Solved

whitelist batch file

Posted on 2010-08-19
5
990 Views
Last Modified: 2013-12-08
We have a problem of viruses here. I would like to know a way (free) of whitelisting web sites that I can easily maintain and do not haft to run to every computer and change.

I was wondering if there was a way to make a batch file or some file to execute upon an end user logging into the domain to only whitelist certain sites for them to access through internet explorer of firefox.
 
0
Comment
Question by:pchmark
5 Comments
 
LVL 7

Expert Comment

by:Dk_guru
ID: 33475565
You can normally do this from your router or firewall... allowing certain computers through or none at all.  Is it required to be controlled from the local machine?
0
 

Author Comment

by:pchmark
ID: 33475918
yes, but i would prefer this to be done on a group or by user basis
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 33476711
have you considered a pac file? that lets you define routing rules on a per-host (or per ip) basis, so you can block all but selected destinations.

http://en.wikipedia.org/wiki/Proxy_auto-config

best bit is - you can define the location in dhcp or by creating a dns entry for wpad.yourdomain - by running an appropriate webserver, you have a single point on your network where the file is stored, and you can redirect, block, or otherwise configure every browser on your network without having to visit each one (plus using the pac file if available is the default on most browsers, even non-windows ones)
0
 
LVL 1

Accepted Solution

by:
infinitous earned 500 total points
ID: 33477317
You can do this with a bat file if you are willing to use I.E.'s trusted sites.  The syntax for the batch file would be:
@ECHO OFF
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\[domain.suffix]\[subdomain]" /t "REG_DWORD" /v "HTTP[s]" /d "2" /F

an example would be:
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\exptech.net\www" /t "REG_DWORD" /v "HTTP" /d "2" /F

Or, if no subdomain is needed (i.e. *.domain.com):
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\exptech.net" /t "REG_DWORD" /v "HTTP" /d "2" /F

Please also note that the data (/d) value will always be 2, however the value (/v) will need to be changed depending on the protocol used (https or http).

Along with that bat file, I would use group policy to increase the security on the internet zone so users can't browse most files.

0
 
LVL 62

Expert Comment

by:btan
ID: 33498250
This link would be useful on GPO for IE config
@ http://www.grouppolicy.biz/tag/white-list/

Typically you will want to configure the proxy that does this filtering hence the use of wpad etc. You may want to check out Blue Coat K9 Web Protection is one free home use software, you may want to test it out first before making the decision whether to purchase. It can go quite granular. It does not do whitelist directly but it would be configurable and it has real time update based on its dynamic page-rating technology
@ http://www1.k9webprotection.com/aboutk9/overview

0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question