Solved

looking to lockout certain users from internet access on a windows xp professionnal machine

Posted on 2004-04-08
11
152 Views
Last Modified: 2013-12-04
Hi all, I have a windows XP pro machine that has multiple users. some are just "user" rights while others have "power user" rights.  They have asked that I allow some to have internet access while others are locked out.  This machine is a standalone unit. They are running a Norton Internet firewall.  Any suggestions would be great.  I have had one so called guru tell me I can lock out internet access by way of teh bios..hmm..anyways thank you for your help.
0
Comment
Question by:djzman
  • 5
  • 4
11 Comments
 
LVL 12

Expert Comment

by:trywaredk
ID: 10787802
Follow this thread
http://spyware-stopper.com/spystop/buysws.htm

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 

Author Comment

by:djzman
ID: 10789092
I have looked into many 3rd party software that will do the trick...i am just trying to find out if there are any options within windows itself that would allow me to get my results.  I guess this would mean that there is no results? or is this just one solution...

Thanks again for all help..

Z
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10790061
Sorry about the links above, it has nothing with your question to do - You know cut'n paste, sometimes it done to quick.

The actual link I tried to give you was
http://www.experts-exchange.com/Security/Win_Security/Q_20940580.html
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 12

Expert Comment

by:trywaredk
ID: 10790085
Some of the links from www.winguides.com talks about HKEY_Current_User

If so - make the same regkey to HKEY_USERS\S-1-5-21-?????????????????????

As you can see, each username that did logon to your computer has an SID (= username) in registry

When the users logs on, everything from HKEY_USERS\S-1-5-21-????????????????????? is copied by the operating system to HKEY_Current_User

So if you makes a regkey from www.winguides.com to HKEY_Current_User it only affects you (because it's also witten in your usernames SID in registry, HKEY_USERS\S-1-5-21-?????????????????????

To find each users SID use this tool
http://www.sysinternals.com/ntw2k/freeware/psgetsid.shtml
0
 

Author Comment

by:djzman
ID: 10792620
Thanks....will give this a try...

Z
0
 

Author Comment

by:djzman
ID: 10849605
I have read what seems to need to be done..i am not suer if i am typing inthe correct registry settings to make this work...

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

it the goes onto say:

Create a new DWORD value and name it "DisallowRun" set the value to "1" to enable application restrictions or "0" to allow all applications to run.

Then create a new sub-key called [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion \Policies\Explorer\DisallowRun] and define the applications the are to be restricted. Creating a new string value for each application, named as consecutive numbers, and setting the value to the filename to be restriced (e.g. "regedit.exe").

does this sound correct? what would be the filename to restrict...I am tryikng to restrict the use of internet explorer...I know I sound a little incompetent with this one but any help is greatly appreciated..

Thank you again..

Z
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10854676
You found the url http://support.microsoft.com/?kbid=323525, and asks questions about it, but it will only disable start of internet explorer, not Netscape or Mozilla or other browsers.

I thaught you followed my url to http://www.winguides.com/registry/display.php/1288/

Both urls talks about HKEY_CURRENT_USER, but remember my comment from 04/09/2004 12:16PM CEST
If you use HKEY_CURRENT_USER it only affect the logged on user (yoursef???).



This is how to do it:
1. Find each users SID http://www.sysinternals.com/ntw2k/freeware/psgetsid.shtml
 Let's say, you want to disable internet for user S-1-5-21-xxxx-yyyy-zzzz-?????
2. Start regedit.exe
3. Move to HKEY_USERS\S-1-5-21-xxxx-yyyy-zzzz-?????\Software\Microsoft\Windows\CurrentVersion\Internet Settings
4. Change the value of "ProxyEnable" and set it to "1". Change the value of "ProxyServer" and set it to an IP address and port that is invalid on your network such as "10.0.0.1:5555" (i.e. "IP:Port").
5. Find or create HKEY_USERS\S-1-5-21-xxxx-yyyy-zzzz-?????\Software\Policies\Microsoft\Internet Explorer\Control Panel
6. Create two DWORD values named "Connection Settings" and "Connwiz Admin Lock" and set them both to "1".

When user S-1-5-21-xxxx-yyyy-zzzz-????? logs on, your settings in HKEY_USERS\S-1-5-21-xxxx-yyyy-zzzz-????? is automatically copied to HKEY_CURRENT_USER


0
 

Author Comment

by:djzman
ID: 10930480
being there is no "Porxy Server " I'm not sure how I would go about setting the ip address/port.  Does one need to create this and set up a value?

Z
0
 
LVL 12

Accepted Solution

by:
trywaredk earned 500 total points
ID: 10967208
Yes  - use "10.0.0.1:5555"
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now