Learn several options for disabling Internet access on a single system while still allowing other systems on the same network to access the Internet. <p><img src="http://www.techrepublic.com/i/tr/columnSigs/SolutionBase.gif" hspace="5" align="center"></p>
TechRepublic member gryandmary used the Technical Q&A to pose the following question: "Can I target a client PC and disable Internet surfing, through a Windows 2000 Server with DSL connectivity, while still maintaining communication with the server? We are using Microsoft Windows XP Pro on the client."
Here was the response from TechRepublic member zaferus: "There are two ways you can disable Web browsing from a Windows system:
- Go to Internet Options in the Control Panel. Go to the Connections tab and click LAN settings. Uncheck "Automatically detect settings" and then check "Use proxy server" and put settings in for a proxy server that doesn't exist. This will time out the Web browser each time a user tries to pull up an Internet site. Unfortunately, a savvy user could go into the settings and fix this.
- Alternatively, you can set the Internet router to deny all port 80 traffic to the WAN from the IP address of the client PC you want to block. This is something that the user is less likely to figure out, and it will effectively block that one PC from Web access, while still allowing all over LAN users full access to the Internet."
TechRepublic member brian added another option:
- TCP/IP Properties
- TCP/IP filtering Properties
- Select Enable TCP/IP filtering (All adapters)
- Select Permit Only for all three selections (TCP, UDP, IP)
- Add only the allowed ports that are needed (leaving out port 80 for Web browser traffic)
- Click OK multiple times to close out the windows
These settings could also be set in a Group Policy GPO so that the user can't change them. You would make a special group just for this user."
The text of discussion posts from TechRepublic members has been slightly edited for spelling, punctuation, and clarity.