Solved

Only Allow Access to Certain Webpages on a Domain Computer

Posted on 2014-01-14
10
345 Views
Last Modified: 2014-11-12
Hello,
     I currently have a domain machine running Windows 7 Professional on which I want to restrict the use to only using Outlook, a custom DB application, and Google drive. I'm having trouble restricting web use using tools built into Windows. I was going to use a proxy, but since Google drive is HTTPS, I'm having trouble with it. Does anybody have any suggestions?

Thanks!
0
Comment
Question by:indigo6
10 Comments
 
LVL 19

Assisted Solution

by:helpfinder
helpfinder earned 100 total points
ID: 39780481
there is a many ways, as you mentioned proxy, you can use some URL filters (white list) on your router or you can configure some VLAN like this (depends on your skills and network infrastructure)

Simple but not ideal solution how to do this is also use GPO and set IE proxy settings so only listed URLs will be accessible (but this will work only for IE, so you have to uninstall other web browsers if any and also probably it won´t work if somebody put USB stick and uses portable browser - depends how IT experienced users you have :))

Anyway that GPO is like this:
gpo
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 39780748
indigo6--
Use IE's Content Advisor (now called Family Safety).  (Do not be put off by the mention of its use with children.)
IE Tools|Internet Options|Content tab.
http://windows.microsoft.com/en-us/windows/using-content-advisor-block-inappropriate-content#1TC=windows-7  Click the "To Block or Allow Specific Websites" link.

There are third party apps such as K-9 that perform similarly.
http://www1.k9webprotection.com/
0
 
LVL 3

Expert Comment

by:Kyle Green
ID: 39780976
Another route, if you wish, put a PFSense box between the edge of your network and the network itself. You don't even need to use a proxy program but have it check requests and using firewall filters (you could do this with like... 3 rules...) just specify your allowed sites and then at the bottom but a blanket deny all rule. Realize this would also cut off Windows Update. It will however handle the HTTPS because it will be checking the destination address as requested in DNS.
0
 

Author Comment

by:indigo6
ID: 39783973
I'm leaning towards using Content Advisor, but even when I add the entire google domain, it still asks for the password.
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 39784062
indigo6--
Have you rebooted since setting Content Advisor up?

Is this the Content Advisor password being asked for or the IE password?

Are you allowed access to the Google sites when you enter the password?

I am not sure if this is the password to which you refer
http://www.wikihow.com/Remove-Content-Advisor-Password-in-Internet-Explorer
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:indigo6
ID: 39784273
It is the content advisor password. I am allowed to access the webpage for that browsing session. However, if I close IE and then reopen it, it asks again. But my allow list includes *.google.com, so the entire domain should be allowed.
0
 
LVL 50

Accepted Solution

by:
jcimarron earned 400 total points
ID: 39786019
indigo6--
You should not have to use a password to access allowed sites in Content Advisor.  
I do not know the procedure you used to set Content Advisor up.  Here is a short summary of the MS suggested procedure
http://windows.microsoft.com/en-us/windows/using-content-advisor-block-inappropriate-content#1TC=windows-7

But if that is what you used then here is an alternative method.
http://www.gegeek.com/documents/BAF79EC8E64F7DC911EF68D42485ABF1E8EF0D42.html
0
 

Author Comment

by:indigo6
ID: 39786570
jcimarron, I used the second method, and the problem was that I had to specify the protocol, that is, I had to type https://... in the allowed sites list. Thanks!
0
 

Author Closing Comment

by:indigo6
ID: 39786596
I ended up using the solution by jcimarron, I may use a proxy later, but this is ok for now.
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 39786755
indigo6--Glad to have helped.  Thanks for telling us about using https://
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While working, an annoying popup showing below will come and we cannot cancel or close it form the screen. The error message will come again and again.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
This Micro Tutorial will demonstrate importing calendar invites from events such as webinars into your Google Calendar.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now