Ozzie101
asked on
how to restrict browsing the internet from client machines
I would like to block the internet browsing of 7 out of 9 users on the network, but the machines should be able to access the internet to automatically update the antivirus.
the server is Microsoft Windows Server 2003 R2.
Client Machines are Windows XP Professional.
the server is Microsoft Windows Server 2003 R2.
Client Machines are Windows XP Professional.
you can use a group policy to set a proxy setting in internet explorer - set it to something that doesnt exist or isnt a real proxy.
alternatively - to block some sites for all users - put a dns entry in on your server so when they try to go to the site it wont come up.
each of these methods isnt perfect - ideally you need to run a firewall or proxy server that integrates with active directory.
alternatively - to block some sites for all users - put a dns entry in on your server so when they try to go to the site it wont come up.
each of these methods isnt perfect - ideally you need to run a firewall or proxy server that integrates with active directory.
OpenDns is also a good free way to limit/block websites
http://www.opendns.com/solutions/business/filtering/
and Windows Steady State is also a option
http://www.online-tech-tips.com/free-software-downloads/use-windows-steadystate-to-manage-and-lock-down-user-accounts-for-shared-access-computers/
http://www.opendns.com/solutions/business/filtering/
and Windows Steady State is also a option
http://www.online-tech-tips.com/free-software-downloads/use-windows-steadystate-to-manage-and-lock-down-user-accounts-for-shared-access-computers/
any dns solution is going to require entering every possible domain/host name and setting them to 0.0.0.0 or something invalid
steadystate is awesome for locking down what users can do on the machine but i dont see how it can lock down web browsing
turning on a proxy will prevent windows update, and might mess with other 3rd party programs that rely on the IE proxy settings
steadystate is awesome for locking down what users can do on the machine but i dont see how it can lock down web browsing
turning on a proxy will prevent windows update, and might mess with other 3rd party programs that rely on the IE proxy settings
"any dns solution is going to require entering every possible domain/host name and setting them to 0.0.0.0 or something invalid"
No it is not!!!
No it is not!!!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
All,
what about using " Set Program Access and defaults " within Windows XP?
if I restrict Internet Explorer, would my antivirus update automatically?
what about using " Set Program Access and defaults " within Windows XP?
if I restrict Internet Explorer, would my antivirus update automatically?
windows updates will run even if you set the default web browser to something else
set program access and defaults is just saying what programs you want things to open in, not weather or not it should be allowed
set program access and defaults is just saying what programs you want things to open in, not weather or not it should be allowed
Try Steady state with the "Prevent internet access(except websites below)" option.
Steady state is free and from microsoft and also has the option of "Windows Disk Protection" which is comparable to Deep Freeze
Steady state is free and from microsoft and also has the option of "Windows Disk Protection" which is comparable to Deep Freeze
we use the zyxel zywall 2, it allows for you to specify which ip addresses can access which sites, or deny all sites except a specified list... or block certain sites but allow everything else... etc
http://www.zyxel.com/web/product_family_detail.php?PC1indexflag=20040908175941&CategoryGroupNo=FF94F854-B6F1-47B7-BFB7-4660CF8649C8
there isn't anything built-in to windows that will allow for you to do this...