Recommended Posts

Hi,

I have the internet going to the computer through a NIC, so there's no need to dialup as it's always connected.

I want to be able to completely block internet access for a single user of the computer, so that both websites and internet enabled applications cannot be utilised.

However, I want the internet to function as normal for the other users.

Is this possible, if so how can I achieve this?

Thanks :)

Link to comment
https://www.neowin.net/forum/topic/336109-block-internet-access/
Share on other sites

  Schnitzel said:
Hi,

I have the internet going to the computer through a NIC, so there's no need to dialup as it's always connected.

I want to be able to completely block internet access for a single user of the computer, so that both websites and internet enabled applications cannot be utilised.

However, I want the internet to function as normal for the other users.

Is this possible, if so how can I achieve this?

Thanks :)

586112839[/snapback]

The easiest way would be to assign that user a static IP address, then filter that IP address at your router.

Most DHCP servers can set reservations based on MAC address, so while the client PC is still recieving a address over DHCP it is always the same one.

Even basic routers like all the linksys models have a setting to filter specific IP addresses.

Zorak - blocking access based on IP or MAC would be valid, if there were not other users on the machine.. I read it like there are other users of this same computer.. "However, I want the internet to function as normal for the other users." If this is the case - your method would block "all" users of that machine..

When this user is logged onto the machine - does he need access to other machines on the network.. or would blocking all network access be ok?

Your best bet might be to use a proxy on your network that allows for some method of auth, be it transparent or not.. so that access is based upon user.. There some soho routers that provide this kind of feature.. or many of the linux router distros could do this type of thing..

Another option might be to just setup a script for that users login that removes the gateway setting for example, and other users scripts put it in.. Does the user have admin rights on the box, or permissions as such that they could bypass this type of setting?

Are these machines member of a domain where you could use GP based on user account.. or are they just local accounts?

Thanks for the replies all.

The user is an admin, but she wouldn't have a clue how to bypass anything.

The accounts are just local, no domain involved.

When the person logs on to the computer, they do not need access to the other machines, but obvisously the other local accounts on that machine would.

A logon script as you suggested probably seems like the best way to go about this, but I wouldn't know where to start :no: lol.

Well it could be as simple as adding a batch file to the users startup folder.. or here this will get you started on using local login scripts;

http://www.wown.com/articles_tutorials/wxpplogs.html

As to the command.. something like that would keep her off the internet

netsh interface ip set address "Gig" static 192.168.1.100 255.255.255.0 none

This would set here address to 192.168.1.100 with a 24 bit mask but not have any gateway.. so she would not be albe to get off the network.. but would be able to talk to other local machines..

"Gig" would be the name of your interface - by default I think it would be "Local Area Connection".. " Gig is the name of my interface.

The other users would then need;

netsh interface ip set address "Gig" static 192.168.1.100 255.255.255.0 192.168.1.1 1

if your gateway was 192.168.1.1 and the other 1 is the metric.. Or you could just have the other users go back to dhcp with something like

netsh interface ip set address "Local Area Connection" dhcp

There are many different ways you could accomplish what your looking to do - you could set her dns to something weird.. ie local address 127.0.0.1 and have the other users correct..

You could also just turn off the nic when she logs in using devcon http://support.microsoft.com/default.aspx?...b;EN-US;Q311272

This should get you started on netsh;

http://www.microsoft.com/resources/documen...n-us/netsh.mspx

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • I'd concur too, as an informed enthusiast I'd find it a good deal, but your average Joe just wants cheap as possible and it's hard to beat Amazon or Ebay builds for that.
    • Now you know how many would-be Windows 11 users felt. I’m not justifying any of it, but MS and Apple both do it.
    • An Air India plane with 242 people on board crashed Thursday near a major international airport in the western Indian city of Ahmedabad, the airline and the country's government said. https://www.nbcnews.com/world/asia/air-india-plane-crashes-indias-ahmedabad-airport-rcna212545
    • NTLite 2025.06.10473 by Razvan Serea NTLite is a Windows configuration tool that allows you to modify your existing Windows install or an image yet to be deployed, remove Windows components, configure and integrate, speed up the Windows deployment process. Reduce Windows footprint on your RAM and storage drive memory. Remove components of your choice, guarded by compatibility safety mechanisms, which speed up finding that sweet spot. Windows Unattended feature support, providing many commonly used options on a single page for easy setup. Easily integrate a single or multiple drivers, update or language packages. Package integration features smart sorting, enabling you to seamlessly add packages for integration and the tool will apply them in the appropriate order, keeping hotfix compatibility in check. One of the important new features of NTLite (compared to its predecessors) is the ability to modify an already installed the operating system, by removing unnecessary components. Supports Windows 11, 10, 8.1 and 7, x86 and x64, live and image. Server editions of the same versions, excluding support for component removals and feature configuration. ARM64 image support in the alpha stage. Does not support Checked/Debug, Embedded, IoT editions, nor Vista or XP. NTLite 2025.06.10473 changelog: Upgrade UI: Text size now set as host, more readable on some systems Post-setup: Loading progress improvement for the 99% delay Components: ‘Snipping tool’ compatibility option UI-Translation: Thanks for Romanian (Coman) Fix Updates: Parallel WinRE integration getting stuck Updates: Download overwrite previous Defender updates Settings: Win10 News widget disabling Download: NTLite 64-bit | 21.5 MB (Free, paid upgrade available) Download: NTLite 32-bit | 19.3 MB Link: NTLite Home Page | NTLite Features | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
  • Recent Achievements

    • Week One Done
      elsafaacompany earned a badge
      Week One Done
    • Week One Done
      Yianis earned a badge
      Week One Done
    • Veteran
      Travesty went up a rank
      Veteran
    • One Month Later
      somar86 earned a badge
      One Month Later
    • Week One Done
      somar86 earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      505
    2. 2
      ATLien_0
      259
    3. 3
      +Edouard
      183
    4. 4
      +FloatingFatMan
      180
    5. 5
      snowy owl
      132
  • Tell a friend

    Love Neowin? Tell a friend!