Link to home
Start Free TrialLog in
Avatar of IT Tech
IT TechFlag for United States of America

asked on

Blocking Websites for Users...

I have a bit of a challenge here... my client wants to block access over the entire network to sites such as: facebook, myspace, mail.yahoo.com etc....

We have a WatchGuard 550 Core firewall in place, its fairly new as well... The Webblocker subscription was a 3 month trial that was in place by default and has expired.  Now that the need has arisen to block sites i find it hard to believe that the "only" way according to Watchguard is to purchase this "Webblocker" service add on that is $670.00.

Is there any 3rd party software I can install on client machines or via group policy that would stop users from going to certain sites?  Any ideas would be greatly appreciated!

Thanks
Avatar of AngelGabriel
AngelGabriel
Flag of United Kingdom of Great Britain and Northern Ireland image

You can make a change in DNS for the websites in question

If all your systems use a windows based DNS server, which I assume they do, you can create DNS entries for these websites so that users are directed to a website of our choosing, possibly a company intranet. If you need more assistance, make a comment :)
Avatar of IT Tech

ASKER

That sounds great, all client machines point to the domain controller for DNS resolution.  Domain controller is running Windows 2003 R2 Standard.  If you could tell me how to add/mod the dns to redirect facebook.com for example that would be great!  Thanks.
Avatar of Alan Hardisty
You can also setup a login script that copies down a hosts file with those sites listed that point to 127.0.0.1 and places the file in c:\windows\system32\drivers\etc
This will work just as effectively as the DNS way - I guess it depends on which one is easiest one to implement.
Alan
Avatar of IT Tech

ASKER

I would like to just do the DNS redirects if anyone can tell me how to do that?  Thanks
ASKER CERTIFIED SOLUTION
Avatar of j210277
j210277

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of j210277
j210277

Make sure you make the dns server authoritative for the zone, here is a MS article to setup DNS http://support.microsoft.com/kb/323445
One more solution you can try is blocking sites at the firewall level; for this however you would need to put the IP addresses and this is quite a job [as the mirrors keep coming up for heavily used sites and it is a challenge to keep up with them]. Also, if certain websites uses non-standard port like 8080 or HTTPS you would need to either have different service for each port/protocol pair or one consolidated service with all port/protocol [adding port/protocol in an existing service is again tedious as you would need to delete and then re-add the service].

Thank you.