Disable internet 5.0

Posted on 2005-04-21
Medium Priority
Last Modified: 2010-04-14
Running win 2K pro on 3 machines networked together.  The host machine i want to connect to the interent (it does that fine) the other two machines I want to prevent them from connecting to internet.  How do i go about that?  can it be done with passwords?  I need an answer today 4/21/05
Question by:dfte11a
  • 2
  • 2
LVL 12

Expert Comment

ID: 13834993
There are lots of ways, with varying degrees of security, but we should know more about how these are hooked up.  Are all 3 connected to one router, which is also connected to the internet?   Or are they sharing a connection through the "host machine"?

The simplest way is probably to remote the default gateway from the TCP/IP configuration.  This will not prevent them from connecting to machines in the same LAN segment,  but will make it impossible to communicate with machines anywhere else.    But we really need to know more about your configuration and why you want to prevent 2 of 3 from connecting to the Internet.

LVL 16

Assisted Solution

craylord earned 1200 total points
ID: 13835512
If he is on a lan, setup in Internet Exploer > Tools > Internet Options > Connections tab > LAN Settings > Uncheck the automatically detect settings and check use proxy server and bypass proxy server for local address. Enter bogus IP and port info into the proxy. port 14000.
Now it will attempt to look for a proxy when accessing the internet and fail :)

Next step if the user is technically savvy and knows how to uncheck these settings. There is a registry entry that will hide the Connections tab in Internet Options.

Here is the key to hide the connections tab from Internet Explorer options.

HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\
   Add Dword named ConnectionsTab
   Edit the value and change it to 1
     1 = hidden 0 = visible

You can also disable other tabs in the same reg with dwords of:

Author Comment

ID: 13837420
This is for our church library, we don't want access to internet on two of the three machines.  The router is connected to the data port and the other machines are all connected to the router.  We still need for these machines to "see each other" but limit internet connectivity to only the host machine.
Thanks for quick answer
LVL 16

Accepted Solution

craylord earned 1200 total points
ID: 13837450
My solution will do just that. Checking the Bybass proxy server means they can still talk to each other behind the router.
LVL 12

Assisted Solution

Carlo-Giuliani earned 800 total points
ID: 13838264
How much security do you want? In theory, giving physical acess to a machine means that somebody sophisticated enough can bypass anything....it's all a question of how difficult you want to make it for them.  

What will these machines be used for?  Can you configure them so users do not have administrative rights?

If you do what *both* Craylord and I suggested, it would take somebody pretty persistent to get around it...since it would require finding the router address and then modifying three different things in the system.  Any competent techie could do it, but it would take some time.  

If you do these things *and* restrict users to a non-administrative login, then they would need not only more knowledge and more time, but they would probably need a bootable utility CD or USB key to get around the security.

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Often times it's very very easy to extend a volume on a Linux instance in AWS, but impossible to shrink it. I wanted to contribute to the experts-exchange community a way of providing a procedure that works on an AWS instance. It can also be used on…
Integration Management Part 2
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses
Course of the Month13 days, 14 hours left to enroll

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question