• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 230
  • Last Modified:

Restricting Name Resolution

Background:

I have a home network comprising 6 Win2K Pro machines, 1 Win2K server running AD, and a Draytek Vigor2600W providing ASDL access. Currently the Draytek provides DHCP and DNS services as the Server has a bad habit of crashing.

I would like to be able to set a policy on certain users not to be able to resolve names to ip's when they are logged in to any machine. I have created the policy on the Server, and assumed that if I was to disable the loading of the "DNS Client" that the machine would not be able to resolve any names. Unfortunately this does not appear to be the case. I assume that the workstation is just requesting that the Draytek router does the Name Resolution for it.

I am looking for possible workarounds.

Many Thanks
Andrew
0
Nermal
Asked:
Nermal
  • 5
  • 3
1 Solution
 
sirbountyCommented:
For any specific sites or all?
Why would you want to do this?  Just curious if I'm following you...
0
 
NermalAuthor Commented:
All sites, if I want to give access to specific sites I could easily put the in a hosts file?

This is a large family with a lot of people coming and going, ages ranging from 1 - 30 (about 15+ people)
It is really to stop the smaller kids getting to sites they shouldn't, would like to give them access to thinks like www.bbc.co.uk/cbbc/ etc

Andrew
0
 
sirbountyCommented:
Will a proxy server, or something like NetNanny work for you?
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
sirbountyCommented:
Or...
You could place this in a login script:

netsh int ip set dns "Local Area Connection" static 192.168.0.254

Start->Run->Gpedti.msc
User Config/Windows Settings/Scripts - Logon
0
 
NermalAuthor Commented:
Spot on :-)

Thankyou!

Andrew
0
 
sirbountyCommented:
Thanx Andrew - you'll probably need an automated way of changing that back..
I'm not sure, but think a reboot would reset it back, although a simply ipconfig /release & /renew will not...
Good luck!
0
 
NermalAuthor Commented:
I have written the login script to solve that problem, but have discovered that if the user is not a local administrator then the "netsh" command returns a "invalid interface" error.

Any ideas, apart from giving people local admin rights, which I don't mind doing but would prefer not.

Andrew
0
 
sirbountyCommented:
Er, if you don't mind 'revealing' your password for an admin account...

Use RUNAS..(type RUNAS /? from a command prompt).
You can use this to temporarily execute the netsh environment...
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now