Link to home
Start Free TrialLog in
Avatar of Ozzie101
Ozzie101

asked on

how to restrict browsing the internet from client machines

I would like to block the internet browsing of 7 out of 9 users on the network, but the machines should be able to access the internet to automatically update the antivirus.

the server is Microsoft Windows Server 2003 R2.
Client Machines are Windows XP Professional.
Avatar of Bryon H
Bryon H
Flag of United States of America image

does your router/firewall device support this?  that would be best.

we use the zyxel zywall 2, it allows for you to specify which ip addresses can access which sites, or deny all sites except a specified list... or block certain sites but allow everything else... etc

http://www.zyxel.com/web/product_family_detail.php?PC1indexflag=20040908175941&CategoryGroupNo=FF94F854-B6F1-47B7-BFB7-4660CF8649C8

there isn't anything built-in to windows that will allow for you to do this...
you can use a group policy to set a proxy setting in internet explorer - set it to something that doesnt exist or isnt a real proxy.
alternatively - to block some sites for all users - put a dns entry in on your server so when they try to go to the site it wont come up.

each of these methods isnt perfect - ideally you need to run a firewall or proxy server that integrates with active directory.
any dns solution is going to require entering every possible domain/host name and setting them to 0.0.0.0 or something invalid

steadystate is awesome for locking down what users can do on the machine but i dont see how it can lock down web browsing

turning on a proxy will prevent windows update, and might mess with other 3rd party programs that rely on the IE proxy settings
"any dns solution is going to require entering every possible domain/host  name and setting them to 0.0.0.0 or something invalid"


No it is not!!!
ASKER CERTIFIED SOLUTION
Avatar of Don
Don
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Ozzie101
Ozzie101

ASKER

All,

what about using " Set Program Access and defaults " within Windows XP?

if I restrict Internet Explorer, would my antivirus update automatically?
windows updates will run even if you set the default web browser to something else

set program access and defaults is just saying what programs you want things to open in, not weather or not it should be allowed
Try Steady state with the "Prevent internet access(except websites below)" option.


Steady state is free and from microsoft and also has the option of "Windows Disk Protection" which is comparable to Deep Freeze