Restricting Name Resolution

Background:

I have a home network comprising 6 Win2K Pro machines, 1 Win2K server running AD, and a Draytek Vigor2600W providing ASDL access. Currently the Draytek provides DHCP and DNS services as the Server has a bad habit of crashing.

I would like to be able to set a policy on certain users not to be able to resolve names to ip's when they are logged in to any machine. I have created the policy on the Server, and assumed that if I was to disable the loading of the "DNS Client" that the machine would not be able to resolve any names. Unfortunately this does not appear to be the case. I assume that the workstation is just requesting that the Draytek router does the Name Resolution for it.

I am looking for possible workarounds.

Many Thanks
Andrew
LVL 1
NermalAsked:
Who is Participating?
 
sirbountyConnect With a Mentor Commented:
Or...
You could place this in a login script:

netsh int ip set dns "Local Area Connection" static 192.168.0.254

Start->Run->Gpedti.msc
User Config/Windows Settings/Scripts - Logon
0
 
sirbountyCommented:
For any specific sites or all?
Why would you want to do this?  Just curious if I'm following you...
0
 
NermalAuthor Commented:
All sites, if I want to give access to specific sites I could easily put the in a hosts file?

This is a large family with a lot of people coming and going, ages ranging from 1 - 30 (about 15+ people)
It is really to stop the smaller kids getting to sites they shouldn't, would like to give them access to thinks like www.bbc.co.uk/cbbc/ etc

Andrew
0
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

 
sirbountyCommented:
Will a proxy server, or something like NetNanny work for you?
0
 
NermalAuthor Commented:
Spot on :-)

Thankyou!

Andrew
0
 
sirbountyCommented:
Thanx Andrew - you'll probably need an automated way of changing that back..
I'm not sure, but think a reboot would reset it back, although a simply ipconfig /release & /renew will not...
Good luck!
0
 
NermalAuthor Commented:
I have written the login script to solve that problem, but have discovered that if the user is not a local administrator then the "netsh" command returns a "invalid interface" error.

Any ideas, apart from giving people local admin rights, which I don't mind doing but would prefer not.

Andrew
0
 
sirbountyCommented:
Er, if you don't mind 'revealing' your password for an admin account...

Use RUNAS..(type RUNAS /? from a command prompt).
You can use this to temporarily execute the netsh environment...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.