is to install a 3rd party software product such as cyber patrol to limit Internet access or indeed block all www sites for that user account.


I think I might have it solved it.  I have setup Internet Explorer to use a Proxy server and to bypass the server on local addresses as well as "certain" websites.  I set the proxy server to point to the local machine so if they try to go anywhere except for the places I have listed as "bypass" sites, they get an error.

On top of all that, I of course locked down the controls so they can't undo this little trick.  The user was mighty surprised at the effectiveness of the policy when I applied it to thier account today.

I am going to run some other tests to see if it is what I want, and if so I will award points, etc... at that time.

Use C:\Programs\Internet Explorer\iexplore.exe as user based custom shell

Implement a User Based Custom Shell (Windows 2000/XP)

Replacing the Microsoft Graphical Identification and Authentication DLL (MSGINA.DLL)

When I did my MCSE (which I did in a technical school) I implemented this on my final project by using a Shell as trywaredk already mentioned in the last post.

The page restriction I did with the help of ISA server 2000. My configuration logged the user out automatically if he closed Internet Explorer.

Hope this helps,

Daniel F.
:o) Glad I could help you - thank you for the points
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.