Bad boy Warrior Posted December 4, 2008 Share Posted December 4, 2008 Im wondering how i could possibly block CERTAIN sites using Windows Server 2003 (via GPOs)? Is it even possible? Or how could i deploy a hosts file to every PC if i was to go through this route? Any other ideas? Pros and Cons?? Unfortunately using a proxy server is not an option yet.Thanks Link to comment Share on other sites More sharing options...
SecretNinja Posted December 5, 2008 Share Posted December 5, 2008 Hiya,Rather than edit the hosts file you could set the 2k3 server up as a DNS server and then spoof the domains that you wish to block and redirect them to a web server (that could also be hosted on the 2k3 server) with a holding page explaining that the site is blocked. To enforce this if you block port 53 outbound on your edge firewall and allow only the 2k3 server out over 53 then all the internal client computers would be forced to use DNS from that computer and so could not bypass your block (well not with out a little more effort, short of whitelisting i dont think its possible to filter traffic if your determined). Personally i would use a proxy server though as it is much more powerful for filtering, and gives you the added choice of logging people going to sites that should be blocked.Tris Link to comment Share on other sites More sharing options...
CoffeeFiend Posted December 6, 2008 Share Posted December 6, 2008 One word: OpenDNS.I'll let you block individual sites if you want (LAN-wide), but even better, just pick whatever categories of sites you don't want users to visit at work (pr0n sites, gambling sites, warez, etc) and just put a checkmark next to those categories, done! 99.9% of end users wouldn't know how to change their DNS settings by hand regardless. And it only takes like 5 minutes to setup. Link to comment Share on other sites More sharing options...
Tripredacus Posted December 11, 2008 Share Posted December 11, 2008 In addition, if you limit the use of web browsers to IE, you can add sites you don't want users going to in the untrusted sites section under security. Link to comment Share on other sites More sharing options...
tain Posted December 11, 2008 Share Posted December 11, 2008 Crahak is right on target, as usual. OpenDNS is a great service! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now