[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 604
  • Last Modified:

Blocking Websites via Group Policy

How do I block website via Group Policy and make that change permanent throughout the environment? I am using Microsoft Windows Server 2003 for Small Business Server Service Pack 2.
0
jayfre
Asked:
jayfre
  • 5
  • 3
1 Solution
 
XaelianCommented:
If you don't have an ISA server or proxy server installed. You need to do this, because you can't block websites with a group policy. The only thing you can do is block internet traffic for a user group:

- Click "Start" -> "Run" -> "All Programs" -> "Admin Tools" -> "DNS"

1. Go to "DNS" -> <your server> -> Forward Lookup Zones

2. Right click in the right pane and click "New Zone..."
Click "Primary Zone" (check "Store zone in Active Directory) -> Next
To all domain controllers..." -> Next
one Name: <the domain you want to block WITHOUT the "www", ex. facebook.com> -> Next
"Allow only secure..." -> Next -> Finish

3. Click on the newly created zone in the left pane under "Forward Lookup Zones"
Right click in the right pane and click "New Host (A)"
Name: www
IP Address: 127.0.0.1
Place a checkmark next to "Create associated pointer (PTR) record"
Click "Add Host"


Done! Now, any requests for the web site will result in the user being redirected to their own computer (127.0.0.1). It's a hackjob because it's not the cleaner form that gives a "site blocked" message, but hey, that's Microsoft for you.
0
 
jayfreAuthor Commented:
Here is the message I get when performing the last step:

Warning: The associated pointer (PTR) record cannot be created, probably because the referenced reverse lookup zone cannot be found.
0
 
XaelianCommented:
Can you take a look at this, probably you've added something wrong:

http://support.microsoft.com/kb/166753
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
netballiCommented:
Just follow  Xaelian steps till the point 2

- Click "Start" -> "Run" -> "All Programs" -> "Admin Tools" -> "DNS"

1. Go to "DNS" -> <your server> -> Forward Lookup Zones

2. Right click in the right pane and click "New Zone..."
Click "Primary Zone" (check "Store zone in Active Directory) -> Next
To all domain controllers..." -> Next
one Name: <the domain you want to block WITHOUT the "www", ex. facebook.com> -> Next
"Allow only secure..." -> Next -> Finish

Then
3. Click on the newly created zone in the left pane under "Forward Lookup Zones"
Right click in the right pane and click "New Host (A)"
Name: www
IP Address: 0.0.0.0
Place a checkmark next to "Create associated pointer (PTR) record"
Click "Add Host"
0
 
XaelianCommented:
ah ok. It needs to be 0.0.0.0, I thought 127.0.0.0 to redirect them to their localhost.
0
 
jayfreAuthor Commented:
Thanks,

If I ever need to remove the website (make it available) can I just right click the zone and delete it?
0
 
XaelianCommented:
Yes, that's right.
0
 
jayfreAuthor Commented:
So, I just removed the website that I was blocking and I still cannot browse to it. I keep getting The Connection timed out page. However I can view this website from the server, and I can ping it from my local machine. Any suggestions?
0
 
XaelianCommented:
Flush dns settings on your machine.. Otherwise he'll keep them for a time
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now