We help IT Professionals succeed at work.

looking to lockout certain users from internet access on a windows xp professionnal machine

djzman
djzman asked
on
Medium Priority
179 Views
Last Modified: 2013-12-04
Hi all, I have a windows XP pro machine that has multiple users. some are just "user" rights while others have "power user" rights.  They have asked that I allow some to have internet access while others are locked out.  This machine is a standalone unit. They are running a Norton Internet firewall.  Any suggestions would be great.  I have had one so called guru tell me I can lock out internet access by way of teh bios..hmm..anyways thank you for your help.
Comment
Watch Question

Follow this thread
http://spyware-stopper.com/spystop/buysws.htm

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open

Author

Commented:
I have looked into many 3rd party software that will do the trick...i am just trying to find out if there are any options within windows itself that would allow me to get my results.  I guess this would mean that there is no results? or is this just one solution...

Thanks again for all help..

Z
Sorry about the links above, it has nothing with your question to do - You know cut'n paste, sometimes it done to quick.

The actual link I tried to give you was
https://www.experts-exchange.com/Security/Win_Security/Q_20940580.html
Some of the links from www.winguides.com talks about HKEY_Current_User

If so - make the same regkey to HKEY_USERS\S-1-5-21-?????????????????????

As you can see, each username that did logon to your computer has an SID (= username) in registry

When the users logs on, everything from HKEY_USERS\S-1-5-21-????????????????????? is copied by the operating system to HKEY_Current_User

So if you makes a regkey from www.winguides.com to HKEY_Current_User it only affects you (because it's also witten in your usernames SID in registry, HKEY_USERS\S-1-5-21-?????????????????????

To find each users SID use this tool
http://www.sysinternals.com/ntw2k/freeware/psgetsid.shtml

Author

Commented:
Thanks....will give this a try...

Z

Author

Commented:
I have read what seems to need to be done..i am not suer if i am typing inthe correct registry settings to make this work...

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

it the goes onto say:

Create a new DWORD value and name it "DisallowRun" set the value to "1" to enable application restrictions or "0" to allow all applications to run.

Then create a new sub-key called [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion \Policies\Explorer\DisallowRun] and define the applications the are to be restricted. Creating a new string value for each application, named as consecutive numbers, and setting the value to the filename to be restriced (e.g. "regedit.exe").

does this sound correct? what would be the filename to restrict...I am tryikng to restrict the use of internet explorer...I know I sound a little incompetent with this one but any help is greatly appreciated..

Thank you again..

Z
You found the url http://support.microsoft.com/?kbid=323525, and asks questions about it, but it will only disable start of internet explorer, not Netscape or Mozilla or other browsers.

I thaught you followed my url to http://www.winguides.com/registry/display.php/1288/

Both urls talks about HKEY_CURRENT_USER, but remember my comment from 04/09/2004 12:16PM CEST
If you use HKEY_CURRENT_USER it only affect the logged on user (yoursef???).



This is how to do it:
1. Find each users SID http://www.sysinternals.com/ntw2k/freeware/psgetsid.shtml
 Let's say, you want to disable internet for user S-1-5-21-xxxx-yyyy-zzzz-?????
2. Start regedit.exe
3. Move to HKEY_USERS\S-1-5-21-xxxx-yyyy-zzzz-?????\Software\Microsoft\Windows\CurrentVersion\Internet Settings
4. Change the value of "ProxyEnable" and set it to "1". Change the value of "ProxyServer" and set it to an IP address and port that is invalid on your network such as "10.0.0.1:5555" (i.e. "IP:Port").
5. Find or create HKEY_USERS\S-1-5-21-xxxx-yyyy-zzzz-?????\Software\Policies\Microsoft\Internet Explorer\Control Panel
6. Create two DWORD values named "Connection Settings" and "Connwiz Admin Lock" and set them both to "1".

When user S-1-5-21-xxxx-yyyy-zzzz-????? logs on, your settings in HKEY_USERS\S-1-5-21-xxxx-yyyy-zzzz-????? is automatically copied to HKEY_CURRENT_USER


Author

Commented:
being there is no "Porxy Server " I'm not sure how I would go about setting the ip address/port.  Does one need to create this and set up a value?

Z
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.