Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Limit Internet Access 1

Status
Not open for further replies.

MEL33

IS-IT--Management
Jan 7, 2004
17
US
Is there a good way to limit internet access over a lan for a user or users? We connect to the internet through a checkpoint firewall - VPN1
 
Use the ability to create a logon script, and the ability to use regedit to import registry settings to accomplish this.

1. Create the registry scripts needed:

. Internet_on.reg

Open your registry and find the key below.
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

Export this key as Internet_on.reg

. Internet_off.reg

Change the value of "ProxyEnable" and set it to "1". Change the value of "ProxyServer" and set it to an IP address and port that is invalid on your network such as "10.0.0.1:5555" (i.e. "IP:port").

By changing these settings Internet access will be disabled for any applications that rely of the Microsoft proxy server information such as Internet Explorer, Microsoft Office, Opera browser, Mozilla, etc.

Export the key [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

again as Internet_off.reg


2. In the logon script for users you either place the on or off registry key file with the following syntax:

regedit /s Internet_on or Internet_off.reg

Note: The change will take effect immediately for any new browser windows, existing Internet Explorer sessions will not be affected until the browser is closed and reopened.

3. If you have relatively clever users, they could change these settings, unless you stop them.

To stop users from modifying the proxy settings add these restrictions to disable changes to the Internet configuration.

Find or create the key below:

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]

Create two DWORD values named "Connection Settings" and "Connwiz Admin Lock" and set them both to "1".

Make certain you create and export a second registry key set where both values are set to 0 or you will not be able to change your connection settings either!

Source: from an idea found in winguides.com

 
I hope step #2 is clear enough, you either use the "on" or the "off" file as appropriate.
 
This will work great on users were I want to completely block access to the internet. Is there an easy way to limit access to certain sites? Example: They can only access UPS.com
 
Hi,


You can also use the content advisor, tools - Internet options - content - content advisor. You place the site they have to have access to in the list of approved sites(with always). Set a password and enable the content advisor. You have to block msn and hotmail at the approved sites(with never) because you still get access to them if you don't block them.

Greets
Outliner
 
That's a good link ricpinto, I'll definately make a note of that one.
 
Ok try this:

1. In the proxy settings on the IE, enter a fictitious domain, bogusdomain and port 80.
2. Now in the 'Exceptions' box type the website and other urls related to this site.(if you're not sure which related urls, then goto 'view source' from the pop up menu.

That will do, but for advance users:

3. Start/run/gpedit.msc

goto: User Configuration/Administrative Templates/ Windows Component/Internet Explorer/Internet Control Pane/Disable the Conection page. Now Right Click 'Properties' and check 'Enable' box.

Now nobody can remove the bogusdomain port 80.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top