How to block websites using ADS Groups/OU ?
Question, do you use firewall like ISA etc ..
Block some web sites via GPO can be done … but the nice way is throw firewall )
You can do it by HOST file or GPO too or DNS) )
For the blocking of file uploads especially through like bit torrents or via IM you have your work cut out. Traditional firewalls have a hard time blocking that stuff because the ports for those types of programs tunnel through ports that are already open on the firewall. I would like a some type of Intrusion Prevention System or Layer 7 firewall. Again ISA 2006 is a good canidate.
1)One thing you can do to block certain sites without ISA server is to deploy a custom hosts file using a startup script.
For the sites you want to block you would add a static entry into a hosts file that pointed to an invalid ip like 0.0.0.0
your batch file would look kind of like this:
del c:windowssystem32driversetchosts copy \fileserverpathtosharehosts c:windowssystem32driversetchosts
2) Or you can do it with DNS, create A records for those sites pointing to 127.0.0.1
P.S. Theres a way to block IP in GPO so the IP of the site will be blocked )))
-Click on Start and select “Run…” again. Type “gpedit.msc” without the quotes and press “Enter”. This will launch your Group Policy Editor.
-Navigate to the following location in the left panee under “Group Policy”: “Navigate to Computer configuration” > “Windows Settings” > “Security Settings” > “IP security Policies”.
-Right-click anywhere in the right pane and click on “Manage IP Filter Lists…” Hit the “Add” button to name the group policy.
-Typee a name and hit “Add”. Click on “Next” and select “My IP address”. Enter the IP address of the website you want to block. Hit “OK”. Repeat these steps to block additional websites using Group Policy.
Good luck ,