Blocking Internet Access from Administrators' Windows Machines

By changing the proxy address of a machine's web browser to an invalid proxy address, you can block Internet access.

Jan De Clercq

December 9, 2014

1 Min Read
Windows Gatekeeper QAs
Windows Gatekeeper Q&As

Q: Is there a straightforward mechanism that I can use to block Internet access from the Internet Explorer (IE) web browser on a set of important administrator machines in my Windows domain?

A: A simple way to block Internet access from a given Windows machine is to change the proxy address of the machine's IE web browser to an invalid proxy address. You can do this locally, or you can use a Group Policy Object (GPO) setting to centrally make this change.

Using a GPO setting to change the proxy address only works with IE. To do so, open the GPO Editor, navigate to User ConfigurationWindows SettingsInternet Explorer Maintenance, and click Connection. Then double-click Proxy Settings, select Enable proxy settings, type 127.0.0.1 (the local network adaptor's loopback IP address) as the proxy address, and click OK.

Be aware that your administrators might also use other web browsers. You can easily change these browsers' proxy settings locally, but changing them centrally might be a bit trickier. A better way to completely lock Internet access is to configure specific user or machine account-based rules on the firewalls and proxies that are on the edge of your network.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like