Complete internet lock down

Big Jim

Big Jim

Well-Known Member
Reaction score
185
Location
Derbyshire, UK
I have a call to attend tomorrow, the customer wants internet access completely restricted on a machine I think he just wants internet browsing locking, but still requires access to it via RDP (over internet)

What is the easiest way to achieve this ?
I assume a 3rd party "net nanny" type program but genuinely never been asked to do this before so not something I am up to speed on.
 
I've used Spyrix in the past. I suppose it's pretty good. I just don't like going there......
 
IP reservation, and a content control policy that locks all Internet access except security updates.

It still needs patched, unless it's unplugged.

No content control? Then you basically can't do this reliably, because you'll have to allow TCP 443 egress for updates for various things. And you will never get enough firewall rules in place to allow just what you want, and when you do you'll find you've just opened the door to every CDN on the planet and basically disabled your TCP 443 block.

I suppose if he wants to pay you to manually patch the thing once a month you could make that work. But a content control system should be cheaper over time.
 
Markverhyden said:
You need to properly assess what they really are looking for. Blocking 80 and 443 may have unforeseen outcomes related to updates, etc. But I think W10 kiosk mode might be an option if, literally, all they want to user to do is access RDP.

https://social.technet.microsoft.co...osk-mode-rdp-connection?forum=win10itprosetup
Click to expand...
I'm not sure kiosk mode will work as I don't know what the general users are using the PC for or what the owner is using it for via RDP.

I am pretty sure he just wants to stop people accessing the internet on it whilst at work, all I know for certain at this point is that the pc is on a farm
 
with everyone having phones and tablets if they want on the internet to waste time at work they will simply use their phone.

I have also seen employees put in a considerable amount of time to figure out how to get back on the internet.
 
@nerd2u, I use content control to protect users, not control them. But some places have legal requirements to stop porn access and such.

Besides, it's pretty easy to catch people staring at their phones all day, but that's a human problem and something for HR and management to deal with. It's not a technology problem for us to automate.

But you're dead on, 5G is here if we all thought USB stick were a security risk wait until you have an unauthorized cellular uplink attached to your LAN slurping data to unknown locations at 200mbit. Which is probably the largest argument ever for putting literally everything in the cloud. It's about the only way to maintain a walled garden anymore.
 
so when I arrived the customer (business owner) had disabled the LAN port, and to his knowledge that had solved the problem, (workers messing about on the net when they shouldn't be)
But he needed RDP access and certain programs that he uses require internet access, as well as windows update obviously.
Also the main program that everyone needs to use (for milking data) will just not run if not on an admin account. (tried to run with admin rights on non admin account and it didn't work)

I chose to block the browsers through windows firewall, he was confident that the workers in question are not savvy enough to reverse this. but said that he would monitor the situation and if they do work it out I will investigate "Net nanny" type options.
 
Big Jim said:
so when I arrived the customer (business owner) had disabled the LAN port, and to his knowledge that had solved the problem, (workers messing about on the net when they shouldn't be)
But he needed RDP access and certain programs that he uses require internet access, as well as windows update obviously.
Also the main program that everyone needs to use (for milking data) will just not run if not on an admin account. (tried to run with admin rights on non admin account and it didn't work)

I chose to block the browsers through windows firewall, he was confident that the workers in question are not savvy enough to reverse this. but said that he would monitor the situation and if they do work it out I will investigate "Net nanny" type options.
Click to expand...
I would have suggested he get a decent biz-grade router and use that to control access. But - he really needs to learn: If he treats his staff like children he will find they act like children.
 
Mick said:
I would have suggested he get a decent biz-grade router and use that to control access. But - he really needs to learn: If he treats his staff like children he will find they act like children.
Click to expand...
It's not really my place to judge how he deals with his staff, but he did tell me that whilst all staff were doing it, 1 particular individual was browsing the internet too much instead of working.
In that scenario I'm not sure what you would suggest ?
 
Many places now have rules and regs drafted into their employment contracts to govern the use/misuse of the internet. He may not have these provisions, but if he hasn't then I think he should consider it, even if only to guard against future events. As regards the here and now, then I agree with @NJW - an individual disciplinary matter. However - I also agree with you @Big Jim : Not your job to tell him how to run his business. You'll get no thanks if you try!
 
OpenDNS and filter everything?.

I use a Asus router at home that has parental controls that have to be enforced sometimes.
 
You must log in or register to reply here.

Similar threads

callthatgirl
Free Webinar: Managing Your Own Microsoft 365? Admin Settings Every Solo Business Owner Must Know
Replies
2
Views
647
callthatgirl
callthatgirl
HCHTech
Narrowing down a internet issue
Replies
5
Views
1K
YeOldeStonecat
YeOldeStonecat
thecomputerguy
Probably one of the dumbest things I've ever heard of.
Replies
14
Views
2K
timeshifter
timeshifter
HCHTech
Hot-Desking setup
Replies
0
Views
3K
HCHTech
HCHTech
NviGate Systems
[WARNING] Seniors Beware - Beyond Here Lies Complicated
Replies
9
Views
2K
britechguy
britechguy
Back
Top