Blocking Sites with Windows 2k3 NAT

[strike101]

Hi i'm currently using basic Windows 2k3 NAT (RRAS) , no active directory , dns server role or etc....

how can i block sites (porn sites , youtube and etc) , is there a way i can block the domain names ? <- to prevent clients

 

[MadRat]

My first thought would be to grab one of the huge hosts files and see if they loopback on DNS requests. Would be cool to redirect to a page that looks as if you are logging these attempts to use the Internet in such way they could be visited by H.R.

 

[strike101]

Well if that doesn't work , i'll just edit the host files on the clients... but that would be time consuming... anyway will try that now

 

[MadRat]

Its pretty easy to write a batch file to drop the hosts files down to the clients, make them read only attribule for all users, and lock them to read only rights for the users. If you lock down the attribute its just one more obstacle for a virus/trojan to rewrite it. By locking down the rights your local end users cannot tamper with it either. Otherwise nothing stops them from replacing it when they surf and swapping it back to yours when they are done.