Solved

Completely disable internet access

Posted on 2009-06-29
8
458 Views
Last Modified: 2013-12-04
Hi all,

I have a Vista Home Premium desktop system where UAC is disabled and I've been asked to completely disable internet access on it. (It has wireless and an ethernet connection)
Quick and simple solution is to take the aerial away from the wireless adapter and take away the cord for the ethernet.
That however will not work in this case.
They need to be able to enable or disable internet access easily. (Or as easily as possible, Think Mum and Dad use it, then an offending person uses it, but both groups need to have the access they need.)
So then there is the false proxy method as per http://mintywhite.com/tech/vista/disable-internet-access-in-windows-vistaxp/
Considering theres (currently) only 1 username setup on this machine that auto log's in that will not work as the offending person could use the same method to unlock it the parents do.

So heres my thinking (Unless UAC offers something I don't know, And to be honest I've not been a fan of UAC)
Create 2 accounts, one an admin for the parents, the second normal user for anyone else both password protected with obviously vastly different passwords.
Parents have admin access and ability to change the reg keys in the article, the second does not.
Parents have to get into the habit of running the proxy off reg script (Or create an "on logoff script" that will merge the proxy "enable" reg keys for all users)
Under vista home premium you can assign security to files/folders, so the reg files themselves can be locked down on that level.

Now to my question, is there a better FREE way via UAC or any other way you can think of?

Thanks for any insights,
Terry
0
Comment
Question by:qz8dsw
  • 4
  • 4
8 Comments
 
LVL 15

Author Comment

by:qz8dsw
ID: 24734229
Sorry, Made one mistake.
"Parents have to get into the habit of running the proxy off reg script"
Should be
"Parents have to get into the habit of running the proxy on reg script"
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 24734291
Your thinking is ok, infact that is preferred..
Except UAC should be left enabled for activeX's etc.
http://en.wikipedia.org/wiki/User_Account_Control

Have you looked at Content Advisor within IE?

0
 
LVL 15

Author Comment

by:qz8dsw
ID: 24734384
Hi debuggerau and thanks for replying.

I'll try to explain the layout abit better.
Offending kid with desktop also has an Xbox 360.
Xbox 360 because it costs for a wireless addon has been connected to the desktop using the ethernet port.
The desktops wireless connection is shared so the Xbox 360 can go on the internet and as a cause creating a couple of places they can play from depending on the games.
Unfortunately this has been abused.

So the parents concerned want to lock the sod down once and for all.

I had another thought after posting, My thought was what firewall are they running.
Windows standard firewall.
I'm not a fan of software blocks unless they are on an OS level but I do have to admit for free software Comodo does a VERY good job with this on a local machine level.
I'm however still considering my best way to go in this case is my original thinking. It's alot harder to over-ride the OS than it is to over-ride a 3rd party app in my thinking.

Cheers,
Terry
0
 
LVL 15

Author Comment

by:qz8dsw
ID: 24734428
Oh and considering the perants are not just talking about IE in itself I've not looked at the content advisor at all. (The offending kids could install firefox if they REALLY wanted to get on the net)

These kids we are talking about are what I would call OK on a computer, but I think the basic blocks using the hosts file and the such has already been used on them. So now I'm thinking up the level so they need to deal with actualy security. Hopefully they will give up and do their school work instead. LOL!
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 23

Accepted Solution

by:
debuggerau earned 500 total points
ID: 24734452
yea, so I was thinking of a script file (.vbs) with a command that stops the wired adapter.

http://forum.sysinternals.com/forum_posts.asp?TID=9483
0
 
LVL 23

Assisted Solution

by:debuggerau
debuggerau earned 500 total points
ID: 24734459
yea, separate logins will alleviate most of those issues, even without UAC..
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 24734461
and they could always rightclick the network icon and pick disable..

(if they select the 'show icon in taskbar') in the adapter configuration..
0
 
LVL 15

Author Closing Comment

by:qz8dsw
ID: 31599862
Thanks for your help.
As ossposed to the false proxy I'm using a batch file using netsh interface set interface "Local Area Connection" Disable
and netsh interface set interface "Wireless Connection" Disable

Seems to work well and the user accounts can't enable it using the command or right click.
Since the wireless interface is a card inside the machine as opposed to USB the only way they could get it going as a non admin is to open the box, remove the card, power windows up so windows removes the wireless IF and then power it down, put the card back in, power it up.
Then it would in theory be a new IF for windows (I can't test it)
About the only thing I have left to test is the netsh interface set interface "Local Area Connection" Disable survives a reboot.
If it doesn't I have the false proxy up my sleeve. :)

Thanks for your thoughts and confirmation
Cheers
Terry
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now