restricting internet access

0 pts.
Tags:
Networking
I have a small network that uses Windows Server 2003. Clients use either W2K or XP. I am trying to restrict internet access for a few computers. I have filtered their IP's through the router but DNS automatically sends them out to the internet through the server. I have changed the dns on the two clients to point directly to the router (which restricts them). However I have software that requires access specifically to the server which is slowed dramatically because dns is no longer pointing there...any ideas on how to restrict clients another way?
ASKED: October 25, 2004  10:58 AM
UPDATED: November 8, 2004  2:08 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

we use a product here at our company called surfcontrol, also there is another product you can try called websense.

You can also try BrowseControl for web filtering. It’s very easy to use. 

Discuss This Question: 9  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Mwoodswi
    We also use Surf Control and have been very happy with it.
    0 pointsBadges:
    report
  • Mpkn3rd
    You did not mention if you are using Active Directory or not. If so that could be accomplished by using Group Policies.
    0 pointsBadges:
    report
  • MrWizard
    Mocrosoft's ISA Server is probably the best solution. Especially if you're running Active Directory, integrates seamlessly.
    0 pointsBadges:
    report
  • Tinners
    The simplest method (although users in the know can change it) is to add a bogus proxy server to IE's Internet Settings on the user's PC: 1. IE - Tools - Internet Options 2. Connections tab - LAN Settings 3. Proxy server - check box: "Use a Proxy Server For Your LAN" (These Settings Will Not Apply To Dial-up Or VPN Connections). 4. Proxy server - Address: Enter "0.0.0.0" (without quotes) 5. Proxy server - Port: Enter "80" (without quotes) and click OK. If your users need to access a company intranet, you can check the box "Bypass proxy server for local addresses". Automatic Windows Update will still be able to connect and update your operating system (although you may not want it to until the SP2 problems have been sorted out). As an alternative browser, I would certainly recommend Mozilla Firefox.
    0 pointsBadges:
    report
  • Ethira
    You can try using Internet Explorer's content advisor to limit Internet access on those few comptuers. Once activated, Content Advisor will restrict users to viewing websites that you've specifically allowed. One catch is, that once it is enabled, it still allows users to access main portal sites, such as Yahoo and MSN, but it doesn't allow them to drill down and view anything other than what is on the main page. This may be a good solution to limit Internet access, and its free and easy to set up. To set up: 1. In IE, click on Tools, Internet Options, then click on the Content Tab. 2. Click on settings in the Content Advisor section, then on the General tab and set a supervisor password. 3. Afterward, click on Approved Sites tab. Here, enter in websites that you want users to Always have access to, such as Microsoft's website, or perhaps, Symantec's website. You can also enter websites that you never want users to have access to. Be sure to enter the entire URL and then click on the Always button, or the Never button. Click on apply to set the new policies. Detailed instructions can be viewed here. http://www.microsoft.com/windows/ie/using/howto/security/contentadv/config.mspx#ECAA
    0 pointsBadges:
    report
  • Ethira
    You can try using Internet Explorer's content advisor to limit Internet access on those few comptuers. Once activated, Content Advisor will restrict users to viewing websites that you've specifically allowed. One catch is, that once it is enabled, it still allows users to access main portal sites, such as Yahoo and MSN, but it doesn't allow them to drill down and view anything other than what is on the main page. This may be a good solution to limit Internet access, and its free and easy to set up. To set up: 1. In IE, click on Tools, Internet Options, then click on the Content Tab. 2. Click on settings in the Content Advisor section, then on the General tab and set a supervisor password. 3. Afterward, click on Approved Sites tab. Here, enter in websites that you want users to Always have access to, such as Microsoft's website, or perhaps, Symantec's website. You can also enter websites that you never want users to have access to. Be sure to enter the entire URL and then click on the Always button, or the Never button. Click on apply to set the new policies. Detailed instructions can be viewed here. http://www.microsoft.com/windows/ie/using/howto/security/contentadv/config.mspx#ECAA
    0 pointsBadges:
    report
  • Howard2nd
    Group Policy is THE answer. Restrictions applied to users, NOT systems.
    30 pointsBadges:
    report
  • ArrghOff2Pillage
    If your DNS entries are not pointed to the DNS on server 2003 and you are running an active directory domain, you are inviting trouble. It is why your network is slow, and you may find dificaulty adding new machines to the network. Group Policy would be a good alternative. Surf control is a good product, I have used it at a couple of locations as it is part of the Webblocker product for Watchguard firewalls. I am not generally fond of ISA unless you have a machine set up to ONLY run ISA. Even then, the cost of a good firewall and it's maintence fee outweigh the cost of me seting up and maintaining ISA. Many firewalls offer content blocking services, as watchguard does. You just need to find the one you are comfortable with and will meet your budget constraints
    0 pointsBadges:
    report
  • CyricR
    Group Policy in AD is the cheapest solution and it works well for my 500+ user network here. computers and/or users no matter...add a proxy server pointing to an internal page and then lockdown IE's control panel.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following