R
ridergroov
Hi there everyone. Trying to figure out how I can block specific users
on an XP Pro machine from using the internet. Thanks!
on an XP Pro machine from using the internet. Thanks!
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
P
Pat Coghlan
What do you want to prevent, browsing? E-mail?ridergroov said:Hi there everyone. Trying to figure out how I can block specific users
on an XP Pro machine from using the internet. Thanks!
You can prevent them from accessing specific client software such as
browsers as follows:
- create a local group (assuming this is not a domain workstation)
called NoAccess
- on the properties/security tab for an executable (Firefox.exe etc.),
add a Deny Access permission to anyone that is in NoAccess group
- right click My Computer-Manager-Users and Groups-<account>-Properties,
and make the user(s) a member of NoAccess
This will prevent them from running the specified application(s). They
have to logoff/logon for this to take effect.
M
Mikie
Pat said:What do you want to prevent, browsing? E-mail?
You can prevent them from accessing specific client software such as
browsers as follows:
- create a local group (assuming this is not a domain workstation)
called NoAccess
- on the properties/security tab for an executable (Firefox.exe etc.),
add a Deny Access permission to anyone that is in NoAccess group
- right click My Computer-Manager-Users and Groups-<account>-Properties,
and make the user(s) a member of NoAccess
This will prevent them from running the specified application(s). They
have to logoff/logon for this to take effect.
--
-Pat
Trend Micro's PC-Cillin has a feature where you may TEMPORARILY PREVENT AN INTERNET CONNECTION. It's hard to find so you have to do some searching.
P
Plato
ridergroov said:Hi there everyone. Trying to figure out how I can block specific users
on an XP Pro machine from using the internet. Thanks!
Just lay down the law. And enforce it. Nuff said.
R
ridergroov
How many times has lay down the law worked? Haha. Thanks everyone.
Even if I do block the executable files with permissions, the run box
is still in the start menu which will bypass that. Other ideas?
Even if I do block the executable files with permissions, the run box
is still in the start menu which will bypass that. Other ideas?
P
Pat Coghlan
ridergroov said:How many times has lay down the law worked? Haha. Thanks everyone.
Even if I do block the executable files with permissions, the run box
is still in the start menu which will bypass that. Other ideas?
If you deny access to accounts which are members of group NoAccess etc.,
they cannot bypass it if they are limited accounts.
If you can be more specific re: what you are trying to block, I can
provide more specific tips. The above is what I do with my daughter's
account when I want to take away access to MSN Messenger. Works great!
R
ridergroov
Hey Pat,
Thanks for the continued response. What i'm trying to do is prevent
front desk people from surfing the net while they are on terminal
sessions to our win2k3 terminal server All was find until someone
realized that if you use the Explorer, as in file explorer, then change
the address bar to a web address, you can totally bypass the fact that
I have the iexplore.exe permissions blocked. See what I mean. Let me
know if you know a way around this. Thanks!
Thanks for the continued response. What i'm trying to do is prevent
front desk people from surfing the net while they are on terminal
sessions to our win2k3 terminal server All was find until someone
realized that if you use the Explorer, as in file explorer, then change
the address bar to a web address, you can totally bypass the fact that
I have the iexplore.exe permissions blocked. See what I mean. Let me
know if you know a way around this. Thanks!
P
Pat Coghlan
ridergroov said:Hey Pat,
Thanks for the continued response. What i'm trying to do is prevent
front desk people from surfing the net while they are on terminal
sessions to our win2k3 terminal server All was find until someone
realized that if you use the Explorer, as in file explorer, then change
the address bar to a web address, you can totally bypass the fact that
I have the iexplore.exe permissions blocked. See what I mean. Let me
know if you know a way around this. Thanks!
Now that's an interesting phenomenon! I wonder if my daughter knows
about this :-(
This method does not seem to require the iexplore.exe executable.
Is the server they connect to a domain controller and what does it have
configured as its DNS server. The DNS server might be one way to
prevent them from getting out. Does ANYBODY on that segment need to get
out?
G
Gordon
Pat said:Now that's an interesting phenomenon! I wonder if my daughter knows
about this :-(
This method does not seem to require the iexplore.exe executable.
Is the server they connect to a domain controller and what does it have
configured as its DNS server. The DNS server might be one way to
prevent them from getting out. Does ANYBODY on that segment need to get
out?
there were certainly methods of denying internet access in W2K - in
companies I've worked in each user had to be authorised to access external
http addresses. every user could access the company home page, but any
external web site was denied unless the user had been given specific
permissions to access externally.Not sure how that works though......
P
Pat Coghlan
Gordon said:there were certainly methods of denying internet access in W2K - in
companies I've worked in each user had to be authorised to access external
http addresses. every user could access the company home page, but any
external web site was denied unless the user had been given specific
permissions to access externally.Not sure how that works though......
They probably did source IP filtering on the enterprise firewall.
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.