Using GPO to restrict external websites

[peaceinusa]

I am attempting to set up a new GPO to accomplish the following:
1. Set the Intranet website as the default site (this has been done).
2. Lockdown the proxy settings and remove the otption to change (thi
has been done).
3. Allow ONLY certain MIS approved external Internet sites to b
available. I cannot have the users accessing anything on the Interne
exept the sites that we have approved.
Is this possible? I have looked all through the GPO settings, an
cannot find a way to do this. Any help would be appreciated


-
peaceinus

 

[Steven Umbach]

There is really no way to do that with a Group Policy setting. The way to do it
would be a firewall type solution where the firewall would be configured to
allow outbound access to only certain websites based on their IP addresses. ISA
server could also do such. If firewall configuration/ISA is out of the question
you could use Group Policy to implement an ipsec filtering policy that would be
a computer configuration and apply to all users that use the computer that the
policy is applied to. Ipsec filtering is a policy that uses only permit and
block filter action - no negotiation of encryption. You could configure a policy
that starts with a block all IP mirrored rule, then add a permit all mirrored
rule for the lan subnet, and finally a rule that has an IP filter list for
allowed exceptions for outbound internet access [tcp ports 80/443] for allowed
sites based on IP addresses of the allowed websites. You can enter the FQDN for
the website while creating the filter list and it will resolve to ip addresses.
See the links below for more information on ipsec filtering. --- Steve

http://www.securityfocus.com/infocus/1559

 

[jaimin]

Hiya

Yes, you can use Browse Control www.browsecontrol.com to do this, it
will allos you to limit access to only specific sotes, e.g. intranet
or work related sites which you specify.

Regards
Divyesh