Restrict Internet Access for Employees

Posted on 2009-04-13
Last Modified: 2012-05-06
Hi there!
We have a small network of 25 computers (pcs and macs)
Since most of the employees work on a computer, they waste a lot of time surfing and shopping online.
We would like to restrict internet access to only few websites during all hours.
during lunch hours (or after work hours) the access should be open to all sites.
Is there any hardware based (router) solution which gives us flexibility to set different rules for different users? I know few software based solutions, but they cannot restrict mac from accessing internet.
Thanks for any help.
Question by:avrbhv74
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +3

Expert Comment

ID: 24135042

check this out, if it's too complicated, just ask me if you need more help.  i know of one website which will allow you to block certain websites for any computer.

Expert Comment

ID: 24135044
I'm not entirely sure how doing this is implemented, but I know that you can set it up so that the sites get filtered 'before' it gets to the client computers so that it doesn't matter if it's pc/mac/linux/whatever.  However, if you don't already have the stuff in place to enable this functionality then I would probably look into approaching it differently.

For starters, what kind of system do you have in place to measure employee's production?  You don't have to micromanage them, but you should have some sort of way to let the employees see what they've accomplished.  Depending on the type of work they are doing this may be easy or difficult to figure out how to do.  I remember when I had an office job at Sears they weren't sure how to measure what I was doing because they didn't totally even understand what I was doing, so my manager actually asked me to help her come up with a system that would work for me.

On the other end, don't be tolerant of people who surf the web when they aren't supposed to.  Most users don't know anything about deleting their history, and even if they do you can install software that will track their internet usage if you need to.  Be upfront and let them know that their internet usage is monitored and disciplinary action up to and including termination will be enforced.
LVL 29

Accepted Solution

Michael Worsham earned 500 total points
ID: 24135046
I recommend taking a look at open source Untangle ( appliance platform. It's a downloadable ISO that you install on a separate PC with two network cards (three if you need a DMZ). Its all GUI-driven, thus easy to configure and manage. You do not have to install any software on the desktops. It's totally transparent to the users.

The Untangle appliance has a Web Content Control module that blocks user access to specific Internet websites. The Web Content Control also enables you to choose among these categories to define web content control policies in your workplace. You can also use custom URL blocklists for hosts, domains, and file types to block additional content.

Untangle Site:

Untangle Product Overview:

Untangle Demo/Video Overview
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Expert Comment

ID: 24135050
ps - I referring to a software solution in my paragraph, in case that wasn't clear.

Author Comment

ID: 24135071
Dear Brandonvmoore

Thanks for your reply. You bring home an important point about measuring employee's production. I have good system in place to measure productivity of sales people, but not for other support division. Guess I have to find more information in that area. Letting employees know that we are monitoring their internet usage is a good idea, however at this point I think i need a flexible solution (hardware or software) which will let me 'enforce' internet policy in our company.

Thanks for your help!

Expert Comment

ID: 24135112
You should put on a show next time you catch someone.  Run up to their desk and throw their papers in the air and yell "YOUR FIRED!!!" real loud everyone to hear and carry on for a while.  Then you can calm down and say "I'm just kidding.  But seriously, stop using the internet when you're not supposed to."  

That'll should get everyone's attention ;)

Author Comment

ID: 24135155
...haha...that gave me a good laugh. Seriously I tried to embarrass them by telling not to misuse internet in front of everybody but to no avail. I am dealing with Chinese staff here (our office is in Shanghai). After trying many measures I came to the conclusion that restricting internet access according to user and time would be an ideal solution.

Expert Comment

ID: 24135266
Well, here's another tip for getting through to people that applies to more than just this area:

If you catch someone doing something their not supposed:
1) Ask them if they are aware of the rule they're breaking.
2) Ask them why they felt it was ok to disrespect your authority

This is a technique I use on little children, but sometimes adults need it to.  The key to why this works is because now they don't just think in terms of breaking some random company rule, but it's 'your' rule and it's offensive to you for them to break it.  Just as though they came up to your face and disrespected you.

Expert Comment

ID: 24136320
BMF is traffic shaper for Windows and itprovides configuring by MAC addresses.

Expert Comment

ID: 24139906
I found the website that might help you.  It is called it might help you check it out.

Expert Comment

ID: 24141329
I had the same problem as you for a long time, mainly with streaming media. Everyone in the office would listen to their own stations - it was quite the chaotic environment. I installed a ClarkConnect box - it is very similar to the Untangle system mentioned by mwecomputers above. All you need is a spare computer with two nics. Setup is fairly straight forward. I has lots of ability for blocking access to sites by address, type and even content.

( )

Author Closing Comment

ID: 31569778
Thanks mwecomputers! I think untangle is the solution I was looking for. The best part is that the basic functionality is free. I will be subscribing to some add-ons which doesn't cost much.
Thanks again!

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Connecting to CISCO 4402 WLC 3 54
Exchange 2007 standard - defrag (eseutul /d) 10 66
Cisco 4400 will not take SFP module ? SFP 10 GB module 1 50
ZEPTO Ransomware - Removal 8 40
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question