how do you control what a computer can visit online?

foolanger

Senior member
Dec 11, 1999
597
0
0
I currently own some retail locations and my problem is that my employees are sitting infront of the computer all day and looking on Ebay or Myspace. Is there a way or a program that i can get to restrict which sites my employees can surf online? Thanks!
 

AnonymouseUser

Diamond Member
May 14, 2003
9,943
107
106
A simple fix would be to add those sites to your "hosts" file, pointing them to "0.0.0.0". A router with built-in firewall would be best, so you can block the sites at the firewall.
 

scottws

Senior member
Oct 29, 2002
468
0
0
It's very difficult because there are just so many sites out there to explicitly block. Some firewalls allow you to block everything except the sites you specify. You might try that, but sometimes it actually hurts productivity because users can't get information that they need or that would help them.
 

foolanger

Senior member
Dec 11, 1999
597
0
0
there is only 4 or 5 sites that they need to see. So if i can get a site that blocks everything but a few sites that would be awsome. How exactly does a firewall work?
 

rmrf

Platinum Member
May 14, 2003
2,872
0
0
what brand/model of router do you have? that would be the first step in determining if you could use what you have, or would need to buy a new one.
 

foolanger

Senior member
Dec 11, 1999
597
0
0
i do'nt have a router at this moment. I want the cheapest solution for only allowing them to surf a few sites. Is there any admin software i can buy?
 

P0ldy

Senior member
Dec 13, 2004
420
0
0
You may be able to configure a firewall (Kerio, maybe?) to disallow all inbound and outbound traffic with those sites as exceptions.
 

foolanger

Senior member
Dec 11, 1999
597
0
0
if i get a router, can't they just take the cable out of the router and plug it right into the computer? I have kiosks in malls and there is no way of me watching over them. A program that has a password would be great if possible. but if i have to buy routers i can do that as well.
 

foolanger

Senior member
Dec 11, 1999
597
0
0
will content manager in the internet options work? How can i set that to see specific sites?
 

AnonymouseUser

Diamond Member
May 14, 2003
9,943
107
106
Originally posted by: foolanger
if i get a router, can't they just take the cable out of the router and plug it right into the computer? I have kiosks in malls and there is no way of me watching over them. A program that has a password would be great if possible. but if i have to buy routers i can do that as well.

Basically, yes, someone knowledgeable enough about your network could do that, but most people wouldn't have a clue. Also, having multiple kiosks actually makes things easier, as they are all connected remotely. Your (multi-port) router would go where they all connect, not one at each machine.
 

Brazen

Diamond Member
Jul 14, 2000
4,259
0
0
I think he is going to have a problem with using a router. It sounds like the OP is managing kiosks that are probably on all different networks and probably just a network jack is provided for him. In this case, the only thing I know of is to use the hosts file. I'm not sure, but can you use wildcards in the hosts file? Something like adding entries for the few sites he wants to allow and then
127.0.0.1 *
at the end?

Another option I'm not sure about is if Kerio Personal Firewall would have content filtering? That may be easier for him to manage and it would also be free.
 

Markbnj

Elite Member <br>Moderator Emeritus
Moderator
Sep 16, 2005
15,682
13
81
www.markbetz.net
Download and configure ccproxy. It's free for up to three users, and with reasonable license fees for more. In the settings you can place a list of allowable sites and deny everything else.

Basically you will set your firewall to disallow internet access for all the systems the employees use, and point those systems to the proxy server running on some other machine. I use this at home for my children's systems.
 

bearxor

Diamond Member
Jul 8, 2001
6,609
2
81
When I didn't want someone in my house visiting a paticular site, I simply put the correct entry into hosts file. It's cheap and easy to set up. Odds are, they will have no idea what you did. Do it and tell them you bought a firewall to prevent casual web surfing.

if they do figure it out, then I would spend the money on a hardware solution.

If you really want to get fancy, you could run apache on each computer and make the hosts file point back to the computer 127.0.0.1 should do it, so that it displays the page you have set up and you can make it looks all cool with your company's logo and everything and say something along the lines of 'The page you are trying to reach has been blocked by the corporate firewall. The administrator of the network has been notified of this attempt to access non-work related material. GET BACK TO WORK!!!'

Just out of curiosity, do you run mall cell-phone kiosks?
 

RebateMonger

Elite Member
Dec 24, 2005
11,588
0
0
The easy-to-manage way to only allow browsing of a few sites is to set up a web proxy server. Tell each Kiosk computer to use the proxy server for browsing. Then lock down this setting along with other security settings, so they can't be changed by users.

Using a web proxy server means that any changes in policy (adding or deleting an allowed web site) only means changing a single entry on the Company's proxy server. Otherwise, you'd have to change every Kiosk computer's settings individually.
 

NeezyDeezy

Senior member
Oct 27, 2004
354
0
0
If you're paying them minimum wage AND then taking away their fav internet sites, might as well put them in shackles too because that's officially slave labor. ;)
 

Markbnj

Elite Member <br>Moderator Emeritus
Moderator
Sep 16, 2005
15,682
13
81
www.markbetz.net
If you're paying them minimum wage AND then taking away their fav internet sites, might as well put them in shackles too because that's officially slave labor.

Oh please... they're not getting paid to browse the Internet, I assume, or he wouldn't be complaining about it.

OP, one of the things you can do with a proxy server is set time limits, so you could allow them to browse the open Internet during lunch, for example, and then restrict them to the approved site list during working hours.
 

Tsaico

Platinum Member
Oct 21, 2000
2,669
0
0
Wow a lot of ideas to do this. You can also do it if the user does not have rights to make changes to registry pretty easy.

First I would set them to go to proxy unless the web site starts with option and put in your pre-approved sites with a semi colon to seperate them. You can find this in the "Advanced" button in the connection tab under tools. Then to keep them from changing those, add these keys that will work in your particular case.IE restrictions

In particular the NoBrowserOptions. This will not allow the user to open the tool menu anymore, making it impossible to change the proxy settings. In a domain or workgroup, this will work in a pinch for specific users since the proxy settings are based on per user, but the locking of the tools menu is machine wide. Just remember to set everyone's settings before you do the registry change.

Simple, free, and easy to reverse.
Good luck, I have people who try to do all sorts of things to get around the firewall and such. Now get off the forums and back to work!

Oh, and add this, http://www.techjunkeez.com/archive/registry_hacks/disable_IE_clear_history.htm
then they can't erase their history....

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History]
"DaysToKeep"=dword:0000000a
so they can't change the number of day to keep a history. (the key is by default in Hex, so you will need to remember to click the radio button for decimal if you don't know the conversions)
 

skyking

Lifer
Nov 21, 2001
22,004
4,760
146
I'm currently building and testing dansguardian proxy boxes for deployment at a private school.
That will do what you want, but somebody needs to know some linux and routing.