Learn how to a build a cloud-first strategyRegister Now


How can i lock out websites such as facebook in a small office setup?

Posted on 2009-04-18
Medium Priority
Last Modified: 2013-12-08
i have about 12 nodes on a network with an additional xp pro computer acting as a server. I had to remove some unwanted programs from the users computers and now ive been assigned the task of removing websites such as facebook. I have todo this for all 12 computers so was wondering if there is an efficient way of blocking out ip's / urls so users cannot view certain websites. Can someone suggest a program or a setup to to this? All 12 pc's are running xp pro , all setup dhcp from the router. The router, i have no control over as its setup on the roof by the wireless isp just in case this info helps. Thx
Question by:lucbruneau
LVL 12

Expert Comment

by:David Paris Vicente
ID: 24177625
If you don´t have a firewal like ISA or other stuff that comunicates to all the PC´s the only way is via IE options.
LVL 26

Expert Comment

ID: 24177701
Add a second router that you DO have control over between the existing router and the users, and block the sites you want to block in that router.  Be warned, though, that sophisticated users will ALWAYS be able to find away around such things (or just about any other roadblock you might put in place); you'll only block the noobs.

LVL 31

Expert Comment

by:Wayne Barron
ID: 24177711
Tools | Internet Options | Security | [Restricted Sites]
Add in the site's that you want to block here.
(This is also what wizard above was referring to)
This works very well. BUT if the user knows IE and how to munipulate it, then he/she
Will be able to remove the Block in here.

If you have a Router, then you can Block the IP Address to any site via the Block List of the router.
All routers are different in how to configure the block list.

Good Luck
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.


Expert Comment

ID: 24177802
Are you at all familiar with linux? If so you could set up a linux gateway / transparent proxy and have it filter your traffic.  You could also use it as a firewall to block outbound traffic such as AIM and Y! Messenger...You get the idea. This solution could be done with any old desktop as it is not resource intensive.  It would be virtually free.  If you do not have a working knowledge of linux this solution will be too complicated.

Assisted Solution

dwaynecharrington earned 400 total points
ID: 24177818
Add some entries to the hosts file in the windows directory on each machine and simply make each banned website redirect to the local IP instead ( It's crude, simple, and it works well.

Then simply make any files in the Windows directory you don't want accessed by non administrators read only.
LVL 12

Accepted Solution

Hugh Fraser earned 1200 total points
ID: 24177851
It sounds like you're describing a network with Internet access, but no proxy server and presumably no firewall other than what the ISP's router provides.

A package like Untangle installed on a PC can give you the web filtering you want, and adds in several other basic tools you should have, like a firewall, spam and phishing blocking, etc..

Assisted Solution

darrickhartman earned 200 total points
ID: 24179189
Implement a third party DNS service such as opendns.com.  That allows you to block certain websites at the DNS level which would work well in a small office environment unless the end user has the ability and knowledge to change their DNS server away from what you assign.

Assisted Solution

JDominguezNY earned 200 total points
ID: 24188581
darrickhartman's suggestion is the way I would go in your position, and to ensure security even against the more tech savvy within you office you can set the DNS with an administrative account then set the users account to limited where they cannot change the DNS settings.

Witht he opendns solution you could add and remove sites to every computer simultaneously, only requireing you to access individual PC's at the initial setup

Expert Comment

ID: 24200743
Just a thought but if I were on this network and wanted to go to www.facebook.com I would just add an entry to the local hosts file to allow non-DNS resolution.  Not likely there is anyone in that or most any office thinking of that but if it will work it's worth mentioning.
LVL 12

Assisted Solution

by:Hugh Fraser
Hugh Fraser earned 1200 total points
ID: 24202486
Bear in mind that solutions such as OpenDNS work by intercepting a request for the valid IP address associated with something like www.facebook.com and returning an alternate address. If your users are savvy / determined enough, entering the correct IP address will bypass OpenDNS and take them to the site, as will clicking on a link that contains and IP address. Only you know what kind of environment you're dealing with.

A web content filter will check the content in addition to the blocking both URLs and IP addresses.

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
Following on from our article on "The Murky World of Consent and opt in", we thought we would issue some helpful guidance, not only on consent itself but knowing what information you are capturing, what you are doing with this data and how you can p…
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question