Solved

blocking / redirecting office users from certain websites

Posted on 2006-11-01
10
228 Views
Last Modified: 2010-03-18
we have a few users that visit a few time wasting websites in the office and i would to somehow block those sites or redirect them to other sites. we have a basic  windows 2003 domain with a sonic wall firewall and a cisco 1700 router provided by our isp.
what would be the best / easiest way to do this? can it be done using their hosts file?
should it be done on the router instead?
-pH
0
Comment
Question by:-pH
  • 5
  • 4
10 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17852065
You can easily add an entry to the hosts file such as
127.0.0.1  some.website.com
If you have numerous users, that could be updated by adding a couple of lines to the user's logon script, but if the Sonicwall has the capabilities of blocking sites or domains, that would be easier to centrally manage.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 17852121
Filtering Internet access

*****Method one******
Pro's EASY TO DO.    CON's NOT GOOD FOR LOTS OF CLIENTS.

How you approach this depends on how many users you are talking about, if its just a few users, the simplest way is to modify the host file on each PC and put an entry in it for each domain you DONT want the users to access and point them to 127.0.0.1 (you can edit the hostile with notepad or this, http://members.shaw.ca/techcd/VB_Projects/HostsFileReader.exe
For example to block www.hotmail.com add this line to the end of the host file.

127.0.0.1     www.hotmail.com

NB in win 95/98/ME the host file is at C:\windows\hosts.sam (save it WITHOUT the. Sam extension and reboot)
In windows 2000 the host file is at C:\winnt\system32\drivers\etc\hosts (you can edit directly and NO reboot is required)
In Windows XP the host file is at C:\windows\system32\drivers\etc\hosts (you can edit directly and NO reboot is required)

*****Method Two*****
Pro's Easy to administer. CON's Expensive & NOT PRACTICAL FOR HOME USERS.

Give all your clients access to the Internet via a Proxy Server than can filter and block websites.
ISA Server http://www.microsoft.com/isaserver/
WinProxy http://www.winproxy.com/index.asp

*****Method Three*****
Pro's Very scalable from home user to businesses.  CON's Can Be Expensive

Use some third party software to do it for you.

Home Users see
Net Nanny http://store.netnanny.com/dr/v2/ec_dynamic.main?sp=1&pn=12&sid=53
Cyber Sitter http://www.cybersitter.com/
Home users/Small business's See
CyberPatrol http://www.cyberpatrol.com/
iProtectYou 3.01 http://www.download.com/iProtectYou/3000-2132_4-10137322.html?tag=lst-0-2 (FREEWARE)

Business's See
WebSense http://www.websense.com/
WebMarshal http://www.nwtechusa.com/webmarshal.php?iorb=4764&sc=106

*****Other options*****
How do I use IPSec IP filter lists?
http://www.jsifaq.com/subj/tip4500/rh4554.htm

How can I block a Windows 2000/XP/2003 computer from surfing on the Internet?
http://www.petri.co.il/block_web_browsing_with_ipsec.htm

Internet Explorer Administration Kit (IEAK) 6 SP1 enables the most cost-effective and efficient way to deploy and manage Web-based solutions.
http://www.microsoft.com/windows/ieak/default.mspx
0
 
LVL 1

Author Comment

by:-pH
ID: 17852540
its only a couple users that need to be regulated.
i tried editing the host file last night before posting this and it didn't work so i thought i may had done it worng. i just tried again and still nothing. i logged out and back in and again nothing.
any ideas?
host is not saved as a .txt
the entry is 127.0.0.1           www.match.com
i have tried  127.0.0.1           match.com      also to no avail.
-pH

0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17852680
Hosts file has a few "oddities".
After entering your line such as    127.0.0.1     www.match.com    make sure you hit return (carriage return), and save without an extension, though it seems you have done this.
Then you can try purging and re-loading your name cache, using:
nbtstat  -R
and then viewing the updated cache using:
nbtstat  -c
Note 'R' and 'c' are case sensitive.
0
 
LVL 1

Author Comment

by:-pH
ID: 17852767
i tried that, but again it didn't work.
is it necessary to do a complete restart on the machine?
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 77

Accepted Solution

by:
Rob Williams earned 250 total points
ID: 17853183
>>"is it necessary to do a complete restart on the machine?"
No, not at all. actually I apologize nbtstat will only reload/display local NetBIOS names.
I just did a test with www.google.com and it required no reloading, restarting, or log off. You can view the list of cached DNS names and IP's with
ipconfig  /displaydns
and flush with
ipconfig  /flushdns

I assume you are using the existing hosts file in the default location and not creating a new one somewhere else ?
c:\windows\system32\drivers\etc\hosts
0
 
LVL 1

Author Comment

by:-pH
ID: 17853662
for some reason it is just not working. even after fluching and registering dns.
i am kinda stumped as to why it would not allow me to do this.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17853679
Have you tried it on a second machine?
0
 
LVL 1

Author Comment

by:-pH
ID: 17853983
thanks, problem was it wasn't saving properly. it would only save as a .txt no matter what i tried. all is good now.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17854084
Ah !  That would do it. If ever you have the problem again save with quotations such as "hosts"

Thanks -pH, though perhaps since you used the hosts file, points should be split with PeteLong, since he initially provided additional useful details concerning it's use.
Cheers,
--Rob
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now