blocking the domains at the local hosts files on each machine is quick and easy for you to do. The nag of this method is that you have to edit the hosts files on every workstation but it is as easy as adding two lines of code to each host files for each domain you want to block. By pointing it to the loop-back address of 127.0.0.1 which is the workstation itself you prevent access to the DNS entry for the real address.
127.0.0.1 *.facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 *youtube.com
127.0.0.1 www.youtube.com

 

That sounds like a good plan. Is there a way to do this through the server or without actually going into each machine?
Thanks.

 

I would do it at the server or router firewall. You should only need the domain name for that, i.e. facebook.com and youtube.com.

 

On my router it seems you can only put in the IP address you want to block not domain names. Facebook has many addresses that seem to change daily.

 

Why not just have the boss explain to them that they have to make a choice-their job or Facebook? It is not like there is a surplus of good jobs out there today.

alan

 

Where my wife works if you try to go to facebook it redirects you to the company home page. Don't know how they do it but it can be done.

 

Yes you can redirect to any valid IP address with a host file block. My example used the loopback of 127.0.0.1 so the request goes nowhere.

I have clients who redirect to pages on corporate intranet servers that warn your attempt to visit a site that is banned in the corporate internet use guidelines for employees has been logged and future attempts will result in progressive disciplinary action.

The host files is the easy way for a non proxy server site such as this (i.e. not running a proxy server service on the Win2k server, or without having to configure router firewalls which is always a hassle for for most small low end routers, or investing in additional software etc. Using the windows restricted site method just paints a nag box that the user can click on proceed and get to the site.

 

Redirect them to camaros.net

Either an entry in the hosts file as mentioned above, or use some sort of web proxy. Like ISA server, or GFI webmonitor etc.

Good luck, they will just find something else to get on when you block facebook.

 

What kind of router is that? Even a $30 Linksys lets you block by domain name. Forget host files, it's a maintenance headache. Block access at the router.

 

And once you get all the blocking done, the smart ones will discover the proxy servers out there and you'll have to deal with that. We came up with a corporate computer policy that covers Facebook and the like and since we're a small company it seems to work pretty good. As mentioned above, you break the policy, you loose your job.

 

And once you get all the blocking done, the smart ones will discover the proxy servers out there and you'll have to deal with that. We came up with a corporate computer policy that covers Facebook and the like and since we're a small company it seems to work pretty good. As mentioned above, you break the policy, you loose your job.

This is also a good method, have all users sign the computer use policy. If they are caught using a proxy to circumnavigate any blocking methods you have in place it is an obviously a violation of the policy. There are products out there that do block proxies by blocking all sites with that type of finger print but they are very costly and are not infallible. Deepnines is one that seems to work very well and I have put it in place at a few sites.
http://www.deepnines.com/

 

Chris, log into the router and make sure there is no interface that allows you to block by domain name instead of IP.

If there is no way to do it from the router than you can use the hosts file method, being that it is only 5 machines editing the hosts file should only take a few minutes.

1. Make sure you are logged into an account that had admin privs. Then open the etc folder on each machine, I would just do this over the network via the administrative share. Just open a window and put in the path

\\"machine_name"\c$\WINDOWS\system32\drivers\etc

"machine_name" being the name of the machine on the network you are trying to edit, you will need to do this for each machine.

2. Create a copy the "hosts" file on each machine and name the copy hosts.old or something, saving it back into the ect directory on each machine so you have it backed up.


3. Open the original "hosts" file with a text editior like Notepad and add the follwing new lines below the
127.0.0.1 localhost
entry.

127.0.0.1 *youtube.com
127.0.0.1 *facebook.com
127.0.0.1 *myspace.com

Make sure you save the hosts file with NO extension, if notepad adds .txt to the end of the file name remove it.


4.The hosts file should now look like this:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
127.0.0.1 *youtube.com
127.0.0.1 *facebook.com
127.0.0.1 *myspace.com


5. That will redirect all of those sites back to the local machines, if you need to add or remove any sites just use this same method. If you have a webserver running on the Win 2000 server you could always make up a webpage on it that says something about breaking the company computer use policy and have those sites redirect to that page via the same method (editing the hosts file) and instead of using the localhost IP of 127.0.0.1 use the IP of the Win 2000 server.

Another method you can try is having the Win 2000 run a proxy server (if it is not already) and block any domains you want right at the proxy.

Hope this helps.
Bill

 

Not to hijack this thread.....

I have found for new users need a simple method that does not involve alot of "host file editing" or changing files they have really no real experience at using or editing.

www.opendns.com

has a free one ip address filter , that you can access via a web page the only change you do is with your routers DNS numbers #1 and DNS #2

The OpenDNS (DNS servers) are 208.67.222.222 and 208.67.220.220.


once you add your ip address then you can block and allow what sites you want via a web page as i shown in the example below.



you can select what sites are allowed and what are blocked.

Its easy and very cheap how is free, and you dont have to make a ton of changes to any computer on your network.

any questions PM me.

 

I thought OpenDNS charged a monthly fee?
I know they have a link on their site that shows how to config your router (Westell 327) to use their DNS servers so it should be an easy setup.

 

It does charge for multiple ip addresses on one account. But you can use the service free if you have one ip for one account. It has been very productive and helpful in my company to help with the "non-approved" websites. It very hard to trust an employee to be on the honor system anymore, its to temping for them to stray.

Not to mention you can block Doubleclick.com they are about as bad as walmart or Disney.

:thumbsup:

 

Not to step on any toes here but is being on Facebook disrupting the job tasks they should be doing ? Or is putting company information a risk management issue which is a danger to the company ? I am just wondering why it matters what interweb page they view while doing their jobs ? I just wanted to see view points on what is the issue at hand.

 

because they are paid to do their jobs, not screw off on the internet, just my humble business owner opinion. i have to wonder how many man hours i pay for each week that i do not get in production. much like stopping work early, to get ready to go home, or on break, or lunch etc. 10 minutes per person per day, adds up real quick. also, most of these web sites are known for containing viruses and i don't need someone exposing my entire network, billing pcs, payroll pcs so they can view the latest and greatest viral video. they can do all that from home and us my resources for what they are intended and what i hired and pay them to do.

i will now dismount my soap box.

 

We use OpenDNS as well. Works great. We block Facebook, MySpace and Twitter. It helps to block other virus and malware sites.

 

I signed up for openDNS a while ago but never used it. Is it as easy as putting the openDNS address in my DNS setting on my router? I use a few remote programs like Go to my PC and some remote viewing software for security cameras at our shop. Would using openDNS screw that up?

 

it is designed for your control of web page allowing and blocking.

If you have a firewall that will control "Ports" is what a program like My pc or any remote program.

i am assuming your "router" is giving your user systems an ip address.(AKA DHCP)

once you have changed your DNS address in your router, the user computers need to be restarted to clear out the old DNS numbers that are attached to them.

after that you can goto the openDNS web site log in and enter what you want blocked or allowed.

you can even have a custom message showed to your users when they try to access a blocked page you selected.

good luck enjoy the free service.

 

http://www.untangle.com/

Enough said.

 

Have you used this?

 

Yep,

Then the girls in the office started griping.

 

It's also highly recommended within the Spiceworks IT community.
Also get Spiceworks Free Network Management Software http://www.spiceworks.com/

 

Yup - Just read through the entire thread
Didn't understand a thing you guys were talking about

But

I had the exact same problem. Young girl working the counter and phones, also has other responsibilities. I was told by another employee she was Tweeting, Facebooking, texting, etc. Had a sitdown with her, told her what her responsibilities are and that all this nonsense is the same as stealing, and she seemed to take it to heart. It's still early, so time will tell, but she knows she is being watched much more closely.

Here's the reality - it is an employer's market. Not too long ago it was the other way around - when I would interview a potential new hire, the tables were turned --- THEY interviewed ME... "What are your health benefits, when does my vacation pay start, how long before my first raise", etc. NOW I have my pick of the litter. If I was a jerk I could rule with an iron fist and hold anything and everything over my employees' heads, but I don't.

Bottom line - you can install software and micromanage an employee's daily activities but, in the end, it is still a loss of productivity and it doesn't change the work ethic of her or any other employees. If you don't set an example and hold her accountable for her actions the resentment will become a cancer and, if and when the economy turns around and your company grows or expands, all you have is (probably outdated) software and the same work ethic.

For things to change........... you've got to change.

 

You'll just have to like here next.....take their smartphones away.

 

Kurt do you use the pubicly edited block lists? If so do you find that sometimes sites are on there that should not be? In the past I have used apps that allow the public to add sites to their black list (and white list) just to have legit sites blocked because someone added it for all the wrong reasons (competition, pissed off user, ect). Also I am very wary of having an open source app as my gateway.

 

DW, "If" you were? I know a few people on the boards that would argue that fact Heh heh
DW is right on the money, you can use all the technology you want but if you don't have the respect of the users (employees) they are less likely to care about their job, their boss and the company. Communication is key! Profit sharing is a good motivator too.

 

I tried configuring my router for Open DNS but it seems my router wont work with it being I am using verizon DSL. details here-
http://forums.opendns.com/comments.php?DiscussionID=5050

So I'm just going to pick up a $50 Linksys like I have at home. I just checked mine at home and you can block by URL or keyword. I tried it with Facebook and it works perfectly so that may be the easiest fix since I have to replace the router anyway.
And to all the people who say 'just fire them' that's nice in theory but not always possible in the real world.

 

And to all the people who say 'just fire them' that's nice in theory but not always possible in the real world.

Well, hopefully, you would never have to fire anyone. The hope is that the individual would realize that losing their job might not be in their best interest so they would not do anything that might encourage that result.

It is not the threat of termination but rather the worry about job loss. Same issue, 2 different points of view.

alan

 

Managing employees is like raising kids, except you can't spank 'em.

I say if you want to install something on the server or a client or whatever, go for it. But............. if you look at the situation as a "teachable moment" you might be better served:

Just installing software and not addressing the problem will only serve to prolong the inevitable. At some point the employee will either just move on to another job or continue to reveal a poor work ethic and continue in their substandard productivity (in relation to their ability). By coaching this employee you should be able to instill within her the principles your company deserves and demands from its employees. If not, then she will just tow the company line --- begrudgingly --- and infect others who empathize or sympathize with her. I have seen it over and over again in my company - a cancer starts and, when not addressed, it spreads. In a high unemployment economy they bite their tongue and bide their time. As soon as the job market opens up and they are the first one to hit the street and they take others with them. You were right, they were wrong, and you end up being the one that suffers. If you think firing someone or just avoiding the confrontation costs you a lot (time, retraining, emotion, more work for you, etc.) wait until you get the "bill" for NOT doing it. I could show you mine, but it's too ugly :yes:

If there's weeds get yourself a hoe.

 

Well if I could convince the boss to fire his daughter I would.

 

Hey, I fired my father in law :yes:, so anything's possible