Ok Folks, as posted yesterday here's what we did. 1. Wrote a small EXE called BLOCKDNS.EXE which takes a few params but basically adds and entry from command line to the windows hosts file 2. All IE browsers etc. are forced by policy to use a web proxy, but bypassed for internal intranet 3. All PC's on internal IP so cannot directly surf anyways ! 4. On schedule BLOCKDNS.EXE is called to add/remove 127.0.0.1 to hosts file with our FQDN for the web proxy (might also want to call ipconfig /flushdns to be 100% sure cached entries are gone) This way, IE can still be used internally to access our Intranet etc. but cannot see the proxy, therefore, cannot see the outside world ! This works like a charm, students hate us even more now, staff think it's cool ! Mark. --------------------------------- Download Yahoo! Messenger now for a chance to WIN Robbie Williams "Live At Knebworth DVD"