auto disable internet for one user

I am trying to create a setup that is optimized for a program which only works with an admin privileges.

After creating a new user account in Windows XP, I want to completely disconnected from the internet while logged in to only this user account.

Can you tell me how to completely shut down the connection short of unplugging the network cable?

Also, if I can do it in the registry so it will come up that way with that user account, it would be great!

the rest of the uses need to have a normal internet access when they are logged in. I do not want to disable and enable manually, I am after an automatic setup.

Thanks
samjAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
computerguy79Connect With a Mentor Commented:
Apologies for the delay. so you would run:

devcon disable "USB\VID_050D&PID_905B"      [keep the parenthesis]

To re-enable it:

devcon enable "USB\VID_050D&PID_905B"
0
 
lucifer82Commented:
You can make a batch file which include

netsh interface set interface "Local Area Connection " DISABLE

assuming that your network cable is connected to "Local Area Connection" if it has 2 or 3 put the exact name in there.

Than place the file into

C:\Documents and Settings\[USER_NAME_HERE]\Start Menu\Programs\Startup

you can right click the file and go to properties, make sure that administrator has full privilege to the file and everyone has read only. Also if you hide it that user wouldn't be able to see that either.

Hope this helps.
0
 
samjAuthor Commented:
the computer in question is behind a wireless router and it has a wireless connection to the router. can you please show the content of such a batch file?

thx
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
lucifer82Commented:
If it's a wireless connection the section that specify the network connection name would be.

netsh interface set interface "Wireless Network Connection " DISABLE

make sure you copy the line into a notepad and save the file as all files and put the name such as

autodisable.bat

and the rest of the instruction should be same.

If in case this script disables the wireless for every other user make a similar file in other users and change the script a little bit.

netsh interface set interface "Wireless Network Connection " ENABLE

0
 
samjAuthor Commented:
I created the file as suggested and restarted the PC, it fired up the MS command window and I could see the command being printed on the command line and the command window closed. but the icon for the "Wireless Network Connection 6" is still alive and I am able to surf.
0
 
lucifer82Commented:
yes you need to change the code to

netsh interface set interface "Wireless Network Connection 6" DISABLE

basically the line of code above after interface you need to specify the exact name that it shows in your network connection area.
0
 
samjAuthor Commented:
yes, I did that but failed to disable the connection after start up. I noticed that the line of code fires up before the icon show next to the clock so that means "I guess" the the code disables and then the OS enables it. but even though, it should get disabled when I fire it up by going Start > Programs > Startup > filename.bat
0
 
lucifer82Commented:
have you tried running the code in that user? make sure that it works?

you can run the code in the cmd

start -> run -> type cmd and hit enter

in the DOS prompt copy what you have in the script and right click paste, this way it'll use exactly what you have in the script.

0
 
samjAuthor Commented:
here what I get
0
 
samjAuthor Commented:
did the screen shot appear in my last post. well, here it is again.
untitled.JPG
0
 
computerguy79Commented:
if you do a /?  for netsh, you'll see there is no  [ interface set interface...] option. That's probably why its not working, unless there are different versions of it.
Anyhow, I would suggest doing the following for the desired user profile:
In IE (I am assuming your using. If not the concept is the same)...
goto: tools/internet options/
click on: Connections tab
click on: LAN settings   button (at bottom)
check the box next to: "use a proxy server for your LAN...."
and in the address file just use the loopback of the local host; i.e.:
put in 127.0.0.1 (keep it default to port 80)

Doing this will not affect other user profiles.. just the one you've configured it within.

(optional):
For added security, you could configure local group policies (start/run/gpedit.msc) to lock down IE access to these browser configuration settings.
0
 
samjAuthor Commented:
>netsh
netsh>
netsh>/?
....
interface - Changes to the 'netsh nap' context.
...
0
 
samjAuthor Commented:
locking down the browser(s) is not what I am after, I want to disconnect form the internet when this users in the Admin group is logged in.
0
 
HaloShgCommented:
Can't you release the IP address (ipconfig /release) when this user is logged on? That will disable the internet completely (nothing will be able to send or receive data since it doesn't have a valid IP)

So create a shortcut to ipconfig /release and put it in your startup folder.
0
 
samjAuthor Commented:
HaloShg:
do you mean to create a batch file with the following line "ipconfig /release" with out the quotes?
if so.
what command will turn it back on?

thanks
0
 
WolfhereCommented:
So you want to block port 80 traffic for this user, while still providing intranet services? Disabling the connection blocks access to the Intranet (vs internet). If you have a web filter appliance (such as Barracuda/hidden inline proxy), and a software hook to AD, you can block any user you want from internet access on port 80 (according to whatever group you have them assigned).

Create a GPO that resets the proxy setting in internet explorer, and assign to a group. Assign the user to the new group. Proxy setting goes to a fictitious ip. User Configuration>Windows Settings>Internet Explorer Maintenance>Connection>Proxy Settings. Remove other browsers (firefox/Opera...)

Without, you can set loopback for DNS for that user machine, and edit the hosts file for intranet locations needed. That does not solve the issue if that user if they log in elsewhere or if you as administrator needs to login and manage the machine. If they do not need resources on the LAN, disable the network connection.
0
 
samjAuthor Commented:
ipconfig /release shuts down the internet for all users. ipconfig /renew does not turn it on for other users "limited account".

0
 
computerguy79Commented:
"locking down the browser(s) is not what I am after, I want to disconnect form the internet when this users in the Admin group is logged in."
- the comment I added suggested locking down the browser as an addition security option not the solution. My suggestion was to redirect (default) port 80 traffic to the local host itself.
you can't use netsh to disable the NIC. Use the MS utility, DEVCON found here:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q311272
0
 
samjAuthor Commented:
redirecting port 80 traffic to the local host will not prevent incoming traffic which is what I want to eliminate.
the idea is to prevent any incoming traffic "thus attacks" when this user in the admin group is logged in.


0
 
samjAuthor Commented:
I was able to install DEVCON and run it.
what do I look for in order to find the "Wireless Network Connection 6" which I need to disable for a given user?
my Belkin Wireless adapter is plugged in the USB in the back of the laptop.


0
 
computerguy79Commented:
copy the devcon.exe to your c:\windows  directory
launch command prompt and run:
c:\devcon.exe -m:\\<your computers hostname> find pci\*
This will list all your PCI devices (unless other wise specificed, I'm going to assume your wireless NIC is a PCI)
Copy and paste the results and post. We'll go from there.
0
 
samjAuthor Commented:
USB\ROOT_HUB\4&1BA09391&0                                   : USB Root Hub
USB\ROOT_HUB\4&230D24D2&0                                   : USB Root Hub
USB\ROOT_HUB\4&34790283&0                                   : USB Root Hub
USB\VID_050D&PID_905B\5&1FC15465&0&2                        : Belkin Wireless G Plus MIMO USB Network Adapter
USB\VID_15D9&PID_0A4D\5&1FC15465&0&1                        : USB Human Interface Device

it is the Belkin usb adaptor.
0
 
samjAuthor Commented:
here is the pci in case;

PCI\VEN_1002&DEV_4C57&SUBSYS_05091014&REV_00\4&2EEAE0A0&0&0008: ATI MOBILITY RADEON 7500
PCI\VEN_1180&DEV_0476&SUBSYS_01851014&REV_80\4&139E449D&0&00F0: Ricoh R/RL/5C476(II) or Compatible CardBus Controller
PCI\VEN_1180&DEV_0476&SUBSYS_01851014&REV_80\4&139E449D&0&01F0: Ricoh R/RL/5C476(II) or Compatible CardBus Controller
PCI\VEN_1260&DEV_3873&SUBSYS_04061668&REV_01\4&139E449D&0&10F0: IBM High Rate Wireless LAN MiniPCI Combo Card
PCI\VEN_8086&DEV_1031&SUBSYS_02091014&REV_42\4&139E449D&0&40F0: Intel(R) PRO/100 VE Network Connection
PCI\VEN_8086&DEV_1A30&SUBSYS_00000000&REV_04\3&61AAA01&0&00 : Intel(R) 82845 Processor to I/O Controller - 1A30
PCI\VEN_8086&DEV_1A31&SUBSYS_00000000&REV_04\3&61AAA01&0&08 : Intel(R) 82845 Processor to AGP Controller - 1A31
PCI\VEN_8086&DEV_2448&SUBSYS_00000000&REV_42\3&61AAA01&0&F0 : Intel(R) 82801BAM/CAM PCI Bridge - 2448
PCI\VEN_8086&DEV_2482&SUBSYS_02201014&REV_02\3&61AAA01&0&E8 : Standard Universal PCI to USB Host Controller
PCI\VEN_8086&DEV_2483&SUBSYS_02201014&REV_02\3&61AAA01&0&FB : Intel(R) 82801CA/CAM SMBus Controller - 2483
PCI\VEN_8086&DEV_2484&SUBSYS_02201014&REV_02\3&61AAA01&0&E9 : Standard Universal PCI to USB Host Controller
PCI\VEN_8086&DEV_2485&SUBSYS_05081014&REV_02\3&61AAA01&0&FD : Intel(r) 82801CA/CAM AC'97 Audio Controller
PCI\VEN_8086&DEV_2486&SUBSYS_02271014&REV_02\3&61AAA01&0&FE : Lucent Technologies Soft Modem AMR
PCI\VEN_8086&DEV_2487&SUBSYS_02201014&REV_02\3&61AAA01&0&EA : Standard Universal PCI to USB Host Controller
PCI\VEN_8086&DEV_248A&SUBSYS_02201014&REV_02\3&61AAA01&0&F9 : Intel(r) 82801CAM Ultra ATA Storage Controller-248A
PCI\VEN_8086&DEV_248C&SUBSYS_00000000&REV_02\3&61AAA01&0&F8 : Intel(R) 82801CAM LPC Interface Controller - 248C

0
 
computerguy79Commented:
In reading the devcon pci\* results I see:
PCI\VEN_1260&DEV_3873&SUBSYS_04061668&REV_01\4&139E449D&0&10F0: IBM High Rate Wireless LAN MiniPCI Combo Card
which appears to be a bult-in wireless card of sorts.
Is the one you want to disable, this or the USB belkin one?
0
 
samjAuthor Commented:
it is the USB Belkin that I need to control and not the built in card.
0
 
samjAuthor Commented:
hummm. how do I end this question guys?
0
 
computerguy79Commented:
you need to advise the outcome of the suggestion above.
Did you, in fact, try it?
0
 
samjAuthor Commented:
devcon disable "USB\VID_050D&PID_905B"
devcon enable "USB\VID_050D&PID_905B"

disables and enables are in the command output respectively.
however it does not get me back online once it it disabled till I turn off/on the PC.
even restart will not fix it, I have to actually turn off and on. the different I notices was a belkin screen comes on and off very quickly once windows finishes starting/initiating.
could it be a belkin related problem and another adapter "netgear" may not give me this problem?


0
 
computerguy79Commented:
While I don't understand your last post, your original inquiry states "Can you tell me how to completely shut down the connection short of unplugging the network cable? Also, if I can do it in the registry so it will come up that way with that user account, it would be great! the rest of the uses need to have a normal internet access when they are logged in. I do not want to disable and enable manually, I am after an automatic setup".
At this point I am lost as to what it is you are trying to accomplish.
 Please be more specific and descriptive of your goal.

 If you create one batch file with the line:
devcon disable "USB\VID_050D&PID_905B"  
and apply it the startup folder of the desired user account and another batch with line:
devcon enable "USB\VID_050D&PID_905B" to logoff of the local group policy (gpedit.msc/user config/windows settings/scripts/logoff) this should work.

0
 
samjAuthor Commented:
Ok
I have 3 users on this system. 2 with admin accounts and one with out. user A and B are both admin and user C is a limited user.
user A and C need to get online, so in there Programs > StartUp, I have the batch file containing the enable code.
user B is prevented from getting online by using the disable code in his Programs > StartUp.

the problem I am having is:
when I start the PC, 2 things happen once the OS is loaded up, they happen at almost the same time or one after or before the other, I can not time it.

the code in the batch file  be it the enable or the diable, and the Belkin initialization screen which connected the wireless network connection.

both come up and disappear as soon as they finish what they are suppose to do.

if the batch code finishes before the Belkin, then its effects overrules and the user either gets enabled or disabled.
if Belkin finishes before the code enables then the user will not have a live connection, i.e. the batch have to finish before the Belkin starts its process.

if Belkin finished before the code disable, then the connection will get disabled any way.

how can I get Belkin to wait till the batch code finished what it is doing?
I tried to find if Belkin batch is in the StartUp menu but it is not.

the Belkin program which is firing up is called "Belkin wireless Client Utility"
0
 
samjAuthor Commented:
"Belkin wireless Client Utility" and is located in Program Files\Belkin\F5D9050\Belkinwcui.exe
0
 
samjAuthor Commented:
it has taken a long time to get a working answer due to other problems with the system as stated in my last 2 posts.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.