Solved

whitelist batch file

Posted on 2010-08-19
5
995 Views
Last Modified: 2013-12-08
We have a problem of viruses here. I would like to know a way (free) of whitelisting web sites that I can easily maintain and do not haft to run to every computer and change.

I was wondering if there was a way to make a batch file or some file to execute upon an end user logging into the domain to only whitelist certain sites for them to access through internet explorer of firefox.
 
0
Comment
Question by:pchmark
5 Comments
 
LVL 7

Expert Comment

by:Dk_guru
ID: 33475565
You can normally do this from your router or firewall... allowing certain computers through or none at all.  Is it required to be controlled from the local machine?
0
 

Author Comment

by:pchmark
ID: 33475918
yes, but i would prefer this to be done on a group or by user basis
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 33476711
have you considered a pac file? that lets you define routing rules on a per-host (or per ip) basis, so you can block all but selected destinations.

http://en.wikipedia.org/wiki/Proxy_auto-config

best bit is - you can define the location in dhcp or by creating a dns entry for wpad.yourdomain - by running an appropriate webserver, you have a single point on your network where the file is stored, and you can redirect, block, or otherwise configure every browser on your network without having to visit each one (plus using the pac file if available is the default on most browsers, even non-windows ones)
0
 
LVL 1

Accepted Solution

by:
infinitous earned 500 total points
ID: 33477317
You can do this with a bat file if you are willing to use I.E.'s trusted sites.  The syntax for the batch file would be:
@ECHO OFF
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\[domain.suffix]\[subdomain]" /t "REG_DWORD" /v "HTTP[s]" /d "2" /F

an example would be:
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\exptech.net\www" /t "REG_DWORD" /v "HTTP" /d "2" /F

Or, if no subdomain is needed (i.e. *.domain.com):
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\exptech.net" /t "REG_DWORD" /v "HTTP" /d "2" /F

Please also note that the data (/d) value will always be 2, however the value (/v) will need to be changed depending on the protocol used (https or http).

Along with that bat file, I would use group policy to increase the security on the internet zone so users can't browse most files.

0
 
LVL 63

Expert Comment

by:btan
ID: 33498250
This link would be useful on GPO for IE config
@ http://www.grouppolicy.biz/tag/white-list/

Typically you will want to configure the proxy that does this filtering hence the use of wpad etc. You may want to check out Blue Coat K9 Web Protection is one free home use software, you may want to test it out first before making the decision whether to purchase. It can go quite granular. It does not do whitelist directly but it would be configurable and it has real time update based on its dynamic page-rating technology
@ http://www1.k9webprotection.com/aboutk9/overview

0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question