+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 16
How do you do....it? Thread, Blocking Internet in Technical; Im sure this has been asked for, so a link would be just fine and very helpful. This site isn't ...
  1. #1
    goaliepride's Avatar
    Join Date
    Feb 2008
    Posts
    47
    Thank Post
    4
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Blocking Internet

    Im sure this has been asked for, so a link would be just fine and very helpful. This site isn't the easiest to search for things in.

    Does anyone know a good way to block the Internet? So far I've set the IE homepage to something Internet saying they don't have Internet and setting their proxy server to their local machine through a program called desktop authority. This however does zilch for firefox/opera/whatever else.

    any ideas?

    *edit for clarity.

    I would like to ban student access, just a few of them. Right now I have them in an active directory group
    Last edited by goaliepride; 16th June 2008 at 05:08 PM.

  2. #2
    antoeknee's Avatar
    Join Date
    Oct 2007
    Location
    NW
    Posts
    210
    Thank Post
    0
    Thanked 6 Times in 6 Posts
    Rep Power
    15
    I think your question is a little vague.

    Do you want to block for individual user?

    or

    a whole suite for a specific time?

    Low cost on the fly option is BrowseControl, machine level one, selection or all in a suite. For teachers something like Ranger Remote works and they have control for their suite.

    When we get new pupils we drop them in a group called banned which has wrong proxy info. Once we get their signed 'responsible use of the internet' form we remove the group from their profile. We use this to remove internet access to pupils who transgress by adding back into their profile!
    Last edited by antoeknee; 16th June 2008 at 05:09 PM.

  3. #3
    goaliepride's Avatar
    Join Date
    Feb 2008
    Posts
    47
    Thank Post
    4
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I would like to ban student access, just a few of them. Right now I have them in an active directory group

  4. #4
    antoeknee's Avatar
    Join Date
    Oct 2007
    Location
    NW
    Posts
    210
    Thank Post
    0
    Thanked 6 Times in 6 Posts
    Rep Power
    15
    Seems acceptable way to manage this. We don't get too many and just adding or removing the banned group from their 'members of' works well for us.

  5. #5

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,816
    Thank Post
    873
    Thanked 1,675 Times in 1,458 Posts
    Blog Entries
    12
    Rep Power
    444
    What we do is create an OU called “net ban” and on that OU set a group policy to point to a non existent proxy server. Anyone in that OU will not be able to access the internet. Just move the students between this out and the main on when you want to allow and disallow them.

  6. #6
    goaliepride's Avatar
    Join Date
    Feb 2008
    Posts
    47
    Thank Post
    4
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    As I understand it, the problem is that this is a setting for internet explorer, so it does not block say firefox or opera from getting to the Internet.

  7. #7

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,816
    Thank Post
    873
    Thanked 1,675 Times in 1,458 Posts
    Blog Entries
    12
    Rep Power
    444
    Set a software restriction policy so they won’t be able to open them apps when they are put in that OU.

  8. #8
    goaliepride's Avatar
    Join Date
    Feb 2008
    Posts
    47
    Thank Post
    4
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    The problem I see with that is that either you block them by name/where-installed which leaves open name changes and running off flash, or you block them by hash, in which case you better have a hash for every version of every browser.

    I was hoping to have more of a universal no Internet methodology.

    I do appreciate the response (/s) though, thank you

  9. #9

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,816
    Thank Post
    873
    Thanked 1,675 Times in 1,458 Posts
    Blog Entries
    12
    Rep Power
    444
    Do you not run a network version of FF?
    What content filter and proxy server do you use?

  10. #10

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,816
    Thank Post
    873
    Thanked 1,675 Times in 1,458 Posts
    Blog Entries
    12
    Rep Power
    444
    Or you use a startup script to restrict security permissions on the firefox folder in program files for a particular group. Then add users to that group when they are banned.

  11. #11
    goaliepride's Avatar
    Join Date
    Feb 2008
    Posts
    47
    Thank Post
    4
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I don't know what you mean by FF.

    Filtering is done at the county level and is hands off for my group. Proxy is all done via Cisco.

    The problem with a firefox script is that it's not just firefox I want to stop, and the fact that you could potentially run it from a flash drive.

  12. #12

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,816
    Thank Post
    873
    Thanked 1,675 Times in 1,458 Posts
    Blog Entries
    12
    Rep Power
    444
    FF = FireFox

    Set the script to control the other apps.

    Do you allow .exe's to be run from pendrives? That could potentially be a big security risk.

    Can the Cisco proxy integrate with AD? You could also fine an opensource content filter of your own that can integrate into AD, im not sure the linux ones will allow you to do this though

  13. #13
    goaliepride's Avatar
    Join Date
    Feb 2008
    Posts
    47
    Thank Post
    4
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    as it is right now, students can run things from pendrives. I've walked into that setup.

    it is a side question, but how do you personally prevent people from running things from pendrive/CD?

  14. #14

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,816
    Thank Post
    873
    Thanked 1,675 Times in 1,458 Posts
    Blog Entries
    12
    Rep Power
    444
    Do a quick search on the forums there are a few posts that will help you on that, there will be allot more information on there than i can provide.

    Keywords to use are block, exe, pendrive.

  15. #15

    teejay's Avatar
    Join Date
    Apr 2008
    Posts
    3,161
    Thank Post
    284
    Thanked 768 Times in 579 Posts
    Rep Power
    334
    Configure Cisco routers to use Active Directory authentication -- the Windows side
    followed by
    Configure Cisco routers to use Active Directory authentication -- the router side

    Think that will do what you want. If you can't block individual apps then you have to do it by authentication on the Cisco firewall.

    PS - make sure the time on the Cisco is in sync with your network time. If they are out by 5 minutes they won't authenticate. Caught me out a few times that one!
    Last edited by teejay; 16th June 2008 at 07:34 PM.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Blocking internet access on windows explorer
    By ltunstall in forum Windows
    Replies: 7
    Last Post: 14th April 2008, 10:45 AM
  2. Blocking Internet Access
    By jcollings in forum How do you do....it?
    Replies: 29
    Last Post: 24th January 2008, 09:24 AM
  3. ISA 2006 + blocking internet for AD group
    By Paid_Peanuts in forum Windows
    Replies: 8
    Last Post: 7th December 2007, 06:46 PM
  4. K9 free parental internet blocking software for home use
    By beeswax in forum Comments and Suggestions
    Replies: 1
    Last Post: 29th June 2006, 08:03 PM
  5. Internet Blocking Service
    By ajbritton in forum Learning Network Manager
    Replies: 4
    Last Post: 26th January 2006, 08:31 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •