Share via

Internet blocking in GPO for a specific user

IT friend 0 Reputation points
2023-01-26T07:04:58.9033333+00:00

I am a network administrator and would like to block the Internet completely for a certain user using a GPO or perhaps by changing the default gateway

I asked, which policy could help me in this matter or alternatively another command that I will put in the LOGON script

I saw here that there is such a possibility

Windows for business Windows Client for IT Pros User experience Other

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 44,746 Reputation points
    2023-01-26T17:15:24.6666667+00:00

    Hello there,

    The easiest way to block internet access for a user is to set their proxy server settings to a non-existent proxy server, and prevent them from changing the setting.

    Create a new policy in GPMC by right-clicking your domain and pressing New. Name the policy No Internet.

    Right-click No Internet and press Enforced to check it.

    Select No Internet in the left-hand pane, select Authenticated Users under Security Filtering and press Remove, and OK to prevent the policy from applying.

    Using Group Policy to implement Internet Explorer settings, navigate to User Configuration / Windows Settings / Internet Explorer Maintenance in the No Internet policy.

    Right-click Internet Explorer Maintenance and press Preference Mode. NOTE: If a policy is already defined, you must press Reset Browser Settings, which will reset any Internet Explorer Maintenance Group Policy, before you press Preference Mode.

    Navigate through Connections and double-click Proxy Settings (Preference Mode).

    Check Enable proxy Settings, Use the same proxy server for all addresses, and Do not use proxy server for local (intranet) addresses.

    Type 127.0.0.1 into Address of proxy and 80 into Port.

    Press OK.

    Close the No Internet group Policy.

    You can also do this with a Antivirus that has Web Filtering, Firewall with web filtering or installing a PI-Hole and denying any connection from those endpoints. The best option though is using a web filter per user for either ENdpoint Agent or Firewall/UTM/NGFW device.

    Hope this resolves your Query !!

    --If the reply is helpful, please Upvote and Accept it as an answer–

  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

  3. Nick B 361 Reputation points
    2023-01-26T18:10:50.9966667+00:00

    If you really want to block whole internet access try using built-in Windows Firewall principals by setting block rule and allow connections only from specific users which will block that user, except it never really worked since almost all custom new account users are part of either administrators or users group

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.