Did you get Privoxy set up? Put together a good white list of sites? If you haven’t, head on back to How To Restrict Access to Websites with Privoxy [Part 1] before continuing with this tutorial.
Part Two is all about locking down Internet Explorer so it can only connect to the Internet through the Privoxy server and thus only able to access the websites you want. Then, we’ll look at ways of securing that connection so that people can’t circumvent it so easily. I’ll be working with Internet Explorer 7 (IE7) on my Windows XP Home computer. However, the principles should also apply to Vista and Internet Explorer 8. They do work on XP Pro and IE6 as well.
Step One: Force the Connection in IE7
Open up IE7 and look for the Tools button near the top right-hand side. Click on it, then on Internet Options.
The Internet Options window will open. Click on the Connections tab. Once you are in the Connections area, you’ll see a button at the bottom of the window called LAN Settings. Go ahead and click on that.
The Local Area Network (LAN) Settings window opens. This is where we will set the IP address and port number so it only connects to Privoxy. When you get to this window, the check box labeled Use a proxy server for your LAN… will be unchecked. Put a check-mark in it. It should already be set to the correct IP address and port, which is 127.0.0.1 and port 8118. Click OK to return to the Connections window.
NOTE: If there is anything listed in the Dial-Up and Virtual Private Network setting box, simply select it, click on the Settings button and set it to use the proxy server, just like you did for the LAN. This is especially useful if your user can connect with a cellular card, satellite Internet, or dial-up connection. Do this for each connection listed.
Now IE7 will connect only through the Privoxy server and will only access the sites on your white list. Let’s do some things to keep it that way.
Step Three: Edit the Registry
You read that right, we’re editing the registry to prevent others from removing your settings from Internet Explorer. We are going there. As always, don’t go in the registry unless you feel confident, and always back up your registry before making changes. I think I have to say that by law. So now that’s over with, let’s move on.
Click on the Start button and then on the Run icon in the start menu.
The Run application will open. Type in the command regedit and click OK.
The Registry Editor will open. Time to make the backup! Click on File > Export.
Name the file with something meaningful. You could use today’s date so you know when the back up was made. Click Save to, well… Save it.
Let’s make some changes.
We’re going to do this through a .reg file that we can merge with the registry. Sounds crazy, but it works. To write a .reg file, open up Notepad.
Now, copy and paste the following lines in exactly as they read:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftInternet ExplorerControl Panel]
By setting the dword value to 00000001, you are telling the registry that, yes, you want to restrict access to the Connections Tab, Connection Settings and the Connection Wizard.
Now that you have that in your Notepad file, you need to save it as a .reg file. I suggest saving the file to your Desktop for ease of finding when you are done. Here’s what you need to do when you save it: name the file something good like disable_connections.reg
Seriously, we’re almost done. Find the disable_connections.reg file you’ve just saved. Right-click on it and click Merge.
You’ll be asked if that’s what you really want to do. It’s up to you, but if you’ve come this far, you might as well commit. Click Yes.
The Registry Editor is kind enough to let you know that the merge is done. Why don’t we thank it by clicking OK? That’s nice, isn’t it?
Just to make sure it worked and I’m not lying to you, open up IE7, click on Tools > Internet Options. Look! No Connections tab!
Try going to a few sites that aren’t on your white list to test it. Then try going on a few sites that are on your white list. It should work.
I hope this tutorial has sparked some interest in using this to increase your information security. There’s much more that you can do with Privoxy and the registry to enforce compliance to your Internet Acceptable Use Policy.
Yes, there are ways around what I just showed you, such as using Portable Firefox, but that can be disabled in the registry too. But, as they say — that’s another story.
Let us know if this worked for you. Or if you know any other cool, free software ways to control Internet access. That’s what the comments are for!
Image credit: delboy74