swgit
asked on
Prevent a workstation from accessing the Internet
Dear Experts,
Is there a way to block a workstation from accessing the Internet (or to communication with the outside world)? Yet, allowing it to run Windows Update, virus-scan update, or send e-mail alerts, etc.
Any ideas/suggestions would be grately appreciated.
Is there a way to block a workstation from accessing the Internet (or to communication with the outside world)? Yet, allowing it to run Windows Update, virus-scan update, or send e-mail alerts, etc.
Any ideas/suggestions would be grately appreciated.
this is best done by using an appliance to filter traffic.
Remove the computer's default gateway setting in the IP configuration. The machine will be able to communicate on the LAN, but that's it. This would break Windows Update and anything else.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
nice one Mike:
I was going to suggest a router's ACL. But, this really is much easier to not have to program the router.
I was going to suggest a router's ACL. But, this really is much easier to not have to program the router.
wouldnt mikes suggestion also prevent, windows updates, antivirus updates, etc. doesnt windows updates uses internet explorer options to connect?
That's why they get listed in the proxy bypass, check the doc out again, I cover that.
Here's a FREE software that will do just that. Just install it & edit the settings as you wish.
http://www1.k9webprotection.com/get-k9-web-protection-free
http://www1.k9webprotection.com/get-k9-web-protection-free
ok then, perfect. i didnt scroll down
ASKER
@Mike - This is perfect. It's really what I need. It's something that I only want to get done on certain machines. Thanks so much!!
@Getsum, cbmm, Firebar, ChiefIT, wantabe2 - Thank you all for your inputs.
@Getsum, cbmm, Firebar, ChiefIT, wantabe2 - Thank you all for your inputs.
Or, You could run up a free WSUS server on your network for the Microsoft updates. this will enable the workstation to use that server for updates and not Microsoft. You could also do the same with your virus package if you have that option. a lot of corporate virus packages will have a centralised management you can tap your workstations into.