Announcement

Collapse
No announcement yet.

Website Blocking

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Website Blocking

    Hi ,

    My one of the client is using simple Windows 2003 AD Implemented. Now i tried to impliment blocking webistes using ( http://www.windowsecurity.com/articl...up-Policy.html) but users are still able to open web sites using fire fox and other browsers.

    In Some PC the settings are not applied in their corresponding IE. Do we need same IE Version in all PC as Windows Server's IE....

    Can anyone suggest me some nice solution for this ..e.g some free software available...or some settings for windows server.


    Thanks,

  • #2
    Re: Website Blocking

    I see a few options:

    you could use Group Policy to preve the installation, or the operation of, Firefox or other browsers.

    You could prevent users from being able to install any software.

    you could deploy a forefront, or similar, proxy server.

    Or, you could poison DNS by making facebook and things like that resolve to a fake address, say 127.0.0.1


    you shouldn't require the same IE version on the workstations as is on the server. You need to uise group policy tools like gpresult to find out why the blocking policy isn't working.
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: Website Blocking

      I think the best thing to do would be to implement a firewall that has content blocking capabilities. If you need to do it for free, you could commandeer a PC with two network cards and drop IPCop onto it with some plugins that will enable content/category filtering. Merely using Active Directory, GPOs, software restriction policies, poisoned DNS entries and any number of other tricks will always leave you in a position where

      1) The environment is much more complex than it could be, and
      2) People can easily get around the restrictions and probably will in a given amount of time.

      At the same times, waging a technological arms race to try to modify people's behavior will be ultimately unfruitful. If management just said "If we catch you on FaceBook, you're canned" then very little technology would be necessary. Is management serious about consequences? You may be fighting a losing battle.
      Wesley David
      LinkedIn | Careers 2.0
      -------------------------------
      Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
      Vendor Neutral Certifications: CWNA
      Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
      Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

      Comment


      • #4
        Re: Website Blocking

        As Nonapeptide says the starting point for this is with management. Unless you have an acceptable use policy that users are required to comply with you are fighting a losing battle.

        You've posted in the past about ISA Server if I remember rightly, there are add-on products for ISA like websense for doing web filtering or you can do some basic blocking by configuring a URL set of banned sites and denying all users access to it.
        BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
        sigpic
        Cruachan's Blog

        Comment


        • #5
          Re: Website Blocking

          The easiest solution which doesn't require much work is to use OpenDNS. Create an account and make the change at the server or router (best method) then sit back and relax.

          Comment


          • #6
            Re: Website Blocking

            That's a good point that a2thed makes. Block all outbound DNS queries that are not destined for OpenDNS's servers and you'll have control over content to some degree. To be even more specific, block all outbound DNS queries that do not originate from your internal DNS servers and are not destined for OpenDNS. I'm not sure how granular OpenDNS allows you to be. I use them, but only in a rudimentary sense.

            As tehcamel pointed out, poisoning your own DNS is a possibility that's made better with controlling outbound DNS queries.
            Wesley David
            LinkedIn | Careers 2.0
            -------------------------------
            Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
            Vendor Neutral Certifications: CWNA
            Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
            Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

            Comment

            Working...
            X