We want to prevent any XP machine at our company from hitting the internet but still allow access to internal web pages and shares. We have a mix of XP and windows 7 machines all on one VLAN. I really don't want to move all the XP machines to a different vlan. If I put in a fake proxy address on these XP machines, will they still be able to hit internal web site?
Any thoughts on the easiest way to kill external internet access for just XP that doesn't require a new vlan or mods to the firewall?
Thanks - John