The company I work for has a client that is a small public library. this is a domain environment. The last time I was onsite they asked me about limiting 2 of their computers to a single website. these computers are for patrons to access the library's catalog system through the library's website. They are reporting teenagers are using the 2nd catalog machine to access inappropriate websites. The library wants these machines to only be able to access the library website and no others. I know this is possible, im just not sure how to do it in their environment. I have access to all accounts, so i can make changes to group policy if need be. if anyone can help me solve this it would be greatly appreciated. I have tried editing the hosts file with no luck. Their group policy had windows firewall disabled, so changed it so that i could enable it on those machines, but then didnt find a way to limit access with windows firewall. Their server is windows server 2012 and the workstations are windows xp.
How can i limit a computer to accessing only 1 approved website?
- Thread starter LouieArbs
- Start date
Solution
- Nov 7, 2011
- 73,291
- 3,851
- 176,290
- Apr 6, 2009
- 54,206
- 3,413
- 179,340
You might also be able to restrict those clients via the router to only access the desired website. Tying to the MAC address of those clients would prevent any bypassing of security at the client itself (if that is what the teens are doing).
the teens are not bypassing any security, they are just using the catalog computer in the back of the library to view naughty stuff without the staff being able to see. the other computers make the users register for a session with their library card but these 2 machines do not
- Apr 6, 2009
- 54,206
- 3,413
- 179,340
Understood. Many public libraries have this sort of issue. Is this library in the USA? I am just wondering as all sorts of First Amendment arguments get tossed into these sorts of discussions by some folks.
Whitelisting, MAC filtering and re-direction, and monitoring software can assist with keeping this under control.
http://www1.k9webprotection.com/
Whitelisting, MAC filtering and re-direction, and monitoring software can assist with keeping this under control.
http://www1.k9webprotection.com/
Yep it is in the USA. All the other computers from what i understand, users can basically look at what ever they want, so its not really a first amendment issue. these 2 machines are just supposed to be used for interacting with the library by reserving books, looking up books in the catalog, and reserving computer time. that is all ran through their web site. personally i think a better design would be to write an app that does all that on the local machine and interact with the server and then lock down the machines so only that app is able to run.
- Apr 6, 2009
- 54,206
- 3,413
- 179,340
You could simply configure the IP address settings on the clients to not "see" the Internet (remove the gateway address) or restrict to local addresses only.
As stated earlier, there are several ways to skin this cat.
As stated earlier, there are several ways to skin this cat.
- Aug 24, 2012
- 16,247
- 1,516
- 87,240
Why not configure a proxy to block all but the allowed addresses, create a new group in AD, and assign both the proxy and the two machines to that group.
TRENDING THREADS
-
-
-
Discussion What's your favourite video game you've been playing?- Started by amdfangirl
- Replies: 3K
-
Question Can I just upgrade my graphics card or should I be upgrading my processor as well for UE5?- Started by Tolstoy1990
- Replies: 11
-
Question Microsoft Defender found Trojans on my PC- Started by Tommy Sawyer
- Replies: 4
-
Facebook
Twitter
Instagram