MrBear5587 Posted June 24, 2005 Share Posted June 24, 2005 Hi, I have the internet going to the computer through a NIC, so there's no need to dialup as it's always connected. I want to be able to completely block internet access for a single user of the computer, so that both websites and internet enabled applications cannot be utilised. However, I want the internet to function as normal for the other users. Is this possible, if so how can I achieve this? Thanks :) Link to comment Share on other sites More sharing options...
zorak Posted June 24, 2005 Share Posted June 24, 2005 Hi,I have the internet going to the computer through a NIC, so there's no need to dialup as it's always connected. I want to be able to completely block internet access for a single user of the computer, so that both websites and internet enabled applications cannot be utilised. However, I want the internet to function as normal for the other users. Is this possible, if so how can I achieve this? Thanks :) 586112839[/snapback] The easiest way would be to assign that user a static IP address, then filter that IP address at your router. Most DHCP servers can set reservations based on MAC address, so while the client PC is still recieving a address over DHCP it is always the same one. Even basic routers like all the linksys models have a setting to filter specific IP addresses. Link to comment Share on other sites More sharing options...
SergeantNoob Posted June 24, 2005 Share Posted June 24, 2005 If you set up all programs to connect to a nonexistant proxy server, the internet would appear to "not work". Link to comment Share on other sites More sharing options...
+BudMan MVC Posted June 24, 2005 MVC Share Posted June 24, 2005 Zorak - blocking access based on IP or MAC would be valid, if there were not other users on the machine.. I read it like there are other users of this same computer.. "However, I want the internet to function as normal for the other users." If this is the case - your method would block "all" users of that machine.. When this user is logged onto the machine - does he need access to other machines on the network.. or would blocking all network access be ok? Your best bet might be to use a proxy on your network that allows for some method of auth, be it transparent or not.. so that access is based upon user.. There some soho routers that provide this kind of feature.. or many of the linux router distros could do this type of thing.. Another option might be to just setup a script for that users login that removes the gateway setting for example, and other users scripts put it in.. Does the user have admin rights on the box, or permissions as such that they could bypass this type of setting? Are these machines member of a domain where you could use GP based on user account.. or are they just local accounts? Link to comment Share on other sites More sharing options...
MrBear5587 Posted June 26, 2005 Author Share Posted June 26, 2005 Thanks for the replies all. The user is an admin, but she wouldn't have a clue how to bypass anything. The accounts are just local, no domain involved. When the person logs on to the computer, they do not need access to the other machines, but obvisously the other local accounts on that machine would. A logon script as you suggested probably seems like the best way to go about this, but I wouldn't know where to start :no: lol. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted June 26, 2005 MVC Share Posted June 26, 2005 Well it could be as simple as adding a batch file to the users startup folder.. or here this will get you started on using local login scripts; http://www.wown.com/articles_tutorials/wxpplogs.html As to the command.. something like that would keep her off the internet netsh interface ip set address "Gig" static 192.168.1.100 255.255.255.0 none This would set here address to 192.168.1.100 with a 24 bit mask but not have any gateway.. so she would not be albe to get off the network.. but would be able to talk to other local machines.. "Gig" would be the name of your interface - by default I think it would be "Local Area Connection".. " Gig is the name of my interface. The other users would then need; netsh interface ip set address "Gig" static 192.168.1.100 255.255.255.0 192.168.1.1 1 if your gateway was 192.168.1.1 and the other 1 is the metric.. Or you could just have the other users go back to dhcp with something like netsh interface ip set address "Local Area Connection" dhcp There are many different ways you could accomplish what your looking to do - you could set her dns to something weird.. ie local address 127.0.0.1 and have the other users correct.. You could also just turn off the nic when she logs in using devcon http://support.microsoft.com/default.aspx?...b;EN-US;Q311272 This should get you started on netsh; http://www.microsoft.com/resources/documen...n-us/netsh.mspx Link to comment Share on other sites More sharing options...
MrBear5587 Posted June 26, 2005 Author Share Posted June 26, 2005 Thanks very much for all your knowledgable help BudMan, I'm going to have a go with this later this evening, I'll let you know how I get on, although I'm sure it'll be fine (Y) :) Link to comment Share on other sites More sharing options...
Recommended Posts