How can i lock out websites such as facebook in a small office setup?

Posted on 2009-04-18
Last Modified: 2013-12-08
i have about 12 nodes on a network with an additional xp pro computer acting as a server. I had to remove some unwanted programs from the users computers and now ive been assigned the task of removing websites such as facebook. I have todo this for all 12 computers so was wondering if there is an efficient way of blocking out ip's / urls so users cannot view certain websites. Can someone suggest a program or a setup to to this? All 12 pc's are running xp pro , all setup dhcp from the router. The router, i have no control over as its setup on the roof by the wireless isp just in case this info helps. Thx
Question by:lucbruneau
    LVL 12

    Expert Comment

    by:David Paris Vicente
    If you don´t have a firewal like ISA or other stuff that comunicates to all the PC´s the only way is via IE options.
    LVL 26

    Expert Comment

    Add a second router that you DO have control over between the existing router and the users, and block the sites you want to block in that router.  Be warned, though, that sophisticated users will ALWAYS be able to find away around such things (or just about any other roadblock you might put in place); you'll only block the noobs.

    LVL 30

    Expert Comment

    by:Wayne Barron
    Tools | Internet Options | Security | [Restricted Sites]
    Add in the site's that you want to block here.
    (This is also what wizard above was referring to)
    This works very well. BUT if the user knows IE and how to munipulate it, then he/she
    Will be able to remove the Block in here.

    If you have a Router, then you can Block the IP Address to any site via the Block List of the router.
    All routers are different in how to configure the block list.

    Good Luck
    LVL 2

    Expert Comment

    Are you at all familiar with linux? If so you could set up a linux gateway / transparent proxy and have it filter your traffic.  You could also use it as a firewall to block outbound traffic such as AIM and Y! Messenger...You get the idea. This solution could be done with any old desktop as it is not resource intensive.  It would be virtually free.  If you do not have a working knowledge of linux this solution will be too complicated.
    LVL 6

    Assisted Solution

    Add some entries to the hosts file in the windows directory on each machine and simply make each banned website redirect to the local IP instead ( It's crude, simple, and it works well.

    Then simply make any files in the Windows directory you don't want accessed by non administrators read only.
    LVL 12

    Accepted Solution

    It sounds like you're describing a network with Internet access, but no proxy server and presumably no firewall other than what the ISP's router provides.

    A package like Untangle installed on a PC can give you the web filtering you want, and adds in several other basic tools you should have, like a firewall, spam and phishing blocking, etc..
    LVL 7

    Assisted Solution

    Implement a third party DNS service such as  That allows you to block certain websites at the DNS level which would work well in a small office environment unless the end user has the ability and knowledge to change their DNS server away from what you assign.
    LVL 4

    Assisted Solution

    darrickhartman's suggestion is the way I would go in your position, and to ensure security even against the more tech savvy within you office you can set the DNS with an administrative account then set the users account to limited where they cannot change the DNS settings.

    Witht he opendns solution you could add and remove sites to every computer simultaneously, only requireing you to access individual PC's at the initial setup
    LVL 2

    Expert Comment

    Just a thought but if I were on this network and wanted to go to I would just add an entry to the local hosts file to allow non-DNS resolution.  Not likely there is anyone in that or most any office thinking of that but if it will work it's worth mentioning.
    LVL 12

    Assisted Solution

    Bear in mind that solutions such as OpenDNS work by intercepting a request for the valid IP address associated with something like and returning an alternate address. If your users are savvy / determined enough, entering the correct IP address will bypass OpenDNS and take them to the site, as will clicking on a link that contains and IP address. Only you know what kind of environment you're dealing with.

    A web content filter will check the content in addition to the blocking both URLs and IP addresses.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    I annotated my article on ransomware somewhat extensively, but I keep adding new references and wanted to put a link to the reference library.  Despite all the reference tools I have on hand, it was not easy to find a way to do this easily. I finall…
    Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
    Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…
    How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now