3

My application requires a private connection between client computers and a server computer locally. The client computer shouldn't be allowed to connect to outside wireless network.

To be clear, the question is how to prevent client computers from connecting to outside network.

I'm thinking of two options:

  1. Use (or write) a software that do the job, i.e, a software that requires account/password for every new wireless connection. It's similar to parent-control software. Unfortunately, at the moment I couldn't find such software. Do you have any suggestions for this?

  2. Use a guest account on client computers, but I'm not sure if it's feasible.

Any help please?

Here's the application: A local exam for classroom.

The classroom is fully equipped with LAPTOPs (Windows XP/7); 1 for teacher and n for students.

The (student) computers must be connected to a server (teacher) to feed questions and (possibly) be graded. The (student) computers and teacher computer are on a local LAN network.

The students is not allowed to connect to outside networks. But it's not just "not allowed", because I have to prevent such things happening (prevent students connecting to outside). Otherwise, they could connect outside and Google the questions.

Improve this question
7
  • Can you please explain why you want this? You don't need to go into depths, but you're asking for a solution without really explaining the problem and some times, explaining the problem may get you better results here on SU. Can I assume the 'computers' you are referring to are all portable (laptops etc). If not, then you do possibly have an option of making them hard wired only. Are they on a domain, if so, you may be able to control this via Group Policy. More information is needed
    – Dave
    Commented May 31, 2013 at 7:42
  • I explained the application with details.
    – hiro
    Commented May 31, 2013 at 7:56
  • Now that is a well explained question. +1. I think your question is more complex though, are you also concerned about tethering (in which case, do you limit bluetooth and USB as well)?
    – Dave
    Commented May 31, 2013 at 8:01
  • YES bluetooth and USB are not allowed (and can be checked physically).
    – hiro
    Commented May 31, 2013 at 8:07
  • I think the best answer is going to be a docking station. Then it's already hard wired and each machine can have wifi disabled. I'm sorry, I can't think of anything else.
    – Dave
    Commented May 31, 2013 at 8:12

3 Answers 3

Reset to default
2

You could just set manual IP addresses on the laptops and leave out the default gateway, then use netsh or group policy to add filters to only allow the connection to a certain wireless network and none else.

netsh wlan add filter permission=allow ssid=yournetworkssid networktype=infrastructure

netsh wlan add filter permission=denyall networktype=infrastructure

netsh wlan add filter permission=denyall networktype=adhoc

Source http://social.technet.microsoft.com/Forums/en-US/w7itpronetworking/thread/7130f1a5-70fd-429f-8d41-575085489bd1

Improve this answer
3
  • Great solution!
    – hiro
    Commented May 31, 2013 at 8:59
  • What happens when there is another network with the same SSID?
    – Chris
    Commented May 31, 2013 at 17:00
  • I'm late to the party, but the SSID question is exactly the problem - you can just change the SSID of your home router or wifi hotspot and netsh is completely happy to let you connect.
    – soxroxr
    Commented Jul 12, 2021 at 9:20
2

Security through obscurity doesn't work. Never did and never will.

You could destroy WIFI card - that's the only solution which will work (and of course lock down USB, expansion slots etc!).

EDIT:

To make sure you have achieved what is required you need a cable and totally disabled WiFi network.

Improve this answer
4
  • It's certainly not security through obscurity. What I want is a private network and block client from connecting to outside. I can control (install) all software in client computers beforehand. Destroying Wifi card is not a solution because I still need to use it to connect to a server computer remotely.
    – hiro
    Commented May 31, 2013 at 7:40
  • 1
    But that's it, someone one day will find out how to connect to the different network. You can't rely on this. You are trying to hide something here - and trust me, that just doesn't work.
    – Chris
    Commented May 31, 2013 at 7:42
  • I can control client computers and the people could access them in a very short period.
    – hiro
    Commented May 31, 2013 at 7:50
  • "To make sure you have achieved what is required you need a cable and totally disabled WiFi network." It's what I do now, but still problematic because some schools need to rent computers and sometime they have to change the room. Building such a wired network is a very tired job (and error-pruned).
    – hiro
    Commented May 31, 2013 at 8:13
1

Remove the wifi drivers and use cables is the best solution.

If you want to keep using wifi, maybe this works? http://networking.nitecruzr.net/2005/11/make-your-wireless-computer-connect.html

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .