Solved

block website terminal server hosted

Posted on 2015-02-13
13
32 Views
Last Modified: 2015-03-05
hey guys,

we have an offsite terminal server that users connect to. I'd like to block youtube, facebook, etc for the majority of users.

What's the most cost effective way to do this?
0
Comment
Question by:Cobra25
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 3
  • +1
13 Comments
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40609414
The best way to block content has been and still is at the network edge. A simple UTM can do this, and even the basic models can do this easily. Perfect to drop in front of an offsite server as they can often be centrally managed.
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40609416
Cliff, this is hosted outside of our environment. We dont control the network edge.
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40609428
Ahh. That wasn't mentioned in your question. "Offsite" could be a colo facility or other circumstance as well. But it doesn't change my advice much. Most good hosting environments still provide you a sandboxes network environment where all your host machines can communicate. In that situation, I'd run a UTM as a hosted service. Barracuda, Sophos, and many other UTM vendors can run as software, not just as an appliance. I have this set up for several clients in azure and AWS. But the principle is the same with other hosters as well.
0
Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

 
LVL 4

Author Comment

by:Cobra25
ID: 40609432
a UTM device is NOT an option here.
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40609441
Well, you've painted yourself in a corner then. There are very few agent-based web filtering products that can run on a server OS. They tend to version-check and run on client OSes only. And the few that do often don't run on RDS (the proper name for terminal services.) So you are looking for that 1% of 1%. And they are not inexpensive, as you asked for.
0
 
LVL 13

Expert Comment

by:upalakshitha
ID: 40609777
Add record to host file 127.0.0.1 facebook.com
Do same for other sites.but this will affect for whole server.all users will be blocked.
Thank you
0
 
LVL 13

Expert Comment

by:upalakshitha
ID: 40609781
Also if server is not a member of any domain, if you can point server dns to opendns you can have perfect filtering for free. This also applies to whole server.
Thank you
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40609889
Upalak, yes it is on domain
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40610271
DNS does not block web traffic *at all.* While it can make finding Facebook 'slightly' harder, it is easy to circumvent.
0
 
LVL 24

Expert Comment

by:Dirk Kotte
ID: 40610853
would suggest to use a content filtering proxy in one arm installation beside the terminalservers and configure the proxy settings via GPO.
These "proxy" can be a UTM (like sophos UTM) also.
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40636856
would openDNS work?
0
 
LVL 24

Accepted Solution

by:
Dirk Kotte earned 500 total points
ID: 40636971
i think that`s possible.
but if someone use the IP instead the dns-name the dns-filtering has no effect.
there are ip-reacheble anonymizing  proxys which bypass your dns-filter.
0
 
LVL 13

Expert Comment

by:upalakshitha
ID: 40639612
No.if you have blocked with host or domain name, it does not allow browsing from ip too.
Add facebook & youtube domain to opendns block list. Then block proxy sites catagory it is enough . Now no way to browse fb.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question