• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 469
  • Last Modified:

Completely disable internet access

Hi all,

I have a Vista Home Premium desktop system where UAC is disabled and I've been asked to completely disable internet access on it. (It has wireless and an ethernet connection)
Quick and simple solution is to take the aerial away from the wireless adapter and take away the cord for the ethernet.
That however will not work in this case.
They need to be able to enable or disable internet access easily. (Or as easily as possible, Think Mum and Dad use it, then an offending person uses it, but both groups need to have the access they need.)
So then there is the false proxy method as per http://mintywhite.com/tech/vista/disable-internet-access-in-windows-vistaxp/
Considering theres (currently) only 1 username setup on this machine that auto log's in that will not work as the offending person could use the same method to unlock it the parents do.

So heres my thinking (Unless UAC offers something I don't know, And to be honest I've not been a fan of UAC)
Create 2 accounts, one an admin for the parents, the second normal user for anyone else both password protected with obviously vastly different passwords.
Parents have admin access and ability to change the reg keys in the article, the second does not.
Parents have to get into the habit of running the proxy off reg script (Or create an "on logoff script" that will merge the proxy "enable" reg keys for all users)
Under vista home premium you can assign security to files/folders, so the reg files themselves can be locked down on that level.

Now to my question, is there a better FREE way via UAC or any other way you can think of?

Thanks for any insights,
  • 4
  • 4
2 Solutions
qz8dswAuthor Commented:
Sorry, Made one mistake.
"Parents have to get into the habit of running the proxy off reg script"
Should be
"Parents have to get into the habit of running the proxy on reg script"
Your thinking is ok, infact that is preferred..
Except UAC should be left enabled for activeX's etc.

Have you looked at Content Advisor within IE?

qz8dswAuthor Commented:
Hi debuggerau and thanks for replying.

I'll try to explain the layout abit better.
Offending kid with desktop also has an Xbox 360.
Xbox 360 because it costs for a wireless addon has been connected to the desktop using the ethernet port.
The desktops wireless connection is shared so the Xbox 360 can go on the internet and as a cause creating a couple of places they can play from depending on the games.
Unfortunately this has been abused.

So the parents concerned want to lock the sod down once and for all.

I had another thought after posting, My thought was what firewall are they running.
Windows standard firewall.
I'm not a fan of software blocks unless they are on an OS level but I do have to admit for free software Comodo does a VERY good job with this on a local machine level.
I'm however still considering my best way to go in this case is my original thinking. It's alot harder to over-ride the OS than it is to over-ride a 3rd party app in my thinking.

Managed Security Services Webinar - March 15

Selecting the right managed security services platform to grow your business can be a huge undertaking. Join WatchGuard and Frost & Sullivan in an upcoming webinar as we dive into the key elements of selecting a vendor platform and partnership to fuel a successful MSSP business.

qz8dswAuthor Commented:
Oh and considering the perants are not just talking about IE in itself I've not looked at the content advisor at all. (The offending kids could install firefox if they REALLY wanted to get on the net)

These kids we are talking about are what I would call OK on a computer, but I think the basic blocks using the hosts file and the such has already been used on them. So now I'm thinking up the level so they need to deal with actualy security. Hopefully they will give up and do their school work instead. LOL!
yea, so I was thinking of a script file (.vbs) with a command that stops the wired adapter.

yea, separate logins will alleviate most of those issues, even without UAC..
and they could always rightclick the network icon and pick disable..

(if they select the 'show icon in taskbar') in the adapter configuration..
qz8dswAuthor Commented:
Thanks for your help.
As ossposed to the false proxy I'm using a batch file using netsh interface set interface "Local Area Connection" Disable
and netsh interface set interface "Wireless Connection" Disable

Seems to work well and the user accounts can't enable it using the command or right click.
Since the wireless interface is a card inside the machine as opposed to USB the only way they could get it going as a non admin is to open the box, remove the card, power windows up so windows removes the wireless IF and then power it down, put the card back in, power it up.
Then it would in theory be a new IF for windows (I can't test it)
About the only thing I have left to test is the netsh interface set interface "Local Area Connection" Disable survives a reboot.
If it doesn't I have the false proxy up my sleeve. :)

Thanks for your thoughts and confirmation
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now