On my Windows Server 2003 system there is an unknown process that is triggered at 3:30pm (exactly) and stops at 4:30pm (approximately).
In that hour, that unknown process makes more than 6,000 page reads per second and slows considerably that Server. Windows Update is disabled and Antivirus is disabled.
There are 40 client connections that uses a Foxpro program on that server. I suspect that those 40 clients are the ones that trigger that process but my boss thinks that Foxpro program (of which we don't have source code) makes some updates or transfers from Internet at 3:30pm. So, in order to rule out possibilities, I'd like to block Internet access on that server.
Is it possible to block Internet access on a Windows Server 2003 (it's not domain controller) but only accessable in the LAN?
One idea is to block ports 80 and 443 TCP from the IP address of the server in the router, but we had no success doing so.
Another idea is to put off Gateway address and DNS addresses from network card properties. Theoretically, it will not be able to access the internet. But doing that, I'm afraid that it will block LAN connections.
There are many ways to do this, yes, the "best" of which is generally to use a firewall at your network edge and deny all external traffic to or from that IP and/or MAC address.
Presumably, you could do the same thing with Windows firewall on the server itself, though any admin on the server would be able to change it.
You could also (assuming you have "proper" switches and network architecture) set the server onto a VLAN that isn't allowed to reach the internet router.
Of course, what solution is best for your particular case relies on a lot of information you haven't provided, and probably on networking equipment and expertise you don't seem to posses. If you want more than a short list of possible approaches, you'll just have to provide more details (and the reason you're doing this wouldn't hurt either).
point to a proxy that don't exist. bypass for local