Wednesday, February 23, 2005
Disable Internet access on a Windows PC
By Jason Hiner MCSE, CCNA, TechRepublic
Friday, December 17 2004 3:52 PM
Problem
TechRepublic member gryandmary used the Technical Q&A to pose the following question: "Can I target a client PC and disable Internet surfing, through a Windows 2000 Server with DSL connectivity, while still maintaining communication with the server? We are using Microsoft Windows XP Pro on the client."
Solution
Here was the response from TechRepublic member zaferus: "There are two ways you can disable Web browsing from a Windows system:
1. Go to Internet Options in the Control Panel. Go to the Connections tab and click LAN settings. Uncheck "Automatically detect settings" and then check "Use proxy server" and put settings in for a proxy server that doesn't exist. This will time out the Web browser each time a user tries to pull up an Internet site. Unfortunately, a savvy user could go into the settings and fix this.
2. Alternatively, you can set the Internet router to deny all port 80 traffic to the WAN from the IP address of the client PC you want to block. This is something that the user is less likely to figure out, and it will effectively block that one PC from Web access, while still allowing all over LAN users full access to the Internet."
TechRepublic member brian added another option:
"Go to:
* TCP/IP Properties
* Advanced
* Options
* TCP/IP filtering Properties
* Select Enable TCP/IP filtering (All adapters)
* Select Permit Only for all three selections (TCP, UDP, IP)
* Add only the allowed ports that are needed (leaving out port 80 for Web browser traffic)
* Click OK multiple times to close out the windows
These settings could also be set in a Group Policy GPO so that the user can't change them. You would make a special group just for this user."
Friday, December 17 2004 3:52 PM
Problem
TechRepublic member gryandmary used the Technical Q&A to pose the following question: "Can I target a client PC and disable Internet surfing, through a Windows 2000 Server with DSL connectivity, while still maintaining communication with the server? We are using Microsoft Windows XP Pro on the client."
Solution
Here was the response from TechRepublic member zaferus: "There are two ways you can disable Web browsing from a Windows system:
1. Go to Internet Options in the Control Panel. Go to the Connections tab and click LAN settings. Uncheck "Automatically detect settings" and then check "Use proxy server" and put settings in for a proxy server that doesn't exist. This will time out the Web browser each time a user tries to pull up an Internet site. Unfortunately, a savvy user could go into the settings and fix this.
2. Alternatively, you can set the Internet router to deny all port 80 traffic to the WAN from the IP address of the client PC you want to block. This is something that the user is less likely to figure out, and it will effectively block that one PC from Web access, while still allowing all over LAN users full access to the Internet."
TechRepublic member brian added another option:
"Go to:
* TCP/IP Properties
* Advanced
* Options
* TCP/IP filtering Properties
* Select Enable TCP/IP filtering (All adapters)
* Select Permit Only for all three selections (TCP, UDP, IP)
* Add only the allowed ports that are needed (leaving out port 80 for Web browser traffic)
* Click OK multiple times to close out the windows
These settings could also be set in a Group Policy GPO so that the user can't change them. You would make a special group just for this user."
# posted by MiDBA @ 2/23/2005 05:20:00 PM 
