Block internet access but allow Windows Updates and Live Update

Have 15 workstations in a workgroup running 98 to XP.  Want to block internet access to these users but allow the download of Windows Updates and Norton Live Update.  There are no servers or routers, all just on basic DSL connections.

I can set a value in the registry to not allow iexplorer.exe or dsiable ie in the access rights but a user can still run IE if they know to look in the program files folder for the exe file.
Who is Participating?
Zaheer IqbalConnect With a Mentor Technical Assurance & ImplementationCommented:
a firewall or proxy could block all but certain sites...the config will vary depending on what you're using.
mdmcq5Author Commented:
do i need additional hardware? if not how do i go about using a proxy to block?
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

well, there are software firewalls and proxies, but you'll need to have a machine to run them on.

So you have ne firewall? Are all PCs using public IP addresses? I would definitely recommend doing something...
Maybe give a little more info on how the network is setup.

You could buy a PC with 2 network cards to do the job, or you could buy an appliance. For the PC option, you could use Microsoft ISA Server, or if you know Linux and don't want to spend money, you could use IPTables and Squid. There are others, like Wingate for example, but I haven't used all of em!

On the appliance side, there's a number of hardware firewall devices from Watchguard, SonicWall, Symantec, Checkpoint, Cisco, all depends on the features you want and the budget you have.

Pretty much any of these options would allow you to create flexible rules to only allow outbound access to the sites you choose.
Also, a firewall is pretty much a necessity IMO to keep intruders and viruses out - no matter how paranoid you are with patching and AV updates.
mdmcq5Author Commented:
Thanks for your input but the client doesn't want to purchase any additional hardware to stop users from websurfing.  So,  I set to use a proxy server under the LAN settings w/a non-useable IP.  It'll have to be changed each time for windows updates and virus updates, and it's rather troublesome but a quick solution on short notice was needed.  Thanks!
Zaheer IqbalTechnical Assurance & ImplementationCommented:
A better technique is a non-technical one. Set an acceptable use policy and publicise it widely: No web-surfing or you get sacked/chucked out/fined. Just enforce it a few times and soon surfing will not be a problem.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.