• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Restricting websites with group policy

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> General Security Discussion

View previous topic :: View next topic  
Author Message
alanterrill
Just Arrived
Just Arrived


Joined: 12 May 2010
Posts: 0


Offline

PostPosted: Wed May 12, 2010 2:55 pm    Post subject: Restricting websites with group policy Reply with quote

Hi - I came across this site when searching for advice on how to restrict access to websites and found Derek Melber's article 'Restricting Specific Web Sites in Internet Explorer Using Group Policy' I tried it and it didn't work! I made a GP called Website Restrictions, followed the article and set facebook and twitter as restricted sites. I then attached the policy to a couple of active directory groups and tried accessing those sites. Sure enough they were blocked, but so were all other sites. I just got a 'page unavailable' on most sites with a specific message about the site being blocked on facebook only. On one PC as soon as I opened IE I got the message 'an error occurred while the rating system c:\windows\system32\icrav03.rat was being loaded.
Any idea what I'm doing wrong?
I was confused by what the article said about the version of IE being the same as the one on the PCs you are trying to control. I was setting up the policy on an XP machine with IE7 using a remote session to the server. However, the server on which the GP sits has IE8 -which one would it pick up? And how do I set the policy up to cope with both IE7 and IE8 as I can't stop people accepting Microsoft's upgrade screens which keep popping up, so I have a mixture of both?
Back to top
View user's profile Send private message
eladl
Forum Fanatic
Forum Fanatic


Joined: 25 Mar 2010
Posts: 16777215


Offline

PostPosted: Mon May 17, 2010 2:28 am    Post subject: Reply with quote

I do not believe in making this type of restriction in IE. The best place to restrict network access is in your firewall.

If you restrict IE, anyone with a live CD can push it in their CD drive and access wherever they want.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
alanterrill
Just Arrived
Just Arrived


Joined: 12 May 2010
Posts: 0


Offline

PostPosted: Mon May 17, 2010 10:12 am    Post subject: Reply with quote

My users are not very computer literate so I'm not worried about them finding ways around it. I'm more concerned with keeping management happy that I've made some effort to stop staff wasting time on facebook without costing us a couple of thousand on a hardware solution. I can ban sites through the firewall but we do have a fundraising department that uses facebook for fundraising purposes, so a GP policy that can be applied selectively is far more useful that a firewall total ban.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> General Security Discussion All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register