I have an application that always runs under a dedicated local user account. I want to block all inbound and outbound traffic for that local user account. The other user accounts on the machine need internet access. Is there a way to do that?
Asked
Active
Viewed 2,633 times
1
-
3You could unplug the network connection or disable the NIC?? – NULLZ Jun 04 '13 at 22:49
-
That was my first thought. – AbsoluteƵERØ Jun 04 '13 at 23:33
-
Because this user might be smart enough to plug it back in again to bypass the internet restriction? Not only that, but it would be a massive hassle, and would not do the NIC any good to keep disconnecting and re-connecting an Ethernet cable to it every day. – Austin ''Danger'' Powers Jun 05 '13 at 05:59
-
Which Windows version? – Werner Henze Jun 05 '13 at 08:27
-
Is the dedicated user running other programs that should have internet access? How is that all related to the application that the dedicated user is running? – Werner Henze Jun 05 '13 at 08:31
-
@KimJong-Un This came from security.stackexchange.com we were joking about unplugging it. – AbsoluteƵERØ Jun 05 '13 at 14:55
2 Answers
0
By user I'm guessing you're talking about a network user.
If you're the admin you can block the NIC from getting onto the internet in the hardware firewall or router by blocking outbound access to the web from their MAC address. If you're assigning them a specific IP address you can block the traffic from their IP address as well.
In the network settings you can empty the gateway field under TCP/IP. That will prevent the system from finding the internet gateway, but still allow access on the local network.
To use Windows Firewall you would need to research creating Windows Firewall Rules.
If you're referring to an individual as a user and not their terminal (let's say a shared home computer) it depends on the version of Windows you're running and the levels of user access that exist. Some of the features of Pro and Business versions of Windows allow you to setup local security policies and user account controls.
Home versions of Windows are often crippled. (So knowing the version of Windows you're using might help us to better answer your question.)
You might also try using some of the parental controls if this is not a work computer.
If this is to secure a system for kids, then you can unplug the system from the network or setup a wifi card and require them to know the WPA2 key.
You can also run an aftermarket firewall (like Kaspersky) that allows you to setup a password to edit the firewall rules (for whitelisting and blacklisting websites). This could also prevent them from installing any applications.
AbsoluteƵERØ
- 500
-
Sorry I should have been more specific. I updated the question. I looked into windows firewall rules but couldn't find a way to block stuff for a user...just applications. – Scott Anderson Jun 05 '13 at 00:22
0
Sounds like a parental internet control scenario.
Why not just remove administrator privileges from the user account, then set an invalid proxy server in the web browser?
Austin ''Danger'' Powers
- 6,262