TechRepublic member gryandmary
used the Technical
to pose the following question: “Can I target a client PC and
disable Internet surfing, through a Windows 2000 Server with DSL connectivity,
while still maintaining communication with the server? We are using Microsoft
Windows XP Pro on the client.”


Here was the response from TechRepublic member zaferus: “There are two ways you
can disable Web browsing from a Windows system:

  1. Go to
    Internet Options in the Control Panel. Go to the Connections tab and click
    LAN settings. Uncheck “Automatically detect settings” and then
    check “Use proxy server” and put settings in for a proxy server
    that doesn’t exist. This will time out the Web browser each time a user
    tries to pull up an Internet site. Unfortunately, a savvy user could go
    into the settings and fix this.
  2. Alternatively,
    you can set the Internet router to deny all port 80 traffic to the WAN from
    the IP address of the client PC you want to block. This is something that
    the user is less likely to figure out, and it will effectively block that one
    PC from Web access, while still allowing all over LAN users full access to
    the Internet.”

TechRepublic member brian
added another option:

“Go to:

  • TCP/IP
  • Advanced
  • Options
  • TCP/IP
    filtering Properties
  • Select
    Enable TCP/IP filtering (All adapters)
  • Select
    Permit Only for all three selections (TCP, UDP, IP)
  • Add only
    the allowed ports that are needed (leaving out port 80 for Web browser
  • Click
    OK multiple times to close out the windows

These settings could also be set in a Group Policy GPO so that
the user can’t change them. You would make a special group just for this user.”


The text of discussion posts from TechRepublic members has
been slightly edited for spelling, punctuation, and clarity.