Restrict IE content for specific accounts

I would like to restrict for several (that are not admnistrative) accounts of my PC the ability to access Internet sites with IE other than the ones I will specify. I tried logging to those accounts but IE says that I can only do this from an administrative account.

I looked at Windows® XP Security Console (as suggested at but when I run it I cannot see anything that will allow me to limit those settings.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brian PiercePhotographerCommented:
No you cannot really do this with IE. The only real solutions is to use a proxy server, which is probably a bit overkill, or use a third party product like Net Nanny.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Fatal_ExceptionSystems EngineerCommented:
Well, there is a way you can do this...  It would involve the HOST file, where you can place the specific internet sites you wish to allow, with their 'friendly' Names and IPAddresses, a .bat file that reconfigures the TCP Properties NOT to use a DNS server address (which executes upon user logon), and of course a .bat file that executes upon Admin logon that DOES include the GOOD DNS address...

You would use Netsh commands to create your batch files...

First, create a folder called c:\configs, configure TCP for normal use and run this command:

netsh -c interface dump > c:\configs\GoodDNS.txt

Then configure TCP for a BAD DNS server as in and run this command:

netsh -c interface dump > c:\configs\BadDNS.txt

Create 2 .bat files:

netsh -f c:\configs\GoodDNS.txt
netsh -f c:\configs\BadDNS.txt

Place the BadDNS bat file in the UsersStartupFolder, and GoodDNS in the Admin StartupFolder..

In the Hosts file, you can place the specific sites you with to allow...

Now, this is not full proof, as anyone with some advanced knowledge can do an NSLookup on an external DNS name with a good DNS server and find the IPAddress of a site, and just place the IPAddress into the Address Bar to get to an outside site, but the normal user would not likely think of this...
s_federiciAuthor Commented:
I didn't check netnanny as I wasn't looking for a solution of 40$ per PC. I just thought of maybe a windows registry solution. But netnanny (I asked today their support service) should work. Fatal exception's solution instead is not completely safe, so I wouldn't consider it as a viable one.
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

Fatal_ExceptionSystems EngineerCommented:
Not safe?
Why you never posted that you still need help and this is not helping?
Noone is a mindreader and noone will post you new suggestions if you  ignore the old ones. :)
s_federiciAuthor Commented:
I didn-t post as I took for granted KCTS's comment "No you cannot really do this with IE".

As for Fatal"s, I said it is not safe as you said that it is not full prrof. So, it is not safe for the lab.
Fatal_ExceptionSystems EngineerCommented:
Note..  Nothing is fullproof, ever!  But there are levels of safety..  the one I suggested has a high level of safety, as only those users that understand DNS could circumvent it,..  Tell you what..  ask a basic user what DNS does and how it works and I think you will just find a vacant face stare back at you..  They have no idea that you can use an IPAddress to get to a website..  JMHO though...
s_federiciAuthor Commented:
I didn't even try to apply your suggestion as you said that it was not full proof. But I'm going to leave Venabili decide about it. Anyway, I appreciated you spending your time to try to help me.
Fatal_ExceptionSystems EngineerCommented:
Thanks, s_f..  I really think that my solution will work nicely for you...  but again, it is just MHO...
Fatal_ExceptionSystems EngineerCommented:
Thanks, C101
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Browsers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.