# Can I deny internet access to one user in XP



## wrw0010 (Feb 18, 2005)

I have a computer on my office network on which I need to deny internet access to my office staff. Normally, this would be a simple matter in XP pro except that the computer is on FAT32 file system. Because of this, most of the security functions I need are unavailable. I run a Veterinary software that requires Fat32 or I would just convert to NTFS. Is there a way to eliminate access for the office staff user account without third party software? Is there freeware that will do this? I have Norton System Works 2005. Is there a feature in it that will restrict access?


----------



## wrw0010 (Feb 18, 2005)

My entire office staff is two receptionists. There is no need for them to go online. I really do need a little advise here. This site used to be helpful but lately every response is just trite and contrary.


----------



## dvk01 (Dec 14, 2002)

unfortunately using FAt32 as a file system almost all of teh security settings in XP are disabled, that is why NTFS is preferable 

You should though be able to create user accountsa nd each user account can have restrictions palced on it. It's a lot easier with XP pro though than XP home so which version are you using


----------



## dvk01 (Dec 14, 2002)

The easiest way would be to remove all shortcuts to browsers & email from desktop & start menu 

and that way unlss they use windows explorer to navigate to the folder & click on the .exe to run the browser they won't get access to the net


----------



## wrw0010 (Feb 18, 2005)

Thank you for you help.

I am using XP pro. I have already tried removing the shortcuts and even made the internet explorer folder into a hidden one. I then made sure the show hidden files option was turned off. After all this, I realized that my estimation of their computer skills was much lower than the reality. I may just convert the disk and partition off the veterinary software in Fat32. I am concerned about Convert.exe and wonder if there is any danger I will lose my data in the process. I have Partition magic that I use for my home comp and it seems to work well. 

You mentioned that it was easier to do in XP Pro. Is it possible to do through the administrative services? If so, what are the steps?


----------



## dvk01 (Dec 14, 2002)

I don't use pro but it should be in the gpedit.msc

http://support.microsoft.com/default.aspx?scid=kb;en-us;310791&FR=1&PA=1&SD=HSCH


----------



## dvk01 (Dec 14, 2002)

you have to make sure that they have not got admin accounts otherwise they can override that


----------



## dvk01 (Dec 14, 2002)

However the problem with trying to disable IE in XP is taht a lot of other programs stop working but I'm sure there is a setting in there to stop IE accessing the net 

otherwise if you have a router or firewal use the firewall settings to prohibit IE from the net & password that


----------



## wdm2291 (Nov 5, 2004)

Another possibility is filtering software (like bsafeonline.com) and/or some kind of monitoring software (looxie, I think is one, something like that). Also, can you password out your internet access? (so that you'd have to put in a password to get online? (this might be harder if you have an always-on connection than if you have dial-up).

I think that, bottom line, I would tell them their activities are being monitored, and you're paying them to be working, and not online, and tell them if they refuse to obey your orders, they'll be out the door (unemployed). This should be a given, since you're the employer and they are on your time when they are at work. This is not an unreasonable requirement for employment at your office. (maybe you value them too much to do this, and, if so, then you have to weigh how much you need/value them against how easy or difficult it would be to replace them w/ someone (otherwise as competent as they are) who won't go against your orders, you being the boss).

Hope this helps,


Wayne


----------



## ~Candy~ (Jan 27, 2001)

ekim68, you have an email from me.

wrw0010, I apologize for the rude response from this member, and have requested he/she do so as well.


----------



## ekim68 (Jul 8, 2003)

wrw0010, I DO apologize for my response last night. There was no call for that on a site like this which has helped so many people. I'll not do that again.


----------



## wrw0010 (Feb 18, 2005)

Thank you for the apology and I appreciate everyone's help. The people on my staff have not to this point caused any major problems by their on line activities(they are both new). However, in the past it has become a steadily growing problem (with previous employees). That's why I wanted to eliminate the temptation early. I know this approach sounds a little passive-aggressive but I have real issues with the "big brother is watching you" approach. I think when all is said and done I am better off just changing the file system on the OS to NTFS. Are there issues I need to be aware of with convert.exe?


----------



## satellite (Mar 12, 2005)

I've removed shortcut access, but I'm banking on the staff expertise to be limited, since they'd only need to type a web address into any windows explorer window address field and hey presto!
The only foolproof option I can think of is to have a dual-booting system with 1 partition FAT32 and the internet-ready partition NTFS. Bit of a palava having to re-boot every time you leave the office though!


----------

