Block internet access

[MrBear5587]

Hi,

I have the internet going to the computer through a NIC, so there's no need to dialup as it's always connected.

I want to be able to completely block internet access for a single user of the computer, so that both websites and internet enabled applications cannot be utilised.

However, I want the internet to function as normal for the other users.

Is this possible, if so how can I achieve this?

Thanks :)

[zorak]

  Schnitzel said:

Hi,

I have the internet going to the computer through a NIC, so there's no need to dialup as it's always connected.

I want to be able to completely block internet access for a single user of the computer, so that both websites and internet enabled applications cannot be utilised.

However, I want the internet to function as normal for the other users.

Is this possible, if so how can I achieve this?

Thanks :)

586112839[/snapback]

The easiest way would be to assign that user a static IP address, then filter that IP address at your router.

Most DHCP servers can set reservations based on MAC address, so while the client PC is still recieving a address over DHCP it is always the same one.

Even basic routers like all the linksys models have a setting to filter specific IP addresses.

[SergeantNoob]

If you set up all programs to connect to a nonexistant proxy server, the internet would appear to "not work".

[+BudMan MVC]

Zorak - blocking access based on IP or MAC would be valid, if there were not other users on the machine.. I read it like there are other users of this same computer.. "However, I want the internet to function as normal for the other users." If this is the case - your method would block "all" users of that machine..

When this user is logged onto the machine - does he need access to other machines on the network.. or would blocking all network access be ok?

Your best bet might be to use a proxy on your network that allows for some method of auth, be it transparent or not.. so that access is based upon user.. There some soho routers that provide this kind of feature.. or many of the linux router distros could do this type of thing..

Another option might be to just setup a script for that users login that removes the gateway setting for example, and other users scripts put it in.. Does the user have admin rights on the box, or permissions as such that they could bypass this type of setting?

Are these machines member of a domain where you could use GP based on user account.. or are they just local accounts?

[MrBear5587]

Thanks for the replies all.

The user is an admin, but she wouldn't have a clue how to bypass anything.

The accounts are just local, no domain involved.

When the person logs on to the computer, they do not need access to the other machines, but obvisously the other local accounts on that machine would.

A logon script as you suggested probably seems like the best way to go about this, but I wouldn't know where to start :no: lol.

[+BudMan MVC]

Well it could be as simple as adding a batch file to the users startup folder.. or here this will get you started on using local login scripts;

http://www.wown.com/articles_tutorials/wxpplogs.html

As to the command.. something like that would keep her off the internet

netsh interface ip set address "Gig" static 192.168.1.100 255.255.255.0 none

This would set here address to 192.168.1.100 with a 24 bit mask but not have any gateway.. so she would not be albe to get off the network.. but would be able to talk to other local machines..

"Gig" would be the name of your interface - by default I think it would be "Local Area Connection".. " Gig is the name of my interface.

The other users would then need;

netsh interface ip set address "Gig" static 192.168.1.100 255.255.255.0 192.168.1.1 1

if your gateway was 192.168.1.1 and the other 1 is the metric.. Or you could just have the other users go back to dhcp with something like

netsh interface ip set address "Local Area Connection" dhcp

There are many different ways you could accomplish what your looking to do - you could set her dns to something weird.. ie local address 127.0.0.1 and have the other users correct..

You could also just turn off the nic when she logs in using devcon http://support.microsoft.com/default.aspx?...b;EN-US;Q311272

This should get you started on netsh;

http://www.microsoft.com/resources/documen...n-us/netsh.mspx

[MrBear5587]

Thanks very much for all your knowledgable help BudMan,

I'm going to have a go with this later this evening, I'll let you know how I get on, although I'm sure it'll be fine (Y) :)