I have a customer who wants me to block all internet/aim acess from their sons, computer, yet keep local file sharing and network printing. I can do this with a firewall like zonealarm, but then the settings can be tampered with. Any password-protected programs that can do this?
Block 'net, keep local network?
- Thread starter andypress
- Start date
- Oct 30, 2000
- 42,589
- 5
- 0
mechBgon
Super Moderator<br>Elite Member
- Oct 31, 1999
- 30,699
- 1
- 0
1) last I tried it, ZoneAlarm Pro can be password-protected. Without the password, it won't let itself be uninstalled either, although he could brute-force it if he had Admin-class powers on the computer.
2) you could block his MAC address from web access at their router, assuming they have one with such a feature.
3a) you could manually set up his TCP/IP settings with bogus gateway and DNS entries (127.0.0.1 for all three).
3b) you could also specify at the router that his manual-set IP address is teh forbidden to access the Internet.
Password-protecting all the Administrator-class user accounts on the PC, and giving the kid a Limited-class account instead, would enforce #1 and #3a unless he goes to the extent of an alternate or parallel OS to either bypass or reverse the protection.
#2 and #3b are as secure as the router is. If he can simply unplug his network cable from it and plug straight into the modem, or use a default password to log into the router and reverse the changes there, then that's not going to be foolproof either.
To find the names of all the admin-class accounts, including the hidden one that could be used to circumvent your measures, use Start > Run > cmd to get a command prompt, then use the command net localgroup administrators and they'll be listed.
So let's say the kid's account is Tony and the computer's own hidden Admin-class account is named DELL_CUSTOMER. You want Tony to be Limited. Windows will freak because it wants for there to always be one Admin account besides its own hidden one. So create a new Admin-class account named mechBgon first
then reduce Tony's account from Administrator down to Limited.
net user mechBgon strong_password_here /add creates the new account
net localgroup administrators mechBgon /add adds this account to the Administrator group
Now log onto the system using the new account you just made. Start > Run > cmd for a command prompt, and now give the system's own Admin-class account a strong password too:
net user DELL_CUSTOMER strong_password_here
and then add Tony to the user group and remove him from the Administrators group:
net localgroup users Tony /add
net localgroup administrators Tony /delete
Now if you do net localgroup administrators, Tony's account shouldn't be listed. If there are more Admin-class accounts, reduce them to Limited as well.
This will break some stuff. Many games will freak out under a Limited account. If this is too drastic of a solution, then consider just starting with password-protected ZoneAlarm Pro and then pull the plug on the Internet if the kid fights the system.
2) you could block his MAC address from web access at their router, assuming they have one with such a feature.
3a) you could manually set up his TCP/IP settings with bogus gateway and DNS entries (127.0.0.1 for all three).
3b) you could also specify at the router that his manual-set IP address is teh forbidden to access the Internet.
Password-protecting all the Administrator-class user accounts on the PC, and giving the kid a Limited-class account instead, would enforce #1 and #3a unless he goes to the extent of an alternate or parallel OS to either bypass or reverse the protection.
#2 and #3b are as secure as the router is. If he can simply unplug his network cable from it and plug straight into the modem, or use a default password to log into the router and reverse the changes there, then that's not going to be foolproof either.
To find the names of all the admin-class accounts, including the hidden one that could be used to circumvent your measures, use Start > Run > cmd to get a command prompt, then use the command net localgroup administrators and they'll be listed.
So let's say the kid's account is Tony and the computer's own hidden Admin-class account is named DELL_CUSTOMER. You want Tony to be Limited. Windows will freak because it wants for there to always be one Admin account besides its own hidden one. So create a new Admin-class account named mechBgon first
then reduce Tony's account from Administrator down to Limited.net user mechBgon strong_password_here /add creates the new account
net localgroup administrators mechBgon /add adds this account to the Administrator group
Now log onto the system using the new account you just made. Start > Run > cmd for a command prompt, and now give the system's own Admin-class account a strong password too:
net user DELL_CUSTOMER strong_password_here
and then add Tony to the user group and remove him from the Administrators group:
net localgroup users Tony /add
net localgroup administrators Tony /delete
Now if you do net localgroup administrators, Tony's account shouldn't be listed. If there are more Admin-class accounts, reduce them to Limited as well.
This will break some stuff. Many games will freak out under a Limited account. If this is too drastic of a solution, then consider just starting with password-protected ZoneAlarm Pro and then pull the plug on the Internet if the kid fights the system.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter