Solved

How can I Disable a users external Internet Surfing without affecting internal Intranet Access?

Posted on 2006-07-12
14
358 Views
Last Modified: 2010-05-18
I've got a supervisor who needs to curtail one of their folks from surfing the web, but without affecting INTRAnet access. Anything I can easily do without getting too complicated? This is for a supervisor to enforce and since I'm not a domain admin (only local admin) I'm trying to avoid any kind of Policy edits since I'm not a domain admin on our network.

Thanks,
Brian
0
Comment
Question by:BrianEsser
  • 6
  • 4
  • 2
  • +2
14 Comments
 
LVL 4

Expert Comment

by:johanvz1
ID: 17092012
Hi,

Do you want to block it for the one specific user on the whole network?. Or on the computer on which that user works?. Becuase if the users works on one system then it makes the task at hand much easier. Also what is the Operating System in use is it Windows XP SP2?.

Rgds,

Johan
0
 
LVL 9

Accepted Solution

by:
NYtechGuy earned 500 total points
ID: 17092097
Brian-

If you are a local admin, this is easy.

1. Go to network connection properites, tcp/ip properties of the network card in use.
2. remove any entries in DNS servers.  In other words, leave the DNS fields BLANK.
3. Do a search on a file called HOSTS  (I think it is C:\windows\system32\drivers\etc)
4. Open this HOSTS file in notepad  (note:  it does NOT have an extension, and must remain that way)
5. You will see one entry that says 127.0.0.1     localhost
6. On the line below, following that format input the IP address and hostname (example:  intranet.yourdomain.com)
7. Repeat, and add entries for any websites that you want the client to get to (could be internal/intranet or external)

If user is not local admin, he cannot change any of these settings back.

Thanks,

justin
0
 

Author Comment

by:BrianEsser
ID: 17092116
Johan, On the computer where the (temp) user works please. Windows XP SP2 and we use MS ISA Proxy. When the ISA Proxy is disabled, a user would have access only to the Intranet, which is what I'm after. I can manually disable the ISA Proxy, but a savvy user could just re-enable it from the system tray. We are also using MS AntiSpyware Beta 1 and I might be able to use the advanced tools to take isatray.exe out of the startup directory. Any suggestions are appreciated.

Thanks,

Brian
0
 

Author Comment

by:BrianEsser
ID: 17092128
All users have local admin - Don't ask me why?
0
 

Author Comment

by:BrianEsser
ID: 17092184
Justin, I'm familiar with what you are suggesting, but without DNS I'm not sure if I'd break something else in the process. I'd have to do a lot of testing I don't have time to do at this point. Hoping something more simple can be done. However, even with local admin rights, your suggestion is complex enough that the user wouldn't be able to undo that which he has no idea has been done. We'll have to see what other options are available, but in the long run this may suffice.

Thanks,
Brian
0
 
LVL 4

Expert Comment

by:johanvz1
ID: 17092187
Hi,

You could use justins way except for that user local has admin righs and can just change it back. However depending on how knowledgable the user is you could always use the attrib command in the command prompt to hide the lmhosts further so that he wont be able to find it. Unfortunately with SP2 by default you can only really block incoming traffic unless you install a third party application like zonealarm but wouldnt suggest you do that.

Rgds,

Johan

0
 
LVL 9

Expert Comment

by:NYtechGuy
ID: 17092219
BrianEsser-

If it is a member of the domain, I would also add an entry for any servers that the user must connect to:

- Including:

- Domain Controllers
- Exchange Servers
- File Servers

Please keep in mind you can ALWAYS login as local admin and put back to normal- so it shouldn't take that much testing as it is easily reversible.

Thanks,

justin
0
New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

 
LVL 18

Expert Comment

by:Crash2100
ID: 17092265
Do you have access to the router?  Because you could just block the internet ports for that computer with the router, and that would prevent it from effecting internal traffic.
0
 

Author Comment

by:BrianEsser
ID: 17092318
Justin, You are correct, there are several other servers that would have to be included and once I identified them I could certainly perform the steps you've outlined.

One question though - We use DHCP - Wouldn't that provide the DNS server info every time the Network or PC was restarted? The Hosts file is looked at first regardless, but if DNS is available due to DHCP then if browser doesn't find in Hosts file, it will then use DNS if available right?

Thanks,

Brian
0
 
LVL 9

Expert Comment

by:NYtechGuy
ID: 17092342
You can either statically address the machine, or just set the IP address itself to automatically obtain and MANUALLY specify the DNS SERVERS.  In that case, you can just set the DNS server entries to 127.0.0.1 - which would of course give no response quickly.

Thanks,

justin
0
 

Author Comment

by:BrianEsser
ID: 17092437
Sounds like it would work just fine - Thanks for the help.

Take care,
Brian
0
 
LVL 3

Expert Comment

by:juandelacruz2001
ID: 17092440
I'm wondering, how about removing (empty) the default gateway entry?

Good luck...
0
 

Author Comment

by:BrianEsser
ID: 17092449
Crash, no access to routers. Thx ~B
0
 
LVL 9

Expert Comment

by:NYtechGuy
ID: 17092754
juan-

good idea
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now