Solved

Blocking websites for Remote Desktop users

Posted on 2009-07-13
20
2,705 Views
Last Modified: 2013-11-21
We have about 10 dumb terminals that connect to our Terminal Server. We want to block certain websites while allowing others.

I have made changes to the host file on the server to block the websites we don't want, and it works on the server, but when I go to a terminal and log into a remote session the sites can be accessed.

The terminals themselves don't have internet, only when using remote desktop can users get to the web.

Any ideas?
0
Comment
Question by:nicolausj
  • 12
  • 3
  • 3
  • +1
20 Comments
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24842918
0
 
LVL 3

Author Comment

by:nicolausj
ID: 24843079
Not really what I was looking for. We only need to block websites on our thin clients, not "all" of our computers. Some staff still need access to sites we wish to block on our thin clients.
0
 
LVL 7

Expert Comment

by:namol
ID: 24843104
Have you tried flushing the dns cache and then checking to make sure the changes from the host file are being read?

ipconfig /flushdns <-- flush dns
ipconfig /displaydns <-- Will display all the dns information that is in the cache, basically all the hosts file information.
0
 
LVL 3

Author Comment

by:nicolausj
ID: 24843206
DNS looks good on the server. Everything I have blocked using the host file is appearing as 127.0.0.1

Is it possible the RDP sessions aren't picking up on the host file? Do I need to share it? or is there a place I can include it in the remote desktop settings?
0
 
LVL 7

Expert Comment

by:namol
ID: 24843391
as long as the security on the hosts file is set so those usesrs can read/execute the file you wont need to worry about sharing it etc. Are you doing this as an admin account or as a user? Can you list the examples that you're trying to block? Can you show us the hosts file?
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24843457
Configure them to use a false proxy 127.0.0.1, then add the sites to be allowed to the exceptions list.
proxy.jpg
0
 
LVL 3

Author Comment

by:nicolausj
ID: 24843604
namol : I have configured the servers host file using the administrator account, and I will check to see that all users have read access to the servers host file.

0
 
LVL 3

Author Comment

by:nicolausj
ID: 24843638
namol: all users have read and exicute permissions on the host file.
0
 
LVL 3

Author Comment

by:nicolausj
ID: 24843784
And the hostfile is basically the following

127.0.0.1       www.youtube.com
127.0.0.1       www.facebook.com
127.0.0.1       www.hotmail.com

It blocks all the sites fine when sitting infront of the terminal server (administrator account) but when using RDP the sites aren't stopped.

Also, when looking at the host file I noticed some of the files on the server appear with blue font and the rest are all black. Does this mean these files are being shared with the thin clients?
0
 
LVL 3

Author Comment

by:nicolausj
ID: 24843801
never mind... it means the files are compressed.
0
Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

 
LVL 7

Expert Comment

by:namol
ID: 24843890
I would remove the www portion from the hosts file. That just blocks the specific server but all of those servers have more than one, such as images.facebook.com etc.
0
 
LVL 6

Expert Comment

by:ahmad2121
ID: 24844170
If they use VPN, you can setup a small DNS server to block those requests automatically (or give bogus responses)

if not, configure a custom DNS on that server with read permissions ONLY for those who remote in to that particular machine.

A bit of a hack but it could work. If this doesn't make any sense let me know, I'll give you a complete breakdown of what I mean in detail.
0
 
LVL 6

Expert Comment

by:ahmad2121
ID: 24844209
as namol said, www. is not restrictive enough, but other than that, there different dns prefixs such as .ca, .hk, .co.uk etc.
0
 
LVL 3

Author Comment

by:nicolausj
ID: 24849320
They don't use VPN, they are thin clients (dumb terminals) within our building.

On the server itself it does seem to be restrictive enough but I'll remove the www. and see if the clients RPD sessions are affected.

But why are the remote desktop sessions to the terminal server not pulling the servers host file for the sessions? They were setup with Windows XP Embedded, but it doesn't make sence that I would need to mess around with the Clients host file when the session is via RPD on the server...
0
 
LVL 3

Author Comment

by:nicolausj
ID: 24860517
Removing the www. in front of the websites actually allowed the server to surf to the sites we wanted to block. When I put the WWW. back, the sites were then blocked.

Any Ideas why my thin clients RDP sessions aren't being affected by the host file on the server?

Thanks
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24860563
have you tried to modify the clients host file and try again?
0
 
LVL 3

Author Comment

by:nicolausj
ID: 24861769
I'm still not seeing how modifying the clients host file is going to change anything.... but I did look, and not one of the thin clients has a host file.
0
 
LVL 3

Author Comment

by:nicolausj
ID: 24861979
Alright, I just ran another test. Used remote desktop to the sever, and logged in as the local administrator. When trying to surf to www.google.ca the host file worked and stopped me from getting to the site. If used one of our user accounts I can surf to the restricted webistes.

Does this mean there is a permissions issue? Or could the remote users have been setup incorrectly on the server?
0
 
LVL 3

Author Comment

by:nicolausj
ID: 24862696
Nevermind I figured out the problem.
0
 
LVL 3

Accepted Solution

by:
nicolausj earned 0 total points
ID: 24862732
Proxy setting within each users profile were bypassing the host file.

The reason that doesn't appear on the thin clients is we have a secure web browser auto launch when using remote desktop.

I logged in using my desktop and can change the setting.
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

Suggested Solutions

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now