How can i lock out websites such as facebook in a small office setup?

i have about 12 nodes on a network with an additional xp pro computer acting as a server. I had to remove some unwanted programs from the users computers and now ive been assigned the task of removing websites such as facebook. I have todo this for all 12 computers so was wondering if there is an efficient way of blocking out ip's / urls so users cannot view certain websites. Can someone suggest a program or a setup to to this? All 12 pc's are running xp pro , all setup dhcp from the router. The router, i have no control over as its setup on the roof by the wireless isp just in case this info helps. Thx
Who is Participating?
Hugh FraserConnect With a Mentor ConsultantCommented:
It sounds like you're describing a network with Internet access, but no proxy server and presumably no firewall other than what the ISP's router provides.

A package like Untangle installed on a PC can give you the web filtering you want, and adds in several other basic tools you should have, like a firewall, spam and phishing blocking, etc..
David Paris VicenteSystems and Comunications  Administrator Commented:
If you don´t have a firewal like ISA or other stuff that comunicates to all the PC´s the only way is via IE options.
Add a second router that you DO have control over between the existing router and the users, and block the sites you want to block in that router.  Be warned, though, that sophisticated users will ALWAYS be able to find away around such things (or just about any other roadblock you might put in place); you'll only block the noobs.

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Wayne BarronAuthor, Web DeveloperCommented:
Tools | Internet Options | Security | [Restricted Sites]
Add in the site's that you want to block here.
(This is also what wizard above was referring to)
This works very well. BUT if the user knows IE and how to munipulate it, then he/she
Will be able to remove the Block in here.

If you have a Router, then you can Block the IP Address to any site via the Block List of the router.
All routers are different in how to configure the block list.

Good Luck
Are you at all familiar with linux? If so you could set up a linux gateway / transparent proxy and have it filter your traffic.  You could also use it as a firewall to block outbound traffic such as AIM and Y! Messenger...You get the idea. This solution could be done with any old desktop as it is not resource intensive.  It would be virtually free.  If you do not have a working knowledge of linux this solution will be too complicated.
dwaynecharringtonConnect With a Mentor Commented:
Add some entries to the hosts file in the windows directory on each machine and simply make each banned website redirect to the local IP instead ( It's crude, simple, and it works well.

Then simply make any files in the Windows directory you don't want accessed by non administrators read only.
darrickhartmanConnect With a Mentor Commented:
Implement a third party DNS service such as  That allows you to block certain websites at the DNS level which would work well in a small office environment unless the end user has the ability and knowledge to change their DNS server away from what you assign.
JDominguezNYConnect With a Mentor Commented:
darrickhartman's suggestion is the way I would go in your position, and to ensure security even against the more tech savvy within you office you can set the DNS with an administrative account then set the users account to limited where they cannot change the DNS settings.

Witht he opendns solution you could add and remove sites to every computer simultaneously, only requireing you to access individual PC's at the initial setup
Just a thought but if I were on this network and wanted to go to I would just add an entry to the local hosts file to allow non-DNS resolution.  Not likely there is anyone in that or most any office thinking of that but if it will work it's worth mentioning.
Hugh FraserConnect With a Mentor ConsultantCommented:
Bear in mind that solutions such as OpenDNS work by intercepting a request for the valid IP address associated with something like and returning an alternate address. If your users are savvy / determined enough, entering the correct IP address will bypass OpenDNS and take them to the site, as will clicking on a link that contains and IP address. Only you know what kind of environment you're dealing with.

A web content filter will check the content in addition to the blocking both URLs and IP addresses.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.