Solved

Only Allow Access to Certain Webpages on a Domain Computer

Posted on 2014-01-14
10
355 Views
Last Modified: 2014-11-12
Hello,
     I currently have a domain machine running Windows 7 Professional on which I want to restrict the use to only using Outlook, a custom DB application, and Google drive. I'm having trouble restricting web use using tools built into Windows. I was going to use a proxy, but since Google drive is HTTPS, I'm having trouble with it. Does anybody have any suggestions?

Thanks!
0
Comment
Question by:indigo6
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 19

Assisted Solution

by:helpfinder
helpfinder earned 100 total points
ID: 39780481
there is a many ways, as you mentioned proxy, you can use some URL filters (white list) on your router or you can configure some VLAN like this (depends on your skills and network infrastructure)

Simple but not ideal solution how to do this is also use GPO and set IE proxy settings so only listed URLs will be accessible (but this will work only for IE, so you have to uninstall other web browsers if any and also probably it won´t work if somebody put USB stick and uses portable browser - depends how IT experienced users you have :))

Anyway that GPO is like this:
gpo
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 39780748
indigo6--
Use IE's Content Advisor (now called Family Safety).  (Do not be put off by the mention of its use with children.)
IE Tools|Internet Options|Content tab.
http://windows.microsoft.com/en-us/windows/using-content-advisor-block-inappropriate-content#1TC=windows-7  Click the "To Block or Allow Specific Websites" link.

There are third party apps such as K-9 that perform similarly.
http://www1.k9webprotection.com/
0
 
LVL 3

Expert Comment

by:Kyle Green
ID: 39780976
Another route, if you wish, put a PFSense box between the edge of your network and the network itself. You don't even need to use a proxy program but have it check requests and using firewall filters (you could do this with like... 3 rules...) just specify your allowed sites and then at the bottom but a blanket deny all rule. Realize this would also cut off Windows Update. It will however handle the HTTPS because it will be checking the destination address as requested in DNS.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:indigo6
ID: 39783973
I'm leaning towards using Content Advisor, but even when I add the entire google domain, it still asks for the password.
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 39784062
indigo6--
Have you rebooted since setting Content Advisor up?

Is this the Content Advisor password being asked for or the IE password?

Are you allowed access to the Google sites when you enter the password?

I am not sure if this is the password to which you refer
http://www.wikihow.com/Remove-Content-Advisor-Password-in-Internet-Explorer
0
 

Author Comment

by:indigo6
ID: 39784273
It is the content advisor password. I am allowed to access the webpage for that browsing session. However, if I close IE and then reopen it, it asks again. But my allow list includes *.google.com, so the entire domain should be allowed.
0
 
LVL 50

Accepted Solution

by:
jcimarron earned 400 total points
ID: 39786019
indigo6--
You should not have to use a password to access allowed sites in Content Advisor.  
I do not know the procedure you used to set Content Advisor up.  Here is a short summary of the MS suggested procedure
http://windows.microsoft.com/en-us/windows/using-content-advisor-block-inappropriate-content#1TC=windows-7

But if that is what you used then here is an alternative method.
http://www.gegeek.com/documents/BAF79EC8E64F7DC911EF68D42485ABF1E8EF0D42.html
0
 

Author Comment

by:indigo6
ID: 39786570
jcimarron, I used the second method, and the problem was that I had to specify the protocol, that is, I had to type https://... in the allowed sites list. Thanks!
0
 

Author Closing Comment

by:indigo6
ID: 39786596
I ended up using the solution by jcimarron, I may use a proxy later, but this is ok for now.
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 39786755
indigo6--Glad to have helped.  Thanks for telling us about using https://
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question