mwoodswi   0 pts.  |   Oct 26 2004  4:36PM GMT

We also use Surf Control and have been very happy with it.

mpkn3rd   0 pts.  |   Oct 26 2004  4:42PM GMT

You did not mention if you are using Active Directory or not. If so that could be accomplished by using Group Policies.

MrWizard   0 pts.  |   Oct 26 2004  11:31PM GMT

Mocrosoft’s ISA Server is probably the best solution.
Especially if you’re running Active Directory, integrates seamlessly.

Tinners   0 pts.  |   Oct 27 2004  4:11AM GMT

The simplest method (although users in the know can change it) is to add a bogus proxy server to IE’s Internet Settings on the user’s PC:

1. IE - Tools - Internet Options
2. Connections tab - LAN Settings
3. Proxy server - check box: “Use a Proxy Server For Your LAN” (These Settings Will Not Apply To Dial-up Or VPN Connections).
4. Proxy server - Address: Enter “0.0.0.0″ (without quotes)
5. Proxy server - Port: Enter “80″ (without quotes) and click OK.

If your users need to access a company intranet, you can check the box “Bypass proxy server for local addresses”.

Automatic Windows Update will still be able to connect and update your operating system (although you may not want it to until the SP2 problems have been sorted out).

As an alternative browser, I would certainly recommend Mozilla Firefox.

ethira   0 pts.  |   Oct 27 2004  1:11PM GMT

You can try using Internet Explorer’s content advisor to limit Internet access on those few comptuers. Once activated, Content Advisor will restrict users to viewing websites that you’ve specifically allowed. One catch is, that once it is enabled, it still allows users to access main portal sites, such as Yahoo and MSN, but it doesn’t allow them to drill down and view anything other than what is on the main page. This may be a good solution to limit Internet access, and its free and easy to set up. To set up:

1. In IE, click on Tools, Internet Options, then click on the Content Tab.

2. Click on settings in the Content Advisor section, then on the General tab and set a supervisor password.

3. Afterward, click on Approved Sites tab. Here, enter in websites that you want users to Always have access to, such as Microsoft’s website, or perhaps, Symantec’s website. You can also enter websites that you never want users to have access to. Be sure to enter the entire URL and then click on the Always button, or the Never button. Click on apply to set the new policies.

Detailed instructions can be viewed here.
 <a href="http://www.microsoft.com/windows/ie/using/howto/security/contentadv/config.mspx#ECAA" title="http://www.microsoft.com/windows/ie/using/howto/security/contentadv/config.mspx#ECAA" target="_blank">http://www.microsoft.com/windows/ie/usin…</a>

ethira   0 pts.  |   Oct 27 2004  1:12PM GMT

You can try using Internet Explorer’s content advisor to limit Internet access on those few comptuers. Once activated, Content Advisor will restrict users to viewing websites that you’ve specifically allowed. One catch is, that once it is enabled, it still allows users to access main portal sites, such as Yahoo and MSN, but it doesn’t allow them to drill down and view anything other than what is on the main page. This may be a good solution to limit Internet access, and its free and easy to set up. To set up:

1. In IE, click on Tools, Internet Options, then click on the Content Tab.

2. Click on settings in the Content Advisor section, then on the General tab and set a supervisor password.

3. Afterward, click on Approved Sites tab. Here, enter in websites that you want users to Always have access to, such as Microsoft’s website, or perhaps, Symantec’s website. You can also enter websites that you never want users to have access to. Be sure to enter the entire URL and then click on the Always button, or the Never button. Click on apply to set the new policies.

Detailed instructions can be viewed here.
 <a href="http://www.microsoft.com/windows/ie/using/howto/security/contentadv/config.mspx#ECAA" title="http://www.microsoft.com/windows/ie/using/howto/security/contentadv/config.mspx#ECAA" target="_blank">http://www.microsoft.com/windows/ie/usin…</a>

Howard2nd   0 pts.  |   Nov 5 2004  2:00PM GMT

Group Policy is THE answer. Restrictions applied to users, NOT systems.

ArrghOff2Pillage   0 pts.  |   Nov 8 2004  1:53PM GMT

If your DNS entries are not pointed to the DNS on server 2003 and you are running an active directory domain, you are inviting trouble. It is why your network is slow, and you may find dificaulty adding new machines to the network.

Group Policy would be a good alternative.

Surf control is a good product, I have used it at a couple of locations as it is part of the Webblocker product for Watchguard firewalls. I am not generally fond of ISA unless you have a machine set up to ONLY run ISA. Even then, the cost of a good firewall and it’s maintence fee outweigh the cost of me seting up and maintaining ISA. Many firewalls offer content blocking services, as watchguard does. You just need to find the one you are comfortable with and will meet your budget constraints

CyricR   0 pts.  |   Nov 8 2004  2:08PM GMT

Group Policy in AD is the cheapest solution and it works well for my 500+ user network here. computers and/or users no matter…add a proxy server pointing to an internal page and then lockdown IE’s control panel.