Locking out users from Internet access

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi all,
I have an interesting situation I am trying to resolve. I have several users
on a machine assigned to several different groups. The machine is not on a
domain (for another set of issues), but is part of a workgroup with other
machines. The problem is kids - kids are allowed to use this machine for
running slide shows and such for their different groups. However, kids being
kids, there has been some inapropriate activity on these machines
(shocking!). I need to be able to lock them out of internet usage completely
without affecting the other users access to the internet. My first attempt
was to deny access to Internet explorer, Office products all together
(because you can access the web through Outlook, etc.) and to set custom
levels of security to the DCOM config in component services. This all worked
well enough until I discovered they were still able to access the web
through...Windows Explorer! I haven't thought about accessing the web through
an explorer window in years, but these kids are determined.

Is there any way I can completely eliminate TCP/IP access to this group by
some security management? Or is there a different avenue I haven't touched
on? Any help at all would be very appreciated. Thank you in advance.
 
A great solution is to use something like ISA 2004 as a perimeter proxy
sever firewall that can manage access to the internet based on rules that
can include users and groups. If you are not already using it however there
is an investment in software, computer, and training.

If that is not possible take a look at a software firewall called PortsLock
that can have different firewall rules per user or group. Of course for
anything to be effective at the local computer level it is a must that the
user not be a local administrator and ideally not a power user either. See
what happens if you enter an URL in the run box also. Though not a solution
for your specific problem you may also be interested in the free Shared
Computer Toolkit from Microsoft to help you lock down a shared computer.

Steve

http://www.portslock.com/ --- PortsLock
http://www.microsoft.com/windowsxp/sharedaccess/default.mspx --- Shared
Computer Toolkit
 
Steven,
Thank you very much for your response. It sounds like Portslock may be a
great solution, I will try the trial version to give it a shot. ISA 2004 is
not really an option at this time, but a future version of ISA may be. I
haven't looked into the Microsoft toolkit before, but that sounds promising
as well. Thank you again!
-John
 
Back
Top