Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Monday, April 27, 2009

Internet Explorer blocking

Internet Explorer blocking (per user account)
Create a new "OU" call it something like "Restricted" then create a gpo and call it "No_Internet" then add the following policies:
1. user configuration\windows settings\internet explorer
maintenance\connection then choose proxy settings put a check box in proxy settings and put a dead ip or server name in the field and change the port to 8080 (set all fields to use these parameters)
2. administration template\windows components\internet explorer\internet
control panel enable "disable connection page."
3. move the few restricted users into the restricted ou they should inherit the parent gpo (if any)
refresh the client gp by rebooting or typing for winxp gpupdate /target:user or win2k secedit /refreshpolicy

I am the Admin for a Windows 2000 pro computer with two power user accounts.
This PC is not on a domain controller.
I need a solution that will allow power user A to have internet access via internet explorer and disallow power user B internet access via internet explorer. I am looking for the solution to limit internet access (If need be network access) when power user B is logged on the PC. Both accounts need to be operating as power user because of the graphics software won't operate otherwise. Someone of the part-time employees downloading spyware junk atomic clock and calendar with operating in the background and I want to put an end to that with my request as stated above.

"Curtis Clay III [MSFT]"
you maybe able to configure a local group policy wich denies access to the internet and then deny access to that policy for the user and administrator so that you 2 can have internet access.
See below...
Deny Read and Execute to the Administrator and Power User accounts to the following files
%systemroot%\system32\Group Policy\gpt.ini
Create a second administrator account called GPOADMIN. This account will continue to get policy but will be able to administer and change the policy, since the original Administrator account will get access denied when trying to open the policy in the MMC. Use the GPOADmin account only to change or edit the policy.
If the original administrator account gets read and execute permissions restored, it will immediately begin to download and apply policy.
If the policy locks down the desktop, make sure to place a shortcut to the mmc and Group Policy snap in on the desktop of the GPOAdmin profile so he can access the policy. (i.e. the run and program menus are restricted by the policy)


Disable Internet Access (All Windows)

This tweak can be easily applied using WinGuides Tweak Manager.
Download a free trial now!

By using this tweak you are able to restrict access to the Internet when using Internet Explorer and other Microsoft compatible products such as Office.

Open your registry and find the key below.

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

Change the value of "ProxyEnable" and set it to "1". Change the value of "ProxyServer" and set it to an IP address and port that is invalid on your network such as "" (i.e. "IP:Port").

By changing these settings Internet access will be disabled for any applications that rely of the Microsoft proxy server information such as Internet Explorer, Microsoft Office, Opera browser.

To stop users from modifying the proxy settings add these restrictions to disable changes to the Internet configuration.

Find or create the key below:

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]

Create two DWORD values named "Connection Settings" and "Connwiz Admin Lock" and set them both to "1".

To remove the restriction, set the proxy settings back to their original values and delete the policy values.

Note: The change will take effect immediately for any new browser windows, existing Internet Explorer sessions will not be affected until the browser is closed and reopened.

Registry Editor Example
|(Default)REG_SZ(value not set)|
|ProxyEnableREG_DWORD0x00000001 (1)|
Registry Settings
User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Internet Settings]
Value Name: ProxyEnable, ProxyServer

No comments: