Solved

Completely disable internet access

Posted on 2009-06-29
8
460 Views
Last Modified: 2013-12-04
Hi all,

I have a Vista Home Premium desktop system where UAC is disabled and I've been asked to completely disable internet access on it. (It has wireless and an ethernet connection)
Quick and simple solution is to take the aerial away from the wireless adapter and take away the cord for the ethernet.
That however will not work in this case.
They need to be able to enable or disable internet access easily. (Or as easily as possible, Think Mum and Dad use it, then an offending person uses it, but both groups need to have the access they need.)
So then there is the false proxy method as per http://mintywhite.com/tech/vista/disable-internet-access-in-windows-vistaxp/
Considering theres (currently) only 1 username setup on this machine that auto log's in that will not work as the offending person could use the same method to unlock it the parents do.

So heres my thinking (Unless UAC offers something I don't know, And to be honest I've not been a fan of UAC)
Create 2 accounts, one an admin for the parents, the second normal user for anyone else both password protected with obviously vastly different passwords.
Parents have admin access and ability to change the reg keys in the article, the second does not.
Parents have to get into the habit of running the proxy off reg script (Or create an "on logoff script" that will merge the proxy "enable" reg keys for all users)
Under vista home premium you can assign security to files/folders, so the reg files themselves can be locked down on that level.

Now to my question, is there a better FREE way via UAC or any other way you can think of?

Thanks for any insights,
Terry
0
Comment
Question by:qz8dsw
  • 4
  • 4
8 Comments
 
LVL 15

Author Comment

by:qz8dsw
ID: 24734229
Sorry, Made one mistake.
"Parents have to get into the habit of running the proxy off reg script"
Should be
"Parents have to get into the habit of running the proxy on reg script"
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 24734291
Your thinking is ok, infact that is preferred..
Except UAC should be left enabled for activeX's etc.
http://en.wikipedia.org/wiki/User_Account_Control

Have you looked at Content Advisor within IE?

0
 
LVL 15

Author Comment

by:qz8dsw
ID: 24734384
Hi debuggerau and thanks for replying.

I'll try to explain the layout abit better.
Offending kid with desktop also has an Xbox 360.
Xbox 360 because it costs for a wireless addon has been connected to the desktop using the ethernet port.
The desktops wireless connection is shared so the Xbox 360 can go on the internet and as a cause creating a couple of places they can play from depending on the games.
Unfortunately this has been abused.

So the parents concerned want to lock the sod down once and for all.

I had another thought after posting, My thought was what firewall are they running.
Windows standard firewall.
I'm not a fan of software blocks unless they are on an OS level but I do have to admit for free software Comodo does a VERY good job with this on a local machine level.
I'm however still considering my best way to go in this case is my original thinking. It's alot harder to over-ride the OS than it is to over-ride a 3rd party app in my thinking.

Cheers,
Terry
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 15

Author Comment

by:qz8dsw
ID: 24734428
Oh and considering the perants are not just talking about IE in itself I've not looked at the content advisor at all. (The offending kids could install firefox if they REALLY wanted to get on the net)

These kids we are talking about are what I would call OK on a computer, but I think the basic blocks using the hosts file and the such has already been used on them. So now I'm thinking up the level so they need to deal with actualy security. Hopefully they will give up and do their school work instead. LOL!
0
 
LVL 23

Accepted Solution

by:
debuggerau earned 500 total points
ID: 24734452
yea, so I was thinking of a script file (.vbs) with a command that stops the wired adapter.

http://forum.sysinternals.com/forum_posts.asp?TID=9483
0
 
LVL 23

Assisted Solution

by:debuggerau
debuggerau earned 500 total points
ID: 24734459
yea, separate logins will alleviate most of those issues, even without UAC..
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 24734461
and they could always rightclick the network icon and pick disable..

(if they select the 'show icon in taskbar') in the adapter configuration..
0
 
LVL 15

Author Closing Comment

by:qz8dsw
ID: 31599862
Thanks for your help.
As ossposed to the false proxy I'm using a batch file using netsh interface set interface "Local Area Connection" Disable
and netsh interface set interface "Wireless Connection" Disable

Seems to work well and the user accounts can't enable it using the command or right click.
Since the wireless interface is a card inside the machine as opposed to USB the only way they could get it going as a non admin is to open the box, remove the card, power windows up so windows removes the wireless IF and then power it down, put the card back in, power it up.
Then it would in theory be a new IF for windows (I can't test it)
About the only thing I have left to test is the netsh interface set interface "Local Area Connection" Disable survives a reboot.
If it doesn't I have the false proxy up my sleeve. :)

Thanks for your thoughts and confirmation
Cheers
Terry
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
OfficeMate Freezes on login or does not load after login credentials are input.
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question