• ** There has been a recent site upgrade. Please clear your browser cache to avoid issues. **
  • New forum feature - post voting and best solution

    Check out this thread for the details: https://www.access-programmers.co.uk/forums/threads/new-forum-feature-post-voting-and-best-answer.314134/

    This new feature looks great to me! :)

  • We now have 3 forum themes

    Go for the default (light) theme, Shades of Grey or Shades of Blue. I just added the Blue one.

    The thread about it is here: https://www.access-programmers.co.uk/forums/threads/new-forum-theme-shades-of-blue.314136/

blocking websites using windows OS (1 Viewer)

vba_php

Forum Troll
Local time
Today, 03:38
Joined
Oct 6, 2019
Messages
2,884
I'm interested in blocking content on a local machine, but now allowing the user to look up how to unblock this stuff. so for instance, if I want to block a local user, who operates their own machine, from going to this site: https://www.youtube.com/ , how exactly would I do that without having any control over undoing it? So for instance, what I'm saying is that I'd like to block sites from rendering on a machine and sort of "password protect" the solution in a way where no one knows the password. Thus, the blocking can't possibly be undone. Has anyone done anything like this before? I have looked it up, which I was aware of this method before, but I don't think would do any good because this could easily be undone:

 

cheekybuddha

AWF VIP
Local time
Today, 09:38
Joined
Jul 21, 2014
Messages
557
Is this in a corporate environment? How many machines are you talking about? Are they windows machine?
 

vba_php

Forum Troll
Local time
Today, 03:38
Joined
Oct 6, 2019
Messages
2,884
one machine only. windows 10. no corporate environment. a kid's machine. I'd like the solution to be permanent, and not even me knowing the solution or any workaround to be available. kind of like randomly banging on the keyboard when entering a one-time password into a website and not looking at what keys you're banging on. in that instance, you would not know the password so logging into the website in the future would therefore not be possible under that username.
 

vba_php

Forum Troll
Local time
Today, 03:38
Joined
Oct 6, 2019
Messages
2,884
Yes because it is their own machine. It is the only user account on the machine. Is that a problem?
 

cheekybuddha

AWF VIP
Local time
Today, 09:38
Joined
Jul 21, 2014
Messages
557
>> Is that a problem? <<

Yes, I was going to suggest you alter the hosts files and send the domains you want to block to nowhere, and restrict them from altering it; but if they have admin access then they can undo that easily.

Your best bet would be to see if you can block the domains at the router level, but it depends on how sophisticated the router admin interface is. You'd have to identify their machine (easier with fixed IP), but sometimes you can do it by MAC address too.
 

vba_php

Forum Troll
Local time
Today, 03:38
Joined
Oct 6, 2019
Messages
2,884
Your best bet would be to see if you can block the domains at the router level,
there is no router. there is only a hard-wired modem. but I think that is irrelevant, considering you mentioning the mac address.

i found this site, which seems promising as well:


the ip address is dynamic, by the way.
 

moke123

AWF VIP
Local time
Today, 04:38
Joined
Jan 11, 2013
Messages
1,674
Señor Adam:
My agency uses OpenDNS. Since I need to access places no one else in my agency has to I simply change the dns on my computer, do what I need to do, then change it back. My guess is the kids gonna be smarter than you so good luck trying to block him from anything.
 

vba_php

Forum Troll
Local time
Today, 03:38
Joined
Oct 6, 2019
Messages
2,884
My guess is the kids gonna be smarter than you so good luck trying to block him from anything.
you're missing the point. I'm already smarter than you are by you thinking this has anything to do with a kid.
 

moke123

AWF VIP
Local time
Today, 04:38
Joined
Jan 11, 2013
Messages
1,674
one machine only. windows 10. no corporate environment. a kid's machine. I'd like the solution to be permanent, and not even me knowing the solution or any workaround to be available. kind of like randomly banging on the keyboard when entering a one-time password into a website and not looking at what keys you're banging on. in that instance, you would not know the password so logging into the website in the future would therefore not be possible under that username.
my bad, I have no idea where I could have gotten that information.
 

vba_php

Forum Troll
Local time
Today, 03:38
Joined
Oct 6, 2019
Messages
2,884
my bad, I have no idea where I could have gotten that information.
do you think I'm stupid, genius boy? just because I say something doesn't mean it's true. that's where your senses are off. most IT people lack that sort of intelligence. it's OK to be stupid in that regard. it's a business thing. you wouldn't understand.
 

vba_php

Forum Troll
Local time
Today, 03:38
Joined
Oct 6, 2019
Messages
2,884
the comments mean nothing cheeky. I used your help to find the solution. thanks again. :)
 

deletedT

Guest
Local time
Today, 09:38
Joined
Feb 2, 2019
Messages
1,220
just because I say something doesn't mean it's true.

Adam, no offence, But it's the funniest thing I've ever heard in my life.

You may know it. But I use router's pocket filtering at job, using static IPs for each PC. But as you said you don't have a router.
One more option is to add a windows server, install active directory, add routing role in DC, install DNS server and use DC as a router and limit accessing certain people to certain sites.

I think you can also use windows parental controls to limit access to different sites.
 
Last edited:

mdnuts

Registered User.
Local time
Today, 04:38
Joined
May 28, 2014
Messages
120
Thus, the blocking can't possibly be undone.

You cannot do anything to a system that cannot be undone (short of killing the system) by someone with physical access to it. You're allowing physical and administrative.

Change DNS? i'll change it again. Password lock it? i'll crack it. Bios lock it? I'll unlock it. Give me physical access and anything will be broken into to allow alteration. You're just removing the breaking into part. In turn i'll screw up your stuff just out of spite. The only real option is upstream of the device, the modem may have parental controls or you need to look into upgrading that modem or putting in some other device in-between to handle it.
 

The_Doc_Man

Immoderate Moderator, Former MVP, Retired SysAdmin
Staff member
Local time
Today, 03:38
Joined
Feb 28, 2001
Messages
17,933
Adam,

There is NO permanent way that you can make a Windows machine unable to see a particular web site AND be unable to restore visibility as long as the person in question has admin rights and even limited internet search abilities. Even if you deleted some things, there would be the opportunity to do a "Windows Repair" that would restore the integrity of the system. At BEST, you can make this blocking condition occur in a very obscure way that would make the person have to work very hard to remove the blocks. This is the old security principle of the "low hanging fruit." You are in essence making the fruit hang higher. But if the person wants it badly enough, they WILL get to it.

As others have advised you, this is the sort of thing best managed by an external network layer physically and logically outside of the machine in question. Admin rights can override anything you can do. You can only try to revoke the person's admin rights. THEN you might have a shot. But if you did that to me, for example, I would haul your ... anatomy out on a platter and roast you. That kind of invasion is GUARANTEED to tick someone off major big-time, and perhaps even invite retaliation.

Post #3: "one machine only. windows 10. no corporate environment. a kid's machine."

Post #9: "you're missing the point. I'm already smarter than you are by you thinking this has anything to do with a kid."

Adam, if you can't give us accurate descriptions of the REAL problem, why should we even talk to you" You have in the past claimed to be Catholic, which means the "big 10" are part of your to-do list. So if you really ARE Catholic, STOP with the "bearing false witness" stuff. Though to be honest I wouldn't be surprised to see you now deny that religion.
 

vba_php

Forum Troll
Local time
Today, 03:38
Joined
Oct 6, 2019
Messages
2,884
Adam,

There is NO permanent way that you can make a Windows machine unable to see a particular web site AND be unable to restore visibility as long as the person in question has admin rights and even limited internet search abilities. Even if you deleted some things, there would be the opportunity to do a "Windows Repair" that would restore the integrity of the system. At BEST, you can make this blocking condition occur in a very obscure way that would make the person have to work very hard to remove the blocks. This is the old security principle of the "low hanging fruit." You are in essence making the fruit hang higher. But if the person wants it badly enough, they WILL get to it.

As others have advised you, this is the sort of thing best managed by an external network layer physically and logically outside of the machine in question. Admin rights can override anything you can do. You can only try to revoke the person's admin rights. THEN you might have a shot. But if you did that to me, for example, I would haul your ... anatomy out on a platter and roast you. That kind of invasion is GUARANTEED to tick someone off major big-time, and perhaps even invite retaliation.

Post #3: "one machine only. windows 10. no corporate environment. a kid's machine."

Post #9: "you're missing the point. I'm already smarter than you are by you thinking this has anything to do with a kid."

Adam, if you can't give us accurate descriptions of the REAL problem, why should we even talk to you" You have in the past claimed to be Catholic, which means the "big 10" are part of your to-do list. So if you really ARE Catholic, STOP with the "bearing false witness" stuff. Though to be honest I wouldn't be surprised to see you now deny that religion.
the issue is my own machine Richard it's not a kids how is that for the truth? The types of websites and the content are they on the websites are irrelevant to this discussion but it doesn't seem like there's a possibility of doing this on my own machine or anyone else's for that matter is that true Richard? Based on everything you say it doesn't seem like it is possible in this regard
 

moke123

AWF VIP
Local time
Today, 04:38
Joined
Jan 11, 2013
Messages
1,674
it's not a kids how is that for the truth? The types of websites and the content are they on the websites are irrelevant to this discussion
Ah si Señor Adam I think we understand now. Feeling guilty about the Señoritas. Gods been watching you. There are 12 step programs for those addictions too.
 

Users who are viewing this thread

Top Bottom