babai asked in Computers & InternetSecurity · 1 decade ago

I want to block a computer from internet access .?

I use internet internet through 2003 server in my network, I want to block internet access of one user , so How can I block this from my 2003 server? . routing n Remote access is enable in 2003 server.

5 Answers

  • 1 decade ago
    Favorite Answer

    Well, unless you use a "parental", or "Access" control program, such as the one now included with Vista Ultimate and Business, or a Security solution with a Access Control feature, or a external hardware device which sits between your network and the Internet, you would not be able to stop a single user from accessing the Internet. You would only be able to stop a complete computer or other networked device via Group Policy, or a Router MAC and IP address control lists, not an individual user.

    Windows Vista Longhorn also has the "Parental or Employee" control utility, which stops individual users from accessing the Internet at all, or at certain times of the day, or allow access a certain time of the day, and also allows for control of what is accesses both on the Internet and which programs are allowed to be used on a per user basis.

    Group Policy in Server 2003 can only lock down items on a per computer basis, not for one single account on the computer. I think this was a huge security hole that Microsoft seems to have corrected with Server 2008 Longhorn.

    A lot of people fail to understand the loss of features when purchasing the less expensive Home Premium or Basic, which are cut down versions of Ultimate. Enterprise and Business are also cut down versions, cutting away the multimedia components of the OS, which is rather silly as many workers need to prepare and present presentations, which utilizes streaming media, media players and other media features. Home users need the security for their families the same as any employer does, and perhaps more so as children tend to be rash, attempt to do things which place them at risk, and parents need methods of locking down the ways they can use their home computer(s).

    Do you know much about Group Policy? Is this a shared system or does the individual you wish to have more control over use it singly? Group Policy is a great way to have super fine control over what is allowed to be used on the system. You could basically strip down a system to where a user could only use it in a manner completely approved of by you. Add to this a "parental" component which locks down access to certain web content and you have super control over your machines and who uses them.

    There is also the "Shared Computer Toolkit". This is great for computers at libraries, public computer kiosks, anyplace public which allows free access to a computer and/or a network of systems for customer or employee use. In addition it is great for families in which one to more children use a system.

    The Shared Computer Toolkit does make it difficult for an employer or a parent to share it with the other users, as it makes it highly locked down in many ways. An Administrator has to unblock much of the content, services, and Administrative tools and utilities. What is great about the Shared Computer Toolkit is that User's can make changes to their computing environment, but when they log off all changes are discarded. The User cannot make any changes to all system wide controls nor use any Administrative features.

    I am not totally certain but I think the Shared Computer Toolkit can be applied to Server 2003. It has been a while since I last looked at its features and they may have changed and/or been updated since last fall. Here are a couple of links you might be interested in:

    Microsoft has changed the name to Windows SteadyState. Here is a link to several downloads, which includes the handbook, and the actual SteadyState tool:

    These are free downloads, so there isn't anything to purchase.

    You may also be interested in Group Policy. While Group Policy is normally used in Domains for business control of company computers, it is also used in home networks by those wishing to more fine tuned control over what children can do on a system. This not only protects the system(s), stopping young curious minds from tampering with system settings, it also protects the younger generation from actions which could harm them. Our youth don't believe that any harm will come to them. While youth understand young people are harmed every day, they always believe it will happen to "somebody else", never themselves or anyone they know.

    That is, until it does, and then it is usually too late. Even exposure to adult themes online can harm a child's mind by inserting images which can never be erased. This can cost innocence and our young grow up too fast these days as it is, so it is important to find ways to encourage and assist them in staying in their childhoods in an appropriate manner while guiding their growth and development in age appropriate steps.

    This SteadyState technology is also applicable to work environments and computer systems offered as a benefit at libraries, schools, Internet Cafe's, and other locations and situations. It is most effective on systems where the Administrator does not use for his or her daily work, as it strips down a great many programs, features, access to control panel items, run dialog, command prompt, etc.

    Used in conjunction with a "Parental" control application and/or a router equipped with the ability to tighten the systems allowed to access the Internet, an employer or parent can have a really fine tuned control over all of these items and many more. Here is some information on Group Policy. I will also include information on Local Policy, which is used in a Workgroup Network environment. While an Administrator *can* implement a single GPO or Group Policy Object and apply it to a single computer, or multiple computers in a smaller network, a Server such as your Server 2003 has the ability to deploy Group Policy on multiple systems at a time. This offers a much simpler scenario for Administration.

    The Administrator can use Group Policy to deploy to multiple systems and for different key workforce groups. Lets say the employer has several different situations where employee's need computer and/or Internet access, that employer can deploy several GPO which allows different areas of the business various avenues of use and access. Depending upon the needs of a given group of employees each group can be provided only the amount of access to programs and Internet as needed to perform their jobs and nothing more. This decreases costs for the employer and helps mitigate issues such as employees using the Internet for none work related tasks.

    This link is to the TechNet Virtual Labs for Server 2003. Check out the labs for Group Policy:

    Here are dozens of Webcasts which explain and demonstrate Group Policy:

    There are an entire series of Group Policy Webcasts which begin with the basics and go on up from there. I would start with the Webcasts and then use the Virtual Labs for hands on experience on setting up and deploying Group Policy.

    You can also use the links at the top of the Server 2003 Virtual Labs, and any of the Group Policy links to go backwards to the Home pages where you can locate a huge assortment of topics.

    All of these resources are free and anyone can participate in them. Webcasts are allowed to be downloaded and saved to a local hard disk for future offline access and viewing in Windows Media Player. I have every single Group Policy video on my main system. lol

    If this is not the information you were seeking I apologize. I do hope you find something of value at these Microsoft links. Good luck and much success in controlling access in your network environment. Please have a nice day.

  • Anonymous
    5 years ago

    You actually access the linksys router. You can access the router setup using your browser like internet explorer. Fost most linksys routers, the IP address is usually Type in the ip address and it should take you to the setup page. Most people put a password to allow wireless access but most forget to setup an administrator password. You can try loging in when the screen prompt comes up. User is left blank and default password is "admin" You can click on the Wireless tab and select Wireless MAC filter. you can type in the MAC addresses of people you can allow in and everyone else that is not on the list cannot logon or you can use the same MAC address of the computer to not allow who's on the list to logon.

  • 1 decade ago

    Disconnect the ethenet cable from the computer. The best hacker in the world couldn't break in. Trust me.

  • Anonymous
    1 decade ago

    Unplug eithernet cable

  • How do you think about the answers? You can sign in to vote the answer.
  • grysmn
    Lv 4
    1 decade ago

    find his http address and add it to your hosts file

Still have questions? Get your answers by asking now.