Team Camaro Tech banner
Cancel
Create thread New Garage Forums

Any I.T. guys here? step on in.

Jump to Latest
1 - 20 of 37 Posts

shoddy_F-body

· Registered
Joined
·
2,613 Posts
Discussion starter · #1 ·
We have five people in our office. We are running Windows 2000 server with five XP workstations. I am ready to choke out the next person I see on Facebook. What is the best way too block it? The big boss has said he doesn't want people on it in the office but he is never around. There is one girl who is on it all day. I always catch her on it and her work is never done correctly. I estimate each person wastes at least 2 hours a day between facebook and youtube. You should be able to make rules and people should follow them but obviously unless you stand over someones shoulder they are going to do what they want. I would love to be able to fire them when i catch them but i can't.
I have tried blocking the IP's at the router but its hit or miss because there seems to be a million of them and has not really worked out. I have a Westell 327 router with a Verizon DSL. Is there a way to do it? i have looked at some options offered by places like Barracuda networks and looked into open dns a little bit. Would a webfiltering software like Netnanny work? This has been driving me nuts for a while now! thanks.
 
#2 ·
blocking the domains at the local hosts files on each machine is quick and easy for you to do. The nag of this method is that you have to edit the hosts files on every workstation but it is as easy as adding two lines of code to each host files for each domain you want to block. By pointing it to the loop-back address of 127.0.0.1 which is the workstation itself you prevent access to the DNS entry for the real address.
127.0.0.1 *.facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 *youtube.com
127.0.0.1 www.youtube.com
 
Save
Reply Quote Like Like
#3 ·
I would do it at the server or router firewall. You should only need the domain name for that, i.e. facebook.com and youtube.com.
 
Save
Reply Quote Like Like
#6 ·
Redirect them to camaros.net :)

Either an entry in the hosts file as mentioned above, or use some sort of web proxy. Like ISA server, or GFI webmonitor etc.

Good luck, they will just find something else to get on when you block facebook.
 
#7 ·
67RS/SS396 said:
Where my wife works if you try to go to facebook it redirects you to the company home page. Don't know how they do it but it can be done.
Click to expand...
Yes you can redirect to any valid IP address with a host file block. My example used the loopback of 127.0.0.1 so the request goes nowhere.

I have clients who redirect to pages on corporate intranet servers that warn your attempt to visit a site that is banned in the corporate internet use guidelines for employees has been logged and future attempts will result in progressive disciplinary action.

The host files is the easy way for a non proxy server site such as this (i.e. not running a proxy server service on the Win2k server, or without having to configure router firewalls which is always a hassle for for most small low end routers, or investing in additional software etc. Using the windows restricted site method just paints a nag box that the user can click on proceed and get to the site.
 
Save
Reply Quote Like Like
Discussion starter · #8 ·
69-Pace said:
blocking the domains at the local hosts files on each machine is quick and easy for you to do. The nag of this method is that you have to edit the hosts files on every workstation but it is as easy as adding two lines of code to each host files for each domain you want to block. By pointing it to the loop-back address of 127.0.0.1 which is the workstation itself you prevent access to the DNS entry for the real address.
127.0.0.1 *.facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 *youtube.com
127.0.0.1 www.youtube.com
Click to expand...
That sounds like a good plan. Is there a way to do this through the server or without actually going into each machine?
Thanks.
 
#11 ·
And once you get all the blocking done, the smart ones will discover the proxy servers out there and you'll have to deal with that. We came up with a corporate computer policy that covers Facebook and the like and since we're a small company it seems to work pretty good. As mentioned above, you break the policy, you loose your job.
 
Save
Reply Quote Like Like
#12 ·
Chris, log into the router and make sure there is no interface that allows you to block by domain name instead of IP.

If there is no way to do it from the router than you can use the hosts file method, being that it is only 5 machines editing the hosts file should only take a few minutes.

1. Make sure you are logged into an account that had admin privs. Then open the etc folder on each machine, I would just do this over the network via the administrative share. Just open a window and put in the path

\\"machine_name"\c$\WINDOWS\system32\drivers\etc

"machine_name" being the name of the machine on the network you are trying to edit, you will need to do this for each machine.

2. Create a copy the "hosts" file on each machine and name the copy hosts.old or something, saving it back into the ect directory on each machine so you have it backed up.


3. Open the original "hosts" file with a text editior like Notepad and add the follwing new lines below the
127.0.0.1 localhost
entry.

127.0.0.1 *youtube.com
127.0.0.1 *facebook.com
127.0.0.1 *myspace.com

Make sure you save the hosts file with NO extension, if notepad adds .txt to the end of the file name remove it.


4.The hosts file should now look like this:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
127.0.0.1 *youtube.com
127.0.0.1 *facebook.com
127.0.0.1 *myspace.com


5. That will redirect all of those sites back to the local machines, if you need to add or remove any sites just use this same method. If you have a webserver running on the Win 2000 server you could always make up a webpage on it that says something about breaking the company computer use policy and have those sites redirect to that page via the same method (editing the hosts file) and instead of using the localhost IP of 127.0.0.1 use the IP of the Win 2000 server.

Another method you can try is having the Win 2000 run a proxy server (if it is not already) and block any domains you want right at the proxy.

Hope this helps.
Bill
 
#13 ·
rojo said:
And once you get all the blocking done, the smart ones will discover the proxy servers out there and you'll have to deal with that. We came up with a corporate computer policy that covers Facebook and the like and since we're a small company it seems to work pretty good. As mentioned above, you break the policy, you loose your job.
Click to expand...

This is also a good method, have all users sign the computer use policy. If they are caught using a proxy to circumnavigate any blocking methods you have in place it is an obviously a violation of the policy. There are products out there that do block proxies by blocking all sites with that type of finger print but they are very costly and are not infallible. Deepnines is one that seems to work very well and I have put it in place at a few sites.
http://www.deepnines.com/
 
#14 ·
Not to hijack this thread.....

I have found for new users need a simple method that does not involve alot of "host file editing" or changing files they have really no real experience at using or editing.

www.opendns.com

has a free one ip address filter , that you can access via a web page the only change you do is with your routers DNS numbers #1 and DNS #2

The OpenDNS (DNS servers) are 208.67.222.222 and 208.67.220.220.


once you add your ip address then you can block and allow what sites you want via a web page as i shown in the example below.



you can select what sites are allowed and what are blocked.

Its easy and very cheap how is free, and you dont have to make a ton of changes to any computer on your network.

any questions PM me.
 

Attachments

Save
Reply Quote Like Like
#16 ·
Not to step on any toes here but is being on Facebook disrupting the job tasks they should be doing ? Or is putting company information a risk management issue which is a danger to the company ? I am just wondering why it matters what interweb page they view while doing their jobs ? I just wanted to see view points on what is the issue at hand.
 
#17 ·
because they are paid to do their jobs, not screw off on the internet, just my humble business owner opinion. i have to wonder how many man hours i pay for each week that i do not get in production. much like stopping work early, to get ready to go home, or on break, or lunch etc. 10 minutes per person per day, adds up real quick. also, most of these web sites are known for containing viruses and i don't need someone exposing my entire network, billing pcs, payroll pcs so they can view the latest and greatest viral video. they can do all that from home and us my resources for what they are intended and what i hired and pay them to do.

i will now dismount my soap box.
 
#18 ·
shoddy_F-body said:
That sounds like a good plan. Is there a way to do this through the server or without actually going into each machine?
Thanks.
Click to expand...
Only if your Win2k Server is running as your Internet Proxy Server and or DNS server. Then you can change the DNS entry or change the servers hosts file. Not many folks run proxy servers anymore since many web based applications won't function on them.

You could store one master HOSTS file on the server and use the winstart.bat file to copy it to the local machine each reboot but it slows down the boot time.

Really just editing the local hosts file on each machine is the way to go. Once the local host file is edited your done you need to do nothing more then sit back and listen to her swear.
 
Save
Reply Quote Like Like
#20 ·
Calpantera said:
I thought OpenDNS charged a monthly fee?
I know they have a link on their site that shows how to config your router (Westell 327) to use their DNS servers so it should be an easy setup.
Click to expand...

It does charge for multiple ip addresses on one account. But you can use the service free if you have one ip for one account. It has been very productive and helpful in my company to help with the "non-approved" websites. It very hard to trust an employee to be on the honor system anymore, its to temping for them to stray.

Not to mention you can block Doubleclick.com they are about as bad as walmart or Disney.

:thumbsup:
 
Save
Reply Quote Like Like
1 - 20 of 37 Posts
About this Discussion
36 Replies
15 Participants
Last post:
dreamweaver
Team Camaro Tech
posts
2.4M
members
90K
Since
1998
A forum community dedicated to 1st generation Chevy Camaros owners and enthusiasts. Come join the discussion about performance, builds, restoration, modifications, classifieds, troubleshooting, reviews, and more!
Full Forum Listing
Explore Our Forums
Bench Racing Engine Body Shop Performance Brakes, Suspension & Steering