Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Block websites but still allow for some users

Posted on 2011-09-22
7
Medium Priority
?
336 Views
Last Modified: 2012-12-16
Hello,

I'm currently helping a company that got following issue:
Their needs are to block sites like youtube.com/facebook.com etc anything not work related.

That is currently done by redirecting the website on the Domain Controllers DNS, so the users can't do domain lookups.
 
The problem is that some users need to get access to some of those websites.

The current solutions that is done is with changing the dns on the users PC to googleDNS.
But that leaves problems when the users need to sync up to the AD.(note the company currently only has one DC)

I have tried with creating hosts file on the PC while using google dns
eg
10.8.8.2   dc00.company.local
But still when doing nslookup to dc00/dc00.company.local or 10.8.8.2 it wont look up in the hosts file before it looks in google dns.

Anyone have idea what a possible solutions could be?
0
Comment
Question by:Infolink_Denmark
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 500 total points
ID: 36578911
The most simple way is to use local hosts file on each worksatation :) File is located in %WINDIR%\SYSTEM32\Drivers\Etc

put there lines in this format

www.facebook.com 127.0.0.1
www.youtube.com 127.0.0.1

and they won't be able to access those pages :) It's a littlee bit work but it can be scripted or used by GPO

Another way is to set up PROXY server based on example on SQUID and configure access rules for user groups.

Regards,
Krzysztof
0
 
LVL 18

Expert Comment

by:Alan
ID: 36579050
Hi,

If you want to block those sites on some *machines* then you could setup the HOSTS files on those machines by putting in entries such as:

127.0.0.1    www.youtube.com

However, note that doing so will block those sites for ALL USERS on those machines.

Alternatively, you could use some dedicated software on the server and / or gateway that would offer more granularity.

If most users are matched to, and use, only one machine, then the HOSTS file solution could be easiest, especially if the total number of machines is not to great (20 would be manageable, 200 would be too much of a pain).

HTH,

Alan.
0
 

Author Comment

by:Infolink_Denmark
ID: 36579780
There is about 80-100 users and 10 of them need access to it.
I'm currently thinking of using eg Internet Explorer with a proxy setting and then just tell them to only use that browser to access the websites
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 

Author Comment

by:Infolink_Denmark
ID: 36579796
To Alan3285:

It's the other way around i need to allow it on some "machines" but for all the others it need to blocked
0
 
LVL 18

Accepted Solution

by:
Alan earned 500 total points
ID: 36583464
H Infolink_Denmark,

Same answer (if you go that way).  You set the HOSTS file on the 90 machines that are blocked, and leave it blank (default) on the 10 machines that you want to allow to reach those sites.

You mention using a proxy.  That would work, and if you set up a proxy with authentication and rules, you could make all the machines point there, and handle things at a user level which seems a better solution, but more complicated to set up.

Alan.
0
 
LVL 26

Expert Comment

by:Pber
ID: 38695551
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question