Solved

auto disable internet for one user

Posted on 2009-07-07
32
850 Views
Last Modified: 2012-05-07
I am trying to create a setup that is optimized for a program which only works with an admin privileges.

After creating a new user account in Windows XP, I want to completely disconnected from the internet while logged in to only this user account.

Can you tell me how to completely shut down the connection short of unplugging the network cable?

Also, if I can do it in the registry so it will come up that way with that user account, it would be great!

the rest of the uses need to have a normal internet access when they are logged in. I do not want to disable and enable manually, I am after an automatic setup.

Thanks
0
Comment
Question by:samj
  • 19
  • 7
  • 4
  • +2
32 Comments
 
LVL 7

Expert Comment

by:lucifer82
Comment Utility
You can make a batch file which include

netsh interface set interface "Local Area Connection " DISABLE

assuming that your network cable is connected to "Local Area Connection" if it has 2 or 3 put the exact name in there.

Than place the file into

C:\Documents and Settings\[USER_NAME_HERE]\Start Menu\Programs\Startup

you can right click the file and go to properties, make sure that administrator has full privilege to the file and everyone has read only. Also if you hide it that user wouldn't be able to see that either.

Hope this helps.
0
 

Author Comment

by:samj
Comment Utility
the computer in question is behind a wireless router and it has a wireless connection to the router. can you please show the content of such a batch file?

thx
0
 
LVL 7

Expert Comment

by:lucifer82
Comment Utility
If it's a wireless connection the section that specify the network connection name would be.

netsh interface set interface "Wireless Network Connection " DISABLE

make sure you copy the line into a notepad and save the file as all files and put the name such as

autodisable.bat

and the rest of the instruction should be same.

If in case this script disables the wireless for every other user make a similar file in other users and change the script a little bit.

netsh interface set interface "Wireless Network Connection " ENABLE

0
 

Author Comment

by:samj
Comment Utility
I created the file as suggested and restarted the PC, it fired up the MS command window and I could see the command being printed on the command line and the command window closed. but the icon for the "Wireless Network Connection 6" is still alive and I am able to surf.
0
 
LVL 7

Expert Comment

by:lucifer82
Comment Utility
yes you need to change the code to

netsh interface set interface "Wireless Network Connection 6" DISABLE

basically the line of code above after interface you need to specify the exact name that it shows in your network connection area.
0
 

Author Comment

by:samj
Comment Utility
yes, I did that but failed to disable the connection after start up. I noticed that the line of code fires up before the icon show next to the clock so that means "I guess" the the code disables and then the OS enables it. but even though, it should get disabled when I fire it up by going Start > Programs > Startup > filename.bat
0
 
LVL 7

Expert Comment

by:lucifer82
Comment Utility
have you tried running the code in that user? make sure that it works?

you can run the code in the cmd

start -> run -> type cmd and hit enter

in the DOS prompt copy what you have in the script and right click paste, this way it'll use exactly what you have in the script.

0
 

Author Comment

by:samj
Comment Utility
here what I get
0
 

Author Comment

by:samj
Comment Utility
did the screen shot appear in my last post. well, here it is again.
untitled.JPG
0
 
LVL 1

Expert Comment

by:computerguy79
Comment Utility
if you do a /?  for netsh, you'll see there is no  [ interface set interface...] option. That's probably why its not working, unless there are different versions of it.
Anyhow, I would suggest doing the following for the desired user profile:
In IE (I am assuming your using. If not the concept is the same)...
goto: tools/internet options/
click on: Connections tab
click on: LAN settings   button (at bottom)
check the box next to: "use a proxy server for your LAN...."
and in the address file just use the loopback of the local host; i.e.:
put in 127.0.0.1 (keep it default to port 80)

Doing this will not affect other user profiles.. just the one you've configured it within.

(optional):
For added security, you could configure local group policies (start/run/gpedit.msc) to lock down IE access to these browser configuration settings.
0
 

Author Comment

by:samj
Comment Utility
>netsh
netsh>
netsh>/?
....
interface - Changes to the 'netsh nap' context.
...
0
 

Author Comment

by:samj
Comment Utility
locking down the browser(s) is not what I am after, I want to disconnect form the internet when this users in the Admin group is logged in.
0
 
LVL 1

Expert Comment

by:HaloShg
Comment Utility
Can't you release the IP address (ipconfig /release) when this user is logged on? That will disable the internet completely (nothing will be able to send or receive data since it doesn't have a valid IP)

So create a shortcut to ipconfig /release and put it in your startup folder.
0
 

Author Comment

by:samj
Comment Utility
HaloShg:
do you mean to create a batch file with the following line "ipconfig /release" with out the quotes?
if so.
what command will turn it back on?

thanks
0
 
LVL 10

Expert Comment

by:Wolfhere
Comment Utility
So you want to block port 80 traffic for this user, while still providing intranet services? Disabling the connection blocks access to the Intranet (vs internet). If you have a web filter appliance (such as Barracuda/hidden inline proxy), and a software hook to AD, you can block any user you want from internet access on port 80 (according to whatever group you have them assigned).

Create a GPO that resets the proxy setting in internet explorer, and assign to a group. Assign the user to the new group. Proxy setting goes to a fictitious ip. User Configuration>Windows Settings>Internet Explorer Maintenance>Connection>Proxy Settings. Remove other browsers (firefox/Opera...)

Without, you can set loopback for DNS for that user machine, and edit the hosts file for intranet locations needed. That does not solve the issue if that user if they log in elsewhere or if you as administrator needs to login and manage the machine. If they do not need resources on the LAN, disable the network connection.
0
 

Author Comment

by:samj
Comment Utility
ipconfig /release shuts down the internet for all users. ipconfig /renew does not turn it on for other users "limited account".

0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 1

Expert Comment

by:computerguy79
Comment Utility
"locking down the browser(s) is not what I am after, I want to disconnect form the internet when this users in the Admin group is logged in."
- the comment I added suggested locking down the browser as an addition security option not the solution. My suggestion was to redirect (default) port 80 traffic to the local host itself.
you can't use netsh to disable the NIC. Use the MS utility, DEVCON found here:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q311272
0
 

Author Comment

by:samj
Comment Utility
redirecting port 80 traffic to the local host will not prevent incoming traffic which is what I want to eliminate.
the idea is to prevent any incoming traffic "thus attacks" when this user in the admin group is logged in.


0
 

Author Comment

by:samj
Comment Utility
I was able to install DEVCON and run it.
what do I look for in order to find the "Wireless Network Connection 6" which I need to disable for a given user?
my Belkin Wireless adapter is plugged in the USB in the back of the laptop.


0
 
LVL 1

Expert Comment

by:computerguy79
Comment Utility
copy the devcon.exe to your c:\windows  directory
launch command prompt and run:
c:\devcon.exe -m:\\<your computers hostname> find pci\*
This will list all your PCI devices (unless other wise specificed, I'm going to assume your wireless NIC is a PCI)
Copy and paste the results and post. We'll go from there.
0
 

Author Comment

by:samj
Comment Utility
USB\ROOT_HUB\4&1BA09391&0                                   : USB Root Hub
USB\ROOT_HUB\4&230D24D2&0                                   : USB Root Hub
USB\ROOT_HUB\4&34790283&0                                   : USB Root Hub
USB\VID_050D&PID_905B\5&1FC15465&0&2                        : Belkin Wireless G Plus MIMO USB Network Adapter
USB\VID_15D9&PID_0A4D\5&1FC15465&0&1                        : USB Human Interface Device

it is the Belkin usb adaptor.
0
 

Author Comment

by:samj
Comment Utility
here is the pci in case;

PCI\VEN_1002&DEV_4C57&SUBSYS_05091014&REV_00\4&2EEAE0A0&0&0008: ATI MOBILITY RADEON 7500
PCI\VEN_1180&DEV_0476&SUBSYS_01851014&REV_80\4&139E449D&0&00F0: Ricoh R/RL/5C476(II) or Compatible CardBus Controller
PCI\VEN_1180&DEV_0476&SUBSYS_01851014&REV_80\4&139E449D&0&01F0: Ricoh R/RL/5C476(II) or Compatible CardBus Controller
PCI\VEN_1260&DEV_3873&SUBSYS_04061668&REV_01\4&139E449D&0&10F0: IBM High Rate Wireless LAN MiniPCI Combo Card
PCI\VEN_8086&DEV_1031&SUBSYS_02091014&REV_42\4&139E449D&0&40F0: Intel(R) PRO/100 VE Network Connection
PCI\VEN_8086&DEV_1A30&SUBSYS_00000000&REV_04\3&61AAA01&0&00 : Intel(R) 82845 Processor to I/O Controller - 1A30
PCI\VEN_8086&DEV_1A31&SUBSYS_00000000&REV_04\3&61AAA01&0&08 : Intel(R) 82845 Processor to AGP Controller - 1A31
PCI\VEN_8086&DEV_2448&SUBSYS_00000000&REV_42\3&61AAA01&0&F0 : Intel(R) 82801BAM/CAM PCI Bridge - 2448
PCI\VEN_8086&DEV_2482&SUBSYS_02201014&REV_02\3&61AAA01&0&E8 : Standard Universal PCI to USB Host Controller
PCI\VEN_8086&DEV_2483&SUBSYS_02201014&REV_02\3&61AAA01&0&FB : Intel(R) 82801CA/CAM SMBus Controller - 2483
PCI\VEN_8086&DEV_2484&SUBSYS_02201014&REV_02\3&61AAA01&0&E9 : Standard Universal PCI to USB Host Controller
PCI\VEN_8086&DEV_2485&SUBSYS_05081014&REV_02\3&61AAA01&0&FD : Intel(r) 82801CA/CAM AC'97 Audio Controller
PCI\VEN_8086&DEV_2486&SUBSYS_02271014&REV_02\3&61AAA01&0&FE : Lucent Technologies Soft Modem AMR
PCI\VEN_8086&DEV_2487&SUBSYS_02201014&REV_02\3&61AAA01&0&EA : Standard Universal PCI to USB Host Controller
PCI\VEN_8086&DEV_248A&SUBSYS_02201014&REV_02\3&61AAA01&0&F9 : Intel(r) 82801CAM Ultra ATA Storage Controller-248A
PCI\VEN_8086&DEV_248C&SUBSYS_00000000&REV_02\3&61AAA01&0&F8 : Intel(R) 82801CAM LPC Interface Controller - 248C

0
 
LVL 1

Accepted Solution

by:
computerguy79 earned 125 total points
Comment Utility
Apologies for the delay. so you would run:

devcon disable "USB\VID_050D&PID_905B"      [keep the parenthesis]

To re-enable it:

devcon enable "USB\VID_050D&PID_905B"
0
 
LVL 1

Expert Comment

by:computerguy79
Comment Utility
In reading the devcon pci\* results I see:
PCI\VEN_1260&DEV_3873&SUBSYS_04061668&REV_01\4&139E449D&0&10F0: IBM High Rate Wireless LAN MiniPCI Combo Card
which appears to be a bult-in wireless card of sorts.
Is the one you want to disable, this or the USB belkin one?
0
 

Author Comment

by:samj
Comment Utility
it is the USB Belkin that I need to control and not the built in card.
0
 

Author Comment

by:samj
Comment Utility
hummm. how do I end this question guys?
0
 
LVL 1

Expert Comment

by:computerguy79
Comment Utility
you need to advise the outcome of the suggestion above.
Did you, in fact, try it?
0
 

Author Comment

by:samj
Comment Utility
devcon disable "USB\VID_050D&PID_905B"
devcon enable "USB\VID_050D&PID_905B"

disables and enables are in the command output respectively.
however it does not get me back online once it it disabled till I turn off/on the PC.
even restart will not fix it, I have to actually turn off and on. the different I notices was a belkin screen comes on and off very quickly once windows finishes starting/initiating.
could it be a belkin related problem and another adapter "netgear" may not give me this problem?


0
 
LVL 1

Expert Comment

by:computerguy79
Comment Utility
While I don't understand your last post, your original inquiry states "Can you tell me how to completely shut down the connection short of unplugging the network cable? Also, if I can do it in the registry so it will come up that way with that user account, it would be great! the rest of the uses need to have a normal internet access when they are logged in. I do not want to disable and enable manually, I am after an automatic setup".
At this point I am lost as to what it is you are trying to accomplish.
 Please be more specific and descriptive of your goal.

 If you create one batch file with the line:
devcon disable "USB\VID_050D&PID_905B"  
and apply it the startup folder of the desired user account and another batch with line:
devcon enable "USB\VID_050D&PID_905B" to logoff of the local group policy (gpedit.msc/user config/windows settings/scripts/logoff) this should work.

0
 

Author Comment

by:samj
Comment Utility
Ok
I have 3 users on this system. 2 with admin accounts and one with out. user A and B are both admin and user C is a limited user.
user A and C need to get online, so in there Programs > StartUp, I have the batch file containing the enable code.
user B is prevented from getting online by using the disable code in his Programs > StartUp.

the problem I am having is:
when I start the PC, 2 things happen once the OS is loaded up, they happen at almost the same time or one after or before the other, I can not time it.

the code in the batch file  be it the enable or the diable, and the Belkin initialization screen which connected the wireless network connection.

both come up and disappear as soon as they finish what they are suppose to do.

if the batch code finishes before the Belkin, then its effects overrules and the user either gets enabled or disabled.
if Belkin finishes before the code enables then the user will not have a live connection, i.e. the batch have to finish before the Belkin starts its process.

if Belkin finished before the code disable, then the connection will get disabled any way.

how can I get Belkin to wait till the batch code finished what it is doing?
I tried to find if Belkin batch is in the StartUp menu but it is not.

the Belkin program which is firing up is called "Belkin wireless Client Utility"
0
 

Author Comment

by:samj
Comment Utility
"Belkin wireless Client Utility" and is located in Program Files\Belkin\F5D9050\Belkinwcui.exe
0
 

Author Closing Comment

by:samj
Comment Utility
it has taken a long time to get a working answer due to other problems with the system as stated in my last 2 posts.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Suggested Solutions

We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now