Locking down Internet Explorer

albangaalbanga Member Posts: 164
Just wanted to know some poeples thoughts on the easiest way to restrict peoples access to the internet.

I want to do this without group policy, just for a workgroup stand-alone computer. Perhaps require a password to access the internet.

Any suggestions, maybe a utility i could download.

Comments

  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    To use Group Policy, set a user based policy that creates a proxy server setting to 0.0.0.0 and then lock out the Internet Options (or at least the ability to change proxy settings, both of which can also be done with GP). Users in the "Restricted IE" OU get the proxy. Other users not in that OU get either the correct proxy (if in use) or no proxy. This works great. Unless of course the user runs Firefox....
    All things are possible, only believe.
  • SieSie Member Posts: 1,195
    Correct me if im wrong but dont ISP's require a password to access?

    Just dont tick the save password box..... icon_confused.gif
    Foolproof systems don't take into account the ingenuity of fools
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    Sie wrote:
    Correct me if im wrong but dont ISP's require a password to access?

    Just dont tick the save password box..... icon_confused.gif

    Not all ISPs require a password, my cable provider does not, and in most cases a business class internet service would not require authentication.
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • SieSie Member Posts: 1,195
    Not all ISPs require a password, my cable provider does not, and in most cases a business class internet service would not require authentication.

    Ok maybe the case......but without knowing what access he is using?

    Albanga?

    Is it restrict in the sense of using it full stop or what the people could view? Or does it depend on the specific user whos logged in?

    In terms of something you can download there are various programs etc IE: Browse Control, Never used them myself however so I couldnt recommend any or if they are worth using at all.
    Foolproof systems don't take into account the ingenuity of fools
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    Ok, so you want to prevent the user from accessing the internet. If you have a firewall at the perimeter you should be able to have a rule that doesn't let outbound traffic from that computer to leave the network.

    If this is a small workgroup you could simply take out their DNS servers from network properties and put the names and IP addresses of the computers he needs to access in the hosts and lmhosts files. This would give them access to the needed local resources while rendering them unable to have Internet name resolution. Then you wouldn't have to worry about what browser they're using :) Of course, there are ways around that as well (software restriction policies on XP for example).
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • albangaalbanga Member Posts: 164
    Sorry i did not explain myself very well.

    All it is, is we have a small office and we run testing in there, so candidates come in, however some of them get wondering and start surfing the net which we want to lock down. The computer is in a workgroup, but i cannot simply put up a false proxy because some of our testing is done on-line and requires the net.

    There is no dialing-up because its on our network so the internet is always on. Can you do something that allows access to our 3 or 4 needed sites but then to go outside those require a password??
  • RussSRussS Member Posts: 2,068 ■■■□□□□□□□
    Try using the content advisor - block everything and just allow the approved sites.
    www.supercross.com
    FIM website of the year 2007
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    I don't you can do what you are asking without some third party software or hardware. There may be some web filtering software you could install on these PC's to do the job, but you aren't going to be able to easily (or maybe even at all) do what you need just using what's built in to windows.
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    albanga wrote:
    Sorry i did not explain myself very well.

    All it is, is we have a small office and we run testing in there, so candidates come in, however some of them get wondering and start surfing the net which we want to lock down. The computer is in a workgroup, but i cannot simply put up a false proxy because some of our testing is done on-line and requires the net.

    There is no dialing-up because its on our network so the internet is always on. Can you do something that allows access to our 3 or 4 needed sites but then to go outside those require a password??
    Go back to my first post about using GP to set a false proxy - it's on a user-by-user basis. Put the user accounts that DON'T need Internet access in an OU (called "No Internet" or whatever). Say you have user called "candidate1" or whatever - just place it in the OU called "No Internet". Now, no matter what computer "candidate1" logs into he gets no Internet access. You log in as "albanga" on the same computer and you DO have Internet access. If the computer is not in a domain and you have to use Local Group Policy it may not be as easy. The Content Advisor idea by RussS is probably the best way to go since you will know the password to access the Internet but "candidate1" won't.
    All things are possible, only believe.
Sign In or Register to comment.