Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Blocking Access to Hotmail etc 2

Status
Not open for further replies.
Bedpan

Bedpan

MIS
Sep 24, 2003
89
Any ways using available tools in Group Policies or otherwise to block users in our organization from accessing specific websites. Ideally managment wants to block all webmail type sites (Hotmail, gmail, yahoo etc) along with some other key sites as well. Anyone know of a way to do this?

Short of not being able to do it in a GPO and third party tools you would recommend? I would love to get MS ISA but it is not in the budget.

Thanks,

Mike
 
Sort by date Sort by votes
Anyone able to help here? I spent some time yesterday developing GPO's to block messengers, now I just need to find a way to block hotmail etc.

What about putting fake entries in DNS.. Would something like this work?
 
Upvote 0 Downvote
I dont think you can do it via gpo's. Fake DNS's would work, but the user would still be able to browse there via IP address (if they are smart enough to). You could put entries in DNS to point hotmail.com to a web page saying "Blocked" or something.
 
Upvote 0 Downvote
Exactly what I was going to suggest ACL03.

Create a new web site on one of your servers and give it a different IP than your normal server IP. create entries in DNS for each site you wish to block and set the IP to be that of the new web site.

Set the default document of the site to be index.asp and use a page like this one:

Code: 
<%@ language="VBSCRIPT" %>

<%
Set WSHNetwork = CreateObject("WScript.Network")
UserString = WSHNetwork.UserName
%>

<html>
<head>
<meta name="GENERATOR" content="SAPIEN Technologies PrimalScript 3.1">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Document Title</title>
</head>
<body>

<center> 
<h1>Attention <%Response.Write UserString%> you have attempted to access a forbidden site.</h1>  
<h2>Your ip address has been recorded as: <%=Request.ServerVariables("REMOTE_ADDR")%> </h2>
<br>
Your supervisor has been alerted of your activity.  If there are repeated offenses, disciplinary action will be taken.
</center>
</body>
</html>

This doen't really get recorded anywhere but it scares the bejeezus out of people.

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
Well I got hotmailblocked now, just need to block all the others. I am sure there are going to be lots of holes around this (as mentioned already using IP) such as using international sites and whatnot, but my userbase is not to technical and hopefully this will work.

Thanks for the code Mark. I changed it a little... No Disciplinary actions, just plain old firings :)

Cheers,

Mike
 
Upvote 0 Downvote
Unless your users were to know the IP before they come in for the day, they won't be able to just ping the address as that will resolve to your redirect site.

They would need to do an NSLOOKUP to get the IP, so even if you have some slightly savvy users, they probably won't get there anyway.

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
Well got going with this today and one problem did slip past me that I am stuggling with a little now. Oye..

Got hotmail blocked no problem, redirect to warning message. What I had overlooked though was sending email to hotmail from our exchange server... Our mail is bounced through a MailSecurity server and unfortuanly this server uses our internal DNS and fails to send email to hotmail with this config. With it being standard Win2k SMTP services there is no option to use another DNS server for mail delivery like you can with Exchange.

Any ideas?

Mike
 
Upvote 0 Downvote
why don't you give limited internet access only?
It's easier to allow to connect certain web sites than block web based mail , their internet provider, etc and don't forget they can send/receive email from a forum also.
The other option if you can block it from your firewall is: modify their host file, set the security and turn on auditing.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
123
hairlessupportmonkey
hairlessupportmonkey
DTGMI
  • Locked
  • Question
WIN 10 Pro PC &amp; Adding back to our Network
Replies
0
Views
197
DTGMI
DTGMI
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
229
microsGuy16
microsGuy16
StevenFromSouth
  • Locked
  • Question
VPN Connects but cannot access remote network computers or folders
Replies
1
Views
116
StevenFromSouth
StevenFromSouth
DrB0b
  • Locked
  • Question
HyperV trying to do extended replica to external HDD
Replies
0
Views
78
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top