Solved

looking to lockout certain users from internet access on a windows xp professionnal machine

Posted on 2004-04-08
11
150 Views
Last Modified: 2013-12-04
Hi all, I have a windows XP pro machine that has multiple users. some are just "user" rights while others have "power user" rights.  They have asked that I allow some to have internet access while others are locked out.  This machine is a standalone unit. They are running a Norton Internet firewall.  Any suggestions would be great.  I have had one so called guru tell me I can lock out internet access by way of teh bios..hmm..anyways thank you for your help.
0
Comment
Question by:djzman
  • 5
  • 4
11 Comments
 
LVL 12

Expert Comment

by:trywaredk
ID: 10787802
Follow this thread
http://spyware-stopper.com/spystop/buysws.htm

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 

Author Comment

by:djzman
ID: 10789092
I have looked into many 3rd party software that will do the trick...i am just trying to find out if there are any options within windows itself that would allow me to get my results.  I guess this would mean that there is no results? or is this just one solution...

Thanks again for all help..

Z
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10790061
Sorry about the links above, it has nothing with your question to do - You know cut'n paste, sometimes it done to quick.

The actual link I tried to give you was
http://www.experts-exchange.com/Security/Win_Security/Q_20940580.html
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10790085
Some of the links from www.winguides.com talks about HKEY_Current_User

If so - make the same regkey to HKEY_USERS\S-1-5-21-?????????????????????

As you can see, each username that did logon to your computer has an SID (= username) in registry

When the users logs on, everything from HKEY_USERS\S-1-5-21-????????????????????? is copied by the operating system to HKEY_Current_User

So if you makes a regkey from www.winguides.com to HKEY_Current_User it only affects you (because it's also witten in your usernames SID in registry, HKEY_USERS\S-1-5-21-?????????????????????

To find each users SID use this tool
http://www.sysinternals.com/ntw2k/freeware/psgetsid.shtml
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Author Comment

by:djzman
ID: 10792620
Thanks....will give this a try...

Z
0
 

Author Comment

by:djzman
ID: 10849605
I have read what seems to need to be done..i am not suer if i am typing inthe correct registry settings to make this work...

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

it the goes onto say:

Create a new DWORD value and name it "DisallowRun" set the value to "1" to enable application restrictions or "0" to allow all applications to run.

Then create a new sub-key called [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion \Policies\Explorer\DisallowRun] and define the applications the are to be restricted. Creating a new string value for each application, named as consecutive numbers, and setting the value to the filename to be restriced (e.g. "regedit.exe").

does this sound correct? what would be the filename to restrict...I am tryikng to restrict the use of internet explorer...I know I sound a little incompetent with this one but any help is greatly appreciated..

Thank you again..

Z
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10854676
You found the url http://support.microsoft.com/?kbid=323525, and asks questions about it, but it will only disable start of internet explorer, not Netscape or Mozilla or other browsers.

I thaught you followed my url to http://www.winguides.com/registry/display.php/1288/

Both urls talks about HKEY_CURRENT_USER, but remember my comment from 04/09/2004 12:16PM CEST
If you use HKEY_CURRENT_USER it only affect the logged on user (yoursef???).



This is how to do it:
1. Find each users SID http://www.sysinternals.com/ntw2k/freeware/psgetsid.shtml
 Let's say, you want to disable internet for user S-1-5-21-xxxx-yyyy-zzzz-?????
2. Start regedit.exe
3. Move to HKEY_USERS\S-1-5-21-xxxx-yyyy-zzzz-?????\Software\Microsoft\Windows\CurrentVersion\Internet Settings
4. Change the value of "ProxyEnable" and set it to "1". Change the value of "ProxyServer" and set it to an IP address and port that is invalid on your network such as "10.0.0.1:5555" (i.e. "IP:Port").
5. Find or create HKEY_USERS\S-1-5-21-xxxx-yyyy-zzzz-?????\Software\Policies\Microsoft\Internet Explorer\Control Panel
6. Create two DWORD values named "Connection Settings" and "Connwiz Admin Lock" and set them both to "1".

When user S-1-5-21-xxxx-yyyy-zzzz-????? logs on, your settings in HKEY_USERS\S-1-5-21-xxxx-yyyy-zzzz-????? is automatically copied to HKEY_CURRENT_USER


0
 

Author Comment

by:djzman
ID: 10930480
being there is no "Porxy Server " I'm not sure how I would go about setting the ip address/port.  Does one need to create this and set up a value?

Z
0
 
LVL 12

Accepted Solution

by:
trywaredk earned 500 total points
ID: 10967208
Yes  - use "10.0.0.1:5555"
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now