How to block Facebook and get reports

I have a client that has 7 PCs and a server. Windows XP Pro on the PCs and 2008 on the server.

The owner is having problems with the staff surfing to Facebook, shopping on Amazon, etc. He is looking for the most cost effective solution to to block just Facebook access and/or if possible, be able to run a report showing who and when did try.

Is this possible since it is just one website to be able to do it with server 2008? I know that a barracuda web filter will do this, but isn't that a bit over kill?

thanks in advance.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You can do this through your firewall on windows Server 2008 by creating a new block rule, you can also use a custom GPO but this is harder.  If your client has 75 PC's and a server you should really look into having some type of physical firewall, or web filter. A barracuda web filter, or a barracuda or watchguard firewall, or firebox are really excellent products aimed at small to medium sized businesses..  These can be set up to block certain PC's from accessing certain sites. You can play big brother also and use it for real time monitoring of traffic, websites, and bandwidth.

Hope this helps.
You could also use OpenDNS Deluxe:

It can blacklist specific domains, as well as provide reports on the other internet usage (to see where all the users migrate to once Facebook is blocked, perhaps). And only $5 per user per year.
I didn't understand if your client has a firewall or not, that in any case is a must, considering his problem with Facebook & Co. or not. Once said this what your client needs is a web content filtering system.

This feature can be offered by the firewall, but only by medium / high class firewalls. If his one doesn't offer this and doesn't want to change it you could achieve the result in other ways.
A good choice at a minimum cost is using Untangle, that is a Linux system that you can implement in different ways. Untangle has many modules (see details on their website) including a content filter.

If you have (your client has) an old PC you can install Untangle on this (it's an o.s., not just an application, it replace Windows) and you'll get a complete and cost effective solution for filtering the access to the Internet. There are at least two version of this module (and others): one is for free and one is a commercial addon. Depending on the need you could be satisfied with the first or with the second, if you need more features and more granularity in setting permissions.
The commercial addon shouldn't be much expensive, anyway. Regarding the installation, on the Untangle website there are exhaustive details about this. It's not complicated.

There are many products offering web content filtering, of course (appliances, software or web/Internet services, like opendns, that is another good possibility, for example). But Untangle could be a good choice for many reasons.
Make Network Traffic Fast and Furious with SD-WAN

Software-defined WAN (SD-WAN) is a technology that determines the most effective way to route traffic to and from datacenter sites. Register for the webinar today to learn how your business can benefit from SD-WAN!

Another quick solution without further costs would be enabling the Internet Explorer Content Advisor per Group Policy and add an unapproved site, for example , to the list.

The Internet Content Advisor can be found in Group Policy under User Configuration/Policies/Internet Explorer Maintenance/Security/Security Zones and Content Ratings. By doubleclick under Content Ratings select Import the current Content Rating Settings. Click on Modify Settings. Put the slider to unrestricted. Then click on the tab Approved sites and add as an unapproved site by clicking on the button Never.

When this policy is applied user won't be able to go to Facebook unless they know the password which has been set.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
If you control the DNS servers, you can just blackhole on DNS ( eg resolve it to ) and log any requests for the domain to see who is attempting to access it.

My respect to the others that have posted the latest two replies, but I think it should be useful for the author of the question to know that:

1)  blocking a site (like Facebook) using DNS solves the problem for that single website. If you want to block other websites or services you can quickly gather that this approach is inappropriate.

2) using the GPO on Active Directory to block or limit the navigation works with Internet Explorer only. Users can anytime bypass all these limitations simply using another browser (Firefox, Opera, Chrome).
If we are talking about a network of 7 PCs and a server it's rather unlikely that we are in a situation where users are forbidden to install different browsers on their PCs. And it's very probable that they're already using Firefox.
Don ThomsonCommented:
Do what we tell our clients to do on small systems like this -
Put out a memo that has to be signed and returned by each emaployee - saying You are being paid to work - not surf the net - That we are now tracking all internet activity and that this is now company policy - Have them sin below and return it to the boss - Make it clear that if this policy is disregarded that the consequences could be unemployment.

Sometimes a non-technical solution to a problem is much easier than a costly and complicated one -

Like my old boss at IBM used to say

New Company Policy - WORK OR GET FIRED
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.