?
Solved

Website filtering Windows 2003 Server

Posted on 2007-07-24
9
Medium Priority
?
246 Views
Last Modified: 2008-07-09
Hi all, whats the quickest/leanest way to filter out a couple of websites for a bunch of users on a windows 2003 domain. i.e we need to block a number of sites that are slowing down the network....Can i do this through GPO or so i have to install some kind of external filter. I've seen the content manager but it seemed a little over zelous....

Ta

Dave
0
Comment
Question by:javabeat
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 31

Accepted Solution

by:
merowinger earned 600 total points
ID: 19554974
u can configure your hosts file in C:\windows\system32\drivers\etc on your proxy server or dns server that all those sites are redirected to localhost for examble:

127.0.0.1       localhost
127.0.0.1       www.notallowed.de
127.0.0.1       www.porn.com
0
 
LVL 31

Assisted Solution

by:merowinger
merowinger earned 600 total points
ID: 19554980
note: but when the users take the ip address to get to the site, they can go arround this dns trick!
0
 
LVL 26

Assisted Solution

by:Farhan Kazi
Farhan Kazi earned 750 total points
ID: 19555041
Greetings Javabeat,

You can add sites to the "Restricted Zone" in IE via Group Policy.
It's under User/Computer Config > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page > "Site to zone assignment list". Add restricted sites heres with a value of 4 (restricted). Configure the other various policies to enable this on the client.

Hope this helps!
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Author Comment

by:javabeat
ID: 19555226
what if the user is using firefox though?...would the GPO option bypass the IE settings etc?
I tried to update the host file on the domain (also the DNS Server) but it only appeared to afffect the machine itself and not the domain users...Would that require a server restart?
0
 
LVL 26

Assisted Solution

by:Farhan Kazi
Farhan Kazi earned 750 total points
ID: 19555391
You are right, policy will be bypassed if clients use Firefox. You can restrict users to stick with IE using Software Restriction Policy (hash rule for Firefox or any other known web browser ). In hosts file solution you need to replace hosts file on all client machines.

0
 
LVL 26

Assisted Solution

by:Farhan Kazi
Farhan Kazi earned 750 total points
ID: 19555412
Are you using any proxy server like ISA, Wingate etc..? If yes then why not blocking through proxy server?
0
 

Author Comment

by:javabeat
ID: 19555708
not using a proxy though if thats the best way ahead i'm good with that...are these the best/cheapest or just proxies you've heard off?
0
 
LVL 11

Assisted Solution

by:kamalgopi
kamalgopi earned 150 total points
ID: 19555712
may be you add the list of the sites to the restricted site list so the user cannot go that website which can be done in GPO. please see the info below.
To create a policy to add a site to the restrcited Sites security zone:

01. Log on as a member of the Domain Admins group.

02. Open the Active Directory Users and Computers MMC snap-in.

03. Right-click the domain or Organizational Unit where you want to create the GPO and press Properties.

04. Select the Group Policy tab.

05. Press New.

06. Type a name for the new GPO and press Enter.

07. To prevent the policy from being applied to some users or groups, press Properties. Select the Security tab. Add the user or group that you want to prevent from having this policy and clear the Read and the Apply Group Policy boxes in the Allow column. Press OK.

08. Press the Edit button.

09. Navigate through User Configuration / Windows Settings / Internet Explorer Maintenance / Security.

10. Right-click Security Zones and Content Ratings in the right-hand pane and press Properties.

11. Select Import the current security zones and privacy settings. If prompted, press Continue.

12. Press Modify Settings.

13. Select restrcited Sites and press the Sites button.

14. Type the full URL of the site you wish to add and press Add.

15. Press Close (or OK) and OK.

16. Press Close (or OK) until all dialog boxes are closed, and close any snap-in windows.

17. Allow sufficient time for the policy to propagate throughout the domain.


Hope this helps
Cheers:)
Kamal
0
 
LVL 26

Assisted Solution

by:Farhan Kazi
Farhan Kazi earned 750 total points
ID: 19556039
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question