[windows2000] Re: Blocking Internet Access On A Schedule THE SOLU TION - formerly Re: Re: Blocking Internet Browsing from Explorer.exe
- From: "Sullivan, Glenn" <GSullivan@xxxxxxxxxxxxxx>
- To: "'windows2000@xxxxxxxxxxxxx'" <windows2000@xxxxxxxxxxxxx>
- Date: Mon, 1 Dec 2003 11:35:55 -0500
Does the proxy server not do authentication?
I have a proxy server here (ISA server) that allows me to give access by IP
address, hostname, username, and even user agent string, if want to be that
anal...
This all reminds me of a saying repeated often on the Exchange list:
"There are seldom good Technological Solutions for Behavioral Problems." -
Ed Crowley.
Glenn Sullivan, MCSE+I MCDBA
David Clark Company Inc.
-----Original Message-----
From: Mark Lee [mailto:marklee15@xxxxxxxxx]
Sent: Monday, December 01, 2003 10:42 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: Blocking Internet Access On A Schedule THE SOLU
TION - formerly Re: Re: Blocking Internet Browsing from Explorer.exe
Glenn,
Nice points !
Users only have read access to the hosts file on NTFS !
All IE menu options (& reg editing) are blocked via policy, therefore, proxy
settings cannot be changed.
Non Admin owned EXE's (incl. .KIX,.CMD,.BAT etc) cannot be launched by
normal users either (stops unauthorised app usage incl. mini browsers and
reg editors) and as for offline storage of a website; that would fill their
disk quota up (assuming they have enought quota anyway!) leaving no space
for real work !
Let's face it (& most of us were students at one time or another!) , at the
end of the day, students are out to get round any network security any way
they can to acheive thier aim - in this case usually playing games or
disrupting lessons so we stop em whenever they find something new !
The internet connection is secured behind a firewall and seperate proxy
server with all PC's on internal IP's and no NAT so they have to use the
proxy ! At the end of the day we just wanna stop net browsing in a
classroom for a hour or so and it work's fine !!!
- Mark
"Sullivan, Glenn" <GSullivan@xxxxxxxxxxxxxx> wrote:
What if someone gets smart and modifies the hosts file themselves?
Or changes the proxy settings to an IP address instead of a host-name?
Or makes a web site (the entire thing) available offline, for browsing while
the hosts file is screwed?
I'm with Ray on this one... secure the "data" (the internet connection) and
not the program accessing the data...
But it IS fun to f' with students sometimes... ;-)
Glenn Sullivan, MCSE+I MCDBA
David Clark Company Inc.
-----Original Message-----
From: Mark Lee [mailto:marklee15@xxxxxxxxx]
Sent: Friday, November 28, 2003 4:39 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Blocking Internet Access On A Schedule THE SOLUTION -
formerly Re: Re: Blocking Internet Browsing from Explorer.exe
Ok Folks, as posted yesterday here's what we did.
1. Wrote a small EXE called BLOCKDNS.EXE which takes a few params but
basically adds and entry from command line to the windows hosts file
2. All IE browsers etc. are forced by policy to use a web proxy, but
bypassed for internal intranet
3. All PC's on internal IP so cannot directly surf anyways !
4. On schedule BLOCKDNS.EXE is called to add/remove 127.0.0.1 to hosts file
with our FQDN for the web proxy (might also want to call ipconfig /flushdns
to be 100% sure cached entries are gone)
This way, IE can still be used internally to access our Intranet etc. but
cannot see the proxy, therefore, cannot see the outside world ! This works
like a charm, students hate us even more now, staff think it's cool !
Mark.
_____
Download
<http://uk.rd.yahoo.com/mail/tagline_messenger/*http://download.yahoo.com/dl
/intl/ymsgruk.exe> Yahoo! Messenger now for a chance to WIN
<http://uk.rd.yahoo.com/mail/tagline_messenger/*http://messenger.promotions.
yahoo.com/rwuk> Robbie Williams "Live At Knebworth DVD"
_____
Download
<http://uk.rd.yahoo.com/mail/tagline_messenger/*http://download.yahoo.com/dl
/intl/ymsgruk.exe> Yahoo! Messenger now for a chance to WIN
<http://uk.rd.yahoo.com/mail/tagline_messenger/*http://messenger.promotions.
yahoo.com/rwuk> Robbie Williams "Live At Knebworth DVD"
Other related posts:
