Allow only specific websites on entire network

Allow only specific websites on entire network
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Allow only specific websites on entire network healthlion 08-28-2006
Posted by =?Utf-8?B?aGVhbHRobGlvbg==?= on August 28, 2006, 12:13 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
I am trying to find out how exactly to lockdown the network here so that
users only have access to certain websites. I know this can be done on
individual systems, but I would like to do it network wide. We have about 100
systems on the network running server 2K3 standard. I have been told this OS
can do this but I have been unable to locate how to.

Posted by Miha Pihler [MVP] on August 28, 2006, 12:41 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi,

Easiest way to do this would be on network firewall.

Any firewall could do this -- it only depends on how easily (how much
administrative effort you must put into it). Personally I like to use
Microsoft ISA Server where you can simply specify e.g. *.microsoft.com and
which users, IP addresses etc have access to this address.

--
Mike
Microsoft MVP - Windows Security

>I am trying to find out how exactly to lockdown the network here so that
> users only have access to certain websites. I know this can be done on
> individual systems, but I would like to do it network wide. We have about
> 100
> systems on the network running server 2K3 standard. I have been told this
> OS
> can do this but I have been unable to locate how to.



Posted by Brandt on August 28, 2006, 1:55 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Mike,
The ISA is what I have found I will probably have to use from my research. I
thought that maybe 2k3 standard had something built into it that I could use
for allowing only certain website access. If that is not the case can you
provide a link that would give me some more detailed info on the use of ISA
Thanks
Brandt
> Hi,
>
> Easiest way to do this would be on network firewall.
>
> Any firewall could do this -- it only depends on how easily (how much
> administrative effort you must put into it). Personally I like to use
> Microsoft ISA Server where you can simply specify e.g. *.microsoft.com and
> which users, IP addresses etc have access to this address.
>
> --
> Mike
> Microsoft MVP - Windows Security
>
>>I am trying to find out how exactly to lockdown the network here so that
>> users only have access to certain websites. I know this can be done on
>> individual systems, but I would like to do it network wide. We have about
>> 100
>> systems on the network running server 2K3 standard. I have been told this
>> OS
>> can do this but I have been unable to locate how to.
>
>



Posted by Paul Adare on August 28, 2006, 2:22 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
says...

> The ISA is what I have found I will probably have to use from my research. I
> thought that maybe 2k3 standard had something built into it that I could use
> for allowing only certain website access. If that is not the case can you
> provide a link that would give me some more detailed info on the use of ISA
>

http://www.microsoft.com/isa

--
Paul Adare - MVP Virtual Machines
It all began with Adam. He was the first man to tell a joke--or a lie.
How lucky Adam was. He knew when he said a good thing, nobody had said
it before. Adam was not alone in the Garden of Eden, however, and does
not deserve all the credit; much is due to Eve, the first woman, and
Satan, the first consultant." - Mark Twain

Posted by Steven L Umbach on August 28, 2006, 1:33 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Mike gave the best solution by far. Another possibility is to implement an
ipsec filtering policy for the computers in question which can be
implemented via Group Policy to only allow outbound internet traffic to
specific IPs. Unfortunately that does not always work if the website has
several IPs or is basically a bunch of connected websites. Something that
may work only for IE is to create a bogus proxy server for the user and then
add the exceptions that bypass proxy server as shown in IE/tools/internet
options/connections - lan settings. If you can get that to work on a single
computer you can deploy the same settings via Group Policy and also use
Group Policy to block users access to connections page.

Steve


>I am trying to find out how exactly to lockdown the network here so that
> users only have access to certain websites. I know this can be done on
> individual systems, but I would like to do it network wide. We have about
> 100
> systems on the network running server 2K3 standard. I have been told this
> OS
> can do this but I have been unable to locate how to.



Similar ThreadsPosted
Locking out a specific user from a specific client April 28, 2007, 1:47 pm
RE: how to encrypt entire drive? November 26, 2008, 6:26 pm
Access to a specific IP for only 2 users May 14, 2007, 6:11 am
Check if specific updates are installed June 19, 2005, 7:16 pm
platform specific attractiveness of targets December 7, 2005, 12:43 pm
scripting specific folder permissions August 9, 2006, 8:33 am
Specific user NTFS permission August 14, 2006, 7:43 am
Cant add (specific) Printer with user account January 8, 2007, 5:41 am
Allowing specific local ActiveX to be run without warning July 19, 2005, 3:15 pm
blocking cookies from specific, not general, URLs June 8, 2007, 2:37 pm

The site map in XML format XML site map

Contact Us | Privacy Policy