Dns based on AD OU
We don't have ISA server or any filtering on our site - its all based at the ISP end.
I'm trying to unblock youtube for staff but not pupils. Youtube https is currently blocked in DNS by giving it a false IP address
One way I can do it is if it change DNS on the client to the router and they can access it via HTTPS
Is there a way via regedit or logon script to add the DNS entry based on whether its staff or pupils login on.
I haven't used it in a while, but I think what you are after is the "Hosts" file which windows checks before asking DNS to resolve. (hosts (file) - Wikipedia, the free encyclopedia)
A better solution is to use something like AB-Tutor or NetOps which usually include filter rules to you can block for students in there rather than mucking about with DNS and effecting all users.
Look into per-user/group/machine/ou firewall rules in a GPO instead?
Originally Posted by karldenton
Say...if user=staffgroup and destination = youtube URLs, then allow, else drop.
Filter via usergroup or apply on a per-OU basis, depending on how you're setup. You'll probably have to fiddle with it a bit.
Alternatively, ask your ISP to allow youtube for IPRange and set reservations for staff devices.
I really wouldn't start pointing windows clients at DNS servers that aren't AD-linked if you're using AD.