Solved

Need to block Internet Access for Users, but leave access to remotely support via the Internet.

Posted on 2007-03-21
9
432 Views
Last Modified: 2010-04-21
I use LogMein Free and Pro to support many customers. At one location I have a D-804HV Router that then connects to switches, then to servers and the rest of the clients. The clients and the servers all point to the Router to get Internet, but there is no DHCP. Everything is punched in. The DNS numbers are from the ISP not the router. If I remove DNS numbers from a NIC then of course the user or machine has no Internet capability, but can still function in the LAN environment. I need to always have Internet access on the machine so that I can remotely support them with LogMeIn. Logmein is just like Remote Desktop, but it allows the user to view what you are doing (very helpful in many trouble shooting situations).

Question:
Is there any way I can prevent access for the user i.e. IM programs and Web Browsing, but still have remote access through Logmein to support them?
0
Comment
Question by:ZionTech1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 17

Expert Comment

by:Jared Luker
ID: 18767063
I think your going to need some sort of proxy solution like Microsofts ISA or the open source Squid
0
 
LVL 15

Expert Comment

by:Ryan_R
ID: 18767955
or you could try opening IE Internet Options, Connection, LAN Settings, and change the proxy settings to something bogus so that IE won't work. I can't say if this will affect RDC though
0
 

Author Comment

by:ZionTech1
ID: 18767966
That will work for IE or any browser, but what about IM programs?
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 15

Accepted Solution

by:
Ryan_R earned 300 total points
ID: 18767984
IM should have it's own connection page where you enter bogus proxy settings
I've successfully done this with standard Windows Messenger but had some probs doing it with Windows Live Messenger version 8+
otherwise goto www.freshdevices.com and get FreshUI
in it (under security i think) is a page where you can add filenames (no pths needed) to a black list so that they cannot be run. ie - you could add "iexplore.exe" and "msmsgs.exe" and "mnsmsgr.exe" to the black list to block them. the only way around it is for them to rename the files to "explorer2.exe" to get around it - if they're smart enough   :)
0
 

Author Comment

by:ZionTech1
ID: 18768021
Hmm... That sounds like it may be a very practical and easy solution. I will try that and update this page. Thanks Ryan R.
0
 
LVL 15

Expert Comment

by:Ryan_R
ID: 18768024
that's ok
0
 
LVL 4

Assisted Solution

by:DarrylHadfield
DarrylHadfield earned 200 total points
ID: 18809341
It's easy enough for users to work around that, however.

The simplest method is to prohibit certain port activity, if your router permits that.  Yahoo's client will seek any open port, however, so that would be problematic.

I'd say lock down the client machine, un-install the client, and prohibit users from installing their own apps.
0
 

Author Closing Comment

by:ZionTech1
ID: 31407172
Great answer. Thanks. Very complete
0
 
LVL 15

Expert Comment

by:Ryan_R
ID: 20728538
Thanks for the points.

Surprised this question didn't get picked up by a Cleanup Volunteer.
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
What browser will run Java? 7 166
Deploy updates to Firefox settings 6 30
VPN Server config in Modem 5 86
Cisco 3650 switch 1G port to 10G port 6 27
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
I annotated my article on ransomware somewhat extensively, but I keep adding new references and wanted to put a link to the reference library.  Despite all the reference tools I have on hand, it was not easy to find a way to do this easily. I finall…
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question