• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 690
  • Last Modified:

How to block Facebook and get reports

I have a client that has 7 PCs and a server. Windows XP Pro on the PCs and 2008 on the server.

The owner is having problems with the staff surfing to Facebook, shopping on Amazon, etc. He is looking for the most cost effective solution to to block just Facebook access and/or if possible, be able to run a report showing who and when did try.

Is this possible since it is just one website to be able to do it with server 2008? I know that a barracuda web filter will do this, but isn't that a bit over kill?

thanks in advance.
7 Solutions
You can do this through your firewall on windows Server 2008 by creating a new block rule, you can also use a custom GPO but this is harder.  If your client has 75 PC's and a server you should really look into having some type of physical firewall, or web filter. A barracuda web filter, or a barracuda or watchguard firewall, or firebox are really excellent products aimed at small to medium sized businesses..  These can be set up to block certain PC's from accessing certain sites. You can play big brother also and use it for real time monitoring of traffic, websites, and bandwidth.

Hope this helps.
You could also use OpenDNS Deluxe:

It can blacklist specific domains, as well as provide reports on the other internet usage (to see where all the users migrate to once Facebook is blocked, perhaps). And only $5 per user per year.
I didn't understand if your client has a firewall or not, that in any case is a must, considering his problem with Facebook & Co. or not. Once said this what your client needs is a web content filtering system.

This feature can be offered by the firewall, but only by medium / high class firewalls. If his one doesn't offer this and doesn't want to change it you could achieve the result in other ways.
A good choice at a minimum cost is using Untangle, that is a Linux system that you can implement in different ways. Untangle has many modules (see details on their website) including a content filter.

If you have (your client has) an old PC you can install Untangle on this (it's an o.s., not just an application, it replace Windows) and you'll get a complete and cost effective solution for filtering the access to the Internet. There are at least two version of this module (and others): one is for free and one is a commercial addon. Depending on the need you could be satisfied with the first or with the second, if you need more features and more granularity in setting permissions.
The commercial addon shouldn't be much expensive, anyway. Regarding the installation, on the Untangle website there are exhaustive details about this. It's not complicated.

There are many products offering web content filtering, of course (appliances, software or web/Internet services, like opendns, that is another good possibility, for example). But Untangle could be a good choice for many reasons.
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

Another quick solution without further costs would be enabling the Internet Explorer Content Advisor per Group Policy and add an unapproved site, for example www.facebook.com , to the list.

The Internet Content Advisor can be found in Group Policy under User Configuration/Policies/Internet Explorer Maintenance/Security/Security Zones and Content Ratings. By doubleclick under Content Ratings select Import the current Content Rating Settings. Click on Modify Settings. Put the slider to unrestricted. Then click on the tab Approved sites and add www.facebook.com as an unapproved site by clicking on the button Never.

When this policy is applied user won't be able to go to Facebook unless they know the password which has been set.
If you control the DNS servers, you can just blackhole facebook.com on DNS ( eg resolve it to ) and log any requests for the domain to see who is attempting to access it.

My respect to the others that have posted the latest two replies, but I think it should be useful for the author of the question to know that:

1)  blocking a site (like Facebook) using DNS solves the problem for that single website. If you want to block other websites or services you can quickly gather that this approach is inappropriate.

2) using the GPO on Active Directory to block or limit the navigation works with Internet Explorer only. Users can anytime bypass all these limitations simply using another browser (Firefox, Opera, Chrome).
If we are talking about a network of 7 PCs and a server it's rather unlikely that we are in a situation where users are forbidden to install different browsers on their PCs. And it's very probable that they're already using Firefox.
Don ThomsonCommented:
Do what we tell our clients to do on small systems like this -
Put out a memo that has to be signed and returned by each emaployee - saying You are being paid to work - not surf the net - That we are now tracking all internet activity and that this is now company policy - Have them sin below and return it to the boss - Make it clear that if this policy is disregarded that the consequences could be unemployment.

Sometimes a non-technical solution to a problem is much easier than a costly and complicated one -

Like my old boss at IBM used to say

New Company Policy - WORK OR GET FIRED
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now