?
Solved

Completely disable internet access

Posted on 2009-06-29
8
Medium Priority
?
466 Views
Last Modified: 2013-12-04
Hi all,

I have a Vista Home Premium desktop system where UAC is disabled and I've been asked to completely disable internet access on it. (It has wireless and an ethernet connection)
Quick and simple solution is to take the aerial away from the wireless adapter and take away the cord for the ethernet.
That however will not work in this case.
They need to be able to enable or disable internet access easily. (Or as easily as possible, Think Mum and Dad use it, then an offending person uses it, but both groups need to have the access they need.)
So then there is the false proxy method as per http://mintywhite.com/tech/vista/disable-internet-access-in-windows-vistaxp/
Considering theres (currently) only 1 username setup on this machine that auto log's in that will not work as the offending person could use the same method to unlock it the parents do.

So heres my thinking (Unless UAC offers something I don't know, And to be honest I've not been a fan of UAC)
Create 2 accounts, one an admin for the parents, the second normal user for anyone else both password protected with obviously vastly different passwords.
Parents have admin access and ability to change the reg keys in the article, the second does not.
Parents have to get into the habit of running the proxy off reg script (Or create an "on logoff script" that will merge the proxy "enable" reg keys for all users)
Under vista home premium you can assign security to files/folders, so the reg files themselves can be locked down on that level.

Now to my question, is there a better FREE way via UAC or any other way you can think of?

Thanks for any insights,
Terry
0
Comment
Question by:qz8dsw
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 15

Author Comment

by:qz8dsw
ID: 24734229
Sorry, Made one mistake.
"Parents have to get into the habit of running the proxy off reg script"
Should be
"Parents have to get into the habit of running the proxy on reg script"
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 24734291
Your thinking is ok, infact that is preferred..
Except UAC should be left enabled for activeX's etc.
http://en.wikipedia.org/wiki/User_Account_Control

Have you looked at Content Advisor within IE?

0
 
LVL 15

Author Comment

by:qz8dsw
ID: 24734384
Hi debuggerau and thanks for replying.

I'll try to explain the layout abit better.
Offending kid with desktop also has an Xbox 360.
Xbox 360 because it costs for a wireless addon has been connected to the desktop using the ethernet port.
The desktops wireless connection is shared so the Xbox 360 can go on the internet and as a cause creating a couple of places they can play from depending on the games.
Unfortunately this has been abused.

So the parents concerned want to lock the sod down once and for all.

I had another thought after posting, My thought was what firewall are they running.
Windows standard firewall.
I'm not a fan of software blocks unless they are on an OS level but I do have to admit for free software Comodo does a VERY good job with this on a local machine level.
I'm however still considering my best way to go in this case is my original thinking. It's alot harder to over-ride the OS than it is to over-ride a 3rd party app in my thinking.

Cheers,
Terry
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 15

Author Comment

by:qz8dsw
ID: 24734428
Oh and considering the perants are not just talking about IE in itself I've not looked at the content advisor at all. (The offending kids could install firefox if they REALLY wanted to get on the net)

These kids we are talking about are what I would call OK on a computer, but I think the basic blocks using the hosts file and the such has already been used on them. So now I'm thinking up the level so they need to deal with actualy security. Hopefully they will give up and do their school work instead. LOL!
0
 
LVL 23

Accepted Solution

by:
debuggerau earned 2000 total points
ID: 24734452
yea, so I was thinking of a script file (.vbs) with a command that stops the wired adapter.

http://forum.sysinternals.com/forum_posts.asp?TID=9483
0
 
LVL 23

Assisted Solution

by:debuggerau
debuggerau earned 2000 total points
ID: 24734459
yea, separate logins will alleviate most of those issues, even without UAC..
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 24734461
and they could always rightclick the network icon and pick disable..

(if they select the 'show icon in taskbar') in the adapter configuration..
0
 
LVL 15

Author Closing Comment

by:qz8dsw
ID: 31599862
Thanks for your help.
As ossposed to the false proxy I'm using a batch file using netsh interface set interface "Local Area Connection" Disable
and netsh interface set interface "Wireless Connection" Disable

Seems to work well and the user accounts can't enable it using the command or right click.
Since the wireless interface is a card inside the machine as opposed to USB the only way they could get it going as a non admin is to open the box, remove the card, power windows up so windows removes the wireless IF and then power it down, put the card back in, power it up.
Then it would in theory be a new IF for windows (I can't test it)
About the only thing I have left to test is the netsh interface set interface "Local Area Connection" Disable survives a reboot.
If it doesn't I have the false proxy up my sleeve. :)

Thanks for your thoughts and confirmation
Cheers
Terry
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses
Course of the Month9 days, 11 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question