Leythos said:
That's how OpenDNS works (if you open a [free] account with them).
Rather than have the router configured to use the ISP's DNS server (via
DHCP), configure it by entering the IP addresses for OpenDNS' DNS
servers.
I was considering OpenDNS, and I think they have a client tool that you
can install on the laptop/computer, but I've not had time to look today.
If we had a nice firewall this would be done, already resolved, but,
since the laptop can be in multiple locations I was looking for some
simple software that might work - not having ever used those types of
products I was wondering what others have used.
You need to provide more details.
Laptop, Vista, could be used anywhere, need to limit what sites and
content any user of the laptop can get to. All users would be "limited"
users, none would be local admins.
No domain, no network, just laptop connected into any network they
happen to have handy.
You want a client-side solution (so it moves with the mobile computer).
Well, that sure sounds like you are trying to find censorware (i.e.,
software you install on the host to control to where it can connect).
It also sounds like the abusive users of this laptop are NOT given
limited user accounts or made to share a general-purpose limited user
account. Find some censorware, like NetNanny, install using an admin-
level account, and enable password-protect on the censorware (if it
doesn't already restrict non-admin users from changing its settings).
That won't prevent the abuser from booting using a live CD to load a
different OS (or the same OS but a different instance of it) and use
that to make the Internet visitations to the porn sites. The laptop
owner will need to go into BIOS to enable a BIOS password (to prevent
users from entering the BIOS to make changes), and perhaps even enable
the system password in BIOS (to prevent unwanted users from booting the
laptop to load the OS). Then configure the BIOS to use the hard disk as
the first bootable device (and deselect any other device as a boot
device). The admin for the laptop will probably also want to disable
auto-play in Windows.
I've heard of some censorware, like NetNanny, but never used any.
However, getting back to OpenDNS, you don't have to install any software
to use OpenDNS and you can use it no matter to whose network you happen
to connect at the time. You configure the TCP parameters to use the
OpenDNS server. Whether at someone's home, in the construction trailer,
while travelling, or wherever, that laptop will still be using the
OpenDNS server to resolve IP name-to-address lookups. Because the
laptop will likely be getting a dynamic IP address from whomever's DHCP
server is available on the current network, you need to use a DNS
reporter client on the laptop to tell your OpenDNS account what is your
current IP address. Then when you connect using that IP address,
OpenDNS knows to apply your account's settings to your network traffic.
Obviously the abusive employees must be using a limited user account so
they cannot alter the TCP setup (to revert to DHCP-assigned DNS servers
and get away from using the OpenDNS servers). Since you're talking
about Windows Vista, again, no software install is needed. Just create
a limited user account (LUA) that all the non-admin users must share (or
give them each their own LUA account).
Of course, if the company were really interested in controlling what
their employees do with the company's property, like the laptop, then
they should establish policies and enforce them. To that end, and since
it is the company's property, they could install monitoring software to
see just where their employees are visiting on the Net. I've heard of
SpectorSoft as one vendor of spy software (never used it, though).
