Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

need to block acces to internet 1

Status
Not open for further replies.
tibbet

tibbet

MIS
Jan 8, 2002
17
0
0
NL
I am working in a primary school with a lot of kids using the internet. One group though use the internet not the way they should (blood and gore) so I have to block access to internet for this group.
The group uses a single account which should make things easier.
We use winrout pro, I´ve tried to block sites etc. using packet filtering but without success. I´ve tried running zonealarm, but this blocked a pc so thorough that it took me a while to disable all that again.
Why isn´t there a simple option in a policy, stating that all access to the internet should be blocked, leaving a perfict local network???
I´ve tried setting up a new usergroup in the AD, assigned it a policy (redirecting the gateway and the connections foor Internet explorer) but the main policy (governing the domain) overruled the settings...
Please help a teacher having to deal with something that is way over his head!

Tibbet.
 
Sort by date Sort by votes
Have you tried this?


Apply those registry changes to a policy for that account and that might do the trick. They will probably find them again and disable your changes.

Another solution would be to get the sites that you don't want them to see and enter them in your DNS as 127.0.0.1 or better redirect them to a web page on your server which has a message like 'Get back to work, you little tike!' :)

Instead of using WinRoute to get to the internet you might want to look at 'smoothwall'. Don't be put off by the Linux bit - once it's up and running it's a doddle.

There are other commercial solutions - Bascom did one which uses exclusive filtering - everything is denied except what you want them to see and it's configured on a per user basis - not sure if it's still around.
 
Upvote 0 Downvote
There is a simple solution for this.

1.Create a GPO and apply it to the group only.
2.Within the GPO set the Proxy to a fake address on a different subnet than you use.
3.Specify to Bypass Proxy for local addresses (so they CAN use the intranet)
4.Disable IE Control Panel


That is it. Any external adress will be directed to the fake proxy and fail.

if you want to get creative, modify their default 404 error message to say something like "You have tried to access an illegal site. Your parents will be notified."

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
91
DTGMI
DTGMI
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
109
microsGuy16
microsGuy16
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
91
mangentle
mangentle
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
75
hairlessupportmonkey
hairlessupportmonkey
DrB0b
  • Locked
  • Question
HyperV trying to do extended replica to external HDD
Replies
0
Views
49
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top