| Author | Messages | |
shanewilliford
Posts:46
 | | 02/04/2009 9:34 AM |
| If I want to allow a user to only go to a few-several websites and block everything else, what is the best way to do so? Adm Templates or IE Maintenance?
Thanks!
Shane M. Williford
Systems Administrator
MCSE, MCSA Sec, Sec+, Net+, A+
Mazuma Credit Union
9300 Troost
Kansas City, MO 64131
xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
816-361-4194 x6012
________________________________
Notice: The information transmitted in this e-mail may contain confidential and/ or legally privileged information intended only for the use of the individual(s) named above. Review, use, disclosure, distribution, or forwarding of this information by persons or entities other than the intended recipient(s) is prohibited by law and may subject them to criminal or civil liabilities. Statements and opinion expressed in this e-mail may not represent those of Mazuma Credit Union. All e-mail communications through Mazuma's corporate email system are subject to archiving and review by someone other than the recipient. If you have received this communication in error, please notify the sender immediately and delete/destroy any and all copies of the original message from any computer or network system.
| | | |
| darin
Posts:7
| | 02/04/2009 10:27 AM |
| Shane,
We did this by setting a non-existent proxy server and then creating an
exception list for named sites. All of this can be done with Group
Policy. I'm not sure if this is the best way but it was certainly
simple to set up and worked fine for us.
Thanks,
Darin
--------------------------------------------
Darin Cruickshanks
Lab Support Manager, Computing Service
University of Essex
01206 873585
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Shane Williford
Sent: 04 February 2009 14:30
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] Recommendation?
If I want to allow a user to only go to a few-several websites and block
everything else, what is the best way to do so? Adm Templates or IE
Maintenance?
Thanks!
Shane M. Williford
Systems Administrator
MCSE, MCSA Sec, Sec+, Net+, A+
Mazuma Credit Union
9300 Troost
Kansas City, MO 64131
xxxxxxxxxxxxxxxx
816-361-4194 x6012
________________________________
Notice: The information transmitted in this e-mail may contain
confidential and/ or legally privileged information intended only for
the use of the individual(s) named above. Review, use, disclosure,
distribution, or forwarding of this information by persons or entities
other than the intended recipient(s) is prohibited by law and may
subject them to criminal or civil liabilities. Statements and opinion
expressed in this e-mail may not represent those of Mazuma Credit Union.
All e-mail communications through Mazuma's corporate email system are
subject to archiving and review by someone other than the recipient. If
you have received this communication in error, please notify the sender
immediately and delete/destroy any and all copies of the original
message from any computer or network system.
| | | |
| MattWalker
Posts:0
| | 02/04/2009 10:42 AM |
| How can I unsubscribe? I no longer work at the email used and they
would like me to remove from the list since my emails are being
forwarded to another individual in that company.
Thanks!
________________________________
From: Darren Mar-Elia [mailto:xxxxxxxxxxxxxxxx]
Sent: Wednesday, February 04, 2009 10:30 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Recommendation?
A proxy is definitely your best bet. There is support in IE Maintenance
policy for creating allow and deny website lists, in conjunction with
the content ratings feature. I've used that before and it works, but of
course, is only relevant to IE (doesn't support other browsers).
Darren
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Cruickshanks, Darin
Sent: Wednesday, February 04, 2009 7:22 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Recommendation?
Shane,
We did this by setting a non-existent proxy server and then creating an
exception list for named sites. All of this can be done with Group
Policy. I'm not sure if this is the best way but it was certainly
simple to set up and worked fine for us.
Thanks,
Darin
--------------------------------------------
Darin Cruickshanks
Lab Support Manager, Computing Service
University of Essex
01206 873585
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Shane Williford
Sent: 04 February 2009 14:30
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] Recommendation?
If I want to allow a user to only go to a few-several websites and block
everything else, what is the best way to do so? Adm Templates or IE
Maintenance?
Thanks!
Shane M. Williford
Systems Administrator
MCSE, MCSA Sec, Sec+, Net+, A+
Mazuma Credit Union
9300 Troost
Kansas City, MO 64131
xxxxxxxxxxxxxxxx
816-361-4194 x6012
________________________________
Notice: The information transmitted in this e-mail may contain
confidential and/ or legally privileged information intended only for
the use of the individual(s) named above. Review, use, disclosure,
distribution, or forwarding of this information by persons or entities
other than the intended recipient(s) is prohibited by law and may
subject them to criminal or civil liabilities. Statements and opinion
expressed in this e-mail may not represent those of Mazuma Credit Union.
All e-mail communications through Mazuma's corporate email system are
subject to archiving and review by someone other than the recipient. If
you have received this communication in error, please notify the sender
immediately and delete/destroy any and all copies of the original
message from any computer or network system.
| | | |
| mpietrzak
Posts:28
| | 02/04/2009 11:16 AM |
| Neither. This is the best way that I have found. Use IPsec rules. It's VERY simple and can be completed in ten minutes. There's a great walk-through here....
http://www.petri.co.il/block_internet_but_allow_intranet_with_ipsec.htm
http://www.petri.co.il/block_web_browsing_with_ipsec.htm
You can use the top walk-through and just set the policy to allow only the websites you want allowed. I use this technique for some kiosk machines we have.
Good luck and feel free to reply if you have any follow up questions.
Michael
SDSU
________________________________
From: xxxxxxxxxxxxxxxx on behalf of Shane Williford
Sent: Wed 2/4/2009 6:29 AM
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] Recommendation?
If I want to allow a user to only go to a few-several websites and block everything else, what is the best way to do so? Adm Templates or IE Maintenance?
Thanks!
Shane M. Williford
Systems Administrator
MCSE, MCSA Sec, Sec+, Net+, A+
Mazuma Credit Union
9300 Troost
Kansas City, MO 64131
xxxxxxxxxxxxxxxx <mailto:xxxxxxxxxxxxxxxx>
816-361-4194 x6012
________________________________
Notice: The information transmitted in this e-mail may contain confidential and/ or legally privileged information intended only for the use of the individual(s) named above. Review, use, disclosure, distribution, or forwarding of this information by persons or entities other than the intended recipient(s) is prohibited by law and may subject them to criminal or civil liabilities. Statements and opinion expressed in this e-mail may not represent those of Mazuma Credit Union. All e-mail communications through Mazuma's corporate email system are subject to archiving and review by someone other than the recipient. If you have received this communication in error, please notify the sender immediately and delete/destroy any and all copies of the original message from any computer or network system.
| | | |
| shanewilliford
Posts:46
| | 02/04/2009 11:23 AM |
| Thank you all. I've never looked at IP filtering, but looks good...thanks Michael 
Regards.
Shane M. Williford
Systems Administrator
MCSE, MCSA Sec, Sec+, Net+, A+
Mazuma Credit Union
9300 Troost
Kansas City, MO 64131
xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
816-361-4194 x6012
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Michael Pietrzak
Sent: Wednesday, February 04, 2009 10:08 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Recommendation?
Neither. This is the best way that I have found. Use IPsec rules. It's VERY simple and can be completed in ten minutes. There's a great walk-through here....
http://www.petri.co.il/block_internet_but_allow_intranet_with_ipsec.htm
http://www.petri.co.il/block_web_browsing_with_ipsec.htm
You can use the top walk-through and just set the policy to allow only the websites you want allowed. I use this technique for some kiosk machines we have.
Good luck and feel free to reply if you have any follow up questions.
Michael
SDSU
________________________________
From: xxxxxxxxxxxxxxxx on behalf of Shane Williford
Sent: Wed 2/4/2009 6:29 AM
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] Recommendation?
If I want to allow a user to only go to a few-several websites and block everything else, what is the best way to do so? Adm Templates or IE Maintenance?
Thanks!
Shane M. Williford
Systems Administrator
MCSE, MCSA Sec, Sec+, Net+, A+
Mazuma Credit Union
9300 Troost
Kansas City, MO 64131
xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
816-361-4194 x6012
________________________________
Notice: The information transmitted in this e-mail may contain confidential and/ or legally privileged information intended only for the use of the individual(s) named above. Review, use, disclosure, distribution, or forwarding of this information by persons or entities other than the intended recipient(s) is prohibited by law and may subject them to criminal or civil liabilities. Statements and opinion expressed in this e-mail may not represent those of Mazuma Credit Union. All e-mail communications through Mazuma's corporate email system are subject to archiving and review by someone other than the recipient. If you have received this communication in error, please notify the sender immediately and delete/destroy any and all copies of the original message from any computer or network system.
| | | |
| jeromelcruz
Posts:123
| | 02/04/2009 6:47 PM |
| I'm going to agree with Michael... IPSEC filters, that sounds like an interesting approach. We had tried the other (proxy), but found that it only works for sites "inside" the intranet of a company (though it works fine if outside). Once you break the proxy...you can only get to Intranet locations and that had not been our goal (limit device 'on the intranet' to just a few locations 'outside on the internet'). We had been looking at developing some custom BHO (Browser Helper Objects) to perform the actions when the requirement went away.
I'm definitely going to investigate the links Michael noted...sounds VERY interesting.
Jerry Cruz | Group Policies Product Manager | Windows Infrastructure Architecture | CNO | Boeing IT
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Shane Williford
Sent: Wednesday, February 04, 2009 8:16 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Recommendation?
Thank you all. I've never looked at IP filtering, but looks good...thanks Michael
Regards.
Shane M. Williford
Systems Administrator
MCSE, MCSA Sec, Sec+, Net+, A+
Mazuma Credit Union
9300 Troost
Kansas City, MO 64131
xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
816-361-4194 x6012
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Michael Pietrzak
Sent: Wednesday, February 04, 2009 10:08 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Recommendation?
Neither. This is the best way that I have found. Use IPsec rules. It's VERY simple and can be completed in ten minutes. There's a great walk-through here....
http://www.petri.co.il/block_internet_but_allow_intranet_with_ipsec.htm
http://www.petri.co.il/block_web_browsing_with_ipsec.htm
You can use the top walk-through and just set the policy to allow only the websites you want allowed. I use this technique for some kiosk machines we have.
Good luck and feel free to reply if you have any follow up questions.
Michael
SDSU
________________________________
From: xxxxxxxxxxxxxxxx on behalf of Shane Williford
Sent: Wed 2/4/2009 6:29 AM
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] Recommendation?
If I want to allow a user to only go to a few-several websites and block everything else, what is the best way to do so? Adm Templates or IE Maintenance?
Thanks!
Shane M. Williford
Systems Administrator
MCSE, MCSA Sec, Sec+, Net+, A+
Mazuma Credit Union
9300 Troost
Kansas City, MO 64131
xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
816-361-4194 x6012
________________________________
Notice: The information transmitted in this e-mail may contain confidential and/ or legally privileged information intended only for the use of the individual(s) named above. Review, use, disclosure, distribution, or forwarding of this information by persons or entities other than the intended recipient(s) is prohibited by law and may subject them to criminal or civil liabilities. Statements and opinion expressed in this e-mail may not represent those of Mazuma Credit Union. All e-mail communications through Mazuma's corporate email system are subject to archiving and review by someone other than the recipient. If you have received this communication in error, please notify the sender immediately and delete/destroy any and all copies of the original message from any computer or network system.
| | | |
| JamieNelson
Posts:0
| | 02/05/2009 9:37 PM |
| I like the solution as well. I think Michael brought it up awhile back
but I haven't had a chance or need to really look at it. Agree that is
sounds very interesting.
You can also use a PAC file. Little bit more of a pain to setup and
manage, but you get a lot of flexibility that way.
Jamie Nelson | Operations Consultant | BI&T Infrastructure-Intel | Devon
Energy Corporation | Work: 405.552.8054 | Mobile: 405.200.8088 |
http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Cruz, Jerome L
Sent: Wednesday, February 04, 2009 5:43 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Recommendation?
I'm going to agree with Michael... IPSEC filters, that sounds like an
interesting approach. We had tried the other (proxy), but found that it
only works for sites "inside" the intranet of a company (though it works
fine if outside). Once you break the proxy...you can only get to
Intranet locations and that had not been our goal (limit device 'on the
intranet' to just a few locations 'outside on the internet'). We had
been looking at developing some custom BHO (Browser Helper Objects) to
perform the actions when the requirement went away.
I'm definitely going to investigate the links Michael noted...sounds
VERY interesting.
Jerry Cruz | Group Policies Product Manager | Windows Infrastructure
Architecture | CNO | Boeing IT
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Shane Williford
Sent: Wednesday, February 04, 2009 8:16 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Recommendation?
Thank you all. I've never looked at IP filtering, but looks
good...thanks Michael J
Regards.
Shane M. Williford
Systems Administrator
MCSE, MCSA Sec, Sec+, Net+, A+
Mazuma Credit Union
9300 Troost
Kansas City, MO 64131
xxxxxxxxxxxxxxxx
816-361-4194 x6012
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Michael Pietrzak
Sent: Wednesday, February 04, 2009 10:08 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Recommendation?
Neither. This is the best way that I have found. Use IPsec rules. It's
VERY simple and can be completed in ten minutes. There's a great
walk-through here....
http://www.petri.co.il/block_internet_but_allow_intranet_with_ipsec.htm
http://www.petri.co.il/block_web_browsing_with_ipsec.htm
You can use the top walk-through and just set the policy to allow only
the websites you want allowed. I use this technique for some kiosk
machines we have.
Good luck and feel free to reply if you have any follow up questions.
Michael
SDSU
________________________________
From: xxxxxxxxxxxxxxxx on behalf of Shane Williford
Sent: Wed 2/4/2009 6:29 AM
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] Recommendation?
If I want to allow a user to only go to a few-several websites and block
everything else, what is the best way to do so? Adm Templates or IE
Maintenance?
Thanks!
Shane M. Williford
Systems Administrator
MCSE, MCSA Sec, Sec+, Net+, A+
Mazuma Credit Union
9300 Troost
Kansas City, MO 64131
xxxxxxxxxxxxxxxx
816-361-4194 x6012
________________________________
Notice: The information transmitted in this e-mail may contain
confidential and/ or legally privileged information intended only for
the use of the individual(s) named above. Review, use, disclosure,
distribution, or forwarding of this information by persons or entities
other than the intended recipient(s) is prohibited by law and may
subject them to criminal or civil liabilities. Statements and opinion
expressed in this e-mail may not represent those of Mazuma Credit Union.
All e-mail communications through Mazuma's corporate email system are
subject to archiving and review by someone other than the recipient. If
you have received this communication in error, please notify the sender
immediately and delete/destroy any and all copies of the original
message from any computer or network system.
Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged.
If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of all or any portion of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system.
| | | |
|
|