
close
close
How can I block a Windows 2000/XP/2003 computer from surfing on the Internet?
Windows 2000/XP/2003 machines have a built-in IP security mechanism called IPSec (IP Security). IPSec is a protocol that’s designed to protect individual TCP/IP packets traveling across your network by using public key encryption. In a nut shell, the source PC encapsulates the normal IP packet inside of an encrypted IPSec packet. This packet then remains encrypted until it arrives at the destination PC.
This is not the place for a more detailed intro to the IPSec features, but know that besides encryption, IPSec will also let you protect and configure your server/workstation with a firewall-like mechanism.
How can you block specific users from surfing the Internet with IPSec? Simply by creating a policy element that will tell the computer to block all the specific IP traffic that is configured by those rules. Internet traffic uses HTTP and HTTPS, which use TCP ports 80 and 443 respectively as their destination ports. By blocking this specific traffic you will be able to stop a specific computer from browsing the Internet.
BTW, you can also Block Web Browsing but Allow Intranet Traffic with IPSec if you want.
To block all Internet traffic to and from a computer you need to create an IPSec policy that will block all HTTP traffic. You can configure this policy specifically for one computer by manipulating that computers’ IPSec policy, or, even better, you can configure the policy as a Group Policy Object (GPO) on a specific Site, Domain or Organization Unit (OU). In order to configure a GPO you must have Active Directory in place.
advertisment
To configure a single computer follow these steps:
advertisment
advertisment
Note: A quick reminder – You can also Block Web Browsing but Allow Intranet Traffic with IPSec.
Next step is to configure the IPSec Policy and to assign it.
Again, you can add any combination of IP Filters and Filter Actions you like.
Notice that you cannot change their order like in other full-featured firewalls. Even so, this configuration works perfectly as you will soon discover.
The next phase is to assign the IPSec Policy.
Done, you can now test the configuration by trying to surf to restricted and unrestricted websites.
Blocking of more than one computer can be done in 2 ways:
Either way, both methods can be used to prevent a number of computers from surfing the Internet (or for any other IPSec Policy).
You may find these related articles of interest to you:
More in Security
Microsoft Defender Vulnerability Management Adds New CVE Reporting Feature
Jun 30, 2022 | Rabia Noureen
Microsoft Releases Patches to Address Azure FabricScape Flaw Affecting Linux Workloads
Jun 29, 2022 | Rabia Noureen
Microsoft Defender for Identity Can Now Detect Insecure Domain Configurations
Jun 27, 2022 | Rabia Noureen
QNAP Releases Patch to Fix PHP Security Flaw Affecting Select NAS Devices
Jun 23, 2022 | Rabia Noureen
Microsoft Unveils New Edge Secured-Core IoT Devices to Block Firmware Attacks
Jun 22, 2022 | Rabia Noureen
Most popular on petri