Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Allow Access ONLY to Google

Posted on 2013-05-24
5
Medium Priority
?
381 Views
Last Modified: 2013-05-25
Hi All.

Win 7 Pro Clients, Win 2008 R2 Server.  
Police Station.  

Chief wants his client PCs to be able to ONLY go to Google (specifically Google Maps).  I tried using the hosts file, and I did this:

192.168.1.9   PDServer
76.211.198.133   maps.google.com (not the real IP, just for this example, EE people)!
76.211.155.109   ssl.googlestatic.com

I then went into the Network settings on these stations and told then to use 127.0.0.1 as their DNS.

When people login, they are not mapping to the drives on the server.  they have to manually remap the shares.  (i.e.  \\pdserver\users, etc)

Is there a better way to do this?  GPO maybe?  He does not have content filtering, so I can't restrict them that way.

thanks.
0
Comment
Question by:dougp23
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 3

Expert Comment

by:CITG_Carl
ID: 39194265
Dont change the DNS servers to 127.0.0.1, this will stop domain access/drive mappings/network file access

Ideally you would use content filtering to achieve this, have you thought about installing google earth/maps locally and denying all internet traffic?

Other solution is purchasing Microsoft Map Point

Cheers
0
 
LVL 14

Accepted Solution

by:
Don Thomson earned 2000 total points
ID: 39194398
Have you tried setting up the Proxy in Internet Options/ Communications Lan Setttings  Proxy Settings

Set the proxy to 127.0.0.1  and then put
https://maps.google.com in as an exception.

Make sure you set both port 80 and 88 to the 127.0.0.1

It's not foolproof  but is a quick way of restricting people to one or just a few addresses.

Make sure that you also put in the URLs for windows updates and Virusscan updates

We usually put in the URLs for looking up ZIP or Postal Codes

Check the box which say not to use proxy for local addresses
0
 

Expert Comment

by:Amerilabdvickers
ID: 39194427
Hi Dougp23,
I would assume you have your 2008 R2 Server setup as a Domain Controller.  I would use the Group Policy settings to setup a default home page, you can create a policy to only allow that home page as well. You can also setup default mapped drives through GP.  I would setup all of these settings under Users only.  Then leave yourself and other admins out of the GP so you guys can still surf the web.
0
 
LVL 8

Expert Comment

by:d0ughb0y
ID: 39194958
You could use a Proxy Server, and filter the traffic that way. You'd need to set up a box as a proxy server, and install some free (i.e. WinProxy) or cheap (i.e. WinGate) proxy server software  on it. Then set up the GPO to point browsers to that device as the default proxy server, and set the firewall to only allow outbound web-traffic from that server. It would take some time to futz around and figure it all out, but you could do it. (While you're at it, you could set up a login script to map their drives for them as well...)

But here's another thought: How much money is it costing him to have you chase down this wild hare, vs. popping for a decent business-class router/firewall with content filtering. You could do this easily with a SonicWALL - even a TZ-105 would do the job. The box would cost about $400. A 2-year 8x5 Support contract would cost about $120, and the annual Content Filter subscription would cost somewhere around $100. So all told, we're talking around $720 - that's around $13/week - less, after year 1. How much are you costing him experimenting to get something to work that isn't designed to?

Sometimes, you have to get clarity on what they want, and then show them why the "cheap" solution, isn't so cheap.
0
 
LVL 2

Expert Comment

by:Chris_Ryan81
ID: 39195128
Easiest way I can come up with is set a static route for all addesses you want, and a different static route for all else.  


x = Local network
y = Google
z  = rest of the internet

I am assuming your default gateway is xxx.xxx.xxx.1

route -p add xxx.xxx.xxx.xxx mask 255.255.255.0 xxx.xxx.xxx.1 
route -p add yyy.yyy.yyy.yyy mask 255.255.255.255 xxx.xxx.xxx.1 
route -p add zzz.zzz.zzz.zzz mask 0.0.0.0 xxx.xxx.xxx.2 (This is a fake address) 

Open in new window


Edit: or remove the Default gateway from internet properties and set the first 2 static routes above.
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
There are many software programs on offer that will claim to magically speed up your computer. The best advice I can give you is to avoid them like the plague, because they will often cause far more problems than they solve. Try some of these "do it…
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question