restrict internet access to administrator account only

G

Guest

Hi, I am trying to find a way to restrict internet access to administrator
accounts only. I need the user level accounts to access shared printers,
files, etc on the internal netowrk, but want to deny internet access. I have
attempted restricting IE access to admin only, but it is still possible to
enter web addresses directly into the address bar of an explorer window.

Any ideas?

Thanks,

Ken
 
D

Doug Knox MS-MVP

If you're in a domain environment and using group policies, set a proxy server setting that points to 127.0.0.1. Make this setting apply to all users/groups, except Administrators. Make sure you remove the user's access to the Connections tab in Internet Options.
 
G

Guest

We're not in a domain environment, we're using workgroups... would the fix
still work?

Thanks,

Ken
 
D

Doug Knox MS-MVP

Yes, but you'd have to make the changes manually on each user's account. Copy and paste the following into a Notepad file and save it as "PROXY.REG". Save the file to a location where all users have "read" access.

------------- copy below this line ----------------------
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000001
"ProxyServer"="127.0.0.1"
"ProxyOverride"="<local>"

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]
"ConnectionsTab"=dword:00000001

------------- copy above this line including the blank line ----------------------

Now, create a shortcut in Documents and Settings\All Users\Start Menu\Programs\Startup

The command for the shortcut should be C:\Windows\REGEDIT.EXE /S X:\<path to file>\proxy.reg Modify the command accordingly, if Windows isn't on C:, and change the <path to file> to the actual location of the REG file. Now, when the user logs on, this change will be made silently. Administrators can import another REG file to turn the proxy settings off.

------------- copy below this line ----------------------
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000000
"ProxyServer"="127.0.0.1"
"ProxyOverride"="<local>"

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]
"ConnectionsTab"=dword:00000000

------------- copy above this line including the blank line ----------------------

Save this file as Proxy2.reg and save it in a location that only Administrators have access to.
 
G

Guest

Worked like a champ, Doug! Thanks!

Doug Knox MS-MVP said:
Yes, but you'd have to make the changes manually on each user's account. Copy and paste the following into a Notepad file and save it as "PROXY.REG". Save the file to a location where all users have "read" access.

------------- copy below this line ----------------------
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000001
"ProxyServer"="127.0.0.1"
"ProxyOverride"="<local>"

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]
"ConnectionsTab"=dword:00000001

------------- copy above this line including the blank line ----------------------

Now, create a shortcut in Documents and Settings\All Users\Start Menu\Programs\Startup

The command for the shortcut should be C:\Windows\REGEDIT.EXE /S X:\<path to file>\proxy.reg Modify the command accordingly, if Windows isn't on C:, and change the <path to file> to the actual location of the REG file. Now, when the user logs on, this change will be made silently. Administrators can import another REG file to turn the proxy settings off.

------------- copy below this line ----------------------
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000000
"ProxyServer"="127.0.0.1"
"ProxyOverride"="<local>"

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]
"ConnectionsTab"=dword:00000000

------------- copy above this line including the blank line ----------------------

Save this file as Proxy2.reg and save it in a location that only Administrators have access to.

--
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

KenMartin said:
We're not in a domain environment, we're using workgroups... would the fix
still work?

Thanks,

Ken
Click to expand...
Click to expand...
 
D

Doug Knox MS-MVP

You're welcome :)

--
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

KenMartin said:
Worked like a champ, Doug! Thanks!

Doug Knox MS-MVP said:
Yes, but you'd have to make the changes manually on each user's account. Copy and paste the following into a Notepad file and save it as "PROXY.REG". Save the file to a location where all users have "read" access.

------------- copy below this line ----------------------
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000001
"ProxyServer"="127.0.0.1"
"ProxyOverride"="<local>"

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]
"ConnectionsTab"=dword:00000001

------------- copy above this line including the blank line ----------------------

Now, create a shortcut in Documents and Settings\All Users\Start Menu\Programs\Startup

The command for the shortcut should be C:\Windows\REGEDIT.EXE /S X:\<path to file>\proxy.reg Modify the command accordingly, if Windows isn't on C:, and change the <path to file> to the actual location of the REG file. Now, when the user logs on, this change will be made silently. Administrators can import another REG file to turn the proxy settings off.

------------- copy below this line ----------------------
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000000
"ProxyServer"="127.0.0.1"
"ProxyOverride"="<local>"

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]
"ConnectionsTab"=dword:00000000

------------- copy above this line including the blank line ----------------------

Save this file as Proxy2.reg and save it in a location that only Administrators have access to.

--
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

KenMartin said:
We're not in a domain environment, we're using workgroups... would the fix
still work?

Thanks,

Ken

:

If you're in a domain environment and using group policies, set a proxy server setting that points to 127.0.0.1. Make this setting apply to all users/groups, except Administrators. Make sure you remove the user's access to the Connections tab in Internet Options.

--
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

Hi, I am trying to find a way to restrict internet access to administrator
accounts only. I need the user level accounts to access shared printers,
files, etc on the internal netowrk, but want to deny internet access. I have
attempted restricting IE access to admin only, but it is still possible to
enter web addresses directly into the address bar of an explorer window.

Any ideas?

Thanks,

Ken
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

User access to single folder 2
Restrict Administrator Account 1
NO administrator account 12
Restrict Internet for Police Department 4
Restrict Internet downloads 1
Invisible Administrator Account 8
Restricting specific user groups/accounts 4
administrator account security risk 11

Top