I want to add a second user to my workstation and grant normal network
(peer-to-peer) access, but I don't want them to have access to the internet.
I haven't found an easy way to do this, I've tried looking at permissions but
I'm missing something.

"Steve Allen" <(E-Mail Removed)> wrote in message
news:44AFFCA1-F383-423D-BD9C-(E-Mail Removed)...
>I want to add a second user to my workstation and grant normal network
> (peer-to-peer) access, but I don't want them to have access to the
> internet.
> I haven't found an easy way to do this, I've tried looking at permissions
> but
> I'm missing something.
>

Windows SteadyState might be for you although I don't know if
it works under Win2000.
http://www.microsoft.com/windows/pro...s/default.mspx

Thank you for the tip but alas, it seems I must have XP for SteadyState.

Question: if I use static IP addresses on all workstations,
Can I build a batch file or script that would delete the tcp/ip entry for
the default gateway and have it run when a particular user logs in?

I am thinking that would allow LAN access but not to the internet.

"Pegasus (MVP)" wrote:

>
> "Steve Allen" <(E-Mail Removed)> wrote in message
> news:44AFFCA1-F383-423D-BD9C-(E-Mail Removed)...
> >I want to add a second user to my workstation and grant normal network
> > (peer-to-peer) access, but I don't want them to have access to the
> > internet.
> > I haven't found an easy way to do this, I've tried looking at permissions
> > but
> > I'm missing something.
> >
>
> Windows SteadyState might be for you although I don't know if
> it works under Win2000.
> http://www.microsoft.com/windows/pro...s/default.mspx
>
>
>

Yes, you could remove the default gateway and/or the DSN entry,
using netsh.exe, provided that the user has sufficient privileges to
run the command. Below is a link and some examples for the command.

http://support.microsoft.com/default...b;EN-US;242468

For a Static IP use:
netsh interface ip set address "Local Area Connection" static 125.187.7.56
255.0.0.0
netsh interface ip set address local static 192.168.1.1 255.255.255.0

And for DHCP use:
netsh interface ip set address "Local Area Connection" DHCP

netsh interface ip set address name="Local Area Connection 2" source=static
addr=192.168.10.10 mask=255.255.255.0 gateway=none
netsh interface ip delete dns name="Local Area Connection 2" addr=all
netsh interface ip set dns name="Local Area Connection 2" source=static
addr=192.168.20.20
netsh interface ip add dns name="Local Area Connection 2" addr=192.168.30.30
netsh interface ip set address name="Local Area Connection X"
gateway=10.0.0.1 gwmetric=1 source=static addr=192.168.0.10
mask=255.255.255.0
netsh interface ip set address name="Local Area Connection" source=static
addr=192.168.44.1 mask=255.255.255.0 gateway=192.168.44.254 gwmetric=1
netsh interface ip set dns name="Local Area Connection" source=static
addr=192.168.44.254


"Steve Allen" <(E-Mail Removed)> wrote in message
news:06F832D0-A87D-4E0B-A94F-(E-Mail Removed)...
> Thank you for the tip but alas, it seems I must have XP for SteadyState.
>
> Question: if I use static IP addresses on all workstations,
> Can I build a batch file or script that would delete the tcp/ip entry for
> the default gateway and have it run when a particular user logs in?
>
> I am thinking that would allow LAN access but not to the internet.
>
> "Pegasus (MVP)" wrote:
>
>>
>> "Steve Allen" <(E-Mail Removed)> wrote in message
>> news:44AFFCA1-F383-423D-BD9C-(E-Mail Removed)...
>> >I want to add a second user to my workstation and grant normal network
>> > (peer-to-peer) access, but I don't want them to have access to the
>> > internet.
>> > I haven't found an easy way to do this, I've tried looking at
>> > permissions
>> > but
>> > I'm missing something.
>> >
>>
>> Windows SteadyState might be for you although I don't know if
>> it works under Win2000.
>> http://www.microsoft.com/windows/pro...s/default.mspx
>>
>>
>>

I really appreciate your help, thank you.
OK, I think I get how to use netsh and it should work,
BUT, I believe the user I wish to BLOCK for the internet needs to have
"administrator" privleges inorder for the command to function, when they and
only they login.

There are to be three users on the computer, each with a unique username and
password.
Administrator(me) for maintenance, etc. full network access.
Fulltime for my regular secretary. full network access.(user or power user.)
and "PartTime" for temp office help........LAN Access: yes, Internet Access:
NO. User group only. Naturally I don't want to give my part time help
"administrator" status!

with netsh I should be able to "enable" the gateway address for me and my
full time employee, but how do I run this when the "Part time" employee logs
on with only user privliges?

would a program like "net nanny" be easier? lol, been years since I saw
that one.
Any further tips will be most appreciated, thank you again.

"Pegasus (MVP)" wrote:

> Yes, you could remove the default gateway and/or the DSN entry,
> using netsh.exe, provided that the user has sufficient privileges to
> run the command. Below is a link and some examples for the command.
>
> http://support.microsoft.com/default...b;EN-US;242468
>
> For a Static IP use:
> netsh interface ip set address "Local Area Connection" static 125.187.7.56
> 255.0.0.0
> netsh interface ip set address local static 192.168.1.1 255.255.255.0
>
> And for DHCP use:
> netsh interface ip set address "Local Area Connection" DHCP
>
> netsh interface ip set address name="Local Area Connection 2" source=static
> addr=192.168.10.10 mask=255.255.255.0 gateway=none
> netsh interface ip delete dns name="Local Area Connection 2" addr=all
> netsh interface ip set dns name="Local Area Connection 2" source=static
> addr=192.168.20.20
> netsh interface ip add dns name="Local Area Connection 2" addr=192.168.30.30
> netsh interface ip set address name="Local Area Connection X"
> gateway=10.0.0.1 gwmetric=1 source=static addr=192.168.0.10
> mask=255.255.255.0
> netsh interface ip set address name="Local Area Connection" source=static
> addr=192.168.44.1 mask=255.255.255.0 gateway=192.168.44.254 gwmetric=1
> netsh interface ip set dns name="Local Area Connection" source=static
> addr=192.168.44.254
>
>
> "Steve Allen" <(E-Mail Removed)> wrote in message
> news:06F832D0-A87D-4E0B-A94F-(E-Mail Removed)...
> > Thank you for the tip but alas, it seems I must have XP for SteadyState.
> >
> > Question: if I use static IP addresses on all workstations,
> > Can I build a batch file or script that would delete the tcp/ip entry for
> > the default gateway and have it run when a particular user logs in?
> >
> > I am thinking that would allow LAN access but not to the internet.
> >
> > "Pegasus (MVP)" wrote:
> >
> >>
> >> "Steve Allen" <(E-Mail Removed)> wrote in message
> >> news:44AFFCA1-F383-423D-BD9C-(E-Mail Removed)...
> >> >I want to add a second user to my workstation and grant normal network
> >> > (peer-to-peer) access, but I don't want them to have access to the
> >> > internet.
> >> > I haven't found an easy way to do this, I've tried looking at
> >> > permissions
> >> > but
> >> > I'm missing something.
> >> >
> >>
> >> Windows SteadyState might be for you although I don't know if
> >> it works under Win2000.
> >> http://www.microsoft.com/windows/pro...s/default.mspx
> >>
> >>
> >>
>
>
>

There is a fairly simple solution to your problem. Instead of
playing around with the IP settings, you can modify IE so
that it no longer finds any pages. You could include these
lines in your logon script:

@echo off
if /i "%UserName%"=="TempUser" (set Reg=1) else (set Reg=0)
echo > c:\proxy.reg REGEDIT4
echo >>c:\proxy.reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings]
echo >>c:\proxy.reg "ProxyEnable"=dword:0000000%Reg%
echo >>c:\proxy.reg "ProxyServer"="SteveProxy:9090"
regedit /s c:\proxy.reg
del c:\proxy.reg

I found that ordinary users can edit this part of the registry.
Make sure to replace TempUser with the actual logon name
of the user.


"Steve Allen" <(E-Mail Removed)> wrote in message
news:B2419BED-4CCD-4803-A8E1-(E-Mail Removed)...
>I really appreciate your help, thank you.
> OK, I think I get how to use netsh and it should work,
> BUT, I believe the user I wish to BLOCK for the internet needs to have
> "administrator" privleges inorder for the command to function, when they
> and
> only they login.
>
> There are to be three users on the computer, each with a unique username
> and
> password.
> Administrator(me) for maintenance, etc. full network access.
> Fulltime for my regular secretary. full network access.(user or power
> user.)
> and "PartTime" for temp office help........LAN Access: yes, Internet
> Access:
> NO. User group only. Naturally I don't want to give my part time help
> "administrator" status!
>
> with netsh I should be able to "enable" the gateway address for me and my
> full time employee, but how do I run this when the "Part time" employee
> logs
> on with only user privliges?
>
> would a program like "net nanny" be easier? lol, been years since I saw
> that one.
> Any further tips will be most appreciated, thank you again.
>
> "Pegasus (MVP)" wrote:
>
>> Yes, you could remove the default gateway and/or the DSN entry,
>> using netsh.exe, provided that the user has sufficient privileges to
>> run the command. Below is a link and some examples for the command.
>>
>> http://support.microsoft.com/default...b;EN-US;242468
>>
>> For a Static IP use:
>> netsh interface ip set address "Local Area Connection" static
>> 125.187.7.56
>> 255.0.0.0
>> netsh interface ip set address local static 192.168.1.1 255.255.255.0
>>
>> And for DHCP use:
>> netsh interface ip set address "Local Area Connection" DHCP
>>
>> netsh interface ip set address name="Local Area Connection 2"
>> source=static
>> addr=192.168.10.10 mask=255.255.255.0 gateway=none
>> netsh interface ip delete dns name="Local Area Connection 2" addr=all
>> netsh interface ip set dns name="Local Area Connection 2" source=static
>> addr=192.168.20.20
>> netsh interface ip add dns name="Local Area Connection 2"
>> addr=192.168.30.30
>> netsh interface ip set address name="Local Area Connection X"
>> gateway=10.0.0.1 gwmetric=1 source=static addr=192.168.0.10
>> mask=255.255.255.0
>> netsh interface ip set address name="Local Area Connection" source=static
>> addr=192.168.44.1 mask=255.255.255.0 gateway=192.168.44.254 gwmetric=1
>> netsh interface ip set dns name="Local Area Connection" source=static
>> addr=192.168.44.254
>>
>>
>> "Steve Allen" <(E-Mail Removed)> wrote in message
>> news:06F832D0-A87D-4E0B-A94F-(E-Mail Removed)...
>> > Thank you for the tip but alas, it seems I must have XP for
>> > SteadyState.
>> >
>> > Question: if I use static IP addresses on all workstations,
>> > Can I build a batch file or script that would delete the tcp/ip entry
>> > for
>> > the default gateway and have it run when a particular user logs in?
>> >
>> > I am thinking that would allow LAN access but not to the internet.
>> >
>> > "Pegasus (MVP)" wrote:
>> >
>> >>
>> >> "Steve Allen" <(E-Mail Removed)> wrote in message
>> >> news:44AFFCA1-F383-423D-BD9C-(E-Mail Removed)...
>> >> >I want to add a second user to my workstation and grant normal
>> >> >network
>> >> > (peer-to-peer) access, but I don't want them to have access to the
>> >> > internet.
>> >> > I haven't found an easy way to do this, I've tried looking at
>> >> > permissions
>> >> > but
>> >> > I'm missing something.
>> >> >
>> >>
>> >> Windows SteadyState might be for you although I don't know if
>> >> it works under Win2000.
>> >> http://www.microsoft.com/windows/pro...s/default.mspx
>> >>
>> >>
>> >>
>>
>>
>>

Ok, this looks encouraging, I'll try it this weekend and let you know.
Thanks again, Steve

"Steve Allen" wrote:

> Thank you for the tip but alas, it seems I must have XP for SteadyState.
>
> Question: if I use static IP addresses on all workstations,
> Can I build a batch file or script that would delete the tcp/ip entry for
> the default gateway and have it run when a particular user logs in?
>
> I am thinking that would allow LAN access but not to the internet.
>
> "Pegasus (MVP)" wrote:
>
> >
> > "Steve Allen" <(E-Mail Removed)> wrote in message
> > news:44AFFCA1-F383-423D-BD9C-(E-Mail Removed)...
> > >I want to add a second user to my workstation and grant normal network
> > > (peer-to-peer) access, but I don't want them to have access to the
> > > internet.
> > > I haven't found an easy way to do this, I've tried looking at permissions
> > > but
> > > I'm missing something.
> > >
> >
> > Windows SteadyState might be for you although I don't know if
> > it works under Win2000.
> > http://www.microsoft.com/windows/pro...s/default.mspx
> >
> >
> >

Pegasus, it seems I need more experience to create a logon script.
I created a batch file called "noisp.bat" and copied your example replacing
temp_user with the real logon name "Part Time" as suggested. I tried saving
the batch file in several locations as I could not add a full path to the
user's settings, only a relative path for testing.
I am going to search MS for some more help on this. If you have any links
or suggestions please advise.
Thanks again, Steve


"Pegasus (MVP)" wrote:

> There is a fairly simple solution to your problem. Instead of
> playing around with the IP settings, you can modify IE so
> that it no longer finds any pages. You could include these
> lines in your logon script:
>
> @echo off
> if /i "%UserName%"=="TempUser" (set Reg=1) else (set Reg=0)
> echo > c:\proxy.reg REGEDIT4
> echo >>c:\proxy.reg
> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings]
> echo >>c:\proxy.reg "ProxyEnable"=dword:0000000%Reg%
> echo >>c:\proxy.reg "ProxyServer"="SteveProxy:9090"
> regedit /s c:\proxy.reg
> del c:\proxy.reg
>
> I found that ordinary users can edit this part of the registry.
> Make sure to replace TempUser with the actual logon name
> of the user.
>
>
> "Steve Allen" <(E-Mail Removed)> wrote in message
> news:B2419BED-4CCD-4803-A8E1-(E-Mail Removed)...
> >I really appreciate your help, thank you.
> > OK, I think I get how to use netsh and it should work,
> > BUT, I believe the user I wish to BLOCK for the internet needs to have
> > "administrator" privleges inorder for the command to function, when they
> > and
> > only they login.
> >
> > There are to be three users on the computer, each with a unique username
> > and
> > password.
> > Administrator(me) for maintenance, etc. full network access.
> > Fulltime for my regular secretary. full network access.(user or power
> > user.)
> > and "PartTime" for temp office help........LAN Access: yes, Internet
> > Access:
> > NO. User group only. Naturally I don't want to give my part time help
> > "administrator" status!
> >
> > with netsh I should be able to "enable" the gateway address for me and my
> > full time employee, but how do I run this when the "Part time" employee
> > logs
> > on with only user privliges?
> >
> > would a program like "net nanny" be easier? lol, been years since I saw
> > that one.
> > Any further tips will be most appreciated, thank you again.
> >
> > "Pegasus (MVP)" wrote:
> >
> >> Yes, you could remove the default gateway and/or the DSN entry,
> >> using netsh.exe, provided that the user has sufficient privileges to
> >> run the command. Below is a link and some examples for the command.
> >>
> >> http://support.microsoft.com/default...b;EN-US;242468
> >>
> >> For a Static IP use:
> >> netsh interface ip set address "Local Area Connection" static
> >> 125.187.7.56
> >> 255.0.0.0
> >> netsh interface ip set address local static 192.168.1.1 255.255.255.0
> >>
> >> And for DHCP use:
> >> netsh interface ip set address "Local Area Connection" DHCP
> >>
> >> netsh interface ip set address name="Local Area Connection 2"
> >> source=static
> >> addr=192.168.10.10 mask=255.255.255.0 gateway=none
> >> netsh interface ip delete dns name="Local Area Connection 2" addr=all
> >> netsh interface ip set dns name="Local Area Connection 2" source=static
> >> addr=192.168.20.20
> >> netsh interface ip add dns name="Local Area Connection 2"
> >> addr=192.168.30.30
> >> netsh interface ip set address name="Local Area Connection X"
> >> gateway=10.0.0.1 gwmetric=1 source=static addr=192.168.0.10
> >> mask=255.255.255.0
> >> netsh interface ip set address name="Local Area Connection" source=static
> >> addr=192.168.44.1 mask=255.255.255.0 gateway=192.168.44.254 gwmetric=1
> >> netsh interface ip set dns name="Local Area Connection" source=static
> >> addr=192.168.44.254
> >>
> >>
> >> "Steve Allen" <(E-Mail Removed)> wrote in message
> >> news:06F832D0-A87D-4E0B-A94F-(E-Mail Removed)...
> >> > Thank you for the tip but alas, it seems I must have XP for
> >> > SteadyState.
> >> >
> >> > Question: if I use static IP addresses on all workstations,
> >> > Can I build a batch file or script that would delete the tcp/ip entry
> >> > for
> >> > the default gateway and have it run when a particular user logs in?
> >> >
> >> > I am thinking that would allow LAN access but not to the internet.
> >> >
> >> > "Pegasus (MVP)" wrote:
> >> >
> >> >>
> >> >> "Steve Allen" <(E-Mail Removed)> wrote in message
> >> >> news:44AFFCA1-F383-423D-BD9C-(E-Mail Removed)...
> >> >> >I want to add a second user to my workstation and grant normal
> >> >> >network
> >> >> > (peer-to-peer) access, but I don't want them to have access to the
> >> >> > internet.
> >> >> > I haven't found an easy way to do this, I've tried looking at
> >> >> > permissions
> >> >> > but
> >> >> > I'm missing something.
> >> >> >
> >> >>
> >> >> Windows SteadyState might be for you although I don't know if
> >> >> it works under Win2000.
> >> >> http://www.microsoft.com/windows/pro...s/default.mspx
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>

You can put the file "noisp.bat" here:

c:\Documents and Settings\All Users\Start Menu\Programs\Startup


"Steve Allen" <(E-Mail Removed)> wrote in message
news:6B0351B5-F3BE-4DDA-BB1C-(E-Mail Removed)...
> Pegasus, it seems I need more experience to create a logon script.
> I created a batch file called "noisp.bat" and copied your example
> replacing
> temp_user with the real logon name "Part Time" as suggested. I tried
> saving
> the batch file in several locations as I could not add a full path to the
> user's settings, only a relative path for testing.
> I am going to search MS for some more help on this. If you have any links
> or suggestions please advise.
> Thanks again, Steve
>
>
> "Pegasus (MVP)" wrote:
>
>> There is a fairly simple solution to your problem. Instead of
>> playing around with the IP settings, you can modify IE so
>> that it no longer finds any pages. You could include these
>> lines in your logon script:
>>
>> @echo off
>> if /i "%UserName%"=="TempUser" (set Reg=1) else (set Reg=0)
>> echo > c:\proxy.reg REGEDIT4
>> echo >>c:\proxy.reg
>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
>> Settings]
>> echo >>c:\proxy.reg "ProxyEnable"=dword:0000000%Reg%
>> echo >>c:\proxy.reg "ProxyServer"="SteveProxy:9090"
>> regedit /s c:\proxy.reg
>> del c:\proxy.reg
>>
>> I found that ordinary users can edit this part of the registry.
>> Make sure to replace TempUser with the actual logon name
>> of the user.
>>
>>
>> "Steve Allen" <(E-Mail Removed)> wrote in message
>> news:B2419BED-4CCD-4803-A8E1-(E-Mail Removed)...
>> >I really appreciate your help, thank you.
>> > OK, I think I get how to use netsh and it should work,
>> > BUT, I believe the user I wish to BLOCK for the internet needs to have
>> > "administrator" privleges inorder for the command to function, when
>> > they
>> > and
>> > only they login.
>> >
>> > There are to be three users on the computer, each with a unique
>> > username
>> > and
>> > password.
>> > Administrator(me) for maintenance, etc. full network access.
>> > Fulltime for my regular secretary. full network access.(user or power
>> > user.)
>> > and "PartTime" for temp office help........LAN Access: yes, Internet
>> > Access:
>> > NO. User group only. Naturally I don't want to give my part time help
>> > "administrator" status!
>> >
>> > with netsh I should be able to "enable" the gateway address for me and
>> > my
>> > full time employee, but how do I run this when the "Part time" employee
>> > logs
>> > on with only user privliges?
>> >
>> > would a program like "net nanny" be easier? lol, been years since I
>> > saw
>> > that one.
>> > Any further tips will be most appreciated, thank you again.
>> >
>> > "Pegasus (MVP)" wrote:
>> >
>> >> Yes, you could remove the default gateway and/or the DSN entry,
>> >> using netsh.exe, provided that the user has sufficient privileges to
>> >> run the command. Below is a link and some examples for the command.
>> >>
>> >> http://support.microsoft.com/default...b;EN-US;242468
>> >>
>> >> For a Static IP use:
>> >> netsh interface ip set address "Local Area Connection" static
>> >> 125.187.7.56
>> >> 255.0.0.0
>> >> netsh interface ip set address local static 192.168.1.1 255.255.255.0
>> >>
>> >> And for DHCP use:
>> >> netsh interface ip set address "Local Area Connection" DHCP
>> >>
>> >> netsh interface ip set address name="Local Area Connection 2"
>> >> source=static
>> >> addr=192.168.10.10 mask=255.255.255.0 gateway=none
>> >> netsh interface ip delete dns name="Local Area Connection 2" addr=all
>> >> netsh interface ip set dns name="Local Area Connection 2"
>> >> source=static
>> >> addr=192.168.20.20
>> >> netsh interface ip add dns name="Local Area Connection 2"
>> >> addr=192.168.30.30
>> >> netsh interface ip set address name="Local Area Connection X"
>> >> gateway=10.0.0.1 gwmetric=1 source=static addr=192.168.0.10
>> >> mask=255.255.255.0
>> >> netsh interface ip set address name="Local Area Connection"
>> >> source=static
>> >> addr=192.168.44.1 mask=255.255.255.0 gateway=192.168.44.254 gwmetric=1
>> >> netsh interface ip set dns name="Local Area Connection" source=static
>> >> addr=192.168.44.254
>> >>
>> >>
>> >> "Steve Allen" <(E-Mail Removed)> wrote in message
>> >> news:06F832D0-A87D-4E0B-A94F-(E-Mail Removed)...
>> >> > Thank you for the tip but alas, it seems I must have XP for
>> >> > SteadyState.
>> >> >
>> >> > Question: if I use static IP addresses on all workstations,
>> >> > Can I build a batch file or script that would delete the tcp/ip
>> >> > entry
>> >> > for
>> >> > the default gateway and have it run when a particular user logs in?
>> >> >
>> >> > I am thinking that would allow LAN access but not to the internet.
>> >> >
>> >> > "Pegasus (MVP)" wrote:
>> >> >
>> >> >>
>> >> >> "Steve Allen" <(E-Mail Removed)> wrote in message
>> >> >> news:44AFFCA1-F383-423D-BD9C-(E-Mail Removed)...
>> >> >> >I want to add a second user to my workstation and grant normal
>> >> >> >network
>> >> >> > (peer-to-peer) access, but I don't want them to have access to
>> >> >> > the
>> >> >> > internet.
>> >> >> > I haven't found an easy way to do this, I've tried looking at
>> >> >> > permissions
>> >> >> > but
>> >> >> > I'm missing something.
>> >> >> >
>> >> >>
>> >> >> Windows SteadyState might be for you although I don't know if
>> >> >> it works under Win2000.
>> >> >> http://www.microsoft.com/windows/pro...s/default.mspx
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>

I will need a few days to work out some other bugs for the new user with
restricted user privilages, I'll get back to you as soon as possible.
Thanks again.

"Pegasus (MVP)" wrote:

> You can put the file "noisp.bat" here:
>
> c:\Documents and Settings\All Users\Start Menu\Programs\Startup
>
>
> "Steve Allen" <(E-Mail Removed)> wrote in message
> news:6B0351B5-F3BE-4DDA-BB1C-(E-Mail Removed)...
> > Pegasus, it seems I need more experience to create a logon script.
> > I created a batch file called "noisp.bat" and copied your example
> > replacing
> > temp_user with the real logon name "Part Time" as suggested. I tried
> > saving
> > the batch file in several locations as I could not add a full path to the
> > user's settings, only a relative path for testing.
> > I am going to search MS for some more help on this. If you have any links
> > or suggestions please advise.
> > Thanks again, Steve
> >
> >
> > "Pegasus (MVP)" wrote:
> >
> >> There is a fairly simple solution to your problem. Instead of
> >> playing around with the IP settings, you can modify IE so
> >> that it no longer finds any pages. You could include these
> >> lines in your logon script:
> >>
> >> @echo off
> >> if /i "%UserName%"=="TempUser" (set Reg=1) else (set Reg=0)
> >> echo > c:\proxy.reg REGEDIT4
> >> echo >>c:\proxy.reg
> >> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
> >> Settings]
> >> echo >>c:\proxy.reg "ProxyEnable"=dword:0000000%Reg%
> >> echo >>c:\proxy.reg "ProxyServer"="SteveProxy:9090"
> >> regedit /s c:\proxy.reg
> >> del c:\proxy.reg
> >>
> >> I found that ordinary users can edit this part of the registry.
> >> Make sure to replace TempUser with the actual logon name
> >> of the user.
> >>
> >>
> >> "Steve Allen" <(E-Mail Removed)> wrote in message
> >> news:B2419BED-4CCD-4803-A8E1-(E-Mail Removed)...
> >> >I really appreciate your help, thank you.
> >> > OK, I think I get how to use netsh and it should work,
> >> > BUT, I believe the user I wish to BLOCK for the internet needs to have
> >> > "administrator" privleges inorder for the command to function, when
> >> > they
> >> > and
> >> > only they login.
> >> >
> >> > There are to be three users on the computer, each with a unique
> >> > username
> >> > and
> >> > password.
> >> > Administrator(me) for maintenance, etc. full network access.
> >> > Fulltime for my regular secretary. full network access.(user or power
> >> > user.)
> >> > and "PartTime" for temp office help........LAN Access: yes, Internet
> >> > Access:
> >> > NO. User group only. Naturally I don't want to give my part time help
> >> > "administrator" status!
> >> >
> >> > with netsh I should be able to "enable" the gateway address for me and
> >> > my
> >> > full time employee, but how do I run this when the "Part time" employee
> >> > logs
> >> > on with only user privliges?
> >> >
> >> > would a program like "net nanny" be easier? lol, been years since I
> >> > saw
> >> > that one.
> >> > Any further tips will be most appreciated, thank you again.
> >> >
> >> > "Pegasus (MVP)" wrote:
> >> >
> >> >> Yes, you could remove the default gateway and/or the DSN entry,
> >> >> using netsh.exe, provided that the user has sufficient privileges to
> >> >> run the command. Below is a link and some examples for the command.
> >> >>
> >> >> http://support.microsoft.com/default...b;EN-US;242468
> >> >>
> >> >> For a Static IP use:
> >> >> netsh interface ip set address "Local Area Connection" static
> >> >> 125.187.7.56
> >> >> 255.0.0.0
> >> >> netsh interface ip set address local static 192.168.1.1 255.255.255.0
> >> >>
> >> >> And for DHCP use:
> >> >> netsh interface ip set address "Local Area Connection" DHCP
> >> >>
> >> >> netsh interface ip set address name="Local Area Connection 2"
> >> >> source=static
> >> >> addr=192.168.10.10 mask=255.255.255.0 gateway=none
> >> >> netsh interface ip delete dns name="Local Area Connection 2" addr=all
> >> >> netsh interface ip set dns name="Local Area Connection 2"
> >> >> source=static
> >> >> addr=192.168.20.20
> >> >> netsh interface ip add dns name="Local Area Connection 2"
> >> >> addr=192.168.30.30
> >> >> netsh interface ip set address name="Local Area Connection X"
> >> >> gateway=10.0.0.1 gwmetric=1 source=static addr=192.168.0.10
> >> >> mask=255.255.255.0
> >> >> netsh interface ip set address name="Local Area Connection"
> >> >> source=static
> >> >> addr=192.168.44.1 mask=255.255.255.0 gateway=192.168.44.254 gwmetric=1
> >> >> netsh interface ip set dns name="Local Area Connection" source=static
> >> >> addr=192.168.44.254
> >> >>
> >> >>
> >> >> "Steve Allen" <(E-Mail Removed)> wrote in message
> >> >> news:06F832D0-A87D-4E0B-A94F-(E-Mail Removed)...
> >> >> > Thank you for the tip but alas, it seems I must have XP for
> >> >> > SteadyState.
> >> >> >
> >> >> > Question: if I use static IP addresses on all workstations,
> >> >> > Can I build a batch file or script that would delete the tcp/ip
> >> >> > entry
> >> >> > for
> >> >> > the default gateway and have it run when a particular user logs in?
> >> >> >
> >> >> > I am thinking that would allow LAN access but not to the internet.
> >> >> >
> >> >> > "Pegasus (MVP)" wrote:
> >> >> >
> >> >> >>
> >> >> >> "Steve Allen" <(E-Mail Removed)> wrote in message
> >> >> >> news:44AFFCA1-F383-423D-BD9C-(E-Mail Removed)...
> >> >> >> >I want to add a second user to my workstation and grant normal
> >> >> >> >network
> >> >> >> > (peer-to-peer) access, but I don't want them to have access to
> >> >> >> > the
> >> >> >> > internet.
> >> >> >> > I haven't found an easy way to do this, I've tried looking at
> >> >> >> > permissions
> >> >> >> > but
> >> >> >> > I'm missing something.
> >> >> >> >
> >> >> >>
> >> >> >> Windows SteadyState might be for you although I don't know if
> >> >> >> it works under Win2000.
> >> >> >> http://www.microsoft.com/windows/pro...s/default.mspx
> >> >> >>
> >> >> >>
> >> >> >>
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>