Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

restict all websites, allow only *.mil ??

Status
Not open for further replies.
flavor4real3

flavor4real3

MIS
Jan 18, 2008
12
0
0
US
what's up,
I have windwos XP pro computer systems, on a DOMAIN. I need to block all web access but need to allow *.mil web sites and one or two IP addresses.

I can't install any applications on the systems which are not approved by higher.

I tried to setup a fake proxy server and only bypass *.mil, and 2 IP's, disabled the Connection tab in the gpedit.msc.

are there any other way for me to disable .com, .net, . org domains???
 
Sort by date Sort by votes
As well as other suggestions this thread talks about the program "Windows SteadyState "

Restriciting users to a particular website
thread779-1439324
 
Upvote 0 Downvote
well, I saw this to but our users are getting logged on via smartcard verification to the active directory. So to set a user up with the windows steady state might not work.

I think I have to add each website I would like to have blocked in the hosts.txt file.

I also tried the fake proxy server setup but that means I have to setup the proxysetting under each user login, under each computer system.

Any other idea? By the way I can't install 3rd party applications, nor any other applications which are not approved by higher.
 
Upvote 0 Downvote
A real proxy server is by far the easiest, most reliable way to do what you're asking. However, if managment gives you a directive, but doesn't apporove of the correct way to do it, you've got a problem.
 
Upvote 0 Downvote
Are you using CAC for authentication?

In CONUS & EUR you will have websense and can set a policy against a users AD account that will prevent access to everything except .mil

When I was born I was so suprised I didn't talk for 18 months
 
Upvote 0 Downvote
How about modifying the host file on the workstation to just point to 127.0.0.1 for everything except for the .mil sites
i.e. *.com *.org *.net etc

"I'm certifiable, not certified. It just means my answers are from experience...not a book
 
Upvote 0 Downvote
yes, we are using CAC authentication.
3rd party applications are pretty tuff to get approved in the military installation.
I did the hosts. file and i think it will block, most of these users at that spec. bldg don't know how to spell computer so I hope that will stop them. lol



 
Upvote 0 Downvote
i thought if i just write in the hosts file

127.0.0.1 *.com

that this will not work. Ive read that i really have to write

127.0.0.1
in order to get this to work
 
Upvote 0 Downvote
You can't have the * in there right? Would it work if you just did:

127.0.0.1 .com
 
Upvote 0 Downvote
I know you're trying to work within what you've got; however, from a justification / ROI standpoint, the time & energy that you've already put into this would probably have justified a couple of basic servers for a real proxy setup. There is no satisfactory way to do this at the client level- you need to do it at the internet gateway.
 
Upvote 0 Downvote
Only if all the clients use IE. There are many, many problems with trying to do this at the client level for more than just a handful of users. What capablities are available at the internet gateway already, flavor4real3? Perhaps the main capability already exists at the gateway, with a small amount of tweaking at the client to get where you need to be.
 
Upvote 0 Downvote
I would love the Proxy server setup but my hands are bounded by DOIM and im at a military installation too.

I just went with the hosts file and will kepp updating it. It's just for one bldg where a hand full of people rather surf then net then do weapons work.

thanks for all the good input guys, dennis
 
Upvote 0 Downvote
lol,.. typos,.. i know,.. busy day here ... just ready for the weekend.
 
Upvote 0 Downvote
a quick fix for my words,.. ;)

I would love to have a proxy server setup but DOIM would not allow that. even if they would the paperwork for this would take forever, plus i'm on a military base.

I went with the hosts file and will have to keep updating it. It's just for one bldg where a hand full of people rather surf the net than do weapons instpection & maintenance.

thanks for all the good input guys, dennis
 
Upvote 0 Downvote
lol,... no that's actl. not a bad thing. On a military installation are different rules set. People got fired, even one manager who made 3 digits (salary) got fired because he was looking on naked people with no arms and legs. that is the worst scenerio now.

Everything is strictly enforced and one manager asked me if i can block every .com website. Since this bldg is 24/7 highly secured they want to make sure that the user only uses the DoD computer system for information of .mil sites.

We have more freedom but we are on regulary base also monitored and scanned.

We all here to serve the military, nice and exiting d u t i ..

anyways, what you do?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dpellegrini
  • Locked
  • Question
Clear All Credentials in Credential Manager
Replies
0
Views
81
dpellegrini
dpellegrini
dik
  • Locked
  • Question
Blocking Websites
Replies
5
Views
501
hairlessupportmonkey
hairlessupportmonkey
fabiovsilva
  • Locked
  • Question
RDP authentication using Certificates only
Replies
0
Views
50
fabiovsilva
fabiovsilva
vedamin
  • Locked
  • Question
OLE Object gets corrupt on 2nd run in VFP9 only on Windows 7
Replies
2
Views
69
Mike Lewis
Mike Lewis
xarzu
  • Locked
  • Question
How is remote debugging allowed on Microsoft SQL Management studio?
Replies
2
Views
97
xarzu
xarzu

Part and Inventory Search

Sponsor

Back
Top