• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

restricting websites.

A

AstroGuardian

Senior member
I have few websites which i want to be restricted.

I have Windows 2003 Server with Active Directory. Which is the easyest way to restrict certain websites?
 
We will need a little more information. Such as does everyone use your server 2003 as their internet connector? (read, your 2003 server is also a proxy server)
 
What router are you using? Some routers have the ability to block access to sites and IP address ranges, some don't.
 
If your Windows AD server is also the DNS server used by your clients you can put in some bogus IP's for the sites you want into DNS - i.e., www.playboy.com resolves to 127.0.0.1. The savvy people could get around it, but most would just give up.

- G
 
drop in a proxy server in front of the clients. I use dansguardian on freebsd. It will do most anything you could ask for.
 
Originally posted by: Garion
If your Windows AD server is also the DNS server used by your clients you can put in some bogus IP's for the sites you want into DNS - i.e., www.playboy.com resolves to 127.0.0.1. The savvy people could get around it, but most would just give up.

- G
Click to expand...

Not always. You can put an external DNS in the DHCP and they will use that instead. I have seen a couple of small offices done in this manner and since there were so few machines, no-one noticed any problems.
But also agree with the proxy server. They work reasonably well and do not have many problems. I did do this also, and found that some users ere adding things to the Internet options of "bypass proxy if address begins with" and then putting in www.myspace.com etc. So I just disabled that tab using a GPO registry edit. Then I got a firewall that handled it for me, but you get the idea.
 
Originally posted by: Tsaico
Originally posted by: Garion
If your Windows AD server is also the DNS server used by your clients you can put in some bogus IP's for the sites you want into DNS - i.e., www.playboy.com resolves to 127.0.0.1. The savvy people could get around it, but most would just give up.

- G
Click to expand...

Not always. You can put an external DNS in the DHCP and they will use that instead. I have seen a couple of small offices done in this manner and since there were so few machines, no-one noticed any problems.
But also agree with the proxy server. They work reasonably well and do not have many problems. I did do this also, and found that some users ere adding things to the Internet options of "bypass proxy if address begins with" and then putting in www.myspace.com etc. So I just disabled that tab using a GPO registry edit. Then I got a firewall that handled it for me, but you get the idea.
Click to expand...

If you run a proxy server, you should either a. Set it up as "silent" so that there is no configuration in the browser/no bypassing it or b. set your firewall to ONLY allow your proxy server internet access. If you find people bypassing security things, it's time to call HR and possibly walk them out of the building.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top