Solved

Blocking Websites using Windows 2000 Server

Posted on 2004-04-25
21
266 Views
Last Modified: 2010-04-13
Hi guys!

I work in a school with 150 XP client computers and 2 windows 2000 domain controllers. im trying to block a certain website from the students who use this client computers. The problem is they keep on accessing this website even when they are having their laboratory classes. I have tried to block it using Group Policy and Internet Explorer - Content Advisor. In Group Policy Ive set it up on user configuration - Windows Settings - Internet Explorer Maintenance - Security - Security Zones and Content Ratings - Content Ratings then checked on Import the current content ratings. But sometimes i still see student able to access the sites that ive blocked in content advisor. What do you think should i do? I dont have access to our firewall to block this sites. i want to block it using just my windows 2000 server. i have heard of using ipsec to block it but i havent tried it yet. would somebody please tell me step by step on how to apply it. thank you so much guys in advance.
0
Comment
Question by:Jimboy
  • 9
  • 4
  • 4
  • +2
21 Comments
 

Author Comment

by:Jimboy
ID: 10914872
Fatal Exception hope you would help me with this one. youve been a great help to me before. probably you wont remember anymore but but you have already help me a lot.
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10914892
I am not sure if Fatal already helped you with this or not .

Neither i am sure if you have already done this

go to  HOSTS file which will be at

Windows NT/2000/XP Pro  c:\winnt\system32\drivers\etc\hosts

Windows XP Home c:\windows\system32\drivers\etc\hosts

and give this info

127.0.0.1   <the website you want to block>
127.0.0.1   < another website .....>

This will make the machine to think that the IP you are trying to reach is the loopback and hence will not get accessed..
0
 

Author Comment

by:Jimboy
ID: 10915129
Hi Sunray 2003!

Thank you so much for your answer but i tried it and i can still access the site that im trying to block. heres the copy of my hosts file which i edited.

_________________________________________________________________________________
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost
127.0.0.1   proxify.com
________________________________________________________________________________

you see that i added proxify.com. but still i am able to access the site.
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10915138
try giving www.proxify.com and check

i give in mine www.yahoo.com and i am not able to go to yahoo..

post back
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10915141
do this
go to the location where the hosts file is there .
copy it to a different location as backup

then in the original file , open it with notepad
give www.proxify.com and then save it

now open IE and check
0
 

Author Comment

by:Jimboy
ID: 10915384
Sun ray 2003

I tried www.proxify.com still can access it. tried also www.yahoo.com, i can also access it. what do you think is the problem? our connection to the internet is though proxy server. do you think this proxy server has something to do with it. if only i have access through our firewall and proxy server i will try to block it from there but unluckily i dont.
0
 

Author Comment

by:Jimboy
ID: 10915749
sunray still there?
0
 
LVL 7

Expert Comment

by:vasanthgnb
ID: 10916457
Hai,
   Sunray is correct. You can block the websites using entries in hosts file. Try changing that proxify.com to www.proxify.com. It worked for me. If you want to know how it works visit
http://www.theallineed.com/computers/hosts_file_block_web_sites.htm.
Regards,
B.Vasanth.
0
 
LVL 7

Expert Comment

by:vasanthgnb
ID: 10916501
Hey
 I am sorry, make the following entries in hosts file..
127.0.0.1 localhost
127.0.0.2 proxify.com

Then clear all your temp internet files. Then give it a try. It will definitely work. The mistake is giving 127.0.0.1 again for the second time for proxify.com. By the way visit that link.
Regards,
B.Vasanth.
0
 
LVL 7

Expert Comment

by:vasanthgnb
ID: 10916572
This technique does not work for a machine connected through a proxy. Any request made will be sent directly to proxy only. So the ultimate solution is to block it in the proxy.
Regards,
B.Vasanth.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 49

Expert Comment

by:sunray_2003
ID: 10917609
hmm.. Once you change the hosts file, go to the same location again and check if that hosts file got updated or not.

Are you sure you have the permissions to change files ? well if it is getting changed then fine.

Agree with vasanth , that one of  the best ways is to use proxy server and the hosts idea wont work if you have proxy server. May be there is a workaround..
0
 
LVL 8

Expert Comment

by:RevelationCS
ID: 10920975
if a student really wants to get out to the site they will find ways around it, typically by using a public proxy of some sort. You might want to check with the schools IT department and see if the schools servers have a method of blocking this out otherwise the only route to go is editing the hosts file, which isnt 100% foolproof. I know that when I was in school they tried to keep us students from doing alot on the computers, but we always found ways around any methods they had...

if you are in charge of their grades, however, you could always remind them that if they are doing outside stuff during their lab time that it could hurt their class participation portion of their grade... ;)
0
 
LVL 8

Expert Comment

by:RevelationCS
ID: 10921005
also, if you block it on the proxy, a student could still set up the browsers to access another public proxy outside of your control to access the site... I do know that with some servers you can configure them to block out access to public proxies which might help lower the number of offenders (if you are able to do this on your network).
0
 

Author Comment

by:Jimboy
ID: 10925645
tnx guys!

i knew it. editing hosts file doesn't work because of our proxy server. what do you think should i do? if the administrator blocks it at the proxy server or router other departments wont access it also. what i want is only our department will be block with this particular websites. by the way every department in this school have their own VLAN. so what i want is to block it only in our vlan. but i dont have access also to our switch. so what i want is to block it here at the laboratory only. can anyone help me step by step in applying IPSEC to block this websites? ive heard that we can block websites using IPSEC in group policy.
0
 
LVL 1

Expert Comment

by:mclean01
ID: 10925681
After you set the Content Advisor up, tested it and found students surfing to this site, did you try the computer later?  Was it a case of the student disabling the Content Advisor completely or was just able to set that site up as enabled?

How do you have your IE set up?  Have you removed the tabs up in the Internet Option screen?  And have you restricted access to regedit and regedt32 because a few quick words in Google explains exactly how to go into the Registry to disable the Content Advisor
0
 

Author Comment

by:Jimboy
ID: 10925747
hi mclean01

yes ive restricted users access to the internet options... the problem is they just type in at the url the address and shoot they got into it. sometimes they get into it by a link in their email. students here are not that good to edit registry. actually they do not know what registry is yet. :)
0
 

Author Comment

by:Jimboy
ID: 10946808
hi guys!

can i used this url for example http://friendster.com/*.* to block the whole friendster.com website?
0
 

Author Comment

by:Jimboy
ID: 11065156
hi guys!

guess no ones interested anymore to answer my questions. sorry guys! :(
0
 
LVL 8

Expert Comment

by:RevelationCS
ID: 11073647
sorry, I didnt see your last reply (email must have slipped by me)... in response to your last post, if you edit your hosts file to send www.friendster.com to 127.0.0.1, then it should take care of all of the web site... try that...
0
 

Author Comment

by:Jimboy
ID: 11087491
hi RevelationCS!

tnx for your reply. editing host file to block websites wont work with my setup because we are using proxy server. so im trying to block it using group policy and content advisor in windows 2000 server. what im trying is to use wildcards in url to block the whole site. have you ever tried using IPSEC?
0
 
LVL 8

Accepted Solution

by:
RevelationCS earned 250 total points
ID: 11091388
the proxy server shouldn't block it out as it is still resolving from the local machine. The proxy server or a public proxy would allow the student to bypass it if you were using the content advisor or a firewall to block it. I dont think this would be the same if you use the hosts file locally though. I don't think content advisor uses wildcard, however, I might be mistaken...
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now