# Solved: Is there a way to restrict internet hours via Group Policy?



## KitKatLuvr (Feb 18, 2009)

I have not been able to find the answer via Google, but I could swear that there is a way to restrict internet hours via Group Policy? I have one computer on our network that needs internet access during day hours only. I tried to solve the problem with different log-ins for each shift (and pointing the other logins to a proxy server that doesn't go out to internet), but this has not worked because the day shift forgets to log out! We also have a perimeter firewall, but it doesn't have the the ability to lock down at this level (I checked). Has anyone done this via GP? If you have, please let me know how. Thanks!


----------



## Squashman (Apr 4, 2003)

Not with GP as far as I know.

You can do it with PortsLock.
http://www.devicelock.com/pl/

Not sure if Windows Steady State can do it. It is a worth a look but not sure if that will integrate well if you are in a domain environment.


----------



## KitKatLuvr (Feb 18, 2009)

I'll check them out...thanks!


----------



## p0ng0 (Sep 15, 2007)

Why would you need to do this? Would you not maybe want to lock the users out at certain times? There is a GPO for permitted login hours for users.

Would this be of any interest?

Christian


----------



## KitKatLuvr (Feb 18, 2009)

The only shift that needs internet access is our day shift. I tried to solve this problem by using two different domain logons on the machine (one for day shift with internet access, the other logon for night shift with no internet access). On the night shift logon, I simply pointed the browser proxy connection to itself, using 127.0.0.1.

Unfortunately, this will only work if the day shift does their part and remembers to log off! I could see by the IE temp files that the night shift was busy surfing the 'net and the day shift couldn't be counted on the shut down or at least logoff. 

I thought we could lock this down via our perimeter firewall, so I also posted something in that forum, only to find out that our model didn't have the capability. 

Since this posting, I already did restrict the logon hours to daytime for the day shift's logon ID. I seem to remember hearing something about this not forcing a logoff if the user is logged on at the time the hours end, though. I could do the easy thing and just test it, but I'm usually long gone by the time the day shift hours end (5 p.m.) because I'm a part timer, and to complicat it, they are always using the computer during the day shift.....

Our last option is to go ahead and buy an internet restricting software, which is what we will do if the logon hours doesn't have any effect.

If you have any further suggestions, I welcome them!


----------



## TheOutcaste (Aug 8, 2007)

How about a Scheduled Task that runs Shutdown.exe to force a log off at 5 PM?
shutdown /L /T 0 (that's a zero, not an "O")
Setting the time to zero should prevent them from using shutdown /A to abort.
Obviously you'd need to make sure neither account can modify the task.


----------



## srhoades (May 15, 2003)

A smart switch will do what you are asking. Or if you don't need internet access at all on the night shift most routers have access restrictions that you can set.


----------

