Restricting internet access allowing intranet access.

dr strangelove · 13-11-2009 12:12pm #1

Hi,
I'm 'The IT Guy' at work and i'm trying to restrict internet access on a specific PC, for a specific user.

The user needs to be able to access our intranet, but not the internet.

My first thought was to force the PC to use a fake proxy, such as 127.0.0.1 or 0.0.0.0 in connections -> LAN Connections, but tick the 'Bypass proxy for local addresses' box, but this doesn't seem to be working.

My next thought was use Content adviser, but the button for that is grayed out via Corporate policy.

So i'm out of ideas, anyone else got any suggestions?

JimmyCrackCorn! · 13-11-2009 2:09pm

EDIT:

Firewall and proxy for this kind of thing.

SQUID as a proxy is fine. Does the job well.

As for firewall it depends on what your outbound router is.

As for blocking a specific user as long as there isnt a business need and you extend the policy to cover everyone without a business need there shouldn't be a problem

samhail · 13-11-2009 2:29pm

if you do set browser specific settings like that, then they can just install another browser (or use a portable version that doesnt need to be installed)

i dont suppose you have a nice big expensive gateway that can limit internet access there ?

you could look into getting some sort of firewall installed on the machine that stops accessing the internet.

but ...

you will also need to consider legalities if there are any. blocking a specific pc/person and not anyone else might be picked up in the wrong way.
I know nothing about this side but suggest you look into it.

cormon · 14-11-2009 6:30am

quick and easy .

Edit the host file on the computer to point all url's to 127.0.0.1 except the intranet site that is permitted. This basically point all requested websites to a bit bucket as the DNS query will fail.

http://www.sharkfoo.com/37/got-malware-use-a-hosts-file

Restricting internet access allowing intranet access.

Comments