allowing local network access while blocking internet access [duplicate]

I have a networked computer that is used as a remote print/scan server (which is shared by numerous users) Is there any way I can block the machines internet access while still allowing it to connect to our local network?

edit-

Essentially, its a Windows XP machine shared between myself and 5 others in my department (a workaround to share a scanner without purchasing a network enabled scanner) VNC server is set up on the acting 'server' computer and each user is using a vnc client to access the machine. The machine has its own account and I would like to disable internet access. Is there a way I can disable all internet access from the computer itself without changing group policy settings?


The easiest way to do this by far (but anyone technical could bypass) is simply to go to internet properties and change the proxy to something non-existent.

Other than this, If you have no intranet, you could look at Windows Firewall (If this is Vista +, not sure XP supports this) and block port 80 outgoing.

Both of these methods can be countered if the machine is not locked down.

Personally, if there is no reason for users to be on this other than there programs, just completely lock it down through group policy.


Block default gateway in firewall

netsh advfirewall firewall add rule name="Block default gateway" dir=out action=block remoteip=192.168.0.1

is a good method because

  • compared to changing the
    • default gateway address to an invalid address netsh interface ip set address name="Local Area Connection" static 192.168.0.2 255.255.0.0 0.0.0.0 it doesn't require DHCP disabling
    • DNS address to an invalid address netsh interface ip set dns "Local Area Connection" static 127.0.0.1 validate=no access without using DNS (f.e. http://74.125.224.72) is blocked too
  • compared to route delete 0.0.0.0 mask 0.0.0.0 192.168.0.1 the setting is saved

I think the simplest way for doing this is to set wrong default gateway.