[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Restrict IE content for specific accounts

Posted on 2007-03-24
12
Medium Priority
?
180 Views
Last Modified: 2013-12-08
I would like to restrict for several (that are not admnistrative) accounts of my PC the ability to access Internet sites with IE other than the ones I will specify. I tried logging to those accounts but IE says that I can only do this from an administrative account.

I looked at Windows® XP Security Console (as suggested at http://www.experts-exchange.com/OS/Miscellaneous/Q_21680248.html) but when I run it I cannot see anything that will allow me to limit those settings.
0
Comment
Question by:s_federici
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
12 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 1000 total points
ID: 18784844
No you cannot really do this with IE. The only real solutions is to use a proxy server, which is probably a bit overkill, or use a third party product like Net Nanny. http://www.netnanny.com/
0
 
LVL 40

Assisted Solution

by:Fatal_Exception
Fatal_Exception earned 1000 total points
ID: 18784984
Well, there is a way you can do this...  It would involve the HOST file, where you can place the specific internet sites you wish to allow, with their 'friendly' Names and IPAddresses, a .bat file that reconfigures the TCP Properties NOT to use a DNS server address (which executes upon user logon), and of course a .bat file that executes upon Admin logon that DOES include the GOOD DNS address...

You would use Netsh commands to create your batch files...

First, create a folder called c:\configs, configure TCP for normal use and run this command:

netsh -c interface dump > c:\configs\GoodDNS.txt

Then configure TCP for a BAD DNS server as in 0.0.0.0 and run this command:

netsh -c interface dump > c:\configs\BadDNS.txt

Create 2 .bat files:

netsh -f c:\configs\GoodDNS.txt
and
netsh -f c:\configs\BadDNS.txt

Place the BadDNS bat file in the UsersStartupFolder, and GoodDNS in the Admin StartupFolder..

In the Hosts file, you can place the specific sites you with to allow...

Now, this is not full proof, as anyone with some advanced knowledge can do an NSLookup on an external DNS name with a good DNS server and find the IPAddress of a site, and just place the IPAddress into the Address Bar to get to an outside site, but the normal user would not likely think of this...
0
 

Author Comment

by:s_federici
ID: 19060757
I didn't check netnanny as I wasn't looking for a solution of 40$ per PC. I just thought of maybe a windows registry solution. But netnanny (I asked today their support service) should work. Fatal exception's solution instead is not completely safe, so I wouldn't consider it as a viable one.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 19061548
Not safe?
0
 
LVL 20

Expert Comment

by:Venabili
ID: 19061840
Why you never posted that you still need help and this is not helping?
Noone is a mindreader and noone will post you new suggestions if you  ignore the old ones. :)
0
 

Author Comment

by:s_federici
ID: 19063731
I didn-t post as I took for granted KCTS's comment "No you cannot really do this with IE".

As for Fatal"s, I said it is not safe as you said that it is not full prrof. So, it is not safe for the lab.
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 19064326
Note..  Nothing is fullproof, ever!  But there are levels of safety..  the one I suggested has a high level of safety, as only those users that understand DNS could circumvent it,..  Tell you what..  ask a basic user what DNS does and how it works and I think you will just find a vacant face stare back at you..  They have no idea that you can use an IPAddress to get to a website..  JMHO though...
0
 

Author Comment

by:s_federici
ID: 19065408
I didn't even try to apply your suggestion as you said that it was not full proof. But I'm going to leave Venabili decide about it. Anyway, I appreciated you spending your time to try to help me.
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 19066335
Thanks, s_f..  I really think that my solution will work nicely for you...  but again, it is just MHO...
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 19100224
Thanks, C101
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question