how to block internet access using registry

block internet access using registry settings
HFETECHAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

clarktr2Commented:
Try these registry mods:

[HKEY_CURRENT_USER\Software\MicrosoftWindows\CurrentVersion\Internet Settings]
"ProxyHttp1.1"=dword:00000000
"ProxyServer"="ftp=0.0.0.0:80;gopher=0.0.0.0:80;http=0.0.0.0:80;https=0.0.0.0:80"
"ProxyOverride"="Do not use proxy server for addresses beginning with:" (ie.. http://www.msn.com;http://www.searchwin2000)
"ProxyEnable"=dword:00000001
"ProxyOverrideText"="Separate multiple addresses with a semi-colon."
[HKEY_CURRENT_USER\SoftwarePolicies\MicrosoftInternet\ ExplorerControl Panel]
"Proxy"=dword:00000001

Here is an article on the subject:
http://searchwinit.techtarget.com/tip/0,289483,sid1_gci778764,00.html#

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Dave HoweSoftware and Hardware EngineerCommented:
would work I guess - provided they *only* use IE and don't know how to reach the proxy settings page to untick "use proxy"
wont work with the command line ftp client, firefox, safari etc etc...
0
clarktr2Commented:
What would you suggest, DaveHowe?  I'm always up for learning something new...
0
Hey MSSPs! What's your total cost of ownership?

WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!

Dave HoweSoftware and Hardware EngineerCommented:
I probably would do something at the network level, rather than try registry keys - I guess it depends on how they connect to the internet.
Usually, you block internet traffic entirely, and give access only though a proxy or if authenticated.

As an example from a home network - one of my friends had a win xp home pc with ICS turned on, that her kids used to access the internet from their room. I turned off ICS, installed squid (and a few other utils), and set it up so that only permitted sites were accessible though the squid proxy without supplying a password (which they didn't have).

If they wanted to access sites, that was fine - provided they were on the approved list. If they weren't, they couldn't reach them and would have to ask their mother to add them to the list for them - after they showed her where they were trying to go and what was there they needed.

On the whole, everything is good - in the opinion of their Mother. in a corporate environment you might need a more formal solution, or a block list rather than a permit list - proxies are flexible, and can usually accommodate either method, but she was concerned they may be accessing things she didn't approve of and didn't want to have to review a proxy log every night to find out after the fact what they had been looking at.
0
clarktr2Commented:
That's a good thought.  I know that Vista has excellent parental controls as well natively.  I work for a multi-national corporation that uses a proxy, although I don't administer it or know much about it.  I'm sure that there are some type of proxy solutions for small and mid-size businesses as well.  Maybe something like websense, which one of my previous employers used.  
In regards to your previous statement about users being able to uncheck the "use proxy" setting, it would depend on the business whether or not that was an issue.  In my company, computer knowledge of end users tends to be very limited going all the way up to the exec level, and this would be a valid solution because so few users would know how to get to the settings window.  On the other hand, if you were administering a network for a bunch of engineers or other technical staff, you might have issues depending on your network configuration.
0
Dave HoweSoftware and Hardware EngineerCommented:
Unfortunately, while some senior execs tend to be pretty ignorant when it comes to technology (I know plenty still have their secretaries print out emails, and dictate replies), kids tend to find from their peers how to work around most restrictions in windows - it is very hard to restrict access when the "attacker" has the ability to reboot the machine and boot from removable media.

Squid is a proxy, and is free (you can run it on windows or unix) but does not have the "naughty or nice" lists that commercial web filtering solutions have to work hard to keep updated. DansGuardian is a open source filtering solution, but I don't think there is a windows version (just linux)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.