Jump to content






Photo

From: How to block websites using ADS Groups/OU



Aim: To block websites using User Groups/ OU in Win Server 2003

I've 3 OU in my ADS, I want to restrict some website(i.e.: aaa.com, bb.com, ccc.com ) to the users in a particular OU.
Is it possible, how to acheive it ?
Give me the steps to implement it.


Note: I'm using Win server 2003 R2 Standard Edition.



Hi arun_cdm .

Ok .
Question, do you use firewall like ISA etc ..
--------------------------
Block some web sites via GPO can be done ... but the nice way is throw firewall )
You can do it by HOST file or GPO too or DNS) )
--------------------------
P.S.
For the blocking of file uploads especially through like bit torrents or via IM you have your work cut out. Traditional firewalls have a hard time blocking that stuff because the ports for those types of programs tunnel through ports that are already open on the firewall. I would like a some type of Intrusion Prevention System or Layer 7 firewall. Again ISA 2006 is a good canidate.
-------------------------
1)One thing you can do to block certain sites without ISA server is to deploy a custom hosts file using a startup script.
For the sites you want to block you would add a static entry into a hosts file that pointed to an invalid ip like 0.0.0.0
your batch file would look kind of like this:
del c:\windows\system32\drivers\etc\hosts 
copy \\fileserverpathtoshare\hosts c:\windows\system32\drivers\etc\hosts
-------------------------
or
--------

2) Or you can do it with DNS, create A records for those sites pointing to 127.0.0.1
------------------------


P.S. Theres a way to block IP in GPO so the IP of the site will be blocked )))

3)
-Click on Start and select "Run..." again. Type "gpedit.msc" without the quotes and press "Enter". This will launch your Group Policy Editor.
-Navigate to the following location in the left panee under "Group Policy": "Navigate to Computer configuration" > "Windows Settings" > "Security Settings" > "IP security Policies".
-Right-click anywhere in the right pane and click on "Manage IP Filter Lists..." Hit the "Add" button to name the group policy.
-Typee a name and hit "Add". Click on "Next" and select "My IP address". Enter the IP address of the website you want to block. Hit "OK". Repeat these steps to block additional websites using Group Policy.



Good luck ,

Source: How to block websites using ADS Groups/OU


Hi kamtec1
Tkz for taking ur time and giving ur suggestion to my query.
Earlier i've blocked using host files only.
But now due to increase in no. of client systems (i.e.: < 100 nodes). I don't want to block on each & every machine.
So, I preferred to go for GP.
Tkz for reply...

---------------------------------------------------------------------------------------------------------------------
Few days back,i've blocked using the GP,

GP--> UserConfig.-->Internet Explorer Maintenance--> Security--> Security Zone & Content Rating--> Content Rating--> Import Current Content Rating--> Modify Setting--> Approved Sites --> " Here add the site, we want to block and Choose Never option ".

By using this option i'm blocking sites now, But what the issue i'm facing is " While trying to access the blocked sites, It shows message that This site was not approved to see like a message".


Source: How to block websites using ADS Groups/OU


Hi kamtec1
Tkz for taking ur time and giving ur suggestion to my query.
Earlier i've blocked using host files only.
But now due to increase in no. of client systems (i.e.: < 100 nodes). I don't want to block on each & every machine.
So, I preferred to go for GP.
Tkz for reply...

---------------------------------------------------------------------------------------------------------------------
Few days back,i've blocked using the GP,

GP--> UserConfig.-->Internet Explorer Maintenance--> Security--> Security Zone & Content Rating--> Content Rating--> Import Current Content Rating--> Modify Setting--> Approved Sites --> " Here add the site, we want to block and Choose Never option ".

By using this option i'm blocking sites now, But what the issue i'm facing is " While trying to access the blocked sites, It shows message that This site was not approved to see like a message"




Hi arun_cdm .



Yes . The GPO is the best thing to do for you ) But you can use HOST script to use it in GPO ... so the HOST file can be used in GPO too )

Yes . You didnt approved it and may show that this web site is blocked etc ...
The only thing is too do now that is to block athers browsers as well ))only by "opera.exe" etc ..

I didnt fully understand the problem .

If you use this you block the web site no more i think ))))

P.S.
May be i didnt understand you ) describe more info pls ))) or photo ))))

Good luck

Source: How to block websites using ADS Groups/OU

  • 0


August 2014

M T W T F S S
    123
45678910
11121314151617
18192021222324
252627282930 31

Recent Comments

0 user(s) viewing

0 members, 0 guests, 0 anonymous users

Categories