What if someone gets smart and modifies the hosts file themselves? Or changes the proxy settings to an IP address instead of a host-name? Or makes a web site (the entire thing) available offline, for browsing while the hosts file is screwed? I'm with Ray on this one... secure the "data" (the internet connection) and not the program accessing the data... But it IS fun to f' with students sometimes... ;-) Glenn Sullivan, MCSE+I MCDBA David Clark Company Inc. -----Original Message----- From: Mark Lee [mailto:marklee15@xxxxxxxxx] Sent: Friday, November 28, 2003 4:39 AM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Blocking Internet Access On A Schedule THE SOLUTION - formerly Re: Re: Blocking Internet Browsing from Explorer.exe Ok Folks, as posted yesterday here's what we did. 1. Wrote a small EXE called BLOCKDNS.EXE which takes a few params but basically adds and entry from command line to the windows hosts file 2. All IE browsers etc. are forced by policy to use a web proxy, but bypassed for internal intranet 3. All PC's on internal IP so cannot directly surf anyways ! 4. On schedule BLOCKDNS.EXE is called to add/remove 127.0.0.1 to hosts file with our FQDN for the web proxy (might also want to call ipconfig /flushdns to be 100% sure cached entries are gone) This way, IE can still be used internally to access our Intranet etc. but cannot see the proxy, therefore, cannot see the outside world ! This works like a charm, students hate us even more now, staff think it's cool ! Mark. _____ Download <http://uk.rd.yahoo.com/mail/tagline_messenger/*http://download.yahoo.com/dl /intl/ymsgruk.exe> Yahoo! Messenger now for a chance to WIN <http://uk.rd.yahoo.com/mail/tagline_messenger/*http://messenger.promotions. yahoo.com/rwuk> Robbie Williams "Live At Knebworth DVD"