Restrict Computer from Connecting to Outside Wireless Networks

3

My application requires a private connection between client computers and a server computer locally. The client computer shouldn't be allowed to connect to outside wireless network.

To be clear, the question is how to prevent client computers from connecting to outside network.

I'm thinking of two options:

  1. Use (or write) a software that do the job, i.e, a software that requires account/password for every new wireless connection. It's similar to parent-control software. Unfortunately, at the moment I couldn't find such software. Do you have any suggestions for this?

  2. Use a guest account on client computers, but I'm not sure if it's feasible.

Any help please?

Here's the application: A local exam for classroom.

The classroom is fully equipped with LAPTOPs (Windows XP/7); 1 for teacher and n for students.

The (student) computers must be connected to a server (teacher) to feed questions and (possibly) be graded. The (student) computers and teacher computer are on a local LAN network.

The students is not allowed to connect to outside networks. But it's not just "not allowed", because I have to prevent such things happening (prevent students connecting to outside). Otherwise, they could connect outside and Google the questions.

hiro

Posted 2013-05-31T07:30:44.677

Reputation: 133

Can you please explain why you want this? You don't need to go into depths, but you're asking for a solution without really explaining the problem and some times, explaining the problem may get you better results here on SU. Can I assume the 'computers' you are referring to are all portable (laptops etc). If not, then you do possibly have an option of making them hard wired only. Are they on a domain, if so, you may be able to control this via Group Policy. More information is needed – Dave – 2013-05-31T07:42:46.907

I explained the application with details. – hiro – 2013-05-31T07:56:03.570

Now that is a well explained question. +1. I think your question is more complex though, are you also concerned about tethering (in which case, do you limit bluetooth and USB as well)? – Dave – 2013-05-31T08:01:15.803

YES bluetooth and USB are not allowed (and can be checked physically). – hiro – 2013-05-31T08:07:29.303

I think the best answer is going to be a docking station. Then it's already hard wired and each machine can have wifi disabled. I'm sorry, I can't think of anything else. – Dave – 2013-05-31T08:12:22.107

What type of computer? Windows or Ubuntu or Mac? Why don't you give such basic info? – SPRBRN – 2013-05-31T08:13:08.637

I've just answered below that "some schools need to rent computers and sometime they have to change the room". So each time we have to build a hard wired station, which is a very tired job.

Computers are Windows XP/7. – hiro – 2013-05-31T08:15:48.210

Answers

2

You could just set manual IP addresses on the laptops and leave out the default gateway, then use netsh or group policy to add filters to only allow the connection to a certain wireless network and none else.

netsh wlan add filter permission=allow ssid=yournetworkssid networktype=infrastructure

netsh wlan add filter permission=denyall networktype=infrastructure

netsh wlan add filter permission=denyall networktype=adhoc

Source http://social.technet.microsoft.com/Forums/en-US/w7itpronetworking/thread/7130f1a5-70fd-429f-8d41-575085489bd1

Simkill

Posted 2013-05-31T07:30:44.677

Reputation: 1 557

Great solution! – hiro – 2013-05-31T08:59:55.490

What happens when there is another network with the same SSID? – Chris – 2013-05-31T17:00:15.020

2

Security through obscurity doesn't work. Never did and never will.

You could destroy WIFI card - that's the only solution which will work (and of course lock down USB, expansion slots etc!).

EDIT:

To make sure you have achieved what is required you need a cable and totally disabled WiFi network.

Chris

Posted 2013-05-31T07:30:44.677

Reputation: 1 766

It's certainly not security through obscurity.

What I want is a private network and block client from connecting to outside. I can control (install) all software in client computers beforehand.

Destroying Wifi card is not a solution because I still need to use it to connect to a server computer remotely. – hiro – 2013-05-31T07:40:01.680

1But that's it, someone one day will find out how to connect to the different network. You can't rely on this. You are trying to hide something here - and trust me, that just doesn't work. – Chris – 2013-05-31T07:42:37.723

I can control client computers and the people could access them in a very short period. – hiro – 2013-05-31T07:50:09.703

"To make sure you have achieved what is required you need a cable and totally disabled WiFi network."

It's what I do now, but still problematic because some schools need to rent computers and sometime they have to change the room. Building such a wired network is a very tired job (and error-pruned). – hiro – 2013-05-31T08:13:52.390

1

Remove the wifi drivers and use cables is the best solution.

If you want to keep using wifi, maybe this works? http://networking.nitecruzr.net/2005/11/make-your-wireless-computer-connect.html

SPRBRN

Posted 2013-05-31T07:30:44.677

Reputation: 5 185

Asked: 2013-05-31T07:30:44.677

Viewed: 2 368 times

Active: 2013-05-31T21:58:48.740