Logon scripts - internet access

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

10forcash

Thread Starter
Joined
Aug 7, 2003
Messages
343
Ok chaps,
I need to block internet access on a per- user basis, easy enough, use a logon / logoff script....probably by redirecting that users gateway to an invalid gateway, like 127.0.0.1 - sounds good, problem is, what command do I use to do this???
Been searching technet, COTSE etc. for days... I know it can be done, a sadly departed sysadmin had two closely - guarded 'internet on' and 'internet off' scripts he used to run on miscreant users profiles in the old days when I was just a power user.
A weekend in Baghdad to the winner, 2 weeks for the runner up.....
Cheers,
10forcash
 

10forcash

Thread Starter
Joined
Aug 7, 2003
Messages
343
Rude,
close...but no cigar !!
I need to create the logon/off script, the link relates to hiding it from the users, which isn't a problem as I already use scripts and theyre used to seeing them.
looks like the 2 week bed & breakfast in saddam's hidey-hole for you..
cheers,
10forcash
ps. only joking, 3 course a-la-carte is available -honest
 

10forcash

Thread Starter
Joined
Aug 7, 2003
Messages
343
Rude,
Seeing as nobody else is playing, looks like you're the winner, had a good play with the software and it seems you were right, does what it says on the tin.
Thanks a lot mate, here's your soooper doooper holiday destination
<attached>
Tickets are in the post......
Cheers,
10forcash
 

Attachments

10forcash

Thread Starter
Joined
Aug 7, 2003
Messages
343
:p hahahahahahahaha :eek:
Day on the ranges first for you me lad...
watch out for these on the way in though :eek: :eek:
Cheers,
10forcash
ps. thanks fot the help, it's appreciated (probably not by the users though) ;)
 

Attachments

10forcash

Thread Starter
Joined
Aug 7, 2003
Messages
343
Rude, (and anyone else that's interested)
finally got round to researching and writing the scripts, these allow me to deny internet access on a per-user basis, which is better than per IP (although browsecontrol is a handy little tool)
Basically, I created two VBS scripts, intoff.vbs and inton.vbs, these are stored on the PDC, and two batch files (you guessed it - intoff.bat and inton.bat) are referenced in the logon script part of the user AD profile, the GPO restricts access to the proxy settings to prevent users modifying the settings. If you could be bothered to read this far, here's the scripts

intoff.vbs

On Error Resume Next


const HKEY_CURRENT_USER = &H80000001
strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings"
strValueName = "ProxyServer"
strComputer = "."
strValue = "http=127.0.0.1:8080 https=127.0.0.1:8080"

Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
oReg.CreateKey HKEY_CURRENT_USER,strKeyPath
oReg.SetStringValue HKEY_CURRENT_USER,strKeyPath,strValueName,strValue

inton.vbs

On Error Resume Next


const HKEY_CURRENT_USER = &H80000001
strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings"
strValueName = "ProxyServer"
strComputer = "."
strValue = "http=192.168.0.1:83 https=192.168.0.1"

Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
oReg.CreateKey HKEY_CURRENT_USER,strKeyPath
oReg.SetStringValue HKEY_CURRENT_USER,strKeyPath,strValueName,strValue

intoff.bat

\\sitepdc\sysvol\domain.com\scripts\intoff.vbs /s

inton.bat

\\sitepdc\sysvol\domain.com\scripts\inton.vbs /s

the /s switch causes the script to run silently


The users denied access run the intoff.bat, the users allowed access run the inton.bat when they logon to their profile

now (some) users are realley pi$$ed off!

Cheers,
10forcash
 
Joined
Aug 14, 1999
Messages
185
10forCash; I am interested in utilizing something like this too. How do I implement this exactly. Are these scripts for when a user is logging onto a network or can the same be used for logging into a machine (say running XP Pro)?
 

10forcash

Thread Starter
Joined
Aug 7, 2003
Messages
343
Lexar, if you want to apply it 'per user', you need to be on a domain, place the script in the sysvol share and use AD to apply the script. this will apply it to any machine the user logs on to.
If this doesn't make sense, PM me and i'll create a word doc with screenshots - don't hold your breath though, i'm busy !
Cheers,
10forcash
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top