Blocking a few websites but allowing access to all others RRS feed

  • Question

  • Hi guys

    First post here

    Is it possible in steady state to block access to some websites, but not to everything?
    eg I dont want ot tick the box to block internet access and then have to enter every domain name ever made.

    I tried using a modified hosts file but that has not worked, the locked profile can still access sites such as myspace etc. Logged in as adminisistrator and you cant get facebook but the locked profiles can and yes it has been saved. It would appear the locked down profiles dont access the hosts file??

    if it is not possible how have you all got around this in the past? I have 3 locations with about 15pcs that the public use that I need to lock down

    Tuesday, July 1, 2008 7:53 AM


All replies


    Hi Aaron, I'm afraid this cannot be achieved in SteadyState restrictions as it only supports "white list" instead of "black list" in its UI. You can post this in Windows XP newsgroup and check if this can be solved on OS side:




    Thank you for your understanding.

    Wednesday, July 2, 2008 6:59 AM
  • Are you using a proxy server?
    Thursday, July 3, 2008 2:16 PM
  • Maybe Aaron understands but I don't. How hard would it be to creat a "black list" as you call it?



    Wednesday, November 19, 2008 10:30 AM
  • Kind of the opposite of what you want, but this may be useful


    Search the web for copies of KB267930. I no longer can find it in the MS Knowledge Base. Here are my notes


    1. Copy the noaccess.rat file to the c:\windows\system32 folder
    2. In Control Panel, double-click to open the Internet Options icon, and then click the Content tab.
    3. Click Enable.

    If the Enable button is not visible, and you only see the Disable button, then Content Advisor is already enabled and you should stop now or risk losing all your existing settings. If you wish to continue, then click the Settings button in place of the Enable button.
    4. On the General tab, click the Rating Systems button, and then remove all the existing rating systems entries.
    5. Click Add, and then click to select noaccess.rat.
    6. Click OK to close the Rating Systems window.
    7. Select the Approved Sites tab.
    8. Add only the sites that you want users to be able to access, and then click the Always button.

    All other settings should be left at their default settings. If you have used Content Advisor before and made any changes, there are two settings that must be put back to their default values.
    9. Click the General tab, and make sure that under User options, the setting Users can see sites that have no rating is not checked.
    10. Click the Advanced tab. Under Ratings bureau, set the Ratings bureau list box to [None].


    noaccess.rat is just a text file with the following


     ((PICS-version 1.0)
     (rating-system "http://www.microsoft.com")
     (rating-service "http://www.microsoft.com")
     (name "Noaccess")
     (description "This file will block all sites.")
      (transmit-as "m")
      (name "Yes")
       (name "Level 0:   No Setting")
       (description "No Setting")
       (value 0) )
       (name "Level 1:   No Setting")
       (description "No Setting")
       (value 1) ) ))


    And if you run accross a machine with noaccess.rat installed and need to remove it, here is the ticket


    Content Advisor

    Remove the Content Advisor and Ratings Password


    Open your registry, find the key above. Single click on the key to highlight it, press the DELETE key, or alternatively select Delete from the Edit menu. Close Internet Explorer, re-open it, and the Content Advisor feature should be disabled.




    Thursday, January 1, 2009 2:38 AM
  • Another route is to modify the hosts file. It's located at




    Just a quick sample of how to block CNN


    # Copyright (c) 1993-1999 Microsoft Corp.
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    # For example:
    #     rhino.acme.com          # source server
    #     x.acme.com              # x client host       localhost       www.cnn.com       cnn.com

    Thursday, January 1, 2009 3:06 AM