Solved

How to restrict internet access to certain workstations whlile still having access to the server.

Posted on 2009-07-16
17
251 Views
Last Modified: 2013-12-08
Hi all!  I have a work group with all pc's running xp pro including the server.  I need to restrict access to two of the four workstations BUT they still need access to the internal network, specifically the server.  I have a Sonicwall TZ170 but no tech support and I'm not familiar the interface.  Can someone either tell me how to configure to sonicwall or give me another work around to accomplish this task.  Thank You!
0
Comment
Question by:PCGalOfCal
  • 9
  • 5
  • 2
  • +1
17 Comments
 
LVL 1

Assisted Solution

by:etchy74
etchy74 earned 150 total points
ID: 24869534
1 easy way would be to remove the default gateway on the 2 computers that you don't want to have internet access.  The systems would have to be on the same subnet as the server in order to access it, but it sounds like a small setup.
0
 

Author Comment

by:PCGalOfCal
ID: 24869643
Ok but how do I restrict access to the internet properties so they can't change the settings back?
0
 
LVL 1

Expert Comment

by:etchy74
ID: 24869723
as long as they're not members of the administrators group on the local machines they will be unable to change it back.
0
 

Author Comment

by:PCGalOfCal
ID: 24869887
OK, I'll try it later today.  Thanks.
0
 

Author Comment

by:PCGalOfCal
ID: 24869896
I have to change user settings and give static ip's and make sure everything works ok.
0
 
LVL 1

Accepted Solution

by:
svenesky earned 300 total points
ID: 24870004
Since you do not have a domain set up and can not control user and computer permissions by group policy you can simply go to add remove programs, windows componets and uninstall the internet explorer.  I am not sure if you have web based apps on the server but it will stop employees from surfing the web.  If you need to reinstall it at a later time all you will need is the install disk that came with the workstation or download a new version from Microsoft.

0
 

Author Comment

by:PCGalOfCal
ID: 24870420
Svenesky,

I can do this remotely, yes?  In other words, if I remote in using Log-Me-In and uninstall IE it will NOT affect my ability to still remote in will it?
0
 

Assisted Solution

by:ITCraig
ITCraig earned 50 total points
ID: 24870906
PC,

I ran into this same situation once upon a time before.

You can try using Tweakui (Microsoft Power Toy) which you can use to enable or disable browser services.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:PCGalOfCal
ID: 24870995
Sound great, thanks.
0
 
LVL 1

Expert Comment

by:svenesky
ID: 24871704
I am not familiar with that product but looking at the system requirements on their web page the target pc needs a "Web browser that supports 128-bit or 256-bit encryption."  Uninstalling IE will probably not work in this case.  
0
 

Author Comment

by:PCGalOfCal
ID: 24878469
ITCraig,
I installed the  Tweakui but I don't see where there is an option to enable or disable browser options.  :(
0
 

Author Comment

by:PCGalOfCal
ID: 24878574
etcv,
Your idea sounds like it might work the best but I have to wait until I'm at the location to try.  The reason being is because I know when I give the computers static ip addresses (which I would have to do in order to remove the gateway) then they can't connect to the internet.  I know because I tried this earlier this week.  This has something to do with the sonicwall.  The thing I need to verify is that they still have access to the server, which for some stupid reason I did not verify when I was there.  If they do have access to the server but not the internet then I dont see why your suggestion wouldnt work.  Or, I could just give them static ip's although I'm a little perplexed as to why the sonicwall is blocking internet access with a static ip.  It bugs me when I dont know why.  Know what I mean?  Anyhow, Ill be going to the location today.
0
 

Author Comment

by:PCGalOfCal
ID: 24878597
svenesky,
After thinking about it, uninstalling IE is not going to be a good idea for me.  The thought of having to reinstalling IE anytime I have to do updates doesn't sound like something I'll want to do but thank you.
0
 
LVL 1

Expert Comment

by:svenesky
ID: 24878788
If you remove the gateway you will not be able to access the machines remotely.  You may want to add a proxy in IE and set it to 127.0.0.1. It really sounds like a management issue.
0
 
LVL 1

Expert Comment

by:svenesky
ID: 24878789
If you remove the gateway you will not be able to access the machines remotely.  You may want to add a proxy in IE and set it to 127.0.0.1. It really sounds like a management issue.
0
 
LVL 1

Expert Comment

by:svenesky
ID: 24879026
We our overlooking the solution.  Issue a static IP address with gateway but do not populate the DNS information or point it to the loopback.  No DNS = web browsing by IP adresss only.  You will have to map the server shares by IP but this will solve the problem.  If the users are not admins of the computer they will not be able to populate the DNS info.  I hope this helps
0
 

Author Closing Comment

by:PCGalOfCal
ID: 31604243
I gave all the computers static ip addresses and it denied internet access while still allowing access to the server.  It has something to do with the sonicwall but I don't know why exactly.  Thanks for your help.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now