Solved

whitelist batch file

Posted on 2010-08-19
5
982 Views
Last Modified: 2013-12-08
We have a problem of viruses here. I would like to know a way (free) of whitelisting web sites that I can easily maintain and do not haft to run to every computer and change.

I was wondering if there was a way to make a batch file or some file to execute upon an end user logging into the domain to only whitelist certain sites for them to access through internet explorer of firefox.
 
0
Comment
Question by:pchmark
5 Comments
 
LVL 7

Expert Comment

by:Dk_guru
ID: 33475565
You can normally do this from your router or firewall... allowing certain computers through or none at all.  Is it required to be controlled from the local machine?
0
 

Author Comment

by:pchmark
ID: 33475918
yes, but i would prefer this to be done on a group or by user basis
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 33476711
have you considered a pac file? that lets you define routing rules on a per-host (or per ip) basis, so you can block all but selected destinations.

http://en.wikipedia.org/wiki/Proxy_auto-config

best bit is - you can define the location in dhcp or by creating a dns entry for wpad.yourdomain - by running an appropriate webserver, you have a single point on your network where the file is stored, and you can redirect, block, or otherwise configure every browser on your network without having to visit each one (plus using the pac file if available is the default on most browsers, even non-windows ones)
0
 
LVL 1

Accepted Solution

by:
infinitous earned 500 total points
ID: 33477317
You can do this with a bat file if you are willing to use I.E.'s trusted sites.  The syntax for the batch file would be:
@ECHO OFF
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\[domain.suffix]\[subdomain]" /t "REG_DWORD" /v "HTTP[s]" /d "2" /F

an example would be:
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\exptech.net\www" /t "REG_DWORD" /v "HTTP" /d "2" /F

Or, if no subdomain is needed (i.e. *.domain.com):
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\exptech.net" /t "REG_DWORD" /v "HTTP" /d "2" /F

Please also note that the data (/d) value will always be 2, however the value (/v) will need to be changed depending on the protocol used (https or http).

Along with that bat file, I would use group policy to increase the security on the internet zone so users can't browse most files.

0
 
LVL 62

Expert Comment

by:btan
ID: 33498250
This link would be useful on GPO for IE config
@ http://www.grouppolicy.biz/tag/white-list/

Typically you will want to configure the proxy that does this filtering hence the use of wpad etc. You may want to check out Blue Coat K9 Web Protection is one free home use software, you may want to test it out first before making the decision whether to purchase. It can go quite granular. It does not do whitelist directly but it would be configurable and it has real time update based on its dynamic page-rating technology
@ http://www1.k9webprotection.com/aboutk9/overview

0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now