In article <#MVS#(E-Mail Removed)>, "Gary Richtmeyer"
<glricht-RemoveMe-(E-Mail Removed)> wrote:
>I have a small-business CPA customer with multiple Win XP Home (SP2) PCs
>networked together via the usual router/switch configuration to allow file &
>print sharing. Until recently, only 1 PC could access the Internet and that
>was via dial, but they've "taken the plunge" and ordered DSL.
>
>The owner is absolutely paranoid about security and is convinced that while
>a PC is connected to the Internet, people could hack in and steal customer
>financial and identity-type info. The longer the time the PC was connected,
>the higher the risk. With dial, he felt he could control that by
>restricting dial access to a single PC (with no customer data on the PC) and
>allowing the dial session to last only as long as absolutely necessary.
>Given this mindset, DSL has him real worried. I've explained about
>firewalls (both hw & sw) and all the other ways of protection and he's
>reluctantly agreed to allow all of his PCs to be able to access the
>Internet.
>
>However (and here's the problem), he still wants to limit the time the PC
>has Internet access. He wants to have some kind of "switch" that a user
>would turn ON or OFF to allow their PC to be able to access the Internet.
>In other words, if the user is doing internal office work (which requires
>access to other PCs or printers on the LAN), the "Internet switch" should be
>OFF to not allow Internet access. When the user needs to do email or access
>a web site, they would turn the switch ON, do the online activities, then
>turn the switch OFF again. But the PC needs LAN access at all times.
>
>I've tried to explain the folly of his "solution" and that keeping the
>switch OFF by default would stop all Windows and anti-virus automatic
>updates, but he wants to give it a try.
>
>So does anybody know a technique or program that could do this? Since
>turning the switch ON/OFF will happen multiple times per day on each PC, the
>solution has to be something simple. I envision having to setup some sort
>of BAT file that would issue the appropriate commands to turn the switch ON
>or OFF. Just not sure if the "switch" is within TCP/IP, the router, or
>what.
>
>I done a lot of Googling and found some solutions for permanent
>restrictions, but nothing that can be easily turned off and on. I'm looking
>for help!
>
>
>Gary Richtmeyer
Create two batch files. The first one creates a default route using
the router's LAN address (w.x.y.z), enabling Internet access:
route add 0.0.0.0 mask 0.0.0.0 w.x.y.z
The second one deletes the default route, disabling Internet access:
route delete 0.0.0.0 mask 0.0.0.0
You can create desktop shortcuts to the batch files and configure the
shortcut properties to run minimized so that they work invisibly.
The files will have no effect on LAN access.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)
Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.
Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
Similar Threads
