| Author |
Message |
Nik
Guest
|
 Posted:
Wed Dec 29, 2004 9:07 pm Post subject:
blocking internet access |
|
|
hi guys,
I'm trying to prevent my users from accessing the internet. I have attempted
to block it through the personal firewall as well as through IE, however, my
users seem to have learn how to undo what I did. is there anyting i can do
at the lower layers to prevent them.
thanks
nik |
|
| Back to top |
|
 |
Dusko Savatovic
Guest
|
| Posted:
Wed Dec 29, 2004 9:30 pm Post subject:
Re: blocking internet access |
|
|
Use Microsoft ISA Server 2004 and require that users authenticate.
You can download free trial version of ISA Server 2004 from Microsoft's web
site.
Dusko Savatovic
"Nik" <nalleyne(don't use this)@webworksgy.com> wrote in message
news:eNo4meb7EHA.2016@TK2MSFTNGP15.phx.gbl...
| Quote: | hi guys,
I'm trying to prevent my users from accessing the internet. I have
attempted
to block it through the personal firewall as well as through IE, however,
my
users seem to have learn how to undo what I did. is there anyting i can do
at the lower layers to prevent them.
thanks
nik
|
|
|
| Back to top |
|
|
Phillip Windell
Guest
|
| Posted:
Wed Dec 29, 2004 9:44 pm Post subject:
Re: blocking internet access |
|
|
How do you get to the internet in the first place?
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
"Nik" <nalleyne(don't use this)@webworksgy.com> wrote in message
news:eNo4meb7EHA.2016@TK2MSFTNGP15.phx.gbl...
| Quote: | hi guys,
I'm trying to prevent my users from accessing the internet. I have
attempted
to block it through the personal firewall as well as through IE, however,
my
users seem to have learn how to undo what I did. is there anyting i can do
at the lower layers to prevent them.
thanks
nik
|
|
|
| Back to top |
|
|
Robert L [MS-MVP]
Guest
|
| Posted:
Wed Dec 29, 2004 9:45 pm Post subject:
Re: blocking internet access |
|
|
if you don't have budget to buy isa, you still have many options. 1. if you
have a router and the router can do filter, the filter the ip you don't want
to access the internet; 2. don't assign the router to the computers; 3.
enable LAN settings with a fake ip and also disable user's right to modify
registry. good luck!
--
For more and other information, go to http://www.ChicagoTech.net
Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
Networking Solutions, http://www.chicagotech.net/networksolutions.htm
VPN Solutions, http://www.chicagotech.net/vpnsolutions.htm
VPN Process and Error Analysis, http://www.chicagotech.net/VPN%20process.htm
VPN Troubleshooting, http://www.chicagotech.net/vpn.htm
This posting is provided "AS IS" with no warranties.
"Nik" <nalleyne(don't use this)@webworksgy.com> wrote in message
news:eNo4meb7EHA.2016@TK2MSFTNGP15.phx.gbl...
| Quote: | hi guys,
I'm trying to prevent my users from accessing the internet. I have
attempted
to block it through the personal firewall as well as through IE, however,
my
users seem to have learn how to undo what I did. is there anyting i can do
at the lower layers to prevent them.
thanks
nik
|
|
|
| Back to top |
|
|
Doug Sherman [MVP]
Guest
|
| Posted:
Wed Dec 29, 2004 9:48 pm Post subject:
Re: blocking internet access |
|
|
You don't give us much information about your network or how you connect to
the Internet. However, one easy way to prevent network Internet access on a
per computer basis is to configure the client computer with no default
gateway or an incorrect default gateway. You can do this with a DHCP server
or by statically configuring the client computer.
Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
"Nik" <nalleyne(don't use this)@webworksgy.com> wrote in message
news:eNo4meb7EHA.2016@TK2MSFTNGP15.phx.gbl...
| Quote: | hi guys,
I'm trying to prevent my users from accessing the internet. I have
attempted
to block it through the personal firewall as well as through IE, however,
my
users seem to have learn how to undo what I did. is there anyting i can do
at the lower layers to prevent them.
thanks
nik
|
|
|
| Back to top |
|
|
Steve Riley [MSFT]
Guest
|
| Posted:
Wed Dec 29, 2004 10:28 pm Post subject:
Re: blocking internet access |
|
|
That won't work if the OP's network has more than one subnet since his computers
will need a default gateway to communicate to the other subnet.
Really, this kind of problem shouldn't be solved with any technology that
relies on IP addresses. IP addresses identify computers, not people. In the
world of DHCP, there's never any guarantee that a particular address will
always be used on a particular person's computer. Besides, IP addresses can
be spoofed.
If you want user-level access control, you must use technology that understands
user accounts and manage your requirements centrally. This means you need
something like Active Directory and ISA Server.
Steve Riley
steriley@microsoft.com
| Quote: | You don't give us much information about your network or how you
connect to the Internet. However, one easy way to prevent network
Internet access on a per computer basis is to configure the client
computer with no default gateway or an incorrect default gateway. You
can do this with a DHCP server or by statically configuring the client
computer.
Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
"Nik" <nalleyne(don't use this)@webworksgy.com> wrote in message
news:eNo4meb7EHA.2016@TK2MSFTNGP15.phx.gbl...
hi guys,
I'm trying to prevent my users from accessing the internet. I have
attempted
to block it through the personal firewall as well as through IE,
however,
my
users seem to have learn how to undo what I did. is there anyting i
can do at the lower layers to prevent them.
thanks
nik |
|
|
| Back to top |
|
|
Nik
Guest
|
| Posted:
Wed Dec 29, 2004 11:23 pm Post subject:
Re: blocking internet access |
|
|
Sorry about that guys. I should have definitely given more information.
These are standalone computers. they use the internet to connect to the
western union network. So I do not wish for them to do any browsing or
chatting. They access the internet via dial-up
Hope this helps
Nik
"Doug Sherman [MVP]" <dsherman@nospam.tampabay.rr.com> wrote in message
news:Oh8#j3b7EHA.2700@TK2MSFTNGP14.phx.gbl...
| Quote: | You don't give us much information about your network or how you connect
to
the Internet. However, one easy way to prevent network Internet access on
a
per computer basis is to configure the client computer with no default
gateway or an incorrect default gateway. You can do this with a DHCP
server
or by statically configuring the client computer.
Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
"Nik" <nalleyne(don't use this)@webworksgy.com> wrote in message
news:eNo4meb7EHA.2016@TK2MSFTNGP15.phx.gbl...
hi guys,
I'm trying to prevent my users from accessing the internet. I have
attempted
to block it through the personal firewall as well as through IE,
however,
my
users seem to have learn how to undo what I did. is there anyting i can
do
at the lower layers to prevent them.
thanks
nik
|
|
|
| Back to top |
|
|
Doug Sherman [MVP]
Guest
|
| Posted:
Thu Dec 30, 2004 1:47 am Post subject:
Re: blocking internet access |
|
|
I agree with you in principle, my suggestion of manipulating gateways is
clunky and inconsistent with true network security paractices.
Nevertheless, it can be made to work; and the following is both misleading
and does not support the principle:
"That won't work if the OP's network has more than one subnet since his
computers will need a default gateway to communicate to the other subnet."
The computers could use a static route(s) to reach the other subnets and
have no default gateway at all.
Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
"Steve Riley [MSFT]" <steriley@microsoft.com> wrote in message
news:22261632399056972463936@news.microsoft.com...
| Quote: | That won't work if the OP's network has more than one subnet since his
computers
will need a default gateway to communicate to the other subnet.
Really, this kind of problem shouldn't be solved with any technology that
relies on IP addresses. IP addresses identify computers, not people. In
the
world of DHCP, there's never any guarantee that a particular address will
always be used on a particular person's computer. Besides, IP addresses
can
be spoofed.
If you want user-level access control, you must use technology that
understands
user accounts and manage your requirements centrally. This means you need
something like Active Directory and ISA Server.
Steve Riley
steriley@microsoft.com
You don't give us much information about your network or how you
connect to the Internet. However, one easy way to prevent network
Internet access on a per computer basis is to configure the client
computer with no default gateway or an incorrect default gateway. You
can do this with a DHCP server or by statically configuring the client
computer.
Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
"Nik" <nalleyne(don't use this)@webworksgy.com> wrote in message
news:eNo4meb7EHA.2016@TK2MSFTNGP15.phx.gbl...
hi guys,
I'm trying to prevent my users from accessing the internet. I have
attempted
to block it through the personal firewall as well as through IE,
however,
my
users seem to have learn how to undo what I did. is there anyting i
can do at the lower layers to prevent them.
thanks
nik
|
|
|
| Back to top |
|
|
Steve Riley [MSFT]
Guest
|
| Posted:
Thu Dec 30, 2004 6:28 am Post subject:
Re: blocking internet access |
|
|
Inline.
| Quote: | I agree with you in principle, my suggestion of manipulating gateways
is clunky and inconsistent with true network security paractices.
Nevertheless, it can be made to work; and the following is both
misleading and does not support the principle:
"That won't work if the OP's network has more than one subnet since
his computers will need a default gateway to communicate to the other
subnet."
The computers could use a static route(s) to reach the other subnets
and have no default gateway at all.
|
True but that is an advanced configuration that is brittle because it requires
on-going maintenance. It is nontrivial to learn how that works and it can
be destabilizing if the routing infrastructure in the network is dynamic.
It's essentially asking a client to please behave and don't go where I don't
want you to go.
Steve Riley
steriley@microsoft.com
| Quote: | Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
"Steve Riley [MSFT]" <steriley@microsoft.com> wrote in message
news:22261632399056972463936@news.microsoft.com...
That won't work if the OP's network has more than one subnet since
his
computers
will need a default gateway to communicate to the other subnet.
Really, this kind of problem shouldn't be solved with any technology
that relies on IP addresses. IP addresses identify computers, not
people. In
the
world of DHCP, there's never any guarantee that a particular address
will always be used on a particular person's computer. Besides, IP
addresses
can
be spoofed.
If you want user-level access control, you must use technology that
understands
user accounts and manage your requirements centrally. This means you
need something like Active Directory and ISA Server.
Steve Riley
steriley@microsoft.com
You don't give us much information about your network or how you
connect to the Internet. However, one easy way to prevent network
Internet access on a per computer basis is to configure the client
computer with no default gateway or an incorrect default gateway.
You can do this with a DHCP server or by statically configuring the
client computer.
Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
"Nik" <nalleyne(don't use this)@webworksgy.com> wrote in message
news:eNo4meb7EHA.2016@TK2MSFTNGP15.phx.gbl...
hi guys,
I'm trying to prevent my users from accessing the internet. I have
attempted
to block it through the personal firewall as well as through IE,
however,
my
users seem to have learn how to undo what I did. is there anyting i
can do at the lower layers to prevent them.
thanks
nik |
|
|
| Back to top |
|
|
Phillip Windell
Guest
|
| Posted:
Thu Dec 30, 2004 9:28 pm Post subject:
Re: blocking internet access |
|
|
Just getting a Firewall or Proxy that is worth having would solve the whole
thing. If IP# assignments are logically and consistantly managed a NAT
Firewall that restricts by the IP# would "get by". Otherwise something like
ISA that restricts by User account would solve it.
These things always come up if someone is wanting to create a non-standard
solution to a standard problem because they either can't or won't spend a
few dollars to do it right.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
"Steve Riley [MSFT]" <steriley@microsoft.com> wrote in message
news:24870632399345070728896@news.microsoft.com...
| Quote: | Inline.
I agree with you in principle, my suggestion of manipulating gateways
is clunky and inconsistent with true network security paractices.
Nevertheless, it can be made to work; and the following is both
misleading and does not support the principle:
"That won't work if the OP's network has more than one subnet since
his computers will need a default gateway to communicate to the other
subnet."
The computers could use a static route(s) to reach the other subnets
and have no default gateway at all.
True but that is an advanced configuration that is brittle because it
requires
on-going maintenance. It is nontrivial to learn how that works and it can
be destabilizing if the routing infrastructure in the network is dynamic.
It's essentially asking a client to please behave and don't go where I
don't
want you to go.
Steve Riley
steriley@microsoft.com
Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
"Steve Riley [MSFT]" <steriley@microsoft.com> wrote in message
news:22261632399056972463936@news.microsoft.com...
That won't work if the OP's network has more than one subnet since
his
computers
will need a default gateway to communicate to the other subnet.
Really, this kind of problem shouldn't be solved with any technology
that relies on IP addresses. IP addresses identify computers, not
people. In
the
world of DHCP, there's never any guarantee that a particular address
will always be used on a particular person's computer. Besides, IP
addresses
can
be spoofed.
If you want user-level access control, you must use technology that
understands
user accounts and manage your requirements centrally. This means you
need something like Active Directory and ISA Server.
Steve Riley
steriley@microsoft.com
You don't give us much information about your network or how you
connect to the Internet. However, one easy way to prevent network
Internet access on a per computer basis is to configure the client
computer with no default gateway or an incorrect default gateway.
You can do this with a DHCP server or by statically configuring the
client computer.
Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
"Nik" <nalleyne(don't use this)@webworksgy.com> wrote in message
news:eNo4meb7EHA.2016@TK2MSFTNGP15.phx.gbl...
hi guys,
I'm trying to prevent my users from accessing the internet. I have
attempted
to block it through the personal firewall as well as through IE,
however,
my
users seem to have learn how to undo what I did. is there anyting i
can do at the lower layers to prevent them.
thanks
nik
|
|
|
| Back to top |
|
|
Lanwench [MVP - Exchange]
Guest
|
| Posted:
Sun Jan 02, 2005 8:09 am Post subject:
Re: blocking internet access |
|
|
Nik wrote:
| Quote: | Sorry about that guys. I should have definitely given more
information. These are standalone computers. they use the internet to
connect to the western union network. So I do not wish for them to do
any browsing or chatting. They access the internet via dial-up
|
So each computer does independent dialup? That sounds really unmanageable
for many reasons other than this. Any chance you can get a proxy server &
install broadband for them to share? Would be much better overall anyway.
| Quote: |
Hope this helps
Nik
"Doug Sherman [MVP]" <dsherman@nospam.tampabay.rr.com> wrote in
message news:Oh8#j3b7EHA.2700@TK2MSFTNGP14.phx.gbl...
You don't give us much information about your network or how you
connect to the Internet. However, one easy way to prevent network
Internet access on a per computer basis is to configure the client
computer with no default gateway or an incorrect default gateway.
You can do this with a DHCP server or by statically configuring the
client computer.
Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
"Nik" <nalleyne(don't use this)@webworksgy.com> wrote in message
news:eNo4meb7EHA.2016@TK2MSFTNGP15.phx.gbl...
hi guys,
I'm trying to prevent my users from accessing the internet. I have
attempted to block it through the personal firewall as well as
through IE, however, my users seem to have learn how to undo what I
did. is there anyting i can do at the lower layers to prevent them.
thanks
nik |
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in