Announcement

Collapse
No announcement yet.

Internet access Group Policy

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Internet access Group Policy

    I have a windows 2k3 environment windows 2k3r2 server.
    I am trying to create a GP that would allow internet access to all websites except the ones that i "block"

    i.e allow www.mapquest.com but deny www.facebook.com

    How would i go about that in IE and in GP manager?

    Thanks

  • #2
    Re: Internet access Group Policy

    a) this is the Active Directory forum, you want the Group Policy forum
    b) you don't do this using Group Policy. You will require ISA Server or similar
    Gareth Howells

    BSc (Hons), MBCS, MCP, MCDST, ICCE

    Any advice is given in good faith and without warranty.

    Please give reputation points if somebody has helped you.

    "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

    "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

    Comment


    • #3
      Re: Internet access Group Policy

      Nothing like contradictory advice!
      Moved to GP for the moment
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd
      Scotland

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: Internet access Group Policy

        go to opendns.com - it'll do exactly what you want and it's free.
        If the information you receive helps please let us know and leave reputation points where appropriate.

        The good news about computers is that they do what you tell them to do. The bad news is that they do what you tell them to do. - Ted Nelson

        Comment


        • #5
          Re: Internet access Group Policy

          Why not setting up a descent firewall?
          An other option is using DNS and make a record for the website and redirect it to 127.0.0.1
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #6
            Re: Internet access Group Policy

            Originally posted by Dumber View Post
            An other option is using DNS and make a record for the website and redirect it to 127.0.0.1
            Or an unused IP address (in terms of IIS sites) on one of your servers, and setup a PHP or ASP script on that IP to log who tries to access the site.

            The problem with this, is that you are effectively wiping out that domain's existance from the POV of your LAN. Depending on the site, that may not be a huge issue. On the other hand, if you wanted to block Hotmail and so setup a zone for hotmail.com you would no longer be able to send mail to @hotmail.com addresses. Depending on your mail server configuration its possible that you wouldn't be able to receive from @hotmail.com addresses either.
            Gareth Howells

            BSc (Hons), MBCS, MCP, MCDST, ICCE

            Any advice is given in good faith and without warranty.

            Please give reputation points if somebody has helped you.

            "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

            "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

            Comment


            • #7
              Re: Internet access Group Policy

              Completely true, however like I would call this; it's a poor mans solution.
              btw, you also can block www.hotmail.com and you don't have the troubles for mail
              Marcel
              Technical Consultant
              Netherlands
              http://www.phetios.com
              http://blog.nessus.nl

              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
              "No matter how secure, there is always the human factor."

              "Enjoy life today, tomorrow may never come."
              "If you're going through hell, keep going. ~Winston Churchill"

              Comment


              • #8
                Re: Internet access Group Policy

                Yes, if you add MX records to the zone.
                Gareth Howells

                BSc (Hons), MBCS, MCP, MCDST, ICCE

                Any advice is given in good faith and without warranty.

                Please give reputation points if somebody has helped you.

                "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                Comment

                Working...
                X