Limit internet access by user account

Limit internet access by user account.

How can this be done on XP-pro in a peer-to-peer Lan.

I know it can be done with policies in a domain, but I am interested in implementing this on a particular workstation for a single user account.

Thanks

 

- .reg file that sets the default gateway to 127.0.0.1 or 0.0.0.0 or something.

- security on the .reg file set to admin access only.

- scheduled task for the user to run the .reg file using admin credentials when the user logs on.

If the user doesn't even need the browser for LAN use, just set security on the .exe so he/she can't start it but all others can.

 

Newt,

If I follow you correctly, your saying:
1. Open notepad (or someother editor) and create a file called deny.reg .
2. Within that file, write the following bit of code.

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Services\{A2CE4...47E7}\Parameters\Tcpip] "DefaultGateway "=127.0.0.1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Services\{A2CE4...47E7}\Parameters\Tcpip] "DhcpDefaultGateway "=127.0.0.1


3. Save this file and apply Administrator/System Full Rights ; User_Acct Read-only
4. Put a short-cut to this file in the c:\document and settings\user_acct\start menu\startup

I tried this and it doesn't work.
After logging in as user_acct with this short cut, right off the bat, a dialog box prompts the user "do you really want to replace the value in the registry?" After replying YES, I went into regedit only to find that the valuse wasn't replaced.

What am I missing or mis-understanding ?

Thanks
Don

 

The solution !!!

Create a user account "employee "
Log into that user account.
Open Internet explorer
Open Tools\internet options\connections\Lan settings
Check Proxy server and put a bogus address : port in the proxy server
Save and exit IE.

If you try to get to the internet, the page will never display.

Now for the security part....

Log into an admin account.
Open gpedit.msc
Traverse to User Configuration\administrative templates\windows components\internet explorer\internet control panel.
Double click "Disable the connections page" (right pane)
select Enable. save

This will not show the connection tab when you try to open tools\internet options...for ALL accounts.

However, ALL other accounts will have access to internet but the "employee" account.

 

24jedi - rather than the startup folder, set it up using 'scheduled tasks' and use the option for running at startup.

But your solution will work too and it probably easier to deal with. I was trying to avoid locking the other users out of any features. But if that isn't a problem, I think I'd for sure go with the way you posted.

In fact, managing a network is lots easier if the users are locked out of changing almost everything. If any of yours are fairly adept at doing things that give you grey hair, you might also want to do a policy tweak to stop the 'run' line from showing up when they click start.