0

I've added the a logon script for specific users so they have no access to the internet

@ECHO OFF

set vardns1=1.1.1.1
set vardns2=1.1.1.1


ECHO Setting Primary DNS
netsh int ip set dns name = "Local Area Connection" source = static addr = %vardns1%

ECHO Setting Secondary DNS
netsh int ip add dns name = "Local Area Connection" addr = %vardns2%

ipconfig /flushdns

exit

How do I put the DNS back to default, that is automatically assigned DNS when they logoff?

Esa Jokinen
  • 52,963
  • 3
  • 95
  • 151
Andy Peterson
  • 31

2 Answers2

2

This is not a good practice for disabling network connections for a user. As a matter of fact it doesn't prevent the user from accessing the internet at all:

  • It's easy for the user to set DNS settings back to normal. They can change it from command line or create their own scripts. Because if you limit that, you won't be able to use the login script in the first place.
  • It's possible to add a HTTP proxy by IP address to the browser settings and continue browsing, as the DNS resolution now happens on the proxy side.

Configure network connection restrictions with Group Policy, instead.

User Configuration\Administrative Templates\Network\Network Connections

If you need to restrict anything, Group Policy is here for that. Any setting made using a login script can be reverted.

Esa Jokinen
  • 52,963
  • 3
  • 95
  • 151
2

I have found a setting in the GPO which might just do the job instead of messing around with the DNS settings.

User Configuration\Administrative Templates\System\Internet Communication Management

Restrict Internet Communication

I won't be able try this until another 2 days.

Andy Peterson
  • 31