Restricting access to the internet


I’m quite new in AppleScript, so my question. I’m working in schools and we have Mac OS X labs. Some teachers need to prevent the use of internet in some lessons, and i have thought to an AppleScript which could be launched by Apple Remore Desktop.

This script could modify the Preferences System Network. Normaly IPv4 is set to DHCP. If the script could change this to “no”, the conection to Internet would be impossible.

I’ve tried by first enabling GUI scripting, but i have not enough knowledge in AppleScript.

May someone help me, it would be great !



This one works here:

tell application "System Events"
	tell process "System Preferences"
		--> choose ethernet from popup button
		click pop up button 2 of window 1
		click menu item 4 of menu of pop up button 2 of window 1
		--> go to tab "TCP/IP"
		click radio button 1 of tab group 1 of group 1 of window 1
		--> deactivate DHCP from popup IPv4
		click pop up button 1 of group 1 of tab group 1 of group 1 of window 1
		click menu item 6 of menu of pop up button 1 of group 1 of tab group 1 of group 1 of window 1
		delay 1
		--> click "apply"
		click button 7 of window 1
	end tell
end tell

Take a look here for more info on the subject…

You can do it without opening System Preferences if you define new locations on each machine. Define one location that enables DHCP (call it “IPv4_DHCP”) and then another that disables it and call it “IPv4_no”. Then you can use this script to switch between the two:
set the_location to “IPv4_no” --“IPv4_DHCP”

on switch_location(the_location, return_locations)
	tell application "System Events"
		tell (item 1 of (processes whose frontmost = true))
			tell menu bar 1
				tell menu bar item "Apple"
					tell menu "Apple"
						tell menu item "Location"
							tell menu "Location"
								if return_locations = true then return name of menu items
								click menu item the_location
							end tell
						end tell
					end tell
				end tell
			end tell
		end tell
	end tell
end switch_location

The problem with this is that the students can just switch it back themselves. Why not just disconnect the network router from the Internet connection? This way the computers are still networked but simply don’t have the Internet connection.


In general, I agree with Jonn’s suggestion to control this at the router level.

However, if this isn’t possible, I would desperately try to find a better way than using UI scripting to do this.

For one reason UI scripting would be very slow if there are many machines to reconfigure, plus this approach requires that someone be logged into the machine (which may or may not be the case). Additionally, the Preferences approach requires they have admin-privileges (required to change network setup) which certainly shouldn’t be the case in a lab environment. The ‘Location’ menu approach, which would work, is also something a kindergarten kid could work around.

Instead, try something like this:

property validRouter : ""

to enableInternet()
	do shell script "/sbin/route add default " & validRouter password "I'llnevertell" with administrator privileges
end enableInternet

to disableInternet()
	do shell script "/sbin/route delete default" password "I'llnevertell" with administrator privileges
end disableInternet

The idea here is to enable and disable the default route. Taking this approach means that all other elements of the computers’ setup (IP address, DNS, etc.) remain the same, only their ability to talk to non-local subnets changes.

Either install this script as an application on each machine and cal it from the main system (tell application “InternetEnabler” of machine “eppc://ip.address” to enableInternet), or use it on the main system to target the various machines (tell application “InternetEnabler” of machine “eppc://ip.address” to do shell script “/sbin/route blah blah blah”).

Thanks JJ,
I’ve tried it but it doesn’t seem to work for me. I have click the checkbox “Enable access for assistive devices” but when i launch the script, it gives me an error :
Erreur dans System Events : NSReceiverEvaluationScriptError: 4 and the line which is selected is

. Do you have any idea why it does’nt work ?


If your machine is running Jaguar (10.2.3 thru 10.2.8), you must install System Events 1.2 [d/l] in order for UI scripting to work. Version 1.2 is beta software but I run it in 10.2.8 and it doesn’t seem to cause problems. The following script will display the version of System Events that is currently running.

tell application "System Events" to version
display dialog result

If you are running Panther, UI scripting is included and something else is causing the error.

– Rob