We help IT Professionals succeed at work.

How can i prevent a computer from accessing the internet

cdubbcisco
cdubbcisco asked
on
481 Views
Last Modified: 2013-12-08
I have 2 questions
HOw can i prevent someone from accessing the internet through a web browser(I.E)
or can i lock it down by user access
these computers are not part of a domain
just workgroup
i believe they are win xp
Comment
Watch Question

Network Administrator
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
DonNetwork Administrator
CERTIFIED EXPERT

Commented:
you could also configure the router to deny that mac address access.
DonNetwork Administrator
CERTIFIED EXPERT

Commented:
sure a small percentage of employee's try to circumvent lock down measures, but those statistics are typically taken from large corporations.  Since these systems are not part of a domain I'm guessing not many hackers work there.

I should point out it's only possible to spoof a mac address with admin privs.  Also a quick search on google to bypass steadystate gives any user a quick way to do so.  ;)

If you are looking for a pretty solid solution in which the user does not have access to change or circumvent settings its on the router.
DonNetwork Administrator
CERTIFIED EXPERT

Commented:
"Also a quick search on google to bypass steadystate gives any user a quick way to do so.  ;)"
 
 
HMMMMM......dont seem to be finding anything for that......strange
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
DonNetwork Administrator
CERTIFIED EXPERT

Commented:
User configuration|Administrative Templates|Windows Components|Windows Explorer|Disable Windows Explorer's default context menu - in group policy
DonNetwork Administrator
CERTIFIED EXPERT

Commented:
or local policy in this case ^
I would prefer the quick 60 second configuration of the router versus software installations and local policy changes.  But what ever works for cdubbcisco is fine with me.
DonNetwork Administrator
CERTIFIED EXPERT

Commented:
By the way, that circumvention doesnt work(even with right click still available)
We each beleive it's possible to circumvent the solutions.
The only differences are my solution is quicker and harder to circumvent for savvy users (providing the OS has a limited user account).

With that I'm leaving it to the thread owner.
Best of luck to you.

Commented:
I agree with both of you, but some routers will not even allow this type of block.  Most wireless and broadband routers have this capability, but if this is a high end Cisco router then I don't see this in the config.  If this is a layer 3 switch then it is entirely possible.  I am sure that you see the difference between the elegance of a hardware versus a software solution, however I do believe in this case it is much easier to simply point the proxy settings in IE to the local host and then lock the settings down or remove their admin privelages.  If we are speaking of a user that is being removed of all internet access then I seriously doubt that they have admin access to their local machine.  If they do then they of course would be able to bypass this on the user level.

Also, I am sure that you know that a router does not deal with ARP.  It will let the switch do that.  Again, if this is JUST a router then your solution will not work.  Switches deal with the ARP (MAC addresses and LLC) and the router routes the applicable IP packets (Or whatever protocol is being routed).

From a security standpoint, the idea of someone spoofing their IP address is entirely plausible, hence this should be taken under advisement.  Administrative control will most likely not be circumvented unless the user knows the local administrator password.  This should be strong to implement a hardware solution.

HTH
DonNetwork Administrator
CERTIFIED EXPERT

Commented:
Which basically leads back to my first comment :-)

Commented:
indeed.

Author

Commented:
How  could I set the proxy to 127.0.0.1?
thanks
My solution is easly accomplished on a linksys router.
DonNetwork Administrator
CERTIFIED EXPERT

Commented:
Tools>>>internet options>>>connections>>>lan settings>>>proxy server
Sorry cdubbcisco I didn't see your comment before posting mine.

Commented:
Yes, on a Broadband router this is the way to go or a layer 3 switch.  In this case I would go with the proxy setting
DonNetwork Administrator
CERTIFIED EXPERT

Commented:
you should also set under GPEDIT.msc>>>User Config>>>Admin Templates>>>Windows Components>>>Internet Explorer>>>Disable Changing Proxy Settings=ENABLED

Author

Commented:
I see how to get to this location
Tools>>>internet options>>>connections>>>lan settings>>>proxy server
should i enable that and put an erroneous ip address in here?
I am guessing if i put an address in that will break the access to internet explorer accessing the internet
what is a proxy server?
thanks
DonNetwork Administrator
CERTIFIED EXPERT

Commented:
Yes, enable it and you would put the erroneous ip address there.
DonNetwork Administrator
CERTIFIED EXPERT

Commented:
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Commented:
How about just removing the default gateway on the computer(s) in question? Also, if they are not a member of the local admin group, they would not be able to adjust the properties of the network properties to re-add it.
DonNetwork Administrator
CERTIFIED EXPERT

Commented:
How about just removing  the ethernet/patch cable??





Commented:
This would be the perfect solution, unless they have a need for file sharing or accessing network shares, in which a gateway is not required for.
DonNetwork Administrator
CERTIFIED EXPERT

Commented:
Last 4 comments are most likely moot anyway, as author had already inquired about how to configure the false proxy.


: ^ D

Commented:
Well at minimum I should get an assist. I agree that the proxy trick will work, the method I mention is, in my opinion, easier and requires the least amount of administrative overhead. I will just sit back and watch the results. May the best poster win. :)
DonNetwork Administrator
CERTIFIED EXPERT

Commented:
"Well at minimum I should get an assist. I agree that the proxy trick will work, the method I mention is, in my opinion, easier and requires the least amount of administrative overhead. I will just sit back and watch the results. May the best poster win. :)"


LMAO

This aint no contest, and you dont have any established rep.
tools / internet options / connections / lan settings / proxy

Commented:
This was said multiple times.  

The Author knows how to get there.  This is just an unclosed question.

Thanks for posting.

Please close this question.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.