How can i prevent a computer from accessing the internet

I have 2 questions
HOw can i prevent someone from accessing the internet through a web browser(I.E)
or can i lock it down by user access
these computers are not part of a domain
just workgroup
i believe they are win xp
cdubbciscoAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Donald StewartConnect With a Mentor Network AdministratorCommented:
There are a couple ways, you could set the proxy to 127.0.0.1
 
or you could use Windows Steady State.
0
 
Donald StewartNetwork AdministratorCommented:
0
 
sugarfreelessCommented:
you could also configure the router to deny that mac address access.
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
Donald StewartNetwork AdministratorCommented:
0
 
sugarfreelessCommented:
sure a small percentage of employee's try to circumvent lock down measures, but those statistics are typically taken from large corporations.  Since these systems are not part of a domain I'm guessing not many hackers work there.

I should point out it's only possible to spoof a mac address with admin privs.  Also a quick search on google to bypass steadystate gives any user a quick way to do so.  ;)

If you are looking for a pretty solid solution in which the user does not have access to change or circumvent settings its on the router.
0
 
Donald StewartNetwork AdministratorCommented:
"Also a quick search on google to bypass steadystate gives any user a quick way to do so.  ;)"
 
 
HMMMMM......dont seem to be finding anything for that......strange
0
 
sugarfreelessConnect With a Mentor Commented:
keep searching...  social.microsoft.com

Here are the steps to circumvent SteadyState IE and explorer restrictions.

1. the user can still use right click in the browser.
2. the user can use control + n for a new window and has adressfield options. so he can access anything.
3. when you hit f3 the search field opens. by clicking files and folders youll have full access to the network and the local drive to delete and do anything.
0
 
Donald StewartNetwork AdministratorCommented:
User configuration|Administrative Templates|Windows Components|Windows Explorer|Disable Windows Explorer's default context menu - in group policy
0
 
Donald StewartNetwork AdministratorCommented:
or local policy in this case ^
0
 
sugarfreelessCommented:
I would prefer the quick 60 second configuration of the router versus software installations and local policy changes.  But what ever works for cdubbcisco is fine with me.
0
 
Donald StewartNetwork AdministratorCommented:
By the way, that circumvention doesnt work(even with right click still available)
0
 
sugarfreelessCommented:
We each beleive it's possible to circumvent the solutions.
The only differences are my solution is quicker and harder to circumvent for savvy users (providing the OS has a limited user account).

With that I'm leaving it to the thread owner.
Best of luck to you.
0
 
MightySWCommented:
I agree with both of you, but some routers will not even allow this type of block.  Most wireless and broadband routers have this capability, but if this is a high end Cisco router then I don't see this in the config.  If this is a layer 3 switch then it is entirely possible.  I am sure that you see the difference between the elegance of a hardware versus a software solution, however I do believe in this case it is much easier to simply point the proxy settings in IE to the local host and then lock the settings down or remove their admin privelages.  If we are speaking of a user that is being removed of all internet access then I seriously doubt that they have admin access to their local machine.  If they do then they of course would be able to bypass this on the user level.

Also, I am sure that you know that a router does not deal with ARP.  It will let the switch do that.  Again, if this is JUST a router then your solution will not work.  Switches deal with the ARP (MAC addresses and LLC) and the router routes the applicable IP packets (Or whatever protocol is being routed).

From a security standpoint, the idea of someone spoofing their IP address is entirely plausible, hence this should be taken under advisement.  Administrative control will most likely not be circumvented unless the user knows the local administrator password.  This should be strong to implement a hardware solution.

HTH
0
 
Donald StewartNetwork AdministratorCommented:
Which basically leads back to my first comment :-)
0
 
MightySWCommented:
indeed.
0
 
cdubbciscoAuthor Commented:
How  could I set the proxy to 127.0.0.1?
thanks
0
 
sugarfreelessCommented:
My solution is easly accomplished on a linksys router.
0
 
Donald StewartNetwork AdministratorCommented:
Tools>>>internet options>>>connections>>>lan settings>>>proxy server
0
 
sugarfreelessCommented:
Sorry cdubbcisco I didn't see your comment before posting mine.
0
 
MightySWCommented:
Yes, on a Broadband router this is the way to go or a layer 3 switch.  In this case I would go with the proxy setting
0
 
Donald StewartNetwork AdministratorCommented:
you should also set under GPEDIT.msc>>>User Config>>>Admin Templates>>>Windows Components>>>Internet Explorer>>>Disable Changing Proxy Settings=ENABLED
0
 
cdubbciscoAuthor Commented:
I see how to get to this location
Tools>>>internet options>>>connections>>>lan settings>>>proxy server
should i enable that and put an erroneous ip address in here?
I am guessing if i put an address in that will break the access to internet explorer accessing the internet
what is a proxy server?
thanks
0
 
Donald StewartNetwork AdministratorCommented:
Yes, enable it and you would put the erroneous ip address there.
0
 
Donald StewartNetwork AdministratorCommented:
0
 
MightySWConnect With a Mentor Commented:
127.0.0.1 would just point it back to itself (localhost). If you have a 192.168.x.x network then I wouldn't use a 192.168.x.x address simply because something could go wrong and then the person would never say anything.  Use the localhost address or something like 1.1.1.1.  If you have websites that you need them to access then you can place a check mark on the bottom and enter the exceptions on the same page.  It will then bypass 127.0.0.1.  Be careful when you use exceptions.  If you enter http://www.yahoo.com it will open up exceptions for ALL of http so just enter something like www.yahoo.com.  This is just an example of course.
0
 
MCSA2003Commented:
How about just removing the default gateway on the computer(s) in question? Also, if they are not a member of the local admin group, they would not be able to adjust the properties of the network properties to re-add it.
0
 
Donald StewartNetwork AdministratorCommented:
How about just removing  the ethernet/patch cable??





0
 
MCSA2003Commented:
This would be the perfect solution, unless they have a need for file sharing or accessing network shares, in which a gateway is not required for.
0
 
Donald StewartNetwork AdministratorCommented:
Last 4 comments are most likely moot anyway, as author had already inquired about how to configure the false proxy.


: ^ D
0
 
MCSA2003Commented:
Well at minimum I should get an assist. I agree that the proxy trick will work, the method I mention is, in my opinion, easier and requires the least amount of administrative overhead. I will just sit back and watch the results. May the best poster win. :)
0
 
Donald StewartNetwork AdministratorCommented:
"Well at minimum I should get an assist. I agree that the proxy trick will work, the method I mention is, in my opinion, easier and requires the least amount of administrative overhead. I will just sit back and watch the results. May the best poster win. :)"


LMAO

This aint no contest, and you dont have any established rep.
0
 
DTAHARLEVCommented:
tools / internet options / connections / lan settings / proxy
0
 
MightySWCommented:
This was said multiple times.  

The Author knows how to get there.  This is just an unclosed question.

Thanks for posting.

Please close this question.
0
All Courses

From novice to tech pro — start learning today.