Link to home
Create AccountLog in
Avatar of StevenHone
StevenHone

asked on

How to disable http access in XP

A client is having some difficulties with a staff member visiting too many websites and not doing enough work.

I have been requested to disable access to the web but allow access to Outlook for sending & receiving emails. What is the best way to do this? I presume the easiest way would be to disable http, but how?

The client uses Windows XP. Thanks in advance
ASKER CERTIFIED SOLUTION
Avatar of theProfessa
theProfessa
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Another thing you can try is this:

1.  Open up Control Panel and go to Internet Options
2.  Go to Connections Tab and click LAN settings
3.  Click "Use proxy server for you LAN" option
4.  Set it to something that does not exist

What this will do is time out the browser everytime he tries to go to a website.  The problem here is, if he knows anything about computers he can get around it by setting it back.

Hopefully you can put this to good use :]
Avatar of austinkp
austinkp

It depends on how stealthy you want to be.  If you want to send the person in question a strong message, just install something like www.k9webprotection.com and block all web access.  This is password protected, thus ensuring the user can't get around it.

If you want to block web traffic silently, go with the first suggestion.  Block ports 80 and 443.  They'll only need port 25 for SMTP emails or something else, depending on the protocol Outlook is using.
Avatar of StevenHone

ASKER

Thanks for the suggestions. I think blocking the port might be the way to go. If the employee has a limited account on XP and I disable the port using the administrator account will the employee be able to a) disable the firewall or b) edit the port back into the firewall from his limited account. I use vista now and dont have access to XP to try it :/
According to this Technet article you'll be fine:
http://technet.microsoft.com/en-us/library/bb456992.aspx

This is what it says:


Limited Users
A limited user is an account that is a member of the local Users group and is not a member of any of the administrative groups. On a domain-joined computer, any account that is a member of the Domain Users group is also a member of the local Users group.

Limited user accounts significantly reduce the attack surface for malicious software because these accounts have minimal ability to make system-wide changes that affect operational security. In particular, limited user accounts cannot open ports on the firewall, stop or start services, or modify files in the Windows system folders.

Many organizations would claim that they already implement the LUA approach because their users log on as members of the Domain Users group. However, if those users are also members of the local Administrators group, all the programs that they run will have administrative rights and could potentially cause unwanted changes.