Allow only specific websites on entire network

TheMSsForum.com: The Microsoft Software Forum

I am trying to find out how exactly to lockdown the network here so that
users only have access to certain websites. I know this can be done on
individual systems, but I would like to do it network wide. We have about 100
systems on the network running server 2K3 standard. I have been told this OS
can do this but I have been unable to locate how to.
Top

Re: Allow only specific websites on entire network by Miha

Miha
Mon Aug 28 11:41:19 CDT 2006

Hi,

Easiest way to do this would be on network firewall.

Any firewall could do this -- it only depends on how easily (how much
administrative effort you must put into it). Personally I like to use
Microsoft ISA Server where you can simply specify e.g. *.microsoft.com and
which users, IP addresses etc have access to this address.

--
Mike
Microsoft MVP - Windows Security

"healthlion" <healthlion@discussions.microsoft.com> wrote in message
news:C3BB8F88-4AAF-466F-872E-A89AA7A1342E@microsoft.com...
>I am trying to find out how exactly to lockdown the network here so that
> users only have access to certain websites. I know this can be done on
> individual systems, but I would like to do it network wide. We have about
> 100
> systems on the network running server 2K3 standard. I have been told this
> OS
> can do this but I have been unable to locate how to.


Top

Re: Allow only specific websites on entire network by Steven

Steven
Mon Aug 28 12:33:32 CDT 2006

Mike gave the best solution by far. Another possibility is to implement an
ipsec filtering policy for the computers in question which can be
implemented via Group Policy to only allow outbound internet traffic to
specific IPs. Unfortunately that does not always work if the website has
several IPs or is basically a bunch of connected websites. Something that
may work only for IE is to create a bogus proxy server for the user and then
add the exceptions that bypass proxy server as shown in IE/tools/internet
options/connections - lan settings. If you can get that to work on a single
computer you can deploy the same settings via Group Policy and also use
Group Policy to block users access to connections page.

Steve


"healthlion" <healthlion@discussions.microsoft.com> wrote in message
news:C3BB8F88-4AAF-466F-872E-A89AA7A1342E@microsoft.com...
>I am trying to find out how exactly to lockdown the network here so that
> users only have access to certain websites. I know this can be done on
> individual systems, but I would like to do it network wide. We have about
> 100
> systems on the network running server 2K3 standard. I have been told this
> OS
> can do this but I have been unable to locate how to.


Top

Re: Allow only specific websites on entire network by Brandt

Brandt
Mon Aug 28 12:55:34 CDT 2006

Mike,
The ISA is what I have found I will probably have to use from my research. I
thought that maybe 2k3 standard had something built into it that I could use
for allowing only certain website access. If that is not the case can you
provide a link that would give me some more detailed info on the use of ISA
Thanks
Brandt
"Miha Pihler [MVP]" <mihap-news@atlantis.si> wrote in message
news:OOtPJDsyGHA.1936@TK2MSFTNGP04.phx.gbl...
> Hi,
>
> Easiest way to do this would be on network firewall.
>
> Any firewall could do this -- it only depends on how easily (how much
> administrative effort you must put into it). Personally I like to use
> Microsoft ISA Server where you can simply specify e.g. *.microsoft.com and
> which users, IP addresses etc have access to this address.
>
> --
> Mike
> Microsoft MVP - Windows Security
>
> "healthlion" <healthlion@discussions.microsoft.com> wrote in message
> news:C3BB8F88-4AAF-466F-872E-A89AA7A1342E@microsoft.com...
>>I am trying to find out how exactly to lockdown the network here so that
>> users only have access to certain websites. I know this can be done on
>> individual systems, but I would like to do it network wide. We have about
>> 100
>> systems on the network running server 2K3 standard. I have been told this
>> OS
>> can do this but I have been unable to locate how to.
>
>


Top

Re: Allow only specific websites on entire network by Paul

Paul
Mon Aug 28 13:22:21 CDT 2006

In article <OLXptssyGHA.4972@TK2MSFTNGP03.phx.gbl>, in the
microsoft.public.security news group, Brandt <blee@lionhospice.com>
says...

> The ISA is what I have found I will probably have to use from my research. I
> thought that maybe 2k3 standard had something built into it that I could use
> for allowing only certain website access. If that is not the case can you
> provide a link that would give me some more detailed info on the use of ISA
>

http://www.microsoft.com/isa

--
Paul Adare - MVP Virtual Machines
It all began with Adam. He was the first man to tell a joke--or a lie.
How lucky Adam was. He knew when he said a good thing, nobody had said
it before. Adam was not alone in the Garden of Eden, however, and does
not deserve all the credit; much is due to Eve, the first woman, and
Satan, the first consultant." - Mark Twain
Top