Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

auto disable internet for one user

Posted on 2009-07-07
32
Medium Priority
?
862 Views
Last Modified: 2012-05-07
I am trying to create a setup that is optimized for a program which only works with an admin privileges.

After creating a new user account in Windows XP, I want to completely disconnected from the internet while logged in to only this user account.

Can you tell me how to completely shut down the connection short of unplugging the network cable?

Also, if I can do it in the registry so it will come up that way with that user account, it would be great!

the rest of the uses need to have a normal internet access when they are logged in. I do not want to disable and enable manually, I am after an automatic setup.

Thanks
0
Comment
Question by:samj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 19
  • 7
  • 4
  • +2
32 Comments
 
LVL 7

Expert Comment

by:lucifer82
ID: 24799537
You can make a batch file which include

netsh interface set interface "Local Area Connection " DISABLE

assuming that your network cable is connected to "Local Area Connection" if it has 2 or 3 put the exact name in there.

Than place the file into

C:\Documents and Settings\[USER_NAME_HERE]\Start Menu\Programs\Startup

you can right click the file and go to properties, make sure that administrator has full privilege to the file and everyone has read only. Also if you hide it that user wouldn't be able to see that either.

Hope this helps.
0
 

Author Comment

by:samj
ID: 24799571
the computer in question is behind a wireless router and it has a wireless connection to the router. can you please show the content of such a batch file?

thx
0
 
LVL 7

Expert Comment

by:lucifer82
ID: 24799593
If it's a wireless connection the section that specify the network connection name would be.

netsh interface set interface "Wireless Network Connection " DISABLE

make sure you copy the line into a notepad and save the file as all files and put the name such as

autodisable.bat

and the rest of the instruction should be same.

If in case this script disables the wireless for every other user make a similar file in other users and change the script a little bit.

netsh interface set interface "Wireless Network Connection " ENABLE

0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:samj
ID: 24800720
I created the file as suggested and restarted the PC, it fired up the MS command window and I could see the command being printed on the command line and the command window closed. but the icon for the "Wireless Network Connection 6" is still alive and I am able to surf.
0
 
LVL 7

Expert Comment

by:lucifer82
ID: 24800829
yes you need to change the code to

netsh interface set interface "Wireless Network Connection 6" DISABLE

basically the line of code above after interface you need to specify the exact name that it shows in your network connection area.
0
 

Author Comment

by:samj
ID: 24800958
yes, I did that but failed to disable the connection after start up. I noticed that the line of code fires up before the icon show next to the clock so that means "I guess" the the code disables and then the OS enables it. but even though, it should get disabled when I fire it up by going Start > Programs > Startup > filename.bat
0
 
LVL 7

Expert Comment

by:lucifer82
ID: 24801012
have you tried running the code in that user? make sure that it works?

you can run the code in the cmd

start -> run -> type cmd and hit enter

in the DOS prompt copy what you have in the script and right click paste, this way it'll use exactly what you have in the script.

0
 

Author Comment

by:samj
ID: 24801291
here what I get
0
 

Author Comment

by:samj
ID: 24801309
did the screen shot appear in my last post. well, here it is again.
untitled.JPG
0
 
LVL 1

Expert Comment

by:computerguy79
ID: 24804658
if you do a /?  for netsh, you'll see there is no  [ interface set interface...] option. That's probably why its not working, unless there are different versions of it.
Anyhow, I would suggest doing the following for the desired user profile:
In IE (I am assuming your using. If not the concept is the same)...
goto: tools/internet options/
click on: Connections tab
click on: LAN settings   button (at bottom)
check the box next to: "use a proxy server for your LAN...."
and in the address file just use the loopback of the local host; i.e.:
put in 127.0.0.1 (keep it default to port 80)

Doing this will not affect other user profiles.. just the one you've configured it within.

(optional):
For added security, you could configure local group policies (start/run/gpedit.msc) to lock down IE access to these browser configuration settings.
0
 

Author Comment

by:samj
ID: 24806942
>netsh
netsh>
netsh>/?
....
interface - Changes to the 'netsh nap' context.
...
0
 

Author Comment

by:samj
ID: 24807010
locking down the browser(s) is not what I am after, I want to disconnect form the internet when this users in the Admin group is logged in.
0
 
LVL 1

Expert Comment

by:HaloShg
ID: 24807114
Can't you release the IP address (ipconfig /release) when this user is logged on? That will disable the internet completely (nothing will be able to send or receive data since it doesn't have a valid IP)

So create a shortcut to ipconfig /release and put it in your startup folder.
0
 

Author Comment

by:samj
ID: 24807254
HaloShg:
do you mean to create a batch file with the following line "ipconfig /release" with out the quotes?
if so.
what command will turn it back on?

thanks
0
 
LVL 10

Expert Comment

by:Wolfhere
ID: 24807457
So you want to block port 80 traffic for this user, while still providing intranet services? Disabling the connection blocks access to the Intranet (vs internet). If you have a web filter appliance (such as Barracuda/hidden inline proxy), and a software hook to AD, you can block any user you want from internet access on port 80 (according to whatever group you have them assigned).

Create a GPO that resets the proxy setting in internet explorer, and assign to a group. Assign the user to the new group. Proxy setting goes to a fictitious ip. User Configuration>Windows Settings>Internet Explorer Maintenance>Connection>Proxy Settings. Remove other browsers (firefox/Opera...)

Without, you can set loopback for DNS for that user machine, and edit the hosts file for intranet locations needed. That does not solve the issue if that user if they log in elsewhere or if you as administrator needs to login and manage the machine. If they do not need resources on the LAN, disable the network connection.
0
 

Author Comment

by:samj
ID: 24808568
ipconfig /release shuts down the internet for all users. ipconfig /renew does not turn it on for other users "limited account".

0
 
LVL 1

Expert Comment

by:computerguy79
ID: 24816712
"locking down the browser(s) is not what I am after, I want to disconnect form the internet when this users in the Admin group is logged in."
- the comment I added suggested locking down the browser as an addition security option not the solution. My suggestion was to redirect (default) port 80 traffic to the local host itself.
you can't use netsh to disable the NIC. Use the MS utility, DEVCON found here:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q311272
0
 

Author Comment

by:samj
ID: 24818713
redirecting port 80 traffic to the local host will not prevent incoming traffic which is what I want to eliminate.
the idea is to prevent any incoming traffic "thus attacks" when this user in the admin group is logged in.


0
 

Author Comment

by:samj
ID: 24828234
I was able to install DEVCON and run it.
what do I look for in order to find the "Wireless Network Connection 6" which I need to disable for a given user?
my Belkin Wireless adapter is plugged in the USB in the back of the laptop.


0
 
LVL 1

Expert Comment

by:computerguy79
ID: 24845653
copy the devcon.exe to your c:\windows  directory
launch command prompt and run:
c:\devcon.exe -m:\\<your computers hostname> find pci\*
This will list all your PCI devices (unless other wise specificed, I'm going to assume your wireless NIC is a PCI)
Copy and paste the results and post. We'll go from there.
0
 

Author Comment

by:samj
ID: 24846790
USB\ROOT_HUB\4&1BA09391&0                                   : USB Root Hub
USB\ROOT_HUB\4&230D24D2&0                                   : USB Root Hub
USB\ROOT_HUB\4&34790283&0                                   : USB Root Hub
USB\VID_050D&PID_905B\5&1FC15465&0&2                        : Belkin Wireless G Plus MIMO USB Network Adapter
USB\VID_15D9&PID_0A4D\5&1FC15465&0&1                        : USB Human Interface Device

it is the Belkin usb adaptor.
0
 

Author Comment

by:samj
ID: 24874196
here is the pci in case;

PCI\VEN_1002&DEV_4C57&SUBSYS_05091014&REV_00\4&2EEAE0A0&0&0008: ATI MOBILITY RADEON 7500
PCI\VEN_1180&DEV_0476&SUBSYS_01851014&REV_80\4&139E449D&0&00F0: Ricoh R/RL/5C476(II) or Compatible CardBus Controller
PCI\VEN_1180&DEV_0476&SUBSYS_01851014&REV_80\4&139E449D&0&01F0: Ricoh R/RL/5C476(II) or Compatible CardBus Controller
PCI\VEN_1260&DEV_3873&SUBSYS_04061668&REV_01\4&139E449D&0&10F0: IBM High Rate Wireless LAN MiniPCI Combo Card
PCI\VEN_8086&DEV_1031&SUBSYS_02091014&REV_42\4&139E449D&0&40F0: Intel(R) PRO/100 VE Network Connection
PCI\VEN_8086&DEV_1A30&SUBSYS_00000000&REV_04\3&61AAA01&0&00 : Intel(R) 82845 Processor to I/O Controller - 1A30
PCI\VEN_8086&DEV_1A31&SUBSYS_00000000&REV_04\3&61AAA01&0&08 : Intel(R) 82845 Processor to AGP Controller - 1A31
PCI\VEN_8086&DEV_2448&SUBSYS_00000000&REV_42\3&61AAA01&0&F0 : Intel(R) 82801BAM/CAM PCI Bridge - 2448
PCI\VEN_8086&DEV_2482&SUBSYS_02201014&REV_02\3&61AAA01&0&E8 : Standard Universal PCI to USB Host Controller
PCI\VEN_8086&DEV_2483&SUBSYS_02201014&REV_02\3&61AAA01&0&FB : Intel(R) 82801CA/CAM SMBus Controller - 2483
PCI\VEN_8086&DEV_2484&SUBSYS_02201014&REV_02\3&61AAA01&0&E9 : Standard Universal PCI to USB Host Controller
PCI\VEN_8086&DEV_2485&SUBSYS_05081014&REV_02\3&61AAA01&0&FD : Intel(r) 82801CA/CAM AC'97 Audio Controller
PCI\VEN_8086&DEV_2486&SUBSYS_02271014&REV_02\3&61AAA01&0&FE : Lucent Technologies Soft Modem AMR
PCI\VEN_8086&DEV_2487&SUBSYS_02201014&REV_02\3&61AAA01&0&EA : Standard Universal PCI to USB Host Controller
PCI\VEN_8086&DEV_248A&SUBSYS_02201014&REV_02\3&61AAA01&0&F9 : Intel(r) 82801CAM Ultra ATA Storage Controller-248A
PCI\VEN_8086&DEV_248C&SUBSYS_00000000&REV_02\3&61AAA01&0&F8 : Intel(R) 82801CAM LPC Interface Controller - 248C

0
 
LVL 1

Accepted Solution

by:
computerguy79 earned 375 total points
ID: 24896898
Apologies for the delay. so you would run:

devcon disable "USB\VID_050D&PID_905B"      [keep the parenthesis]

To re-enable it:

devcon enable "USB\VID_050D&PID_905B"
0
 
LVL 1

Expert Comment

by:computerguy79
ID: 24896932
In reading the devcon pci\* results I see:
PCI\VEN_1260&DEV_3873&SUBSYS_04061668&REV_01\4&139E449D&0&10F0: IBM High Rate Wireless LAN MiniPCI Combo Card
which appears to be a bult-in wireless card of sorts.
Is the one you want to disable, this or the USB belkin one?
0
 

Author Comment

by:samj
ID: 24899325
it is the USB Belkin that I need to control and not the built in card.
0
 

Author Comment

by:samj
ID: 24944321
hummm. how do I end this question guys?
0
 
LVL 1

Expert Comment

by:computerguy79
ID: 25018763
you need to advise the outcome of the suggestion above.
Did you, in fact, try it?
0
 

Author Comment

by:samj
ID: 25019227
devcon disable "USB\VID_050D&PID_905B"
devcon enable "USB\VID_050D&PID_905B"

disables and enables are in the command output respectively.
however it does not get me back online once it it disabled till I turn off/on the PC.
even restart will not fix it, I have to actually turn off and on. the different I notices was a belkin screen comes on and off very quickly once windows finishes starting/initiating.
could it be a belkin related problem and another adapter "netgear" may not give me this problem?


0
 
LVL 1

Expert Comment

by:computerguy79
ID: 25029297
While I don't understand your last post, your original inquiry states "Can you tell me how to completely shut down the connection short of unplugging the network cable? Also, if I can do it in the registry so it will come up that way with that user account, it would be great! the rest of the uses need to have a normal internet access when they are logged in. I do not want to disable and enable manually, I am after an automatic setup".
At this point I am lost as to what it is you are trying to accomplish.
 Please be more specific and descriptive of your goal.

 If you create one batch file with the line:
devcon disable "USB\VID_050D&PID_905B"  
and apply it the startup folder of the desired user account and another batch with line:
devcon enable "USB\VID_050D&PID_905B" to logoff of the local group policy (gpedit.msc/user config/windows settings/scripts/logoff) this should work.

0
 

Author Comment

by:samj
ID: 25029661
Ok
I have 3 users on this system. 2 with admin accounts and one with out. user A and B are both admin and user C is a limited user.
user A and C need to get online, so in there Programs > StartUp, I have the batch file containing the enable code.
user B is prevented from getting online by using the disable code in his Programs > StartUp.

the problem I am having is:
when I start the PC, 2 things happen once the OS is loaded up, they happen at almost the same time or one after or before the other, I can not time it.

the code in the batch file  be it the enable or the diable, and the Belkin initialization screen which connected the wireless network connection.

both come up and disappear as soon as they finish what they are suppose to do.

if the batch code finishes before the Belkin, then its effects overrules and the user either gets enabled or disabled.
if Belkin finishes before the code enables then the user will not have a live connection, i.e. the batch have to finish before the Belkin starts its process.

if Belkin finished before the code disable, then the connection will get disabled any way.

how can I get Belkin to wait till the batch code finished what it is doing?
I tried to find if Belkin batch is in the StartUp menu but it is not.

the Belkin program which is firing up is called "Belkin wireless Client Utility"
0
 

Author Comment

by:samj
ID: 25029668
"Belkin wireless Client Utility" and is located in Program Files\Belkin\F5D9050\Belkinwcui.exe
0
 

Author Closing Comment

by:samj
ID: 31600888
it has taken a long time to get a working answer due to other problems with the system as stated in my last 2 posts.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question