how to restrict limited user only visiting several websites

TheMSsForum.com: The Microsoft Software Forum

Windows XP SP2, the administrator account want to restrict limited
account only visiting several dedicated websites, and forbidden the
limited account visit all the rest websites!
My ideal is that disable quering DNC server, and mapping the IP
addresses to host names only which I allow the limited account to
visit......
But the drawback is that the limited account user can input the IP
address directly in browser!
Maybe there have other methods to accomplish the hard work!

__
Lecter
- "Trust No One!"
Top

Re: how to restrict limited user only visiting several websites by Phillip

Phillip
Fri Apr 29 08:58:36 CDT 2005

Not with XP.

This is done with NAT Firewalls or Proxy Servers. It is not done on local
machines, unless you want to get something like Cyber Sitter or Net Nanny or
some other kind of "babysitter" application.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"lecter" <2@2.com> wrote in message
news:0a8471tsap6v2l8t9qrkopdbsjr44158j0@4ax.com...
> Windows XP SP2, the administrator account want to restrict limited
> account only visiting several dedicated websites, and forbidden the
> limited account visit all the rest websites!
> My ideal is that disable quering DNC server, and mapping the IP
> addresses to host names only which I allow the limited account to
> visit......
> But the drawback is that the limited account user can input the IP
> address directly in browser!
> Maybe there have other methods to accomplish the hard work!
>
> __
> Lecter
> - "Trust No One!"


Top

Re: how to restrict limited user only visiting several websites by Steven

Steven
Fri Apr 29 09:07:09 CDT 2005

That is a drawback of trying to use dns as a security measure. You need to
find some other way such as at the firewall to do such. Some firewalls have
the ability to do some content filtering and restrict websites or you could
try to enter only the IP addresses that are allowed for port 80 TCP which
can be difficult as a lot of websites are basically links to other websites.
Using something like ISA 2004 as your gateway/firewall would work well but
is not an inexpensive solution and requires a bit of expertise to set up.
You can try ISA 2004 for 120 days for free however if interested. --- Steve

http://www.microsoft.com/isaserver/default.mspx --- ISA 2004

"lecter" <2@2.com> wrote in message
news:0a8471tsap6v2l8t9qrkopdbsjr44158j0@4ax.com...
> Windows XP SP2, the administrator account want to restrict limited
> account only visiting several dedicated websites, and forbidden the
> limited account visit all the rest websites!
> My ideal is that disable quering DNC server, and mapping the IP
> addresses to host names only which I allow the limited account to
> visit......
> But the drawback is that the limited account user can input the IP
> address directly in browser!
> Maybe there have other methods to accomplish the hard work!
>
> __
> Lecter
> - "Trust No One!"


Top

Re: how to restrict limited user only visiting several websites by jeff

jeff
Fri Apr 29 14:24:42 CDT 2005

On Fri, 29 Apr 2005 20:27:55 +0800, lecter <2@2.com> wrote:

> Windows XP SP2, the administrator account want to restrict limited
>account only visiting several dedicated websites, and forbidden the
>limited account visit all the rest websites!
> My ideal is that disable quering DNC server, and mapping the IP
>addresses to host names only which I allow the limited account to
>visit......
> But the drawback is that the limited account user can input the IP
>address directly in browser!
> Maybe there have other methods to accomplish the hard work!

This is the function of a proxy server. For just a single home user
though, try products like:

http://www.netnanny.com/
http://www.cyberpatrol.com/

Jeff
Top

Re: how to restrict limited user only visiting several websites by lecter

lecter
Fri Apr 29 20:36:40 CDT 2005

What's NTA firewall?
Does Cyber Sitter or Net Nanny password protected?

On Fri, 29 Apr 2005 08:58:36 -0500, "Phillip Windell" <@.> wrote:

>Not with XP.
>
>This is done with NAT Firewalls or Proxy Servers. It is not done on local
>machines, unless you want to get something like Cyber Sitter or Net Nanny or
>some other kind of "babysitter" application.


__
Lecter
- "Trust No One!"
Top

Re: how to restrict limited user only visiting several websites by Malke

Malke
Fri Apr 29 21:52:05 CDT 2005

lecter wrote:

> What's NTA firewall?
> Does Cyber Sitter or Net Nanny password protected?

Why not go to their websites and see? I used Google and came up with
these urls for those products:

http://www.netnanny.com/
http://www.cybersitter.com/

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
Top

Re: how to restrict limited user only visiting several websites by v-haozou

v-haozou
Sat Apr 30 03:50:25 CDT 2005

Hello Lecter,



Thank you for posting in the Windows XP VAP newsgroup!



From your post, my understanding on this issue is: You wanna know how to
restrict limited user only visiting several dedicated websites. If I'm off
base, please feel free to let me know.



Per your request, we believe that firewall product is the best choice . By
using firewall such as Microsoft ISA Server, you can control the users'
access flexibly. You can create a network object for those dedicated
websites, and then make an access rule to allow the limited accounts access
those websites.



For more information about Microsoft ISA Server, please visit:

http://www.microsoft.com/isaserver/default.mspx



Thanks for the help from Steven L Umbach,Phillip Windell and Jeff. You can
also try their suggestions.



Please let me know if you have any other concerns, or need anything else.





Kenxl Zou, MCSE

Microsoft Online Partner Support



Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

Top

Re: how to restrict limited user only visiting several websites by lecter

lecter
Mon May 02 03:40:47 CDT 2005

hi, thank you for your info, Zou.
Here is the background of my story:
I have 14 computers under a PEER - TO - PEER LAN. All of the 14
computers connect to a Switch HUB.
So there is no need to install Microsoft ISA Server consider the cost!
(and the Switch is out of my control......)

Maybe I should install Proxy Server in one of the computers and
redirect IE to the Proxy Server in other comuputers......

On Sat, 30 Apr 2005 08:50:25 GMT, v-haozou@online.microsoft.com (Kenxl
Zou (MSFT)) wrote:

>Hello Lecter,
>
>
>
>Thank you for posting in the Windows XP VAP newsgroup!
>
>
>
>From your post, my understanding on this issue is: You wanna know how to
>restrict limited user only visiting several dedicated websites. If I'm off
>base, please feel free to let me know.
>
>
>
>Per your request, we believe that firewall product is the best choice . By
>using firewall such as Microsoft ISA Server, you can control the users'
>access flexibly. You can create a network object for those dedicated
>websites, and then make an access rule to allow the limited accounts access
>those websites.
>
>
>
>For more information about Microsoft ISA Server, please visit:
>
>http://www.microsoft.com/isaserver/default.mspx
>
>
>
>Thanks for the help from Steven L Umbach,Phillip Windell and Jeff. You can
>also try their suggestions.
>
>
>
>Please let me know if you have any other concerns, or need anything else.
>
>
>
>
>
>Kenxl Zou, MCSE
>
>Microsoft Online Partner Support
>
>
>
>Get Secure! - www.microsoft.com/security
>
>=====================================================
>
>When responding to posts, please "Reply to Group" via your newsreader so
>that others may learn and benefit from your issue.
>
>=====================================================
>
>This posting is provided "AS IS" with no warranties, and confers no rights.


__
Lecter
- "Trust No One!"
Top

Re: how to restrict limited user only visiting several websites by Phillip

Phillip
Mon May 02 09:00:30 CDT 2005

NAT = Network Address Translation

Nearly all "firewalls" are NAT based.

NAT and "proxying" are two competing technologies.

Firewalls use NAT and Proxy Servers do "proxying".

Some, like MS ISA Server, combine both into the same product.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"lecter" <2@2.com> wrote in message
news:n6o571h7calf6t7ennaqjadj8bm0mcc6dt@4ax.com...
> What's NTA firewall?
> Does Cyber Sitter or Net Nanny password protected?
>
> On Fri, 29 Apr 2005 08:58:36 -0500, "Phillip Windell" <@.> wrote:
>
> >Not with XP.
> >
> >This is done with NAT Firewalls or Proxy Servers. It is not done on local
> >machines, unless you want to get something like Cyber Sitter or Net Nanny
or
> >some other kind of "babysitter" application.
>
>
> __
> Lecter
> - "Trust No One!"


Top

Re: how to restrict limited user only visiting several websites by Phillip

Phillip
Mon May 02 09:02:24 CDT 2005


"lecter" <2@2.com> wrote in message
news:lsob715rtmntpqgh1f7nmklqdbp5tsa525@4ax.com...
> hi, thank you for your info, Zou.
> Here is the background of my story:
> I have 14 computers under a PEER - TO - PEER LAN. All of the 14
> computers connect to a Switch HUB.
> So there is no need to install Microsoft ISA Server consider the cost!
> (and the Switch is out of my control......)
>
> Maybe I should install Proxy Server in one of the computers and
> redirect IE to the Proxy Server in other comuputers......

That is what ISA is.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


Top

Re: how to restrict limited user only visiting several websites by v-haozou

v-haozou
Tue May 03 02:32:49 CDT 2005

Hello Lecter,

Thank you for your reply.

I believe Proxy Server may not meet your requirement. Proxy Server can only
work as the web cache to your clients if there is only one NIC installed on
it.
Users still can input the IP address directly in their browsers.

Please let me know if you have any other concerns, or need anything else.



Kenxl Zou, MCSE
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| From: lecter <2@2.com>
| Subject: Re: how to restrict limited user only visiting several websites
| Date: Mon, 02 May 2005 16:40:47 +0800
| Message-ID: <lsob715rtmntpqgh1f7nmklqdbp5tsa525@4ax.com>
| References: <0a8471tsap6v2l8t9qrkopdbsjr44158j0@4ax.com>
<ucHcKOMTFHA.2128@TK2MSFTNGP15.phx.gbl>
<n6o571h7calf6t7ennaqjadj8bm0mcc6dt@4ax.com>
<bbWEoGWTFHA.2476@TK2MSFTNGXA01.phx.gbl>
| X-Newsreader: Forte Free Agent 1.93/32.576 English (American)
| MIME-Version: 1.0
| Content-Type: text/plain; charset=us-ascii
| Content-Transfer-Encoding: 7bit
| Newsgroups: microsoft.public.security
| NNTP-Posting-Host: 218.88.130.112
| Lines: 1
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.security:23367
| X-Tomcat-NG: microsoft.public.security
|
| hi, thank you for your info, Zou.
| Here is the background of my story:
| I have 14 computers under a PEER - TO - PEER LAN. All of the 14
| computers connect to a Switch HUB.
| So there is no need to install Microsoft ISA Server consider the cost!
| (and the Switch is out of my control......)
|
| Maybe I should install Proxy Server in one of the computers and
| redirect IE to the Proxy Server in other comuputers......
|
| On Sat, 30 Apr 2005 08:50:25 GMT, v-haozou@online.microsoft.com (Kenxl
| Zou (MSFT)) wrote:
|
| >Hello Lecter,
| >
| >
| >
| >Thank you for posting in the Windows XP VAP newsgroup!
| >
| >
| >
| >From your post, my understanding on this issue is: You wanna know how to
| >restrict limited user only visiting several dedicated websites. If I'm
off
| >base, please feel free to let me know.
| >
| >
| >
| >Per your request, we believe that firewall product is the best choice .
By
| >using firewall such as Microsoft ISA Server, you can control the users'
| >access flexibly. You can create a network object for those dedicated
| >websites, and then make an access rule to allow the limited accounts
access
| >those websites.
| >
| >
| >
| >For more information about Microsoft ISA Server, please visit:
| >
| >http://www.microsoft.com/isaserver/default.mspx
| >
| >
| >
| >Thanks for the help from Steven L Umbach,Phillip Windell and Jeff. You
can
| >also try their suggestions.
| >
| >
| >
| >Please let me know if you have any other concerns, or need anything else.
| >
| >
| >
| >
| >
| >Kenxl Zou, MCSE
| >
| >Microsoft Online Partner Support
| >
| >
| >
| >Get Secure! - www.microsoft.com/security
| >
| >=====================================================
| >
| >When responding to posts, please "Reply to Group" via your newsreader so
| >that others may learn and benefit from your issue.
| >
| >=====================================================
| >
| >This posting is provided "AS IS" with no warranties, and confers no
rights.
|
|
| __
| Lecter
| - "Trust No One!"
|

Top

Re: how to restrict limited user only visiting several websites by Phillip

Phillip
Tue May 03 08:44:57 CDT 2005

"Kenxl Zou (MSFT)" <v-haozou@online.microsoft.com> wrote in message
news:JxbXnJ7TFHA.2184@TK2MSFTNGXA01.phx.gbl...
> Hello Lecter,
>
> Thank you for your reply.
>
> I believe Proxy Server may not meet your requirement. Proxy Server can
only
> work as the web cache to your clients if there is only one NIC installed
on
> it.
> Users still can input the IP address directly in their browsers.

Putting the IP# directly into the browser won't do anything different. It
will still go through Proxy2 even in caching mode (one nic). The only way
to not use the proxy would be to remove the proxy settings from the browser.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


Top

Re: how to restrict limited user only visiting several websites by lecter

lecter
Wed May 04 22:23:43 CDT 2005

I can forbidden the limited accounts to touch the tools option in IE
by group policy.....?

On Tue, 3 May 2005 08:44:57 -0500, "Phillip Windell" <@.> wrote:

>"Kenxl Zou (MSFT)" <v-haozou@online.microsoft.com> wrote in message
>news:JxbXnJ7TFHA.2184@TK2MSFTNGXA01.phx.gbl...
>> Hello Lecter,
>>
>> Thank you for your reply.
>>
>> I believe Proxy Server may not meet your requirement. Proxy Server can
>only
>> work as the web cache to your clients if there is only one NIC installed
>on
>> it.
>> Users still can input the IP address directly in their browsers.
>
>Putting the IP# directly into the browser won't do anything different. It
>will still go through Proxy2 even in caching mode (one nic). The only way
>to not use the proxy would be to remove the proxy settings from the browser.


__
Lecter
- "Trust No One!"
Top

Re: how to restrict limited user only visiting several websites by v-haozou

v-haozou
Sun May 08 21:45:45 CDT 2005

Hello Lecter,

Thank you for your reply.

You can config local group policy to disable the "connections" tab in
"Internet Options". But this will apply to all the local user accounts.

Please let me know if you have any other concerns, or need anything else.


Kenxl Zou, MCSE
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: lecter <2@2.com>
| Subject: Re: how to restrict limited user only visiting several websites
| Date: Thu, 05 May 2005 11:23:43 +0800
| Message-ID: <6a4j71pkamrqplui2uh29oqc62hj6fh8qu@4ax.com>
| References: <0a8471tsap6v2l8t9qrkopdbsjr44158j0@4ax.com>
<ucHcKOMTFHA.2128@TK2MSFTNGP15.phx.gbl>
<n6o571h7calf6t7ennaqjadj8bm0mcc6dt@4ax.com>
<bbWEoGWTFHA.2476@TK2MSFTNGXA01.phx.gbl>
<lsob715rtmntpqgh1f7nmklqdbp5tsa525@4ax.com>
<JxbXnJ7TFHA.2184@TK2MSFTNGXA01.phx.gbl>
<#D#UWZ#TFHA.3308@TK2MSFTNGP14.phx.gbl>
| X-Newsreader: Forte Free Agent 1.93/32.576 English (American)
| MIME-Version: 1.0
| Content-Type: text/plain; charset=us-ascii
| Content-Transfer-Encoding: 7bit
| Newsgroups: microsoft.public.security
| NNTP-Posting-Host: 218.88.133.29
| Lines: 1
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.security:23477
| X-Tomcat-NG: microsoft.public.security
|
| I can forbidden the limited accounts to touch the tools option in IE
| by group policy.....?
|
| On Tue, 3 May 2005 08:44:57 -0500, "Phillip Windell" <@.> wrote:
|
| >"Kenxl Zou (MSFT)" <v-haozou@online.microsoft.com> wrote in message
| >news:JxbXnJ7TFHA.2184@TK2MSFTNGXA01.phx.gbl...
| >> Hello Lecter,
| >>
| >> Thank you for your reply.
| >>
| >> I believe Proxy Server may not meet your requirement. Proxy Server can
| >only
| >> work as the web cache to your clients if there is only one NIC
installed
| >on
| >> it.
| >> Users still can input the IP address directly in their browsers.
| >
| >Putting the IP# directly into the browser won't do anything different. It
| >will still go through Proxy2 even in caching mode (one nic). The only
way
| >to not use the proxy would be to remove the proxy settings from the
browser.
|
|
| __
| Lecter
| - "Trust No One!"
|

Top

Re: how to restrict limited user only visiting several websites by v-haozou

v-haozou
Tue May 10 01:41:43 CDT 2005

Hi Lecter,

Just checking in to see if the suggestions were helpful. Please let us know
if you would like further assistance.

Have a great day!

Kenxl Zou, MCSE
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| X-Tomcat-ID: 43718119
| References: <0a8471tsap6v2l8t9qrkopdbsjr44158j0@4ax.com>
<ucHcKOMTFHA.2128@TK2MSFTNGP15.phx.gbl>
<n6o571h7calf6t7ennaqjadj8bm0mcc6dt@4ax.com>
<bbWEoGWTFHA.2476@TK2MSFTNGXA01.phx.gbl>
<lsob715rtmntpqgh1f7nmklqdbp5tsa525@4ax.com>
<JxbXnJ7TFHA.2184@TK2MSFTNGXA01.phx.gbl>
<#D#UWZ#TFHA.3308@TK2MSFTNGP14.phx.gbl>
<6a4j71pkamrqplui2uh29oqc62hj6fh8qu@4ax.com>
| MIME-Version: 1.0
| Content-Type: text/plain
| Content-Transfer-Encoding: 7bit
| From: v-haozou@online.microsoft.com (Kenxl Zou (MSFT))
| Organization: Microsoft
| Date: Mon, 09 May 2005 02:45:45 GMT
| Subject: Re: how to restrict limited user only visiting several websites
| X-Tomcat-NG: microsoft.public.security
| Message-ID: <5Ffj2EEVFHA.3052@TK2MSFTNGXA01.phx.gbl>
| Newsgroups: microsoft.public.security
| Lines: 65
| Path: TK2MSFTNGXA01.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.security:23597
| NNTP-Posting-Host: TOMCATIMPORT1 10.201.218.122
|
| Hello Lecter,
|
| Thank you for your reply.
|
| You can config local group policy to disable the "connections" tab in
| "Internet Options". But this will apply to all the local user accounts.
|
| Please let me know if you have any other concerns, or need anything else.
|
|
| Kenxl Zou, MCSE
| Microsoft Online Partner Support
|
| Get Secure! - www.microsoft.com/security
| =====================================================
| When responding to posts, please "Reply to Group" via your newsreader so
| that others may learn and benefit from your issue.
| =====================================================
| This posting is provided "AS IS" with no warranties, and confers no
rights.
| --------------------
| | From: lecter <2@2.com>
| | Subject: Re: how to restrict limited user only visiting several websites
| | Date: Thu, 05 May 2005 11:23:43 +0800
| | Message-ID: <6a4j71pkamrqplui2uh29oqc62hj6fh8qu@4ax.com>
| | References: <0a8471tsap6v2l8t9qrkopdbsjr44158j0@4ax.com>
| <ucHcKOMTFHA.2128@TK2MSFTNGP15.phx.gbl>
| <n6o571h7calf6t7ennaqjadj8bm0mcc6dt@4ax.com>
| <bbWEoGWTFHA.2476@TK2MSFTNGXA01.phx.gbl>
| <lsob715rtmntpqgh1f7nmklqdbp5tsa525@4ax.com>
| <JxbXnJ7TFHA.2184@TK2MSFTNGXA01.phx.gbl>
| <#D#UWZ#TFHA.3308@TK2MSFTNGP14.phx.gbl>
| | X-Newsreader: Forte Free Agent 1.93/32.576 English (American)
| | MIME-Version: 1.0
| | Content-Type: text/plain; charset=us-ascii
| | Content-Transfer-Encoding: 7bit
| | Newsgroups: microsoft.public.security
| | NNTP-Posting-Host: 218.88.133.29
| | Lines: 1
| | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.security:23477
| | X-Tomcat-NG: microsoft.public.security
| |
| | I can forbidden the limited accounts to touch the tools option in IE
| | by group policy.....?
| |
| | On Tue, 3 May 2005 08:44:57 -0500, "Phillip Windell" <@.> wrote:
| |
| | >"Kenxl Zou (MSFT)" <v-haozou@online.microsoft.com> wrote in message
| | >news:JxbXnJ7TFHA.2184@TK2MSFTNGXA01.phx.gbl...
| | >> Hello Lecter,
| | >>
| | >> Thank you for your reply.
| | >>
| | >> I believe Proxy Server may not meet your requirement. Proxy Server
can
| | >only
| | >> work as the web cache to your clients if there is only one NIC
| installed
| | >on
| | >> it.
| | >> Users still can input the IP address directly in their browsers.
| | >
| | >Putting the IP# directly into the browser won't do anything different.
It
| | >will still go through Proxy2 even in caching mode (one nic). The only
| way
| | >to not use the proxy would be to remove the proxy settings from the
| browser.
| |
| |
| | __
| | Lecter
| | - "Trust No One!"
| |
|
|

Top