1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Need a way to block Internet access, but allow Windows Automatic Updates

Discussion in 'Networking' started by diablo75, Jan 22, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. diablo75

    diablo75 Thread Starter

    Joined:
    Sep 7, 2006
    Messages:
    617
    A client of mine has several computers running Windows 2000 and Windows XP. He wants all of them to be allowed to go out to the Internet for the purposes of checking for Windows updates, but otherwise block all outbound traffic heading for the Internet. There is need for internal Intranet connections so we can't have things like shared folders between computers on the LAN be blocked. Are there any free software firewalls out there that will do this. Correct me if I'm wrong, but I'm thinking Windows XP SP2's built-in firewall just might do the trick for this need, but for Windows 2000 I think I need to find 3rd party software; hopefully something free.
     
  2. avisitor

    avisitor

    Joined:
    Jul 12, 2008
    Messages:
    1,710
    I'm thinking you could put a Deny All but the Windows Updates domains in your router's firewall.

    Another way is to setup a Windows Server machine running WSUS, however, I don't know if you have a server or not.
     
  3. Squashman

    Squashman Trusted Advisor

    Joined:
    Apr 4, 2003
    Messages:
    19,783
    WSUS can run on Windows XP with some hacks.

    Are you sure your router doesn't have this capability builtin to it already.

    You might be able to do this as well by setting up and OpenDNS account. You might be able to blacklist everything going out of the network and then setup a Whitelist for only the sites you want people to visit. I have never tried blocking everything with OpenDNS but I do block quite a bit to keep my kids out of trouble.
     
  4. Squashman

    Squashman Trusted Advisor

    Joined:
    Apr 4, 2003
    Messages:
    19,783
    Well doesn't look like you can block the top level domain ".com" with OpenDNS but you can block all others. But with DNSredirector it looks like you can.
    http://www.dnsredirector.com/compare/
     
  5. diablo75

    diablo75 Thread Starter

    Joined:
    Sep 7, 2006
    Messages:
    617
    dnsredirector doesn't appear to be free. I was hoping for something that may already be built into Windows. Is there a way to prevent a user from opening up Internet Explorer, for instance?

    And I don't want to setup a policy like this on the router because there are some computers on this network that need to access the Internet and I wouldn't want to block them. I only want to prevent web browsing on certain PCs and allow it on others.
     
  6. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    You could put Windows Update in the Trusted domains in Internet Options and then set all others to be blocked. Then, just limit access to the options. You can't block IE from running because even explorer can acess the internet in its place. If it is not a problem to access each machine and this does not need to be centrally administered, then Internet Options can be restricted with the XP Security Console running from floppy or CD.
     
  7. diablo75

    diablo75 Thread Starter

    Joined:
    Sep 7, 2006
    Messages:
    617
    This looks like it will do the trick! Thanks.
     
  8. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    It's a handy little tool to have, especially on XP Home with no Group Policy Editor, on kids machines. You can carry it on CD or hide it, or even just set it to run as admin.
     
  9. Squashman

    Squashman Trusted Advisor

    Joined:
    Apr 4, 2003
    Messages:
    19,783
    I don't believe Doug has updated that utility in a while. I think Windows Steady State would have been a better idea.

    But you know many people will find a way around what you just did. What happens when they decide to use another browser, like Chrome of Firefox?

    I also am wondering about this.
    "Only one user profile, either the currently logged on user, or a "loaded" user profile, can be loaded at one time. However, with the licensed version, you can create a "default" set of settings and quickly apply them to other user profiles." How are you making this settting on everyones computer if don't have the licensed version. Are you asking them for there passwords so you can change their user profile.
     
  10. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    Basically, the free version makes the changes to HKCU instead of HKLM. Each machine would have to have the settings set by a logged on user.

    You're right, it is pretty old and limited. But it still works for many things and is quick and easy, which is what it appeared to me the OP was looking for.

    There are many better solutions. Without internet access, another browser couldn't be installed unless they brought it with them. But this is far from a secure solution for anyone with a real desire to circumvent it.

    Windows Steady State, Shadow User Pro, Acronis Try&Decide, Returnil Virtual System, DeepFreeze, and many others are possible solutions depending on the degree to which changes to a machine are allowed, and for administration of policies, RadMin, DameWare, NetSupport Manager, and others, would allow remote control over these policies.

    And simple programs like Salfeld's User Control, or User Privilege Manager, basically other forms of policy control, can be used on individual machines.
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/793363

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice