how to block internet access using registry
block internet access using registry settings
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What would you suggest, DaveHowe? I'm always up for learning something new...
I probably would do something at the network level, rather than try registry keys - I guess it depends on how they connect to the internet.
Usually, you block internet traffic entirely, and give access only though a proxy or if authenticated.
As an example from a home network - one of my friends had a win xp home pc with ICS turned on, that her kids used to access the internet from their room. I turned off ICS, installed squid (and a few other utils), and set it up so that only permitted sites were accessible though the squid proxy without supplying a password (which they didn't have).
If they wanted to access sites, that was fine - provided they were on the approved list. If they weren't, they couldn't reach them and would have to ask their mother to add them to the list for them - after they showed her where they were trying to go and what was there they needed.
On the whole, everything is good - in the opinion of their Mother. in a corporate environment you might need a more formal solution, or a block list rather than a permit list - proxies are flexible, and can usually accommodate either method, but she was concerned they may be accessing things she didn't approve of and didn't want to have to review a proxy log every night to find out after the fact what they had been looking at.
Usually, you block internet traffic entirely, and give access only though a proxy or if authenticated.
As an example from a home network - one of my friends had a win xp home pc with ICS turned on, that her kids used to access the internet from their room. I turned off ICS, installed squid (and a few other utils), and set it up so that only permitted sites were accessible though the squid proxy without supplying a password (which they didn't have).
If they wanted to access sites, that was fine - provided they were on the approved list. If they weren't, they couldn't reach them and would have to ask their mother to add them to the list for them - after they showed her where they were trying to go and what was there they needed.
On the whole, everything is good - in the opinion of their Mother. in a corporate environment you might need a more formal solution, or a block list rather than a permit list - proxies are flexible, and can usually accommodate either method, but she was concerned they may be accessing things she didn't approve of and didn't want to have to review a proxy log every night to find out after the fact what they had been looking at.
That's a good thought. I know that Vista has excellent parental controls as well natively. I work for a multi-national corporation that uses a proxy, although I don't administer it or know much about it. I'm sure that there are some type of proxy solutions for small and mid-size businesses as well. Maybe something like websense, which one of my previous employers used.
In regards to your previous statement about users being able to uncheck the "use proxy" setting, it would depend on the business whether or not that was an issue. In my company, computer knowledge of end users tends to be very limited going all the way up to the exec level, and this would be a valid solution because so few users would know how to get to the settings window. On the other hand, if you were administering a network for a bunch of engineers or other technical staff, you might have issues depending on your network configuration.
In regards to your previous statement about users being able to uncheck the "use proxy" setting, it would depend on the business whether or not that was an issue. In my company, computer knowledge of end users tends to be very limited going all the way up to the exec level, and this would be a valid solution because so few users would know how to get to the settings window. On the other hand, if you were administering a network for a bunch of engineers or other technical staff, you might have issues depending on your network configuration.
Unfortunately, while some senior execs tend to be pretty ignorant when it comes to technology (I know plenty still have their secretaries print out emails, and dictate replies), kids tend to find from their peers how to work around most restrictions in windows - it is very hard to restrict access when the "attacker" has the ability to reboot the machine and boot from removable media.
Squid is a proxy, and is free (you can run it on windows or unix) but does not have the "naughty or nice" lists that commercial web filtering solutions have to work hard to keep updated. DansGuardian is a open source filtering solution, but I don't think there is a windows version (just linux)
Squid is a proxy, and is free (you can run it on windows or unix) but does not have the "naughty or nice" lists that commercial web filtering solutions have to work hard to keep updated. DansGuardian is a open source filtering solution, but I don't think there is a windows version (just linux)
wont work with the command line ftp client, firefox, safari etc etc...