How can I block web access?

/usr

I need to block internet access, but allow access to the intranet. I don't have the option to block port 80 and run the intranet servers on another port. I basically need something to run on local machines, be it a script, program, or setting, which will not allow access to the internet.

ajs1976

If they are only access one LAN, remove the Default gateway address from the client PCs.

Depending on the type of router you are using, you could set up an ACL.

/usr

The DHCP server is going to give out the address unless it's configured not to. Some clients need access, others don't. Going that route leaves people who need access out of luck unless they stay away from the DHCP server and are given a static ip.

wildfire

Need more info really youve not said what client people are using xp pro/2000 etc? do they access through a proxy server? broadband router? if so what type? or other router?

/usr

I need a way to disable this at the local level. The machine they are working on.

Running a combination of NT/2000 machines.

BeachTech_

We have a user here that had his internet privledge revoked after he visited some "hot" sites (read "****"). He only needed to access one website...the corporate website. So I put in a bogus IP address for the DNS server, then put in the IP address as the IE Homepage (http://192.168.x.x).

Now, if you need them to be able us use FQDN for the Intranet, what about pointing to a bogus DNS and creating a static HOST file on the client's machine? If it is an intranet, you shouldn't have too many entries in this table.

big boi

any proxy server should be able to do this. squid. symantec web security. etc.