Solved

Disconnect Internet but not LAN

Posted on 2011-02-11
7
768 Views
Last Modified: 2012-05-11
Hello,
We are about to put a public computer out in the productions shop and was wondering if there was a way have it disconnected from the internet but not the LAN. We will be sharing information such as blueprints and safety pdfs on the network for them to view. We do not want them to have access to the internet viewing.

What would be the best way to do this?
I was thinking about just removing Internet Explorer.. Any better ideas?

Thanks!
0
Comment
Question by:MattBamm
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 34

Accepted Solution

by:
Paul MacDonald earned 500 total points
ID: 34872032
Give the machine a fixed IP address and no default gateway.
0
 

Author Comment

by:MattBamm
ID: 34872045
wow, i never thought about that.

That is a great idea.
0
 
LVL 9

Expert Comment

by:sah18
ID: 34872057
Do you have a centralized firewall that this computer passes through?  If yes, your other option would be to assign a static IP to this system (if it doesn't already have one), and block port 80 and 443 access for this particular IP in your firewall rules.

If you do not have a centralized firewall, you may be able to block those same ports from all traffic on any local firewall software you have installed.

Short of using firewall rules, your idea to remove IE is not a bad one (not sure how easy this is to do -- haven't tried to strip that out before).
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 5

Expert Comment

by:delmc
ID: 34872741
You could create a group policy to point IE to a fake proxy server, define the users in a group called restricted IE and this would stop any traffic from going out to the web. Alternatively you could use sah18/ paulmacd's solutions in regards to restricting internet explorer as both would work equally as well.
0
 
LVL 2

Expert Comment

by:Parrish Chamberlain
ID: 34872947
If you have an ISA server you can add the computer names to th edeny access group, alternavley you can create a special group in DHCP and DNS that allows local network but no Internet, customers can still have intranet access to certain internal sites using a combination of the above.

If you do not have any of these servers use an open dns site and add the IP of the computers here to restrict access to www
0
 
LVL 7

Expert Comment

by:fhmc
ID: 34878171
Paulmacd  "Give the machine a fixed IP address and no default gateway. "

I agree w/ Paulmacd's suggestion.  If you employ this solution make sure the user doesn't have admin rights as admin users may modify their route tables...
0
 
LVL 2

Expert Comment

by:-HenryM-
ID: 34883804
you should also consider a group/local policy to block off non-admins from changing the network settings... depending on the user rights - they could potentially populate the default gateway and connect to the internet...
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many network operators, engineers, and administrators do not take several factors into consideration when troubleshooting network throughput and latency issues.  They often  measure the throughput by performing a measurement  by transferring a large…
Preface There are many applications where some computing systems need have their system clocks running synchronized within a small margin and eventually need to be in sync with the global time. There are different solutions for this, i.e. the W3…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question