[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Allow Access ONLY to Google

Posted on 2013-05-24
5
Medium Priority
?
383 Views
Last Modified: 2013-05-25
Hi All.

Win 7 Pro Clients, Win 2008 R2 Server.  
Police Station.  

Chief wants his client PCs to be able to ONLY go to Google (specifically Google Maps).  I tried using the hosts file, and I did this:

192.168.1.9   PDServer
76.211.198.133   maps.google.com (not the real IP, just for this example, EE people)!
76.211.155.109   ssl.googlestatic.com

I then went into the Network settings on these stations and told then to use 127.0.0.1 as their DNS.

When people login, they are not mapping to the drives on the server.  they have to manually remap the shares.  (i.e.  \\pdserver\users, etc)

Is there a better way to do this?  GPO maybe?  He does not have content filtering, so I can't restrict them that way.

thanks.
0
Comment
Question by:dougp23
5 Comments
 
LVL 3

Expert Comment

by:CITG_Carl
ID: 39194265
Dont change the DNS servers to 127.0.0.1, this will stop domain access/drive mappings/network file access

Ideally you would use content filtering to achieve this, have you thought about installing google earth/maps locally and denying all internet traffic?

Other solution is purchasing Microsoft Map Point

Cheers
0
 
LVL 14

Accepted Solution

by:
Don Thomson earned 2000 total points
ID: 39194398
Have you tried setting up the Proxy in Internet Options/ Communications Lan Setttings  Proxy Settings

Set the proxy to 127.0.0.1  and then put
https://maps.google.com in as an exception.

Make sure you set both port 80 and 88 to the 127.0.0.1

It's not foolproof  but is a quick way of restricting people to one or just a few addresses.

Make sure that you also put in the URLs for windows updates and Virusscan updates

We usually put in the URLs for looking up ZIP or Postal Codes

Check the box which say not to use proxy for local addresses
0
 

Expert Comment

by:Amerilabdvickers
ID: 39194427
Hi Dougp23,
I would assume you have your 2008 R2 Server setup as a Domain Controller.  I would use the Group Policy settings to setup a default home page, you can create a policy to only allow that home page as well. You can also setup default mapped drives through GP.  I would setup all of these settings under Users only.  Then leave yourself and other admins out of the GP so you guys can still surf the web.
0
 
LVL 8

Expert Comment

by:d0ughb0y
ID: 39194958
You could use a Proxy Server, and filter the traffic that way. You'd need to set up a box as a proxy server, and install some free (i.e. WinProxy) or cheap (i.e. WinGate) proxy server software  on it. Then set up the GPO to point browsers to that device as the default proxy server, and set the firewall to only allow outbound web-traffic from that server. It would take some time to futz around and figure it all out, but you could do it. (While you're at it, you could set up a login script to map their drives for them as well...)

But here's another thought: How much money is it costing him to have you chase down this wild hare, vs. popping for a decent business-class router/firewall with content filtering. You could do this easily with a SonicWALL - even a TZ-105 would do the job. The box would cost about $400. A 2-year 8x5 Support contract would cost about $120, and the annual Content Filter subscription would cost somewhere around $100. So all told, we're talking around $720 - that's around $13/week - less, after year 1. How much are you costing him experimenting to get something to work that isn't designed to?

Sometimes, you have to get clarity on what they want, and then show them why the "cheap" solution, isn't so cheap.
0
 
LVL 2

Expert Comment

by:Chris_Ryan81
ID: 39195128
Easiest way I can come up with is set a static route for all addesses you want, and a different static route for all else.  


x = Local network
y = Google
z  = rest of the internet

I am assuming your default gateway is xxx.xxx.xxx.1

route -p add xxx.xxx.xxx.xxx mask 255.255.255.0 xxx.xxx.xxx.1 
route -p add yyy.yyy.yyy.yyy mask 255.255.255.255 xxx.xxx.xxx.1 
route -p add zzz.zzz.zzz.zzz mask 0.0.0.0 xxx.xxx.xxx.2 (This is a fake address) 

Open in new window


Edit: or remove the Default gateway from internet properties and set the first 2 static routes above.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
Suggested Courses

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question