Link to home
Start Free TrialLog in
Avatar of MattBamm
MattBammFlag for United States of America

asked on

Disconnect Internet but not LAN

Hello,
We are about to put a public computer out in the productions shop and was wondering if there was a way have it disconnected from the internet but not the LAN. We will be sharing information such as blueprints and safety pdfs on the network for them to view. We do not want them to have access to the internet viewing.

What would be the best way to do this?
I was thinking about just removing Internet Explorer.. Any better ideas?

Thanks!
ASKER CERTIFIED SOLUTION
Avatar of Paul MacDonald
Paul MacDonald
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of MattBamm

ASKER

wow, i never thought about that.

That is a great idea.
Do you have a centralized firewall that this computer passes through?  If yes, your other option would be to assign a static IP to this system (if it doesn't already have one), and block port 80 and 443 access for this particular IP in your firewall rules.

If you do not have a centralized firewall, you may be able to block those same ports from all traffic on any local firewall software you have installed.

Short of using firewall rules, your idea to remove IE is not a bad one (not sure how easy this is to do -- haven't tried to strip that out before).
Avatar of delmc
delmc

You could create a group policy to point IE to a fake proxy server, define the users in a group called restricted IE and this would stop any traffic from going out to the web. Alternatively you could use sah18/ paulmacd's solutions in regards to restricting internet explorer as both would work equally as well.
If you have an ISA server you can add the computer names to th edeny access group, alternavley you can create a special group in DHCP and DNS that allows local network but no Internet, customers can still have intranet access to certain internal sites using a combination of the above.

If you do not have any of these servers use an open dns site and add the IP of the computers here to restrict access to www
Paulmacd  "Give the machine a fixed IP address and no default gateway. "

I agree w/ Paulmacd's suggestion.  If you employ this solution make sure the user doesn't have admin rights as admin users may modify their route tables...
you should also consider a group/local policy to block off non-admins from changing the network settings... depending on the user rights - they could potentially populate the default gateway and connect to the internet...