PCGalOfCal
asked on
How to restrict internet access to certain workstations whlile still having access to the server.
Hi all! I have a work group with all pc's running xp pro including the server. I need to restrict access to two of the four workstations BUT they still need access to the internal network, specifically the server. I have a Sonicwall TZ170 but no tech support and I'm not familiar the interface. Can someone either tell me how to configure to sonicwall or give me another work around to accomplish this task. Thank You!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
as long as they're not members of the administrators group on the local machines they will be unable to change it back.
ASKER
OK, I'll try it later today. Thanks.
ASKER
I have to change user settings and give static ip's and make sure everything works ok.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Svenesky,
I can do this remotely, yes? In other words, if I remote in using Log-Me-In and uninstall IE it will NOT affect my ability to still remote in will it?
I can do this remotely, yes? In other words, if I remote in using Log-Me-In and uninstall IE it will NOT affect my ability to still remote in will it?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sound great, thanks.
I am not familiar with that product but looking at the system requirements on their web page the target pc needs a "Web browser that supports 128-bit or 256-bit encryption." Uninstalling IE will probably not work in this case.
ASKER
ITCraig,
I installed the Tweakui but I don't see where there is an option to enable or disable browser options. :(
I installed the Tweakui but I don't see where there is an option to enable or disable browser options. :(
ASKER
etcv,
Your idea sounds like it might work the best but I have to wait until I'm at the location to try. The reason being is because I know when I give the computers static ip addresses (which I would have to do in order to remove the gateway) then they can't connect to the internet. I know because I tried this earlier this week. This has something to do with the sonicwall. The thing I need to verify is that they still have access to the server, which for some stupid reason I did not verify when I was there. If they do have access to the server but not the internet then I dont see why your suggestion wouldnt work. Or, I could just give them static ip's although I'm a little perplexed as to why the sonicwall is blocking internet access with a static ip. It bugs me when I dont know why. Know what I mean? Anyhow, Ill be going to the location today.
Your idea sounds like it might work the best but I have to wait until I'm at the location to try. The reason being is because I know when I give the computers static ip addresses (which I would have to do in order to remove the gateway) then they can't connect to the internet. I know because I tried this earlier this week. This has something to do with the sonicwall. The thing I need to verify is that they still have access to the server, which for some stupid reason I did not verify when I was there. If they do have access to the server but not the internet then I dont see why your suggestion wouldnt work. Or, I could just give them static ip's although I'm a little perplexed as to why the sonicwall is blocking internet access with a static ip. It bugs me when I dont know why. Know what I mean? Anyhow, Ill be going to the location today.
ASKER
svenesky,
After thinking about it, uninstalling IE is not going to be a good idea for me. The thought of having to reinstalling IE anytime I have to do updates doesn't sound like something I'll want to do but thank you.
After thinking about it, uninstalling IE is not going to be a good idea for me. The thought of having to reinstalling IE anytime I have to do updates doesn't sound like something I'll want to do but thank you.
If you remove the gateway you will not be able to access the machines remotely. You may want to add a proxy in IE and set it to 127.0.0.1. It really sounds like a management issue.
If you remove the gateway you will not be able to access the machines remotely. You may want to add a proxy in IE and set it to 127.0.0.1. It really sounds like a management issue.
We our overlooking the solution. Issue a static IP address with gateway but do not populate the DNS information or point it to the loopback. No DNS = web browsing by IP adresss only. You will have to map the server shares by IP but this will solve the problem. If the users are not admins of the computer they will not be able to populate the DNS info. I hope this helps
ASKER
I gave all the computers static ip addresses and it denied internet access while still allowing access to the server. It has something to do with the sonicwall but I don't know why exactly. Thanks for your help.
ASKER