block facebook in group policy

How can i block facebook through group policy? i went into the group policy editor, under user configuration,  windows settings, internet explorer maintenance, security, security zones and content ratings, content ratings, approved sites:

then i entered "http://www.facebook.com" and choose never. I also enter "*.facebook.com" & "facebook.com" just to be sure.

Then i went to a user's machine and did gpupdate /force and tried going to facebook and it took me there :(

What did i do wrong and how can i block facebook?


I am using windows server 2008 r2.
RuroshinAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

uescompCommented:
you would want to put a wildcard in there so it grabs all sub domains, example: www.facebook.*

Also try rebooting the workstation for group policy does not always work doing the /force so a reboot will help.
uescompCommented:
Another solution is to check out Open DNS, its free and if you have a static you can use open dns to block websites, and you can view a list of all the sites trying to be visited, also displays a count on how many attempts were made to access those sites also etc.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RuroshinAuthor Commented:
I tried rebooting the user's computer and the user is still able to access facebook. if possible i want to use 3rd party products as a last resort. is there anything else i can try through group policy?
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

Bill4U2Commented:
Dont need GPO for that
Put this in your hosts file ===| C:\WINDOWS\system32\drivers\etc\hosts
# get rid of that crap
127.0.0.1      xiti.com
127.0.0.1      urchin.com
127.0.0.1      google-analytics.com
127.0.0.1      facebook.com
RuroshinAuthor Commented:
@Bill4U2

how would i do that? where is the host file located? Are you able to provide steps for me to follow?
RuroshinAuthor Commented:
@Bill4U2

Nevermind i found it lol

do i have to place this on each user's machine? or can i do this by just placing it on the server?
uescompCommented:
machine
RuroshinAuthor Commented:
I see i have to place it on each machine under this computer.
Bill4U2Commented:
If you have many machines, say in a domain, you can copy the file from a "master" from the login script. It a KISS solution good enough for the casual user.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.