Need to block Internet Access for Users, but leave access to remotely support via the Internet.

I use LogMein Free and Pro to support many customers. At one location I have a D-804HV Router that then connects to switches, then to servers and the rest of the clients. The clients and the servers all point to the Router to get Internet, but there is no DHCP. Everything is punched in. The DNS numbers are from the ISP not the router. If I remove DNS numbers from a NIC then of course the user or machine has no Internet capability, but can still function in the LAN environment. I need to always have Internet access on the machine so that I can remotely support them with LogMeIn. Logmein is just like Remote Desktop, but it allows the user to view what you are doing (very helpful in many trouble shooting situations).

Question:
Is there any way I can prevent access for the user i.e. IM programs and Web Browsing, but still have remote access through Logmein to support them?
Zion PhilPresidentAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jared LukerCommented:
I think your going to need some sort of proxy solution like Microsofts ISA or the open source Squid
0
Ryan_RIT Systems AdministratorCommented:
or you could try opening IE Internet Options, Connection, LAN Settings, and change the proxy settings to something bogus so that IE won't work. I can't say if this will affect RDC though
0
Zion PhilPresidentAuthor Commented:
That will work for IE or any browser, but what about IM programs?
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

Ryan_RIT Systems AdministratorCommented:
IM should have it's own connection page where you enter bogus proxy settings
I've successfully done this with standard Windows Messenger but had some probs doing it with Windows Live Messenger version 8+
otherwise goto www.freshdevices.com and get FreshUI
in it (under security i think) is a page where you can add filenames (no pths needed) to a black list so that they cannot be run. ie - you could add "iexplore.exe" and "msmsgs.exe" and "mnsmsgr.exe" to the black list to block them. the only way around it is for them to rename the files to "explorer2.exe" to get around it - if they're smart enough   :)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Zion PhilPresidentAuthor Commented:
Hmm... That sounds like it may be a very practical and easy solution. I will try that and update this page. Thanks Ryan R.
0
Ryan_RIT Systems AdministratorCommented:
that's ok
0
DarrylHadfieldCommented:
It's easy enough for users to work around that, however.

The simplest method is to prohibit certain port activity, if your router permits that.  Yahoo's client will seek any open port, however, so that would be problematic.

I'd say lock down the client machine, un-install the client, and prohibit users from installing their own apps.
0
Zion PhilPresidentAuthor Commented:
Great answer. Thanks. Very complete
0
Ryan_RIT Systems AdministratorCommented:
Thanks for the points.

Surprised this question didn't get picked up by a Cleanup Volunteer.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.