Prevent surfing

Hello Experts

This question involves two Windows 7Pro machines.  I need to (probably) set a group policy to prevent users from surfing the web.  I looked at gpedit, but under user configuration there is no Internet Explorer Maintenance.  Plus, the two machines that we need to block also have Chrome installed.

Any help with making this happen?

Thanks

thedslguy
LVL 1
thedslguyComputer and Network ConsultantAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
look further down for internet explorer Group Policy IEUser Configuration/Preferences/Control Panel Settings/Internet Settings, set your proxy settings, it is is incorrect no surfing.
Chrome has group policy https://dl.google.com/dl/edgedl/chrome/policy/policy_templates.zip
0
thedslguyComputer and Network ConsultantAuthor Commented:
David Johnson, CD, MVP:

Preferences isn't there.  I looked at several other Windows 7 machines and didn't find preferences or Interfnet Explorer.  I even looked on a domain server for another client and didn't see Preferences or Internet Explorer there, either.  I sent a screenshot.

Thanks

tdg
screenshot.jpg
0
David Johnson, CD, MVPOwnerCommented:
you have to go to each machine and set the options manually and run the user as a standard user.
0
Fundamentals of JavaScript

Learn the fundamentals of the popular programming language JavaScript so that you can explore the realm of web development.

thedslguyComputer and Network ConsultantAuthor Commented:
David Johnson, CD, MVP:

As you can see from the screenshot, I don't have Preferences in the list.  So, how do I set the options manually?

Also, will this affect the administrative accounts, or just the standard users?

Thanks

tdg
0
David Johnson, CD, MVPOwnerCommented:
you have to go into the users control panel internet options
0
SteveCommented:
It's worth checking we have fully understood your requirement as many suggestions could have other implications.

Are the users allowed any external access, other than web browsing?
Do you have any internal websites/intranets that need to continue working?
Are they laptops that should be permanently blocked from browsing, or should they be able to when used out of the office?
Is this all users, or just a specific 2?

It's also worth asking the question, why do you want to block them?
0
thedslguyComputer and Network ConsultantAuthor Commented:
Steve:

Users will have no other access.  They can use the POS Software that is installed on the machine, but they do not require Internet access for this purpose.

There are no internal websites/intranets involved.

They are desktops.

Blocking is specific to all users of the one standard account.  Administrators will still have access.

There have been problems in the past with users surfing the net instead of working.  The owners requested that they be blocked from this practice as it is too hard to police as is.  Surfing the web is not necessary to do their jobs.

Thanks

tdg
0
David Johnson, CD, MVPOwnerCommented:
you can always uninstall internet explorer and any other web browser
0
SteveCommented:
Great info. Thanks @thedslguy.

In that case you have a few options worth considering.

Your internet routers could be set to block all internet traffic from everything but the server (and anything else you feel needs internet access)
You could limit this block to ports 80 & 443 if you only wanted to block general surfing but allow other stuff
you could change your DHCP (or static IPs) to not supply these machines with a default gateway (as this would prevent any non-subnet traffic)
You could put a fake DNS on the machines, but this could affect internal systems if DNS is required internally
you could mess with Internet explorer (uninstall, set a fake proxy, disable in group policy, but this can be bypassed if people have admin rights

As an alternative consideration however, many companies choose not to block/limit the access, but merely monitor it. While this doesn't stop unauthorised access it lets you report and prove it is occurring, which can be used in reviews/disciplinary sessions to deal with the root cause of not actually doing the work required of the end-users role.
0
thedslguyComputer and Network ConsultantAuthor Commented:
Steve

Your suggestions are all on the Windows level.  They would block access for admins as well.  I just need to block the one profile.  That profile is a Standard User.

David Johnson, CD, MVP

This, too would affect the admin's access.

Thanks anyway
0
SteveCommented:
ok, must have missed you mention that.
what you need is getting increasingly complicated. you may need to consider a proper web filtering solution that can be user-specific but this usually has a cost associated.
0
thedslguyComputer and Network ConsultantAuthor Commented:
Steve

What sort of cost?  

I tried removing permissions but Windows would not allow that, even from the administrator profile.  Group Policy doesn't address it in a Workgroup.

Is this even doable?

Thanks

tdg
0
David Johnson, CD, MVPOwnerCommented:
uninstall google chrome
go the internet explorer folder
c:\program files\internet explorer
right click on internet explorer go to properties/security
take ownership of  iexplore.exe
remove users from read and read/execute
add any specific user that needs access read and read/execute
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
thedslguyComputer and Network ConsultantAuthor Commented:
David Johnson, CD, MVP:

Thanks for the suggestion to take ownership.  I hadn't thought of that, but it worked.  

Thank you again,

thedslguy
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Chrome

From novice to tech pro — start learning today.