We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

url blocking through group policy in windows server 2003 domain

Medium Priority
2,024 Views
Last Modified: 2012-05-11
hi
in my office we are using domain. windows server 2003 r3. we have windows 2000 professional, windows xp, windows vista clients.
we dont have any proxy server.
i am implementing group policies for restriction. i want to implement a policy like,

1. i want to block some sites to some users, remaining users should access those sites.
2. i want to allow only specified sites for some users according to their department.

i created OU according to the departments. only the thing i need to apply group policies through domain.

in my office, we are using IE6, IE7, IE8, OPERA, Firefox, Crome. i need a policy that should applicable to all the browsers.

please help me to solve this.


Thanks
Comment
Watch Question

JamesSenior Cloud Infrastructure Engineer
CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Commented:
JBond's solution will help, BUT, only for Internet Explorer.

The other browsers will ignore the group policy and will work fine. Your only alternatives are (pick one):

-3rd party software on the clients
-DNS redirection (make fake DNS entries, no user filtering possible though)
-Microsoft ISA server (firewall and proxy that will allow this and more in detail)

Some other 3rd party firewall/proxy appliances (some hardware some are software) will also do the job.
what are network resources you have? can you explain your present infrastructure?
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
actually here we are using some customized applications. so i cant use proxy. the only way i have through group policies in the domain.
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Hi Azhrei1,

DNS redirection (make fake DNS entries, no user filtering possible though)

how to do this DNS redirection?

i cant use proxy servers in my organization. i have to do with the group policies only.
is there any relation with the browser's version (IE) and group policies. i mean in our organization we have 2000, xp. vista clients. in 2000 i can use only IE6 and in remaining clients i am using IE7 and in server i am using IE8.

please help me.

Commented:
Hi Ramacha,

If you use a group policy and specify browser settings, they will apply to all versions of Internet Explorer, for all clients. There are some minor settings that older browser might not use, but they don't apply to url blocking.

As for your DNS, you can add websites you don't want users to visit to your DNS server, and specify an internal IP, for example of the DNS server itself, and then put a small html page in it's IIS webroot (or any other webserver you have/make), saying something like 'blocked by administrator'. Even better would be '404 Page unavailable' so they don't know you're blocking them.

Make sure you specify in your firewall that your users are not allowed to use other ports than 80 and 443 or they could circumvent your security by using a proxy server outside your network. Secondly you want to block DNS traffic from the outside to your local workstations as well, as they could circumvent by using another DNS server. This of course depends on the knowledge and skill of your users...the average user has no clue how to circumvent a fake dns entry.

Author

Commented:
hi azhrei1,
can you tell me how to apply these settings and where i have to apply in DNS server.
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Commented:
I don't know Ramachan, what kind of DNS server do you have? Windows 2003/2008?

Author

Commented:
windows server 2003 r2
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.