?
Solved

Restricting Name Resolution

Posted on 2004-04-16
8
Medium Priority
?
221 Views
Last Modified: 2011-09-20
Background:

I have a home network comprising 6 Win2K Pro machines, 1 Win2K server running AD, and a Draytek Vigor2600W providing ASDL access. Currently the Draytek provides DHCP and DNS services as the Server has a bad habit of crashing.

I would like to be able to set a policy on certain users not to be able to resolve names to ip's when they are logged in to any machine. I have created the policy on the Server, and assumed that if I was to disable the loading of the "DNS Client" that the machine would not be able to resolve any names. Unfortunately this does not appear to be the case. I assume that the workstation is just requesting that the Draytek router does the Name Resolution for it.

I am looking for possible workarounds.

Many Thanks
Andrew
0
Comment
Question by:Nermal
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 67

Expert Comment

by:sirbounty
ID: 10847465
For any specific sites or all?
Why would you want to do this?  Just curious if I'm following you...
0
 
LVL 1

Author Comment

by:Nermal
ID: 10847517
All sites, if I want to give access to specific sites I could easily put the in a hosts file?

This is a large family with a lot of people coming and going, ages ranging from 1 - 30 (about 15+ people)
It is really to stop the smaller kids getting to sites they shouldn't, would like to give them access to thinks like www.bbc.co.uk/cbbc/ etc

Andrew
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 10847568
Will a proxy server, or something like NetNanny work for you?
0
10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

 
LVL 67

Accepted Solution

by:
sirbounty earned 1000 total points
ID: 10847610
Or...
You could place this in a login script:

netsh int ip set dns "Local Area Connection" static 192.168.0.254

Start->Run->Gpedti.msc
User Config/Windows Settings/Scripts - Logon
0
 
LVL 1

Author Comment

by:Nermal
ID: 10848459
Spot on :-)

Thankyou!

Andrew
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 10849158
Thanx Andrew - you'll probably need an automated way of changing that back..
I'm not sure, but think a reboot would reset it back, although a simply ipconfig /release & /renew will not...
Good luck!
0
 
LVL 1

Author Comment

by:Nermal
ID: 10849203
I have written the login script to solve that problem, but have discovered that if the user is not a local administrator then the "netsh" command returns a "invalid interface" error.

Any ideas, apart from giving people local admin rights, which I don't mind doing but would prefer not.

Andrew
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 10849562
Er, if you don't mind 'revealing' your password for an admin account...

Use RUNAS..(type RUNAS /? from a command prompt).
You can use this to temporarily execute the netsh environment...
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question