Solved

looking to lockout certain users from internet access on a windows xp professionnal machine

Posted on 2004-04-08
11
149 Views
Last Modified: 2013-12-04
Hi all, I have a windows XP pro machine that has multiple users. some are just "user" rights while others have "power user" rights.  They have asked that I allow some to have internet access while others are locked out.  This machine is a standalone unit. They are running a Norton Internet firewall.  Any suggestions would be great.  I have had one so called guru tell me I can lock out internet access by way of teh bios..hmm..anyways thank you for your help.
0
Comment
Question by:djzman
  • 5
  • 4
11 Comments
 
LVL 12

Expert Comment

by:trywaredk
ID: 10787802
Follow this thread
http://spyware-stopper.com/spystop/buysws.htm

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 

Author Comment

by:djzman
ID: 10789092
I have looked into many 3rd party software that will do the trick...i am just trying to find out if there are any options within windows itself that would allow me to get my results.  I guess this would mean that there is no results? or is this just one solution...

Thanks again for all help..

Z
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10790061
Sorry about the links above, it has nothing with your question to do - You know cut'n paste, sometimes it done to quick.

The actual link I tried to give you was
http://www.experts-exchange.com/Security/Win_Security/Q_20940580.html
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10790085
Some of the links from www.winguides.com talks about HKEY_Current_User

If so - make the same regkey to HKEY_USERS\S-1-5-21-?????????????????????

As you can see, each username that did logon to your computer has an SID (= username) in registry

When the users logs on, everything from HKEY_USERS\S-1-5-21-????????????????????? is copied by the operating system to HKEY_Current_User

So if you makes a regkey from www.winguides.com to HKEY_Current_User it only affects you (because it's also witten in your usernames SID in registry, HKEY_USERS\S-1-5-21-?????????????????????

To find each users SID use this tool
http://www.sysinternals.com/ntw2k/freeware/psgetsid.shtml
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:djzman
ID: 10792620
Thanks....will give this a try...

Z
0
 

Author Comment

by:djzman
ID: 10849605
I have read what seems to need to be done..i am not suer if i am typing inthe correct registry settings to make this work...

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

it the goes onto say:

Create a new DWORD value and name it "DisallowRun" set the value to "1" to enable application restrictions or "0" to allow all applications to run.

Then create a new sub-key called [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion \Policies\Explorer\DisallowRun] and define the applications the are to be restricted. Creating a new string value for each application, named as consecutive numbers, and setting the value to the filename to be restriced (e.g. "regedit.exe").

does this sound correct? what would be the filename to restrict...I am tryikng to restrict the use of internet explorer...I know I sound a little incompetent with this one but any help is greatly appreciated..

Thank you again..

Z
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10854676
You found the url http://support.microsoft.com/?kbid=323525, and asks questions about it, but it will only disable start of internet explorer, not Netscape or Mozilla or other browsers.

I thaught you followed my url to http://www.winguides.com/registry/display.php/1288/

Both urls talks about HKEY_CURRENT_USER, but remember my comment from 04/09/2004 12:16PM CEST
If you use HKEY_CURRENT_USER it only affect the logged on user (yoursef???).



This is how to do it:
1. Find each users SID http://www.sysinternals.com/ntw2k/freeware/psgetsid.shtml
 Let's say, you want to disable internet for user S-1-5-21-xxxx-yyyy-zzzz-?????
2. Start regedit.exe
3. Move to HKEY_USERS\S-1-5-21-xxxx-yyyy-zzzz-?????\Software\Microsoft\Windows\CurrentVersion\Internet Settings
4. Change the value of "ProxyEnable" and set it to "1". Change the value of "ProxyServer" and set it to an IP address and port that is invalid on your network such as "10.0.0.1:5555" (i.e. "IP:Port").
5. Find or create HKEY_USERS\S-1-5-21-xxxx-yyyy-zzzz-?????\Software\Policies\Microsoft\Internet Explorer\Control Panel
6. Create two DWORD values named "Connection Settings" and "Connwiz Admin Lock" and set them both to "1".

When user S-1-5-21-xxxx-yyyy-zzzz-????? logs on, your settings in HKEY_USERS\S-1-5-21-xxxx-yyyy-zzzz-????? is automatically copied to HKEY_CURRENT_USER


0
 

Author Comment

by:djzman
ID: 10930480
being there is no "Porxy Server " I'm not sure how I would go about setting the ip address/port.  Does one need to create this and set up a value?

Z
0
 
LVL 12

Accepted Solution

by:
trywaredk earned 500 total points
ID: 10967208
Yes  - use "10.0.0.1:5555"
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now