Link to home
Start Free TrialLog in
Avatar of thedslguy
thedslguyFlag for United States of America

asked on

Prevent surfing

Hello Experts

This question involves two Windows 7Pro machines.  I need to (probably) set a group policy to prevent users from surfing the web.  I looked at gpedit, but under user configuration there is no Internet Explorer Maintenance.  Plus, the two machines that we need to block also have Chrome installed.

Any help with making this happen?

Thanks

thedslguy
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image

look further down for internet explorer User generated imageUser Configuration/Preferences/Control Panel Settings/Internet Settings, set your proxy settings, it is is incorrect no surfing.
Chrome has group policy https://dl.google.com/dl/edgedl/chrome/policy/policy_templates.zip
Avatar of thedslguy

ASKER

David Johnson, CD, MVP:

Preferences isn't there.  I looked at several other Windows 7 machines and didn't find preferences or Interfnet Explorer.  I even looked on a domain server for another client and didn't see Preferences or Internet Explorer there, either.  I sent a screenshot.

Thanks

tdg
screenshot.jpg
you have to go to each machine and set the options manually and run the user as a standard user.
David Johnson, CD, MVP:

As you can see from the screenshot, I don't have Preferences in the list.  So, how do I set the options manually?

Also, will this affect the administrative accounts, or just the standard users?

Thanks

tdg
you have to go into the users control panel internet options
It's worth checking we have fully understood your requirement as many suggestions could have other implications.

Are the users allowed any external access, other than web browsing?
Do you have any internal websites/intranets that need to continue working?
Are they laptops that should be permanently blocked from browsing, or should they be able to when used out of the office?
Is this all users, or just a specific 2?

It's also worth asking the question, why do you want to block them?
Steve:

Users will have no other access.  They can use the POS Software that is installed on the machine, but they do not require Internet access for this purpose.

There are no internal websites/intranets involved.

They are desktops.

Blocking is specific to all users of the one standard account.  Administrators will still have access.

There have been problems in the past with users surfing the net instead of working.  The owners requested that they be blocked from this practice as it is too hard to police as is.  Surfing the web is not necessary to do their jobs.

Thanks

tdg
you can always uninstall internet explorer and any other web browser
Great info. Thanks @thedslguy.

In that case you have a few options worth considering.

Your internet routers could be set to block all internet traffic from everything but the server (and anything else you feel needs internet access)
You could limit this block to ports 80 & 443 if you only wanted to block general surfing but allow other stuff
you could change your DHCP (or static IPs) to not supply these machines with a default gateway (as this would prevent any non-subnet traffic)
You could put a fake DNS on the machines, but this could affect internal systems if DNS is required internally
you could mess with Internet explorer (uninstall, set a fake proxy, disable in group policy, but this can be bypassed if people have admin rights

As an alternative consideration however, many companies choose not to block/limit the access, but merely monitor it. While this doesn't stop unauthorised access it lets you report and prove it is occurring, which can be used in reviews/disciplinary sessions to deal with the root cause of not actually doing the work required of the end-users role.
Steve

Your suggestions are all on the Windows level.  They would block access for admins as well.  I just need to block the one profile.  That profile is a Standard User.

David Johnson, CD, MVP

This, too would affect the admin's access.

Thanks anyway
ok, must have missed you mention that.
what you need is getting increasingly complicated. you may need to consider a proper web filtering solution that can be user-specific but this usually has a cost associated.
Steve

What sort of cost?  

I tried removing permissions but Windows would not allow that, even from the administrator profile.  Group Policy doesn't address it in a Workgroup.

Is this even doable?

Thanks

tdg
ASKER CERTIFIED SOLUTION
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
David Johnson, CD, MVP:

Thanks for the suggestion to take ownership.  I hadn't thought of that, but it worked.  

Thank you again,

thedslguy