Solved

How can i prevent a computer from accessing the internet

Posted on 2009-05-06
34
386 Views
Last Modified: 2013-12-08
I have 2 questions
HOw can i prevent someone from accessing the internet through a web browser(I.E)
or can i lock it down by user access
these computers are not part of a domain
just workgroup
i believe they are win xp
0
Comment
Question by:cdubbcisco
  • 15
  • 7
  • 6
  • +3
34 Comments
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 300 total points
ID: 24317351
There are a couple ways, you could set the proxy to 127.0.0.1
 
or you could use Windows Steady State.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24317373
0
 
LVL 3

Expert Comment

by:sugarfreeless
ID: 24318057
you could also configure the router to deny that mac address access.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24318099
0
 
LVL 3

Expert Comment

by:sugarfreeless
ID: 24318240
sure a small percentage of employee's try to circumvent lock down measures, but those statistics are typically taken from large corporations.  Since these systems are not part of a domain I'm guessing not many hackers work there.

I should point out it's only possible to spoof a mac address with admin privs.  Also a quick search on google to bypass steadystate gives any user a quick way to do so.  ;)

If you are looking for a pretty solid solution in which the user does not have access to change or circumvent settings its on the router.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24318292
"Also a quick search on google to bypass steadystate gives any user a quick way to do so.  ;)"
 
 
HMMMMM......dont seem to be finding anything for that......strange
0
 
LVL 3

Assisted Solution

by:sugarfreeless
sugarfreeless earned 100 total points
ID: 24318360
keep searching...  social.microsoft.com

Here are the steps to circumvent SteadyState IE and explorer restrictions.

1. the user can still use right click in the browser.
2. the user can use control + n for a new window and has adressfield options. so he can access anything.
3. when you hit f3 the search field opens. by clicking files and folders youll have full access to the network and the local drive to delete and do anything.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24318391
User configuration|Administrative Templates|Windows Components|Windows Explorer|Disable Windows Explorer's default context menu - in group policy
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24318398
or local policy in this case ^
0
 
LVL 3

Expert Comment

by:sugarfreeless
ID: 24318417
I would prefer the quick 60 second configuration of the router versus software installations and local policy changes.  But what ever works for cdubbcisco is fine with me.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24318685
By the way, that circumvention doesnt work(even with right click still available)
0
 
LVL 3

Expert Comment

by:sugarfreeless
ID: 24318849
We each beleive it's possible to circumvent the solutions.
The only differences are my solution is quicker and harder to circumvent for savvy users (providing the OS has a limited user account).

With that I'm leaving it to the thread owner.
Best of luck to you.
0
 
LVL 20

Expert Comment

by:MightySW
ID: 24319024
I agree with both of you, but some routers will not even allow this type of block.  Most wireless and broadband routers have this capability, but if this is a high end Cisco router then I don't see this in the config.  If this is a layer 3 switch then it is entirely possible.  I am sure that you see the difference between the elegance of a hardware versus a software solution, however I do believe in this case it is much easier to simply point the proxy settings in IE to the local host and then lock the settings down or remove their admin privelages.  If we are speaking of a user that is being removed of all internet access then I seriously doubt that they have admin access to their local machine.  If they do then they of course would be able to bypass this on the user level.

Also, I am sure that you know that a router does not deal with ARP.  It will let the switch do that.  Again, if this is JUST a router then your solution will not work.  Switches deal with the ARP (MAC addresses and LLC) and the router routes the applicable IP packets (Or whatever protocol is being routed).

From a security standpoint, the idea of someone spoofing their IP address is entirely plausible, hence this should be taken under advisement.  Administrative control will most likely not be circumvented unless the user knows the local administrator password.  This should be strong to implement a hardware solution.

HTH
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24319082
Which basically leads back to my first comment :-)
0
 
LVL 20

Expert Comment

by:MightySW
ID: 24319094
indeed.
0
 

Author Comment

by:cdubbcisco
ID: 24319234
How  could I set the proxy to 127.0.0.1?
thanks
0
 
LVL 3

Expert Comment

by:sugarfreeless
ID: 24319268
My solution is easly accomplished on a linksys router.
0
Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24319282
Tools>>>internet options>>>connections>>>lan settings>>>proxy server
0
 
LVL 3

Expert Comment

by:sugarfreeless
ID: 24319298
Sorry cdubbcisco I didn't see your comment before posting mine.
0
 
LVL 20

Expert Comment

by:MightySW
ID: 24319359
Yes, on a Broadband router this is the way to go or a layer 3 switch.  In this case I would go with the proxy setting
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24319361
you should also set under GPEDIT.msc>>>User Config>>>Admin Templates>>>Windows Components>>>Internet Explorer>>>Disable Changing Proxy Settings=ENABLED
0
 

Author Comment

by:cdubbcisco
ID: 24319402
I see how to get to this location
Tools>>>internet options>>>connections>>>lan settings>>>proxy server
should i enable that and put an erroneous ip address in here?
I am guessing if i put an address in that will break the access to internet explorer accessing the internet
what is a proxy server?
thanks
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24319424
Yes, enable it and you would put the erroneous ip address there.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24319436
0
 
LVL 20

Assisted Solution

by:MightySW
MightySW earned 100 total points
ID: 24319679
127.0.0.1 would just point it back to itself (localhost). If you have a 192.168.x.x network then I wouldn't use a 192.168.x.x address simply because something could go wrong and then the person would never say anything.  Use the localhost address or something like 1.1.1.1.  If you have websites that you need them to access then you can place a check mark on the bottom and enter the exceptions on the same page.  It will then bypass 127.0.0.1.  Be careful when you use exceptions.  If you enter http://www.yahoo.com it will open up exceptions for ALL of http so just enter something like www.yahoo.com.  This is just an example of course.
0
 
LVL 14

Expert Comment

by:MCSA2003
ID: 24321995
How about just removing the default gateway on the computer(s) in question? Also, if they are not a member of the local admin group, they would not be able to adjust the properties of the network properties to re-add it.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24322024
How about just removing  the ethernet/patch cable??





0
 
LVL 14

Expert Comment

by:MCSA2003
ID: 24322112
This would be the perfect solution, unless they have a need for file sharing or accessing network shares, in which a gateway is not required for.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24322152
Last 4 comments are most likely moot anyway, as author had already inquired about how to configure the false proxy.


: ^ D
0
 
LVL 14

Expert Comment

by:MCSA2003
ID: 24322184
Well at minimum I should get an assist. I agree that the proxy trick will work, the method I mention is, in my opinion, easier and requires the least amount of administrative overhead. I will just sit back and watch the results. May the best poster win. :)
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24322458
"Well at minimum I should get an assist. I agree that the proxy trick will work, the method I mention is, in my opinion, easier and requires the least amount of administrative overhead. I will just sit back and watch the results. May the best poster win. :)"


LMAO

This aint no contest, and you dont have any established rep.
0
 
LVL 20

Expert Comment

by:MightySW
ID: 24327109
0
 
LVL 5

Expert Comment

by:DTAHARLEV
ID: 24344820
tools / internet options / connections / lan settings / proxy
0
 
LVL 20

Expert Comment

by:MightySW
ID: 24345099
This was said multiple times.  

The Author knows how to get there.  This is just an unclosed question.

Thanks for posting.

Please close this question.
0

Featured Post

Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

Join & Write a Comment

Recently Microsoft released a brand new function called CONCAT. It's supposed to replace its predecessor CONCATENATE. But how does it work? And what's new? In this article, we take a closer look at all of this - we even included an exercise file for…
This is an article about Leadership and accepting and adapting to new challenges. It focuses mostly on upgrading to Windows 10.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now