Restrict Internet Access on Workstation

Posted on 2006-03-22
Last Modified: 2012-08-13
I have a kiosk machine that is all nice and locked down running Windows XP.  It worked perfectly fine when they only needed access to one location.  I just removed all methods of changing the URL and auto-loaded the page they needed.  Well now, I need to grant access to 2 or 3 sites and restrict everything else.

My first thought is to modify the hosts file and give routes to the sites I want and somehow turn everything else to either a dummy page or the localhost.  The problem is, can I use wildcards in the host file?  

If so, how would I go about it?

Any other thoughts on how to accomplish this?
Question by:AAckley
    LVL 23

    Expert Comment

    Maybe lock down the machine completely except for 3 URL shortcuts on the desktop?

    Deploy a content filtering software such as Websense and only allow that workstation access to those particular sites?

    Change the firewall to have a rule that only allows that computer to get to those particular sites/IPs?

    Good question, I'm interested to see what others think.
    LVL 16

    Accepted Solution

    You can also set up a fake proxy server in ie and give a few sites exeptions.

    This can be done either editing the registry or through IE

    IE Steps

    Open IE > tools > internet options > connections > lan settings >
    check the option 'Use a proxy server...' type in a non existent address e.g or something like http://nowhere.ccc >
    now click the 'advanced' button > under 'Do not use proxy server for...'

    Registry method...
    Windows Registry Editor Version 5.00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    This article is in response to a question ( here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
    I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now