Active Directory group policy to only allow 2 websites
#1
Scooby Regular
Thread Starter
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes
on
0 Posts
Active Directory group policy to only allow 2 websites
Hi All, bit stumped on this one. I am setting up lab machines in my uni that are only allowed to have access to 2 websites (external), the machines are locked down via group policy (no control panel, start menu, hidden drives etc), however im scratching my head on allowing only 2 webistes to work . Machines are WinXP Pro SP2 with IE7, DC's are sever 2003 SP1
We do not use proxys in the Uni or any internet monitoring software hence why I need this to work via a group policy object, anyone know how to do this?
Mike
We do not use proxys in the Uni or any internet monitoring software hence why I need this to work via a group policy object, anyone know how to do this?
Mike
#3
Scooby Regular
Thread Starter
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes
on
0 Posts
#4
Scooby Regular
Join Date: Dec 2002
Location: Couch Spud
Posts: 9,277
Likes: 0
Received 0 Likes
on
0 Posts
Not sure of any other way of doing it, without some form of proxy/firewall
#7
Scooby Regular
Join Date: Nov 2001
Location: Leeds - It was 562.4bhp@28psi on Optimax, How much closer to 600 with race fuel and a bigger turbo?
Posts: 15,239
Likes: 0
Received 1 Like
on
1 Post
you can do it using IEAK and a custom pac file.
havent tried below, its been a while so my syntax may not be 100%
see Proxy Client Autoconfig File Format
havent tried below, its been a while so my syntax may not be 100%
Code:
function FindProxyForURL(url, host) { // URLS below go via a proxy or could be set direct depending on connection if (shExpMatch(url,"*.google.com/*")) {return "PROXY proxy1.mycompany.local:8080";} if (shExpMatch(url, "*.scoobynet.com/*")) {return "PROXY proxy1.mycompany.local:8080";} // Other requests go to localhost and thus fail return "PROXY 127.0.0.1:80; DIRECT"; }
see Proxy Client Autoconfig File Format
Last edited by David_Wallis; 17 April 2008 at 05:17 PM.
Trending Topics
#8
If you have dedicated AD server running the DNS, stop the DNS servers from having forwarders available. Then just create zones for the websites you want to permit. Only issue is that you can bypass if you know the IP address of the site.
Other option is to remove the default gateway if the machines will work in the same subnet. Just apply persistent routes for the sites allowed.
Other option is to remove the default gateway if the machines will work in the same subnet. Just apply persistent routes for the sites allowed.
Thread
Thread Starter
Forum
Replies
Last Post