[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

how to block internet access using registry

Posted on 2008-11-19
6
Medium Priority
?
7,227 Views
Last Modified: 2013-12-04
block internet access using registry settings
0
Comment
Question by:HFETECH
  • 3
  • 3
6 Comments
 
LVL 3

Accepted Solution

by:
clarktr2 earned 150 total points
ID: 22995186
Try these registry mods:

[HKEY_CURRENT_USER\Software\MicrosoftWindows\CurrentVersion\Internet Settings]
"ProxyHttp1.1"=dword:00000000
"ProxyServer"="ftp=0.0.0.0:80;gopher=0.0.0.0:80;http=0.0.0.0:80;https=0.0.0.0:80"
"ProxyOverride"="Do not use proxy server for addresses beginning with:" (ie.. http://www.msn.com;http://www.searchwin2000)
"ProxyEnable"=dword:00000001
"ProxyOverrideText"="Separate multiple addresses with a semi-colon."
[HKEY_CURRENT_USER\SoftwarePolicies\MicrosoftInternet\ ExplorerControl Panel]
"Proxy"=dword:00000001

Here is an article on the subject:
http://searchwinit.techtarget.com/tip/0,289483,sid1_gci778764,00.html#

0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 22997701
would work I guess - provided they *only* use IE and don't know how to reach the proxy settings page to untick "use proxy"
wont work with the command line ftp client, firefox, safari etc etc...
0
 
LVL 3

Expert Comment

by:clarktr2
ID: 22997738
What would you suggest, DaveHowe?  I'm always up for learning something new...
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 33

Expert Comment

by:Dave Howe
ID: 22997866
I probably would do something at the network level, rather than try registry keys - I guess it depends on how they connect to the internet.
Usually, you block internet traffic entirely, and give access only though a proxy or if authenticated.

As an example from a home network - one of my friends had a win xp home pc with ICS turned on, that her kids used to access the internet from their room. I turned off ICS, installed squid (and a few other utils), and set it up so that only permitted sites were accessible though the squid proxy without supplying a password (which they didn't have).

If they wanted to access sites, that was fine - provided they were on the approved list. If they weren't, they couldn't reach them and would have to ask their mother to add them to the list for them - after they showed her where they were trying to go and what was there they needed.

On the whole, everything is good - in the opinion of their Mother. in a corporate environment you might need a more formal solution, or a block list rather than a permit list - proxies are flexible, and can usually accommodate either method, but she was concerned they may be accessing things she didn't approve of and didn't want to have to review a proxy log every night to find out after the fact what they had been looking at.
0
 
LVL 3

Expert Comment

by:clarktr2
ID: 22998049
That's a good thought.  I know that Vista has excellent parental controls as well natively.  I work for a multi-national corporation that uses a proxy, although I don't administer it or know much about it.  I'm sure that there are some type of proxy solutions for small and mid-size businesses as well.  Maybe something like websense, which one of my previous employers used.  
In regards to your previous statement about users being able to uncheck the "use proxy" setting, it would depend on the business whether or not that was an issue.  In my company, computer knowledge of end users tends to be very limited going all the way up to the exec level, and this would be a valid solution because so few users would know how to get to the settings window.  On the other hand, if you were administering a network for a bunch of engineers or other technical staff, you might have issues depending on your network configuration.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 22999871
Unfortunately, while some senior execs tend to be pretty ignorant when it comes to technology (I know plenty still have their secretaries print out emails, and dictate replies), kids tend to find from their peers how to work around most restrictions in windows - it is very hard to restrict access when the "attacker" has the ability to reboot the machine and boot from removable media.

Squid is a proxy, and is free (you can run it on windows or unix) but does not have the "naughty or nice" lists that commercial web filtering solutions have to work hard to keep updated. DansGuardian is a open source filtering solution, but I don't think there is a windows version (just linux)
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses
Course of the Month18 days, 22 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question