securing internet explorer access

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

i have windows 2000 server, and windows 2000 sp4 workstations.

i need to know if i can limit IE access thru group policy, and what kind of stuff i can limit someone to do. can i also set things like history retention limits etc, and if so how? is there a way to limit the sites someone visits to only approved sites? if so do i need to give it a list of approved sites?

final question, is there away to limit someone's A drive? no one has cd rw's, but everyone has an A drive. i wish to prevent anyone from offloading any data on disk.

thank you

jim
 
1. An inefficient way is to use IE in securing access. IE have a builtin
filtering system but it lacks features. If your company is big enough, thing
of deploying some filtering software.

2. GPO can be used to limit functions in IE.


James Carney said:
i have windows 2000 server, and windows 2000 sp4 workstations.

i need to know if i can limit IE access thru group policy, and what kind
of stuff i can limit someone to do. can i also set things like history
retention limits etc, and if so how? is there a way to limit the sites
someone visits to only approved sites? if so do i need to give it a list of
approved sites?
final question, is there away to limit someone's A drive? no one has cd
rw's, but everyone has an A drive. i wish to prevent anyone from offloading
any data on disk.
 
Patrick, i tried using the content filtering in group policies, but was not really pleased with the overall results.
for people to be able to use most websits i almost need to be able to enable "allow unrated websites", and i don't want to really do that, but i will if need be.

the problem i ran into is that a company like dell, has several domain names. www.dell.com or www1.us.dell.com
etc. so you have to add each one to the allowed list. in order for them to not be blocked. now i supposed i can do this over time, as users submit sites to me that they need.

i am not as much worried about people visitng sites with inappropriate content but more so them visiting sites during work hours that are not work related. so i want a broad scope of blocking. which leads me to two questions

one is content advisor really the only way i can block withing group policy?

if so, is there away for me to monitor the sites people are hitting, so i can then add them to the deny list. i could then enable unrated websites, and simply take out sites people try to use.

thank you for your comments.
jim
 
Symantec Web Security (is included as part of the Symantec Anti-Virus
Enterprise Edition)
http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=60&EID=0

I'm using it and it works wonders, can track sites visited, flag them,
tracking based on user (ties into the NT user database), machine IP, can
block sites, has explicit allow/deny lists, Symantec maintains the site
lists to block/allow, can block downloads (like .exe files) will scan for
viruses on downloads, can do time events. I was really amazed at what it
can do.

I have in implemented as a proxy server with the IE proxy server settings
set using the GPO and the they are user disabled so they cannot be turned
off.

Lee


James Carney said:
Patrick, i tried using the content filtering in group policies, but was
not really pleased with the overall results.
for people to be able to use most websits i almost need to be able to
enable "allow unrated websites", and i don't want to really do that, but i
will if need be.
the problem i ran into is that a company like dell, has several domain
names. www.dell.com or www1.us.dell.com
etc. so you have to add each one to the allowed list. in order for them to
not be blocked. now i supposed i can do this over time, as users submit
sites to me that they need.
i am not as much worried about people visitng sites with inappropriate
content but more so them visiting sites during work hours that are not work
related. so i want a broad scope of blocking. which leads me to two
questions
one is content advisor really the only way i can block withing group policy?

if so, is there away for me to monitor the sites people are hitting, so i
can then add them to the deny list. i could then enable unrated websites,
and simply take out sites people try to use.
 
Back
Top