locked
Blocking a few websites but allowing access to all others RRS feed

  • Question

  • Hi guys

    First post here

    Is it possible in steady state to block access to some websites, but not to everything?
    eg I dont want ot tick the box to block internet access and then have to enter every domain name ever made.

    I tried using a modified hosts file but that has not worked, the locked profile can still access sites such as myspace etc. Logged in as adminisistrator and you cant get facebook but the locked profiles can and yes it has been saved. It would appear the locked down profiles dont access the hosts file??

    if it is not possible how have you all got around this in the past? I have 3 locations with about 15pcs that the public use that I need to lock down




    Tuesday, July 1, 2008 7:53 AM

Answers

All replies

  •  

    Hi Aaron, I'm afraid this cannot be achieved in SteadyState restrictions as it only supports "white list" instead of "black list" in its UI. You can post this in Windows XP newsgroup and check if this can be solved on OS side:

     

    http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.windowsxp.general

     

    Thank you for your understanding.

    Wednesday, July 2, 2008 6:59 AM
  • Are you using a proxy server?
    Thursday, July 3, 2008 2:16 PM
  • Maybe Aaron understands but I don't. How hard would it be to creat a "black list" as you call it?

     

    Thanks.

    Wednesday, November 19, 2008 10:30 AM
  • Kind of the opposite of what you want, but this may be useful

     

    Search the web for copies of KB267930. I no longer can find it in the MS Knowledge Base. Here are my notes

     

    1. Copy the noaccess.rat file to the c:\windows\system32 folder
    2. In Control Panel, double-click to open the Internet Options icon, and then click the Content tab.
    3. Click Enable.

    If the Enable button is not visible, and you only see the Disable button, then Content Advisor is already enabled and you should stop now or risk losing all your existing settings. If you wish to continue, then click the Settings button in place of the Enable button.
    4. On the General tab, click the Rating Systems button, and then remove all the existing rating systems entries.
    5. Click Add, and then click to select noaccess.rat.
    6. Click OK to close the Rating Systems window.
    7. Select the Approved Sites tab.
    8. Add only the sites that you want users to be able to access, and then click the Always button.

    All other settings should be left at their default settings. If you have used Content Advisor before and made any changes, there are two settings that must be put back to their default values.
    9. Click the General tab, and make sure that under User options, the setting Users can see sites that have no rating is not checked.
    10. Click the Advanced tab. Under Ratings bureau, set the Ratings bureau list box to [None].

     

    noaccess.rat is just a text file with the following

     

     ((PICS-version 1.0)
     (rating-system "http://www.microsoft.com")
     (rating-service "http://www.microsoft.com")
     (name "Noaccess")
     (description "This file will block all sites.")
     
     (category 
      (transmit-as "m")
      (name "Yes")
       (label
       (name "Level 0:   No Setting")
       (description "No Setting")
       (value 0) )
      (label
       (name "Level 1:   No Setting")
       (description "No Setting")
       (value 1) ) ))

     

    And if you run accross a machine with noaccess.rat installed and need to remove it, here is the ticket

     

    Content Advisor

    Remove the Content Advisor and Ratings Password

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings

    Open your registry, find the key above. Single click on the key to highlight it, press the DELETE key, or alternatively select Delete from the Edit menu. Close Internet Explorer, re-open it, and the Content Advisor feature should be disabled.

     

     

     

    Thursday, January 1, 2009 2:38 AM
  • Another route is to modify the hosts file. It's located at

     

    C:\WINDOWS\system32\drivers\etc

     

    Just a quick sample of how to block CNN

     

    # Copyright (c) 1993-1999 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    #      102.54.94.97     rhino.acme.com          # source server
    #       38.25.63.10     x.acme.com              # x client host

    127.0.0.1       localhost
    127.0.0.1       www.cnn.com
    127.0.0.1       cnn.com

    Thursday, January 1, 2009 3:06 AM