Go Back   Tech Support Forum > Graveyard > Archives

Limit computer to one site on the net?

This is a discussion on Limit computer to one site on the net? within the Archives forums, part of the Tech Support Forum category. Howdy gang, I work in a rather klunky government enviornment where cooperation isnt exactly the norm. We have a project


 
 
Thread Tools Search this Thread
Old 08-07-2004, 08:14 PM   #1
Registered Member
 
Join Date: Jul 2004
Location: Texas
Posts: 11
OS: WinXP



Howdy gang,

I work in a rather klunky government enviornment where cooperation isnt exactly the norm. We have a project coming up where we will need to limit two pc's to a single website. We do not want the users to be able to surf to anywhere else. Of course, this can be set up via our firewall, but the guy that does this gave us a bunch of reasons why he didnt want to do it.. (if I do it for you, I have to do it for everyone, its a drain on the network with even more rules) etc.

I would like to know if there is a good reliable way to limit these two PC's without going through our corporate firewall?

Thanks

__________________
Sasquatch is offline  
Old 08-07-2004, 08:28 PM   #2
Registered Member
 
Join Date: Aug 2004
Posts: 3
OS: xp



What latitude do you have for introducing addition networking devices into the environment?

__________________
drumerboy is offline  
Old 08-08-2004, 10:02 AM   #3
NetEngr/Geek
 
Pseudocyber's Avatar
 
Join Date: Sep 2002
Location: Earth\US\NC\Charlotte
Posts: 1,393
OS: Win2K


You could erase the DNS configuration on the machine and put the two sites in a host file and that would only allow name resolution to those two sites. Of course they could still access sites by IP, but it would be much more difficult. You'd have to lock the machine down so they couldn't fix it themselves.
__________________
AM = :coffee: PM = :cheers:

CCNA, NNCSSx2, MCSE (NT), A+, CNA
Pseudocyber is offline  
Old 08-08-2004, 10:08 AM   #4
Registered Member
 
Join Date: Jul 2004
Location: Texas
Posts: 11
OS: WinXP


Quote:
Originally Posted by Pseudocyber
You could erase the DNS configuration on the machine and put the two sites in a host file and that would only allow name resolution to those two sites. Of course they could still access sites by IP, but it would be much more difficult. You'd have to lock the machine down so they couldn't fix it themselves.
Howdy.

This sounds like it might be a good idea to try. So in otherwords, you simply wouldnt set up any DNS at all and then use HOSTS to control access to the one website?
__________________
Sasquatch is offline  
Old 08-08-2004, 10:34 AM   #5
Registered Member
 
Join Date: Jul 2004
Location: Texas
Posts: 11
OS: WinXP


Quote:
Originally Posted by drumerboy
What latitude do you have for introducing addition networking devices into the environment?
Complete. We can add whatever we wish
__________________
Sasquatch is offline  
Old 08-08-2004, 11:35 AM   #6
Microsoft MVP
 
johnwill's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2002
Location: S.E. Pennsylvania, US
Posts: 50,845
OS: Windows 7, XP-Pro, Vista, Linux

My System

I'd simply install a real firewall application and restrict EVERYTHING but the single site. This solves the problem of entering IP addresses and everything. :)
__________________
If TSF has helped you, Tell us about it! or Donate to help keep the site up!

Microsoft MVP - Windows Desktop Experience
johnwill is offline  
Old 08-08-2004, 02:51 PM   #7
Registered Member
 
Join Date: Jul 2004
Location: Texas
Posts: 11
OS: WinXP


I agree with you, but we also have about 1500 users and this would be a major issue to deal with for only 2 pc's
__________________
Sasquatch is offline  
Old 08-08-2004, 06:22 PM   #8
Microsoft MVP
 
johnwill's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2002
Location: S.E. Pennsylvania, US
Posts: 50,845
OS: Windows 7, XP-Pro, Vista, Linux

My System

You can install the firewall on the specific PC, as long as the users don't have admin rights, they won't be able to change the settings. I fail to see what the problem is, and it's the right tool for the job.
__________________
If TSF has helped you, Tell us about it! or Donate to help keep the site up!

Microsoft MVP - Windows Desktop Experience
johnwill is offline  
Old 08-09-2004, 04:52 AM   #9
Registered Member
 
Join Date: Jul 2004
Location: Texas
Posts: 11
OS: WinXP


Quote:
Originally Posted by johnwill
You can install the firewall on the specific PC, as long as the users don't have admin rights, they won't be able to change the settings. I fail to see what the problem is, and it's the right tool for the job.
I wasnt disagreeing with you. Are you talking about the XP firewall? The users will NOT have admin rights.

My apologies, I thought you were suggesting using a firewall at our gateway. This would affect the other users.
__________________
Sasquatch is offline  
Old 08-09-2004, 07:51 AM   #10
Microsoft MVP
 
johnwill's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2002
Location: S.E. Pennsylvania, US
Posts: 50,845
OS: Windows 7, XP-Pro, Vista, Linux

My System

I'm suggesting something along the lines of Zone Alarm or the like. You can restrict normal users from changing the settings, and setup ONLY the desired sites as accessable. It should be pretty easy.

For XP, you may be able to use the new SP2 firewall features to do the same thing, but I haven't installed SP2 yet to see what it looks like. I have it setting in my download bin, so one of these days...
__________________
If TSF has helped you, Tell us about it! or Donate to help keep the site up!

Microsoft MVP - Windows Desktop Experience
johnwill is offline  
Old 08-09-2004, 10:13 AM   #11
NetEngr/Geek
 
Pseudocyber's Avatar
 
Join Date: Sep 2002
Location: Earth\US\NC\Charlotte
Posts: 1,393
OS: Win2K


John, are you saying SP2 gives users control over outbound connections with Windows firewall?
__________________
AM = :coffee: PM = :cheers:

CCNA, NNCSSx2, MCSE (NT), A+, CNA
Pseudocyber is offline  
Old 08-09-2004, 03:35 PM   #12
Microsoft MVP
 
johnwill's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2002
Location: S.E. Pennsylvania, US
Posts: 50,845
OS: Windows 7, XP-Pro, Vista, Linux

My System

SP2 is supposed to have outbound protection, just don't know how configurable it is. I installed it on a test XP-Pro system here, and it still runs and connects to the net, that's a promising sign!
__________________
If TSF has helped you, Tell us about it! or Donate to help keep the site up!

Microsoft MVP - Windows Desktop Experience
johnwill is offline  
Old 08-09-2004, 10:14 PM   #13
Registered Member
 
Join Date: Jul 2004
Location: Texas
Posts: 11
OS: WinXP


Ok, solved the problem. Using Sygate Personal Firewall and creating two advanced rules did it. One rule to go to the site via IP address and another rule (to come after the first rule) that blocks everything else. Works like a charm here at home, so Im sure it will work that way at work. Thanks for the input.

__________________
Sasquatch is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 03:57 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts