Solved

Only Allow Access to Certain Webpages on a Domain Computer

Posted on 2014-01-14
10
358 Views
Last Modified: 2014-11-12
Hello,
     I currently have a domain machine running Windows 7 Professional on which I want to restrict the use to only using Outlook, a custom DB application, and Google drive. I'm having trouble restricting web use using tools built into Windows. I was going to use a proxy, but since Google drive is HTTPS, I'm having trouble with it. Does anybody have any suggestions?

Thanks!
0
Comment
Question by:indigo6
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 19

Assisted Solution

by:helpfinder
helpfinder earned 100 total points
ID: 39780481
there is a many ways, as you mentioned proxy, you can use some URL filters (white list) on your router or you can configure some VLAN like this (depends on your skills and network infrastructure)

Simple but not ideal solution how to do this is also use GPO and set IE proxy settings so only listed URLs will be accessible (but this will work only for IE, so you have to uninstall other web browsers if any and also probably it won´t work if somebody put USB stick and uses portable browser - depends how IT experienced users you have :))

Anyway that GPO is like this:
gpo
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 39780748
indigo6--
Use IE's Content Advisor (now called Family Safety).  (Do not be put off by the mention of its use with children.)
IE Tools|Internet Options|Content tab.
http://windows.microsoft.com/en-us/windows/using-content-advisor-block-inappropriate-content#1TC=windows-7  Click the "To Block or Allow Specific Websites" link.

There are third party apps such as K-9 that perform similarly.
http://www1.k9webprotection.com/
0
 
LVL 3

Expert Comment

by:Kyle Green
ID: 39780976
Another route, if you wish, put a PFSense box between the edge of your network and the network itself. You don't even need to use a proxy program but have it check requests and using firewall filters (you could do this with like... 3 rules...) just specify your allowed sites and then at the bottom but a blanket deny all rule. Realize this would also cut off Windows Update. It will however handle the HTTPS because it will be checking the destination address as requested in DNS.
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 

Author Comment

by:indigo6
ID: 39783973
I'm leaning towards using Content Advisor, but even when I add the entire google domain, it still asks for the password.
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 39784062
indigo6--
Have you rebooted since setting Content Advisor up?

Is this the Content Advisor password being asked for or the IE password?

Are you allowed access to the Google sites when you enter the password?

I am not sure if this is the password to which you refer
http://www.wikihow.com/Remove-Content-Advisor-Password-in-Internet-Explorer
0
 

Author Comment

by:indigo6
ID: 39784273
It is the content advisor password. I am allowed to access the webpage for that browsing session. However, if I close IE and then reopen it, it asks again. But my allow list includes *.google.com, so the entire domain should be allowed.
0
 
LVL 50

Accepted Solution

by:
jcimarron earned 400 total points
ID: 39786019
indigo6--
You should not have to use a password to access allowed sites in Content Advisor.  
I do not know the procedure you used to set Content Advisor up.  Here is a short summary of the MS suggested procedure
http://windows.microsoft.com/en-us/windows/using-content-advisor-block-inappropriate-content#1TC=windows-7

But if that is what you used then here is an alternative method.
http://www.gegeek.com/documents/BAF79EC8E64F7DC911EF68D42485ABF1E8EF0D42.html
0
 

Author Comment

by:indigo6
ID: 39786570
jcimarron, I used the second method, and the problem was that I had to specify the protocol, that is, I had to type https://... in the allowed sites list. Thanks!
0
 

Author Closing Comment

by:indigo6
ID: 39786596
I ended up using the solution by jcimarron, I may use a proxy later, but this is ok for now.
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 39786755
indigo6--Glad to have helped.  Thanks for telling us about using https://
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Here's a look at newsworthy articles and community happenings during the last month.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question