Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Block all web access with exceptions

Posted on 2009-04-13
5
Medium Priority
?
324 Views
Last Modified: 2012-05-06
Basically we have just istalled sbs 2003 and the boss wants to block all internet access with the exception of a few sites that staff need to access. There is msn use, facebook etc not to mention game playing.
We are SBS 2003 premium (not r2) and too late for the isa update that i believe had to be ordered on disk.
There are 3 -4 sites that we want to restrict users to (power users must still have al l access) and of course still allow pc's to update.
Clients currently view internet via proxy server on port 8080 - isa server.

Now I am rather green at this - did not set up the proxy server myself although did install the server / network etc - so please keep instructions as basic and step by step as possible.

Thanks - Brett.
0
Comment
Question by:Brett_Parker
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24133232
0
 

Author Comment

by:Brett_Parker
ID: 24136052
Thanks,

I will give it a go this evening - i am a little suprised as i thought the ISA could stop sites.

Brett.
0
 

Author Comment

by:Brett_Parker
ID: 24151145
OK,
Well i have given it a go.

It does not seem as though you can set groups with permissions (as i mentioned above it is only those listed as 'users' we wish to stop - all power users must still have access to the entire web) unless a second static ip address is purchased.

also, our main problems are facebook and MSN - the open dns works fine and blocks myspace, porn sites etc. However i am still able to view Facebook on client workstations, have not tested MSN yet but to be honest if this cant block facebook then it is of no use.

i did try and leave a message on their forum, 8 times in fact but for some reason the page timed out (maybe they are blocking parts of their own site - who knows) so decided to return here for further guidance.

If ISA cannot do this (our previous network ran through a netgear router and there was no problems at all) is it really worth the money? i feel sure as a firewall it must have the ability to block all sites for clients in the users group (with a few exceptions) whilst letting power users connect to everything?


Regards - Brett
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24151260
Try windows steady state
http://www.microsoft.com/downloads/details.aspx?FamilyID=d077a52d-93e9-4b02-bd95-9d770ccdb431&displaylang=en
 
You can configure the machines so that they can only go to sites you specify. You will find many other settings you might find useful as well.
0
 

Accepted Solution

by:
Brett_Parker earned 0 total points
ID: 24182708
Hello again,

I found other settings that are usefull (an answer to the MSN problem) however when reading the documentation this will not work if connection is through a proxy server (which is how the workstations connect).

Would it be possible to create a second proxy on a different port - block all sites with exceptions and point the users to that whilst the power usuers continue to access through the original?

Brett.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Written by Glen Knight (demazter) as part of a series of how-to articles. Introduction One of the biggest consumers of disk space with Small Business Server 2008(SBS) is Windows Server Update Services, more affectionately known as WSUS. For t…
Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question