Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 427
  • Last Modified:

How can i prevent a computer from accessing the internet

I have 2 questions
HOw can i prevent someone from accessing the internet through a web browser(I.E)
or can i lock it down by user access
these computers are not part of a domain
just workgroup
i believe they are win xp
0
cdubbcisco
Asked:
cdubbcisco
  • 15
  • 7
  • 6
  • +3
3 Solutions
 
DonNetwork AdministratorCommented:
There are a couple ways, you could set the proxy to 127.0.0.1
 
or you could use Windows Steady State.
0
 
DonNetwork AdministratorCommented:
0
 
sugarfreelessCommented:
you could also configure the router to deny that mac address access.
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
sugarfreelessCommented:
sure a small percentage of employee's try to circumvent lock down measures, but those statistics are typically taken from large corporations.  Since these systems are not part of a domain I'm guessing not many hackers work there.

I should point out it's only possible to spoof a mac address with admin privs.  Also a quick search on google to bypass steadystate gives any user a quick way to do so.  ;)

If you are looking for a pretty solid solution in which the user does not have access to change or circumvent settings its on the router.
0
 
DonNetwork AdministratorCommented:
"Also a quick search on google to bypass steadystate gives any user a quick way to do so.  ;)"
 
 
HMMMMM......dont seem to be finding anything for that......strange
0
 
sugarfreelessCommented:
keep searching...  social.microsoft.com

Here are the steps to circumvent SteadyState IE and explorer restrictions.

1. the user can still use right click in the browser.
2. the user can use control + n for a new window and has adressfield options. so he can access anything.
3. when you hit f3 the search field opens. by clicking files and folders youll have full access to the network and the local drive to delete and do anything.
0
 
DonNetwork AdministratorCommented:
User configuration|Administrative Templates|Windows Components|Windows Explorer|Disable Windows Explorer's default context menu - in group policy
0
 
DonNetwork AdministratorCommented:
or local policy in this case ^
0
 
sugarfreelessCommented:
I would prefer the quick 60 second configuration of the router versus software installations and local policy changes.  But what ever works for cdubbcisco is fine with me.
0
 
DonNetwork AdministratorCommented:
By the way, that circumvention doesnt work(even with right click still available)
0
 
sugarfreelessCommented:
We each beleive it's possible to circumvent the solutions.
The only differences are my solution is quicker and harder to circumvent for savvy users (providing the OS has a limited user account).

With that I'm leaving it to the thread owner.
Best of luck to you.
0
 
MightySWCommented:
I agree with both of you, but some routers will not even allow this type of block.  Most wireless and broadband routers have this capability, but if this is a high end Cisco router then I don't see this in the config.  If this is a layer 3 switch then it is entirely possible.  I am sure that you see the difference between the elegance of a hardware versus a software solution, however I do believe in this case it is much easier to simply point the proxy settings in IE to the local host and then lock the settings down or remove their admin privelages.  If we are speaking of a user that is being removed of all internet access then I seriously doubt that they have admin access to their local machine.  If they do then they of course would be able to bypass this on the user level.

Also, I am sure that you know that a router does not deal with ARP.  It will let the switch do that.  Again, if this is JUST a router then your solution will not work.  Switches deal with the ARP (MAC addresses and LLC) and the router routes the applicable IP packets (Or whatever protocol is being routed).

From a security standpoint, the idea of someone spoofing their IP address is entirely plausible, hence this should be taken under advisement.  Administrative control will most likely not be circumvented unless the user knows the local administrator password.  This should be strong to implement a hardware solution.

HTH
0
 
DonNetwork AdministratorCommented:
Which basically leads back to my first comment :-)
0
 
MightySWCommented:
indeed.
0
 
cdubbciscoAuthor Commented:
How  could I set the proxy to 127.0.0.1?
thanks
0
 
sugarfreelessCommented:
My solution is easly accomplished on a linksys router.
0
 
DonNetwork AdministratorCommented:
Tools>>>internet options>>>connections>>>lan settings>>>proxy server
0
 
sugarfreelessCommented:
Sorry cdubbcisco I didn't see your comment before posting mine.
0
 
MightySWCommented:
Yes, on a Broadband router this is the way to go or a layer 3 switch.  In this case I would go with the proxy setting
0
 
DonNetwork AdministratorCommented:
you should also set under GPEDIT.msc>>>User Config>>>Admin Templates>>>Windows Components>>>Internet Explorer>>>Disable Changing Proxy Settings=ENABLED
0
 
cdubbciscoAuthor Commented:
I see how to get to this location
Tools>>>internet options>>>connections>>>lan settings>>>proxy server
should i enable that and put an erroneous ip address in here?
I am guessing if i put an address in that will break the access to internet explorer accessing the internet
what is a proxy server?
thanks
0
 
DonNetwork AdministratorCommented:
Yes, enable it and you would put the erroneous ip address there.
0
 
DonNetwork AdministratorCommented:
0
 
MightySWCommented:
127.0.0.1 would just point it back to itself (localhost). If you have a 192.168.x.x network then I wouldn't use a 192.168.x.x address simply because something could go wrong and then the person would never say anything.  Use the localhost address or something like 1.1.1.1.  If you have websites that you need them to access then you can place a check mark on the bottom and enter the exceptions on the same page.  It will then bypass 127.0.0.1.  Be careful when you use exceptions.  If you enter http://www.yahoo.com it will open up exceptions for ALL of http so just enter something like www.yahoo.com.  This is just an example of course.
0
 
MCSA2003Commented:
How about just removing the default gateway on the computer(s) in question? Also, if they are not a member of the local admin group, they would not be able to adjust the properties of the network properties to re-add it.
0
 
DonNetwork AdministratorCommented:
How about just removing  the ethernet/patch cable??





0
 
MCSA2003Commented:
This would be the perfect solution, unless they have a need for file sharing or accessing network shares, in which a gateway is not required for.
0
 
DonNetwork AdministratorCommented:
Last 4 comments are most likely moot anyway, as author had already inquired about how to configure the false proxy.


: ^ D
0
 
MCSA2003Commented:
Well at minimum I should get an assist. I agree that the proxy trick will work, the method I mention is, in my opinion, easier and requires the least amount of administrative overhead. I will just sit back and watch the results. May the best poster win. :)
0
 
DonNetwork AdministratorCommented:
"Well at minimum I should get an assist. I agree that the proxy trick will work, the method I mention is, in my opinion, easier and requires the least amount of administrative overhead. I will just sit back and watch the results. May the best poster win. :)"


LMAO

This aint no contest, and you dont have any established rep.
0
 
DTAHARLEVCommented:
tools / internet options / connections / lan settings / proxy
0
 
MightySWCommented:
This was said multiple times.  

The Author knows how to get there.  This is just an unclosed question.

Thanks for posting.

Please close this question.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 15
  • 7
  • 6
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now