Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 387
  • Last Modified:

Allow Access ONLY to Google

Hi All.

Win 7 Pro Clients, Win 2008 R2 Server.  
Police Station.  

Chief wants his client PCs to be able to ONLY go to Google (specifically Google Maps).  I tried using the hosts file, and I did this:

192.168.1.9   PDServer
76.211.198.133   maps.google.com (not the real IP, just for this example, EE people)!
76.211.155.109   ssl.googlestatic.com

I then went into the Network settings on these stations and told then to use 127.0.0.1 as their DNS.

When people login, they are not mapping to the drives on the server.  they have to manually remap the shares.  (i.e.  \\pdserver\users, etc)

Is there a better way to do this?  GPO maybe?  He does not have content filtering, so I can't restrict them that way.

thanks.
0
dougp23
Asked:
dougp23
1 Solution
 
CITG_CarlCommented:
Dont change the DNS servers to 127.0.0.1, this will stop domain access/drive mappings/network file access

Ideally you would use content filtering to achieve this, have you thought about installing google earth/maps locally and denying all internet traffic?

Other solution is purchasing Microsoft Map Point

Cheers
0
 
Don ThomsonCommented:
Have you tried setting up the Proxy in Internet Options/ Communications Lan Setttings  Proxy Settings

Set the proxy to 127.0.0.1  and then put
https://maps.google.com in as an exception.

Make sure you set both port 80 and 88 to the 127.0.0.1

It's not foolproof  but is a quick way of restricting people to one or just a few addresses.

Make sure that you also put in the URLs for windows updates and Virusscan updates

We usually put in the URLs for looking up ZIP or Postal Codes

Check the box which say not to use proxy for local addresses
0
 
AmerilabdvickersCommented:
Hi Dougp23,
I would assume you have your 2008 R2 Server setup as a Domain Controller.  I would use the Group Policy settings to setup a default home page, you can create a policy to only allow that home page as well. You can also setup default mapped drives through GP.  I would setup all of these settings under Users only.  Then leave yourself and other admins out of the GP so you guys can still surf the web.
0
 
d0ughb0yPresident / CEOCommented:
You could use a Proxy Server, and filter the traffic that way. You'd need to set up a box as a proxy server, and install some free (i.e. WinProxy) or cheap (i.e. WinGate) proxy server software  on it. Then set up the GPO to point browsers to that device as the default proxy server, and set the firewall to only allow outbound web-traffic from that server. It would take some time to futz around and figure it all out, but you could do it. (While you're at it, you could set up a login script to map their drives for them as well...)

But here's another thought: How much money is it costing him to have you chase down this wild hare, vs. popping for a decent business-class router/firewall with content filtering. You could do this easily with a SonicWALL - even a TZ-105 would do the job. The box would cost about $400. A 2-year 8x5 Support contract would cost about $120, and the annual Content Filter subscription would cost somewhere around $100. So all told, we're talking around $720 - that's around $13/week - less, after year 1. How much are you costing him experimenting to get something to work that isn't designed to?

Sometimes, you have to get clarity on what they want, and then show them why the "cheap" solution, isn't so cheap.
0
 
Chris_Ryan81Commented:
Easiest way I can come up with is set a static route for all addesses you want, and a different static route for all else.  


x = Local network
y = Google
z  = rest of the internet

I am assuming your default gateway is xxx.xxx.xxx.1

route -p add xxx.xxx.xxx.xxx mask 255.255.255.0 xxx.xxx.xxx.1 
route -p add yyy.yyy.yyy.yyy mask 255.255.255.255 xxx.xxx.xxx.1 
route -p add zzz.zzz.zzz.zzz mask 0.0.0.0 xxx.xxx.xxx.2 (This is a fake address) 

Open in new window


Edit: or remove the Default gateway from internet properties and set the first 2 static routes above.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now