Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Disconnect Internet but not LAN

Posted on 2011-02-11
7
Medium Priority
?
776 Views
Last Modified: 2012-05-11
Hello,
We are about to put a public computer out in the productions shop and was wondering if there was a way have it disconnected from the internet but not the LAN. We will be sharing information such as blueprints and safety pdfs on the network for them to view. We do not want them to have access to the internet viewing.

What would be the best way to do this?
I was thinking about just removing Internet Explorer.. Any better ideas?

Thanks!
0
Comment
Question by:MattBamm
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 34

Accepted Solution

by:
Paul MacDonald earned 2000 total points
ID: 34872032
Give the machine a fixed IP address and no default gateway.
0
 

Author Comment

by:MattBamm
ID: 34872045
wow, i never thought about that.

That is a great idea.
0
 
LVL 9

Expert Comment

by:sah18
ID: 34872057
Do you have a centralized firewall that this computer passes through?  If yes, your other option would be to assign a static IP to this system (if it doesn't already have one), and block port 80 and 443 access for this particular IP in your firewall rules.

If you do not have a centralized firewall, you may be able to block those same ports from all traffic on any local firewall software you have installed.

Short of using firewall rules, your idea to remove IE is not a bad one (not sure how easy this is to do -- haven't tried to strip that out before).
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 5

Expert Comment

by:delmc
ID: 34872741
You could create a group policy to point IE to a fake proxy server, define the users in a group called restricted IE and this would stop any traffic from going out to the web. Alternatively you could use sah18/ paulmacd's solutions in regards to restricting internet explorer as both would work equally as well.
0
 
LVL 2

Expert Comment

by:Parrish Chamberlain
ID: 34872947
If you have an ISA server you can add the computer names to th edeny access group, alternavley you can create a special group in DHCP and DNS that allows local network but no Internet, customers can still have intranet access to certain internal sites using a combination of the above.

If you do not have any of these servers use an open dns site and add the IP of the computers here to restrict access to www
0
 
LVL 7

Expert Comment

by:fhmc
ID: 34878171
Paulmacd  "Give the machine a fixed IP address and no default gateway. "

I agree w/ Paulmacd's suggestion.  If you employ this solution make sure the user doesn't have admin rights as admin users may modify their route tables...
0
 
LVL 2

Expert Comment

by:-HenryM-
ID: 34883804
you should also consider a group/local policy to block off non-admins from changing the network settings... depending on the user rights - they could potentially populate the default gateway and connect to the internet...
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: rfc1180
The Maximum Segment size (MSS) is an important consideration when troubleshooting connectivity via the Internet/Intranet. As the packets are routed via the Internet/Intranet, the packets must traverse through multiple routers in the path between two…
Many network operators, engineers, and administrators do not take several factors into consideration when troubleshooting network throughput and latency issues.  They often  measure the throughput by performing a measurement  by transferring a large…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question