Ideas to block websites

[Bad boy Warrior]

Im wondering how i could possibly block CERTAIN sites using Windows Server 2003 (via GPOs)? Is it even possible? Or how could i deploy a hosts file to every PC if i was to go through this route? Any other ideas? Pros and Cons?? Unfortunately using a proxy server is not an option yet.

Thanks

[SecretNinja]

Hiya,

Rather than edit the hosts file you could set the 2k3 server up as a DNS server and then spoof the domains that you wish to block and redirect them to a web server (that could also be hosted on the 2k3 server) with a holding page explaining that the site is blocked. To enforce this if you block port 53 outbound on your edge firewall and allow only the 2k3 server out over 53 then all the internal client computers would be forced to use DNS from that computer and so could not bypass your block (well not with out a little more effort, short of whitelisting i dont think its possible to filter traffic if your determined). Personally i would use a proxy server though as it is much more powerful for filtering, and gives you the added choice of logging people going to sites that should be blocked.

Tris

[CoffeeFiend]

One word: OpenDNS.

I'll let you block individual sites if you want (LAN-wide), but even better, just pick whatever categories of sites you don't want users to visit at work (pr0n sites, gambling sites, warez, etc) and just put a checkmark next to those categories, done! 99.9% of end users wouldn't know how to change their DNS settings by hand regardless. And it only takes like 5 minutes to setup.

[Tripredacus]

In addition, if you limit the use of web browsers to IE, you can add sites you don't want users going to in the untrusted sites section under security.

[tain]

Crahak is right on target, as usual. OpenDNS is a great service!