Solved

looking to lockout certain users from internet access on a windows xp professionnal machine

Posted on 2004-04-08
11
156 Views
Last Modified: 2013-12-04
Hi all, I have a windows XP pro machine that has multiple users. some are just "user" rights while others have "power user" rights.  They have asked that I allow some to have internet access while others are locked out.  This machine is a standalone unit. They are running a Norton Internet firewall.  Any suggestions would be great.  I have had one so called guru tell me I can lock out internet access by way of teh bios..hmm..anyways thank you for your help.
0
Comment
Question by:djzman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
11 Comments
 
LVL 12

Expert Comment

by:trywaredk
ID: 10787802
Follow this thread
http://spyware-stopper.com/spystop/buysws.htm

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 

Author Comment

by:djzman
ID: 10789092
I have looked into many 3rd party software that will do the trick...i am just trying to find out if there are any options within windows itself that would allow me to get my results.  I guess this would mean that there is no results? or is this just one solution...

Thanks again for all help..

Z
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10790061
Sorry about the links above, it has nothing with your question to do - You know cut'n paste, sometimes it done to quick.

The actual link I tried to give you was
http://www.experts-exchange.com/Security/Win_Security/Q_20940580.html
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 12

Expert Comment

by:trywaredk
ID: 10790085
Some of the links from www.winguides.com talks about HKEY_Current_User

If so - make the same regkey to HKEY_USERS\S-1-5-21-?????????????????????

As you can see, each username that did logon to your computer has an SID (= username) in registry

When the users logs on, everything from HKEY_USERS\S-1-5-21-????????????????????? is copied by the operating system to HKEY_Current_User

So if you makes a regkey from www.winguides.com to HKEY_Current_User it only affects you (because it's also witten in your usernames SID in registry, HKEY_USERS\S-1-5-21-?????????????????????

To find each users SID use this tool
http://www.sysinternals.com/ntw2k/freeware/psgetsid.shtml
0
 

Author Comment

by:djzman
ID: 10792620
Thanks....will give this a try...

Z
0
 

Author Comment

by:djzman
ID: 10849605
I have read what seems to need to be done..i am not suer if i am typing inthe correct registry settings to make this work...

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

it the goes onto say:

Create a new DWORD value and name it "DisallowRun" set the value to "1" to enable application restrictions or "0" to allow all applications to run.

Then create a new sub-key called [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion \Policies\Explorer\DisallowRun] and define the applications the are to be restricted. Creating a new string value for each application, named as consecutive numbers, and setting the value to the filename to be restriced (e.g. "regedit.exe").

does this sound correct? what would be the filename to restrict...I am tryikng to restrict the use of internet explorer...I know I sound a little incompetent with this one but any help is greatly appreciated..

Thank you again..

Z
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10854676
You found the url http://support.microsoft.com/?kbid=323525, and asks questions about it, but it will only disable start of internet explorer, not Netscape or Mozilla or other browsers.

I thaught you followed my url to http://www.winguides.com/registry/display.php/1288/

Both urls talks about HKEY_CURRENT_USER, but remember my comment from 04/09/2004 12:16PM CEST
If you use HKEY_CURRENT_USER it only affect the logged on user (yoursef???).



This is how to do it:
1. Find each users SID http://www.sysinternals.com/ntw2k/freeware/psgetsid.shtml
 Let's say, you want to disable internet for user S-1-5-21-xxxx-yyyy-zzzz-?????
2. Start regedit.exe
3. Move to HKEY_USERS\S-1-5-21-xxxx-yyyy-zzzz-?????\Software\Microsoft\Windows\CurrentVersion\Internet Settings
4. Change the value of "ProxyEnable" and set it to "1". Change the value of "ProxyServer" and set it to an IP address and port that is invalid on your network such as "10.0.0.1:5555" (i.e. "IP:Port").
5. Find or create HKEY_USERS\S-1-5-21-xxxx-yyyy-zzzz-?????\Software\Policies\Microsoft\Internet Explorer\Control Panel
6. Create two DWORD values named "Connection Settings" and "Connwiz Admin Lock" and set them both to "1".

When user S-1-5-21-xxxx-yyyy-zzzz-????? logs on, your settings in HKEY_USERS\S-1-5-21-xxxx-yyyy-zzzz-????? is automatically copied to HKEY_CURRENT_USER


0
 

Author Comment

by:djzman
ID: 10930480
being there is no "Porxy Server " I'm not sure how I would go about setting the ip address/port.  Does one need to create this and set up a value?

Z
0
 
LVL 12

Accepted Solution

by:
trywaredk earned 500 total points
ID: 10967208
Yes  - use "10.0.0.1:5555"
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question