Avatar of thedslguy
thedslguy
Flag for United States of America asked on

Prevent surfing

Hello Experts

This question involves two Windows 7Pro machines.  I need to (probably) set a group policy to prevent users from surfing the web.  I looked at gpedit, but under user configuration there is no Internet Explorer Maintenance.  Plus, the two machines that we need to block also have Chrome installed.

Any help with making this happen?

Thanks

thedslguy
Chrome* policyWeb Browsers

Avatar of undefined
Last Comment
thedslguy

8/22/2022 - Mon
David Johnson, CD

look further down for internet explorer Group Policy IEUser Configuration/Preferences/Control Panel Settings/Internet Settings, set your proxy settings, it is is incorrect no surfing.
Chrome has group policy https://dl.google.com/dl/edgedl/chrome/policy/policy_templates.zip
thedslguy

ASKER
David Johnson, CD, MVP:

Preferences isn't there.  I looked at several other Windows 7 machines and didn't find preferences or Interfnet Explorer.  I even looked on a domain server for another client and didn't see Preferences or Internet Explorer there, either.  I sent a screenshot.

Thanks

tdg
screenshot.jpg
David Johnson, CD

you have to go to each machine and set the options manually and run the user as a standard user.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
thedslguy

ASKER
David Johnson, CD, MVP:

As you can see from the screenshot, I don't have Preferences in the list.  So, how do I set the options manually?

Also, will this affect the administrative accounts, or just the standard users?

Thanks

tdg
David Johnson, CD

you have to go into the users control panel internet options
Steve

It's worth checking we have fully understood your requirement as many suggestions could have other implications.

Are the users allowed any external access, other than web browsing?
Do you have any internal websites/intranets that need to continue working?
Are they laptops that should be permanently blocked from browsing, or should they be able to when used out of the office?
Is this all users, or just a specific 2?

It's also worth asking the question, why do you want to block them?
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
thedslguy

ASKER
Steve:

Users will have no other access.  They can use the POS Software that is installed on the machine, but they do not require Internet access for this purpose.

There are no internal websites/intranets involved.

They are desktops.

Blocking is specific to all users of the one standard account.  Administrators will still have access.

There have been problems in the past with users surfing the net instead of working.  The owners requested that they be blocked from this practice as it is too hard to police as is.  Surfing the web is not necessary to do their jobs.

Thanks

tdg
David Johnson, CD

you can always uninstall internet explorer and any other web browser
Steve

Great info. Thanks @thedslguy.

In that case you have a few options worth considering.

Your internet routers could be set to block all internet traffic from everything but the server (and anything else you feel needs internet access)
You could limit this block to ports 80 & 443 if you only wanted to block general surfing but allow other stuff
you could change your DHCP (or static IPs) to not supply these machines with a default gateway (as this would prevent any non-subnet traffic)
You could put a fake DNS on the machines, but this could affect internal systems if DNS is required internally
you could mess with Internet explorer (uninstall, set a fake proxy, disable in group policy, but this can be bypassed if people have admin rights

As an alternative consideration however, many companies choose not to block/limit the access, but merely monitor it. While this doesn't stop unauthorised access it lets you report and prove it is occurring, which can be used in reviews/disciplinary sessions to deal with the root cause of not actually doing the work required of the end-users role.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
thedslguy

ASKER
Steve

Your suggestions are all on the Windows level.  They would block access for admins as well.  I just need to block the one profile.  That profile is a Standard User.

David Johnson, CD, MVP

This, too would affect the admin's access.

Thanks anyway
Steve

ok, must have missed you mention that.
what you need is getting increasingly complicated. you may need to consider a proper web filtering solution that can be user-specific but this usually has a cost associated.
thedslguy

ASKER
Steve

What sort of cost?  

I tried removing permissions but Windows would not allow that, even from the administrator profile.  Group Policy doesn't address it in a Workgroup.

Is this even doable?

Thanks

tdg
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
ASKER CERTIFIED SOLUTION
David Johnson, CD

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
thedslguy

ASKER
David Johnson, CD, MVP:

Thanks for the suggestion to take ownership.  I hadn't thought of that, but it worked.  

Thank you again,

thedslguy