Block One URL in Group Policy

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Is it possible to block users from going to a particular website in group
policy? I need to restrict access to one website on a group of citrix servers
(windows 2000), but allow other IE access. Any ideas? Thank you in advance.
 
Hi,

Actually there is a whole entire other server to do this. Windows ISA
server. It isn't cheap though. Best bet is to get a free Linux Firewall. You
might be able to do it on the router if you know the IP.

Cheers,

Lara
 
Hi

If you run internal DNS , which I assume you do then youcan just redirect that site to whatever you want. I couldnt find a gpo for this but i am not very observant!

you could use the local hosts file too if there arent too many machines

HTH

S
 
=?Utf-8?B?bGZvcmJlcw==?= said:
Hi,

Actually there is a whole entire other server to do this. Windows ISA
server. It isn't cheap though. Best bet is to get a free Linux Firewall.
You might be able to do it on the router if you know the IP.
Click to expand...

If the intention is just to block a *single* site you could create a bogus
entry in the DNS or host file that points to a non-existent IP address.
 
Hi Andrew,

I have a question about this? I have tried everything to create a DNS entry
in my Windows 2003 DNS that DIDN'T have my DNS extension. As far as I can
figure it is not possible. Everytime I create an alias or a host etc, it
automatically adds my DNS extension mydomain.local Therefore how would you
do what you suggested like create a DNS entry for www.hotmail.com?

Thanks

Lara
 
=?Utf-8?B?bGZvcmJlcw==?= said:
Hi Andrew,

I have a question about this? I have tried everything to create a DNS
entry in my Windows 2003 DNS that DIDN'T have my DNS extension. As far
as I can figure it is not possible. Everytime I create an alias or a
host etc, it automatically adds my DNS extension mydomain.local
Therefore how would you do what you suggested like create a DNS entry
for www.hotmail.com?
Click to expand...

I've done this using BIND in the past, not with the Windows DNS, but from
what I can see it should be possible using a stub zone and conditional
forwarding.
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit
/7f6df44c-06c3-4b92-ba32-63d895a7924b.mspx

In your example you would basically create a zone for hotmail.com with
forwarders pointing to your ISP's DNS servers and an A record for www
pointing to a dummy IP address.
This would cause www.hotmail.com to resolve to the dummy address, but all
other hotmail.com resolution requests to go out the the ISP's DNS.
 
Hi,

Thanks. I actually needed that because I have a Webserver behind my ISA but
with a public web address as well as a private. When authenticating inside my
network to my DNS I wanted it to just go directly rather than out through the
ISA and back in again. I will try it.

Cheers,

Lara
 
Back
Top