How to turn off internet for a specific windows 7 user?

max_rip2012-07-08 21:08:27

Computer networks

max_rip, 2012-07-08 21:08:27

Considering that the output is Mikrotik with a 6th license level.
Only marking packages comes to mind, somehow I did this on linux, but is it possible to repeat this trick in windows?

PS It is impossible to completely block access to the Internet, there are system utilities running on the same PC that need access to the Internet, at the same time, users who clearly do not need the Internet are sitting at the PC and only distract them from their direct duties.

Answer the question

In order to leave comments, you need to log in

9 answer(s)

Nikolai Turnaviotov, 2012-07-08
@foxmuldercp

Yes, the most correct and logical solution is to let the monitoring machine go only where the tools should go, and after the second working one, let them do what they want ...

Vladimir Dubrovin, 2012-07-08
@z3apa3a

Without using a proxy, it is possible to organize access to an external network with authorization via 802.1X, PPPoE or PPTP, i.e. on the contrary, to prohibit everyone, and with authorization, whoever needs it, to allow it.

oia, 2012-07-08
@oia

ask your salvation + authorization

Iliapan, 2012-07-09
@Iliapan

Install a competent firewall such as an outpost and set it to paranoid mode.

livinger, 2012-07-08
@liveder

security policy?

Andrey Polyakov, 2012-07-08
@magnitudo

I would still recommend installing a second computer for such purposes - it’s more reliable in every way and not so expensive in the current conditions.
And so here are the ideas that arise:
Using the Windows firewall, allow access to the network only to those programs that are needed. Block the rest. To the user to cut the rights that could not steer a firewall.
If there is a limited number of utilities, then explicitly set the allowed addresses for these utilities on the Mikrotik, and ban the rest.
I didn’t quite understand from the previous comment, but if these utilities only listen to addresses, then again, write down rules that allow only incoming connections to these utilities, and ban the rest.

JDima, 2012-07-08
@JDima

The main question is: what is the difference between “system utilities” and those launched by the user. It can be assumed that the "system utilities" are run under a different account. If the user has limited rights and / or the user's qualifications are close to the plinth level, then you can try to dig towards local firewalls and somehow say “do not let processes running under vpupkin”.

egorinsk, 2012-07-08
@egorinsk

Set up a firewall on the target machine as an administrator. A normal user will not be able to change its settings.
And package labeling is unreliable, how can you ensure that the user doesn't label their own package? And is it even possible?

----, 2012-07-09
@stalkerxxl

I disable parental control in ESS NOD32 ... System programs work without problems, but the user's browser does not let me go anywhere. I think that such a feature is in every modern anti-virus package ...
You can also try Parental Control (Control Panel) ...