Link to home
Start Free TrialLog in
Avatar of swgit
swgitFlag for United States of America

asked on

Prevent a workstation from accessing the Internet

Dear Experts,

Is there a way to block a workstation from accessing the Internet (or to communication with the outside world)?  Yet, allowing it to run Windows Update, virus-scan update, or send e-mail alerts, etc.

Any ideas/suggestions would be grately appreciated.  
Avatar of Getsum_Bloodlust
Getsum_Bloodlust
Flag of Australia image

You would need a proxy server for this.. Microsoft does have one which you could buy or you could subscribe to a SaaS provider with Proxy.

Or, You could run up a free WSUS server on your network for the Microsoft updates. this will enable the workstation to use that server for updates and not Microsoft. You could also do the same with your virus package if you have that option. a lot of corporate virus packages will have a centralised management you can tap your workstations into.
this is best done by using an appliance to filter traffic.
Remove the computer's default gateway setting in the IP configuration. The machine will be able to communicate on the LAN, but that's it. This would break Windows Update and anything else.
ASKER CERTIFIED SOLUTION
Avatar of mikeewalton
mikeewalton
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
nice one Mike:

I was going to suggest a router's ACL. But, this really is much easier to not have to program the router.
wouldnt mikes suggestion also prevent, windows updates, antivirus updates, etc. doesnt windows updates uses internet explorer options to connect?
That's why they get listed in the proxy bypass, check the doc out again, I cover that.
Here's a FREE software that will do just that. Just install it & edit the settings as you wish.

http://www1.k9webprotection.com/get-k9-web-protection-free
ok then, perfect. i didnt scroll down
Avatar of swgit

ASKER

@Mike - This is perfect.  It's really what I need.  It's something that I only want to get done on certain machines.  Thanks so much!!

@Getsum, cbmm, Firebar, ChiefIT, wantabe2 - Thank you all for your inputs.