ScoobyNet.com - Subaru Enthusiast Forum

Notices
Computer & Technology Related Post here for help and discussion of computing and related technology. Internet, TVs, phones, consoles, computers, tablets and any other gadgets.

Active Directory group policy to only allow 2 websites

Thread Tools
 
Search this Thread
 
Old 15 April 2008, 01:36 PM
  #1  
mike1210
Scooby Regular
Thread Starter
 
mike1210's Avatar
 
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes on 0 Posts
Default Active Directory group policy to only allow 2 websites
Hi All, bit stumped on this one. I am setting up lab machines in my uni that are only allowed to have access to 2 websites (external), the machines are locked down via group policy (no control panel, start menu, hidden drives etc), however im scratching my head on allowing only 2 webistes to work . Machines are WinXP Pro SP2 with IE7, DC's are sever 2003 SP1

We do not use proxys in the Uni or any internet monitoring software hence why I need this to work via a group policy object, anyone know how to do this?

Mike
mike1210 is offline  
Reply Like
Old 15 April 2008, 01:49 PM
  #2  
Sonic'
Scooby Regular
 
Sonic''s Avatar
 
Join Date: Dec 2002
Location: Couch Spud
Posts: 9,277
Likes: 0
Received 0 Likes on 0 Posts
Default
AFAIK you cannot do this via a group policy, can you not do it on the firewall via ACL's ?
Sonic' is offline  
Reply Like
Old 15 April 2008, 02:07 PM
  #3  
mike1210
Scooby Regular
Thread Starter
 
mike1210's Avatar
 
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes on 0 Posts
Default
Originally Posted by Sonic'
AFAIK you cannot do this via a group policy, can you not do it on the firewall via ACL's ?
technically yes.....but I would have to jump through the 7,000,000,000,000 barriers that the networks team would no doubt impose
mike1210 is offline  
Reply Like
Old 15 April 2008, 02:13 PM
  #4  
Sonic'
Scooby Regular
 
Sonic''s Avatar
 
Join Date: Dec 2002
Location: Couch Spud
Posts: 9,277
Likes: 0
Received 0 Likes on 0 Posts
Default
Originally Posted by mike1210
technically yes.....but I would have to jump through the 7,000,000,000,000 barriers that the networks team would no doubt impose
LOL I know what you mean, but could you not just give them a subnet or Vlan and say right this vlan can only access these websites

Not sure of any other way of doing it, without some form of proxy/firewall
Sonic' is offline  
Reply Like
Old 15 April 2008, 02:52 PM
  #5  
HankScorpio
Scooby Regular
 
HankScorpio's Avatar
 
Join Date: Feb 2004
Posts: 5,848
Likes: 0
Received 0 Likes on 0 Posts
Default
Use IE Content Manager to specify sites and then GPedit to lock down Content Manager.
HankScorpio is offline  
Reply Like
Old 15 April 2008, 03:34 PM
  #6  
Bodgit
Scooby Regular
 
Bodgit's Avatar
 
Join Date: Apr 2007
Posts: 318
Likes: 0
Received 0 Likes on 0 Posts
Default
try using a host file with only the 2 websites ip addresses.
then if you do not use dns you should be able to achieve the desired result
Bodgit is offline  
Reply Like
Old 16 April 2008, 12:11 PM
  #7  
David_Wallis
Scooby Regular
 
David_Wallis's Avatar
 
Join Date: Nov 2001
Location: Leeds - It was 562.4bhp@28psi on Optimax, How much closer to 600 with race fuel and a bigger turbo?
Posts: 15,239
Likes: 0
Received 1 Like on 1 Post
Default
you can do it using IEAK and a custom pac file.

havent tried below, its been a while so my syntax may not be 100%
Code:
function FindProxyForURL(url, host) {
     // URLS below go via a proxy or could be set direct depending on connection
     if (shExpMatch(url,"*.google.com/*"))                  {return "PROXY proxy1.mycompany.local:8080";}
     if (shExpMatch(url, "*.scoobynet.com/*"))               {return "PROXY proxy1.mycompany.local:8080";}
         
     // Other requests go to localhost and thus fail
     return "PROXY 127.0.0.1:80; DIRECT";
  }

see Proxy Client Autoconfig File Format
Last edited by David_Wallis; 17 April 2008 at 05:17 PM.
David_Wallis is offline  
Reply Like

Trending Topics

Old 16 April 2008, 08:27 PM
  #8  
phoenixgold
Scooby Regular
iTrader: (2)
 
phoenixgold's Avatar
 
Join Date: Oct 2007
Posts: 348
Likes: 0
Received 0 Likes on 0 Posts
Default
If you have dedicated AD server running the DNS, stop the DNS servers from having forwarders available. Then just create zones for the websites you want to permit. Only issue is that you can bypass if you know the IP address of the site.

Other option is to remove the default gateway if the machines will work in the same subnet. Just apply persistent routes for the sites allowed.
phoenixgold is offline  
Reply Like
Old 17 April 2008, 12:21 PM
  #9  
mike1210
Scooby Regular
Thread Starter
 
mike1210's Avatar
 
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes on 0 Posts
Default
many thanks all
mike1210 is offline  
Reply Like
Related Topics
Thread
Thread Starter
Forum
Replies
Last Post
*** ESOC Pub Meets 2016 ***
Frizzle-Dee
Essex Subaru Owners Club
13
01 December 2015 09:37 AM
How long does it take
Iqy7861
Insurance
5
01 October 2015 07:57 PM
Bikes with motorbike tyres
LostUser
Non Scooby Related
11
29 September 2015 11:00 AM
3.0 V6 Peugeot 206 Track Car
shorty87
Other Marques
0
25 September 2015 08:52 PM
Tags
Back to Subforum
Computer & Technology Related
View Next Unread
Analogue video footage to PC




Advanced Search
Quick Reply: Active Directory group policy to only allow 2 websites


Reply Closed Thread Share
Forum Jump

All times are GMT +1. The time now is 02:26 AM.