Frontpage
Forums
Tutorials
Members
Calendar
Subscription
Donate
Links
Contact 
Help
Im wondering how i could possibly block CERTAIN sites using Windows Server 2003 (via GPOs)? Is it even possible? Or how could i deploy a hosts file to every PC if i was to go through this route? Any other ideas? Pros and Cons?? Unfortunately using a proxy server is not an option yet.
Thanks
Page 1 of 1
Ideas to block websites
Rate Topic:
#1
- Advanced Member
-
- Group: Members
- Posts: 393
- Joined: 03-February 05
- OS:Windows 7 x86
-
Country:
Posted 04 December 2008 - 06:57 AM
Back to top
#2
- Junior
-
- Group: Members
- Posts: 54
- Joined: 05-August 04
Posted 05 December 2008 - 12:34 PM
Hiya,
Rather than edit the hosts file you could set the 2k3 server up as a DNS server and then spoof the domains that you wish to block and redirect them to a web server (that could also be hosted on the 2k3 server) with a holding page explaining that the site is blocked. To enforce this if you block port 53 outbound on your edge firewall and allow only the 2k3 server out over 53 then all the internal client computers would be forced to use DNS from that computer and so could not bypass your block (well not with out a little more effort, short of whitelisting i dont think its possible to filter traffic if your determined). Personally i would use a proxy server though as it is much more powerful for filtering, and gives you the added choice of logging people going to sites that should be blocked.
Tris
Rather than edit the hosts file you could set the 2k3 server up as a DNS server and then spoof the domains that you wish to block and redirect them to a web server (that could also be hosted on the 2k3 server) with a holding page explaining that the site is blocked. To enforce this if you block port 53 outbound on your edge firewall and allow only the 2k3 server out over 53 then all the internal client computers would be forced to use DNS from that computer and so could not bypass your block (well not with out a little more effort, short of whitelisting i dont think its possible to filter traffic if your determined). Personally i would use a proxy server though as it is much more powerful for filtering, and gives you the added choice of logging people going to sites that should be blocked.
Tris
#3
- Coffee Aficionado
-
- Group: Super Moderator
- Posts: 5,031
- Joined: 14-July 04
- OS:Windows 7 x64
-
Country:
Posted 05 December 2008 - 07:20 PM
One word: OpenDNS.
I'll let you block individual sites if you want (LAN-wide), but even better, just pick whatever categories of sites you don't want users to visit at work (pr0n sites, gambling sites, warez, etc) and just put a checkmark next to those categories, done! 99.9% of end users wouldn't know how to change their DNS settings by hand regardless. And it only takes like 5 minutes to setup.
I'll let you block individual sites if you want (LAN-wide), but even better, just pick whatever categories of sites you don't want users to visit at work (pr0n sites, gambling sites, warez, etc) and just put a checkmark next to those categories, done! 99.9% of end users wouldn't know how to change their DNS settings by hand regardless. And it only takes like 5 minutes to setup.
#4
- K-Mart-ian Legend
-
- Group: Super Moderator
- Posts: 6,988
- Joined: 28-April 06
- OS:Windows 7 x86
-
Country:
Posted 11 December 2008 - 01:57 PM
In addition, if you limit the use of web browsers to IE, you can add sites you don't want users going to in the untrusted sites section under security.
#5
- Cyber Ops
-
- Group: Super Moderator
- Posts: 3,412
- Joined: 24-September 05
- OS:none specified
-
Country:
Posted 11 December 2008 - 02:04 PM
Crahak is right on target, as usual. OpenDNS is a great service!
Share this topic:
Page 1 of 1