Solved

Allow Access ONLY to Google

Posted on 2013-05-24
5
376 Views
Last Modified: 2013-05-25
Hi All.

Win 7 Pro Clients, Win 2008 R2 Server.  
Police Station.  

Chief wants his client PCs to be able to ONLY go to Google (specifically Google Maps).  I tried using the hosts file, and I did this:

192.168.1.9   PDServer
76.211.198.133   maps.google.com (not the real IP, just for this example, EE people)!
76.211.155.109   ssl.googlestatic.com

I then went into the Network settings on these stations and told then to use 127.0.0.1 as their DNS.

When people login, they are not mapping to the drives on the server.  they have to manually remap the shares.  (i.e.  \\pdserver\users, etc)

Is there a better way to do this?  GPO maybe?  He does not have content filtering, so I can't restrict them that way.

thanks.
0
Comment
Question by:dougp23
5 Comments
 
LVL 3

Expert Comment

by:CITG_Carl
ID: 39194265
Dont change the DNS servers to 127.0.0.1, this will stop domain access/drive mappings/network file access

Ideally you would use content filtering to achieve this, have you thought about installing google earth/maps locally and denying all internet traffic?

Other solution is purchasing Microsoft Map Point

Cheers
0
 
LVL 14

Accepted Solution

by:
Don Thomson earned 500 total points
ID: 39194398
Have you tried setting up the Proxy in Internet Options/ Communications Lan Setttings  Proxy Settings

Set the proxy to 127.0.0.1  and then put
https://maps.google.com in as an exception.

Make sure you set both port 80 and 88 to the 127.0.0.1

It's not foolproof  but is a quick way of restricting people to one or just a few addresses.

Make sure that you also put in the URLs for windows updates and Virusscan updates

We usually put in the URLs for looking up ZIP or Postal Codes

Check the box which say not to use proxy for local addresses
0
 

Expert Comment

by:Amerilabdvickers
ID: 39194427
Hi Dougp23,
I would assume you have your 2008 R2 Server setup as a Domain Controller.  I would use the Group Policy settings to setup a default home page, you can create a policy to only allow that home page as well. You can also setup default mapped drives through GP.  I would setup all of these settings under Users only.  Then leave yourself and other admins out of the GP so you guys can still surf the web.
0
 
LVL 8

Expert Comment

by:d0ughb0y
ID: 39194958
You could use a Proxy Server, and filter the traffic that way. You'd need to set up a box as a proxy server, and install some free (i.e. WinProxy) or cheap (i.e. WinGate) proxy server software  on it. Then set up the GPO to point browsers to that device as the default proxy server, and set the firewall to only allow outbound web-traffic from that server. It would take some time to futz around and figure it all out, but you could do it. (While you're at it, you could set up a login script to map their drives for them as well...)

But here's another thought: How much money is it costing him to have you chase down this wild hare, vs. popping for a decent business-class router/firewall with content filtering. You could do this easily with a SonicWALL - even a TZ-105 would do the job. The box would cost about $400. A 2-year 8x5 Support contract would cost about $120, and the annual Content Filter subscription would cost somewhere around $100. So all told, we're talking around $720 - that's around $13/week - less, after year 1. How much are you costing him experimenting to get something to work that isn't designed to?

Sometimes, you have to get clarity on what they want, and then show them why the "cheap" solution, isn't so cheap.
0
 
LVL 2

Expert Comment

by:Chris_Ryan81
ID: 39195128
Easiest way I can come up with is set a static route for all addesses you want, and a different static route for all else.  


x = Local network
y = Google
z  = rest of the internet

I am assuming your default gateway is xxx.xxx.xxx.1

route -p add xxx.xxx.xxx.xxx mask 255.255.255.0 xxx.xxx.xxx.1 
route -p add yyy.yyy.yyy.yyy mask 255.255.255.255 xxx.xxx.xxx.1 
route -p add zzz.zzz.zzz.zzz mask 0.0.0.0 xxx.xxx.xxx.2 (This is a fake address) 

Open in new window


Edit: or remove the Default gateway from internet properties and set the first 2 static routes above.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
A quick guide on how to use Group Policy to create a custom power plan and set it active on Windows 7.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question