Solved

Restricting Name Resolution

Posted on 2004-04-16
8
216 Views
Last Modified: 2011-09-20
Background:

I have a home network comprising 6 Win2K Pro machines, 1 Win2K server running AD, and a Draytek Vigor2600W providing ASDL access. Currently the Draytek provides DHCP and DNS services as the Server has a bad habit of crashing.

I would like to be able to set a policy on certain users not to be able to resolve names to ip's when they are logged in to any machine. I have created the policy on the Server, and assumed that if I was to disable the loading of the "DNS Client" that the machine would not be able to resolve any names. Unfortunately this does not appear to be the case. I assume that the workstation is just requesting that the Draytek router does the Name Resolution for it.

I am looking for possible workarounds.

Many Thanks
Andrew
0
Comment
Question by:Nermal
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 67

Expert Comment

by:sirbounty
ID: 10847465
For any specific sites or all?
Why would you want to do this?  Just curious if I'm following you...
0
 
LVL 1

Author Comment

by:Nermal
ID: 10847517
All sites, if I want to give access to specific sites I could easily put the in a hosts file?

This is a large family with a lot of people coming and going, ages ranging from 1 - 30 (about 15+ people)
It is really to stop the smaller kids getting to sites they shouldn't, would like to give them access to thinks like www.bbc.co.uk/cbbc/ etc

Andrew
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 10847568
Will a proxy server, or something like NetNanny work for you?
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 67

Accepted Solution

by:
sirbounty earned 250 total points
ID: 10847610
Or...
You could place this in a login script:

netsh int ip set dns "Local Area Connection" static 192.168.0.254

Start->Run->Gpedti.msc
User Config/Windows Settings/Scripts - Logon
0
 
LVL 1

Author Comment

by:Nermal
ID: 10848459
Spot on :-)

Thankyou!

Andrew
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 10849158
Thanx Andrew - you'll probably need an automated way of changing that back..
I'm not sure, but think a reboot would reset it back, although a simply ipconfig /release & /renew will not...
Good luck!
0
 
LVL 1

Author Comment

by:Nermal
ID: 10849203
I have written the login script to solve that problem, but have discovered that if the user is not a local administrator then the "netsh" command returns a "invalid interface" error.

Any ideas, apart from giving people local admin rights, which I don't mind doing but would prefer not.

Andrew
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 10849562
Er, if you don't mind 'revealing' your password for an admin account...

Use RUNAS..(type RUNAS /? from a command prompt).
You can use this to temporarily execute the netsh environment...
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question