Good content blocker/site blocker for Vista workstation?

I have a client with a stand alone vista workstation that would like to

block almost all websites from anyone using the laptop. I don't use

workstation level products and this is a case outside my normal scope -

can anyone recommend a product that allows an Admin to setup permitted

sites for "user" level accounts on a vista workstation?

--

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

on 2/7/09 8:37 AM Leythos said the following:<span style="color:blue">

> I have a client with a stand alone vista workstation that would like to

> block almost all websites from anyone using the laptop. I don't use

> workstation level products and this is a case outside my normal scope -

> can anyone recommend a product that allows an Admin to setup permitted

> sites for "user" level accounts on a vista workstation?

>

> </span>

http://www.netnanny.com/, also call your police state director for advice.

In article <6v5nv6Fibah6U1@mid.individual.net>, dan@nospam.net says...<span style="color:blue">

> on 2/7/09 8:37 AM Leythos said the following:<span style="color:green">

> > I have a client with a stand alone vista workstation that would like to

> > block almost all websites from anyone using the laptop. I don't use

> > workstation level products and this is a case outside my normal scope -

> > can anyone recommend a product that allows an Admin to setup permitted

> > sites for "user" level accounts on a vista workstation?

> >

> > </span>

>

> http://www.netnanny.com/, also call your police state director for advice.</span>

How is ensuring workers are not abusing the resources a "Police State"?

If you give people a set of rules and don't do anything to enforce them

you are giving them permission to violate them.

--

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

on 2/7/09 9:52 AM Leythos said the following:<span style="color:blue">

> In article <6v5nv6Fibah6U1@mid.individual.net>, dan@nospam.net says...<span style="color:green">

>> on 2/7/09 8:37 AM Leythos said the following:<span style="color:darkred">

>>> I have a client with a stand alone vista workstation that would like to

>>> block almost all websites from anyone using the laptop. I don't use

>>> workstation level products and this is a case outside my normal scope -

>>> can anyone recommend a product that allows an Admin to setup permitted

>>> sites for "user" level accounts on a vista workstation?

>>>

>>></span>

>> http://www.netnanny.com/, also call your police state director for advice.</span>

>

> How is ensuring workers are not abusing the resources a "Police State"?

> If you give people a set of rules and don't do anything to enforce them

> you are giving them permission to violate them.

> </span>

If you don't trust your workers, they will reciprocate. Plus you may

groom a bunch of non-thinking "heil" types that stab each other in the back.

But if you are a server guru, why not configure the PC to connect

through a proxy server and lock it down at the proxy?

http://www.snapfiles.com/reviews/kdt-site-...iteblocker.html

Is this the sort of thing you are looking for.

--

Mad Mike

"Leythos" wrote:

<span style="color:blue">

> I have a client with a stand alone vista workstation that would like to

> block almost all websites from anyone using the laptop. I don't use

> workstation level products and this is a case outside my normal scope -

> can anyone recommend a product that allows an Admin to setup permitted

> sites for "user" level accounts on a vista workstation?

>

>

> --

> - Igitur qui desiderat pacem, praeparet bellum.

> - Calling an illegal alien an "undocumented worker" is like calling a

> drug dealer an "unlicensed pharmacist"

> spam999free@rrohio.com (remove 999 for proper email address)

> </span>

http://www.websense.com/content/WebFilter.aspx

John

"Leythos" <spam999free@rrohio.com> wrote in message news:MPG.23f766ccc43f77339898d5@us.news.astraweb.com...<span style="color:blue">

>I have a client with a stand alone vista workstation that would like to

> block almost all websites from anyone using the laptop. I don't use

> workstation level products and this is a case outside my normal scope -

> can anyone recommend a product that allows an Admin to setup permitted

> sites for "user" level accounts on a vista workstation?

>

>

> --

> - Igitur qui desiderat pacem, praeparet bellum.

> - Calling an illegal alien an "undocumented worker" is like calling a

> drug dealer an "unlicensed pharmacist"

> spam999free@rrohio.com (remove 999 for proper email address)</span>

In article <6v67ndFidag5U1@mid.individual.net>, dan@nospam.net says...<span style="color:blue">

> on 2/7/09 9:52 AM Leythos said the following:<span style="color:green">

> > In article <6v5nv6Fibah6U1@mid.individual.net>, dan@nospam.net says...<span style="color:darkred">

> >> on 2/7/09 8:37 AM Leythos said the following:

> >>> I have a client with a stand alone vista workstation that would like to

> >>> block almost all websites from anyone using the laptop. I don't use

> >>> workstation level products and this is a case outside my normal scope -

> >>> can anyone recommend a product that allows an Admin to setup permitted

> >>> sites for "user" level accounts on a vista workstation?

> >>>

> >>>

> >> http://www.netnanny.com/, also call your police state director for advice.</span>

> >

> > How is ensuring workers are not abusing the resources a "Police State"?

> > If you give people a set of rules and don't do anything to enforce them

> > you are giving them permission to violate them.

> > </span>

>

> If you don't trust your workers, they will reciprocate. Plus you may

> groom a bunch of non-thinking "heil" types that stab each other in the back.</span>

And if you trust your workers and never check on them you are bound to

be screwed many times.

Many people do just fine with enforced technology constraints, and many

people abuse the network resources when they have only WORDS to restrict

them.

<span style="color:blue">

> But if you are a server guru, why not configure the PC to connect

> through a proxy server and lock it down at the proxy?</span>

There is NO server and no true firewall, this is a stand alone PC that

some people can take home to remote into the office - it's not my

solution, would never do this, but I have to work with what I don't like

sometimes.

--

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

In article <uqLQcwWiJHA.448@TK2MSFTNGP05.phx.gbl>, me@here.com says...<span style="color:blue">

> http://www.websense.com/content/WebFilter.aspx</span>

it's not easy to tell if it's a stand alone, workstation type product or

something at the gateway.

--

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

Can you control the laptop's DNS lookups? Not the hosts file,

but the primary and secondary servers? Just thinking out loud

here, but a proxy DNS could function as a whitelist couldn't it?

"Leythos" <spam999free@rrohio.com> wrote in message

news:MPG.23f766ccc43f77339898d5@us.news.astraweb.com...<span style="color:blue">

>I have a client with a stand alone vista workstation that would like to

> block almost all websites from anyone using the laptop. I don't use

> workstation level products and this is a case outside my normal scope -

> can anyone recommend a product that allows an Admin to setup permitted

> sites for "user" level accounts on a vista workstation?

>

>

> --

> - Igitur qui desiderat pacem, praeparet bellum.

> - Calling an illegal alien an "undocumented worker" is like calling a

> drug dealer an "unlicensed pharmacist"

> spam999free@rrohio.com (remove 999 for proper email address) </span>

on 2/7/09 4:33 PM Leythos said the following:<span style="color:blue">

> In article <6v67ndFidag5U1@mid.individual.net>, dan@nospam.net says...<span style="color:green">

>> on 2/7/09 9:52 AM Leythos said the following:<span style="color:darkred">

>>> In article <6v5nv6Fibah6U1@mid.individual.net>, dan@nospam.net says...

>>>> on 2/7/09 8:37 AM Leythos said the following:

>>>>> I have a client with a stand alone vista workstation that would like to

>>>>> block almost all websites from anyone using the laptop. I don't use

>>>>> workstation level products and this is a case outside my normal scope -

>>>>> can anyone recommend a product that allows an Admin to setup permitted

>>>>> sites for "user" level accounts on a vista workstation?

>>>>>

>>>>>

>>>> http://www.netnanny.com/, also call your police state director for advice.

>>> How is ensuring workers are not abusing the resources a "Police State"?

>>> If you give people a set of rules and don't do anything to enforce them

>>> you are giving them permission to violate them.

>>></span>

>> If you don't trust your workers, they will reciprocate. Plus you may

>> groom a bunch of non-thinking "heil" types that stab each other in the back.</span>

>

> And if you trust your workers and never check on them you are bound to

> be screwed many times.

>

> Many people do just fine with enforced technology constraints, and many

> people abuse the network resources when they have only WORDS to restrict

> them.

> <span style="color:green">

>> But if you are a server guru, why not configure the PC to connect

>> through a proxy server and lock it down at the proxy?</span>

>

> There is NO server and no true firewall, this is a stand alone PC that

> some people can take home to remote into the office - it's not my

> solution, would never do this, but I have to work with what I don't like

> sometimes.

> </span>

If you could remove IE and Outlook that would be were to start. Then

the person could only IPSEC/SSL into corporate net where its network

policy is enforced.

FromTheRafters wrote:

<span style="color:blue">

> Leythos wrote ...<span style="color:green">

>>

>>I have a client with a stand alone vista workstation that would like to

>> block almost all websites from anyone using the laptop. I don't use

>> workstation level products and this is a case outside my normal scope -

>> can anyone recommend a product that allows an Admin to setup permitted

>> sites for "user" level accounts on a vista workstation?</span>

>

> Can you control the laptop's DNS lookups? Not the hosts file,

> but the primary and secondary servers? Just thinking out loud

> here, but a proxy DNS could function as a whitelist couldn't it?</span>

That's how OpenDNS works (if you open a [free] account with them).

Rather than have the router configured to use the ISP's DNS server (via

DHCP), configure it by entering the IP addresses for OpenDNS' DNS

servers.

However, it is likely that the user gets a dynamic IP address for their

host (or their router) from their ISP. The OpenDNS account has to know

which IP address is yours to know the settings for which account to

apply to traffic from that IP address. They have their own reporter

client (or you can modify the one from DynDNS if you happen to also use

them to provide an IP name for external access to your router or host so

you don't need, for example, an IP address to use Remote Desktop or

VNC). You run their reporter client on one of your hosts in your

intranet (i.e., on the LAN side of your router). It will report the

router's WAN-side IP address to OpenDNS to update your account with

them. Then when your router connects to them, it sees that IP address

and knows to apply your account's settings to its traffic. Settings

include blacklisting of domains and blacklisted categories.

Alas, OpenDNS lets you filter out domains or categories of them but does

not let you filter in a particular whitelist of okay domains. You can

filter by:

Always block (a domain)

Never block (a domain)

Block by category

I have not tried using wildcards to specify a domain, so I don't know if

you could "Always block " and then whitelist by "Never block <domain>".

If that works, you would end up blocking all domains except those you

whitelisted using the "Never block" rule. Of course, you could open a

support ticket to ask them if the above method works to provide a

filter-in only scheme, plus they have forums where you can ask.

A caveat is that this is blocking at the DNS server. That means there

actually has to be a DNS lookup. If the user enters an IP address, as

in http://96.6.126.19 (for www.intel.com), then there is no DNS lookup

required. This is how a user can bypass this DNS filtering. However,

often that only lets them get to the home page of a site and often there

is content missing in that home page and they may not be able to use any

links of that home page to navigate to other pages in the site. That's

because many of the links or linked content will still have IP names in

them that require a DNS lookup. Also, the user must somehow already

know the IP address of the target host.

In article <O0wk7tXiJHA.996@TK2MSFTNGP02.phx.gbl>,

erratic@nomail.afraid.org says...<span style="color:blue">

> Can you control the laptop's DNS lookups? Not the hosts file,

> but the primary and secondary servers? Just thinking out loud

> here, but a proxy DNS could function as a whitelist couldn't it?</span>

At this time the laptop is uncontrolled, not part of a domain, and the

laptop is used at homes as well as their construction trailer where

there is just a ATT wireless DSL setup. While they remote into the

Terminal Server they have found many times when people are surfing the

net and doing questionable things online - there is no real firewall

appliance and it's just an off-the-shelf (cheap) Vista laptop with no

important files stored on it.

At this time the DSL assigns 192.168 addresses and we have no real

option to install a firewall or other hardware at this location.

--

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

In article <gmlu71$c25$1@news.motzarella.org>, V@nguard.LH says...<span style="color:blue">

> That's how OpenDNS works (if you open a [free] account with them).

> Rather than have the router configured to use the ISP's DNS server (via

> DHCP), configure it by entering the IP addresses for OpenDNS' DNS

> servers.

> </span>

I was considering OpenDNS, and I think they have a client tool that you

can install on the laptop/computer, but I've not had time to look today.

If we had a nice firewall this would be done, already resolved, but,

since the laptop can be in multiple locations I was looking for some

simple software that might work - not having ever used those types of

products I was wondering what others have used.

--

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

on 2/8/09 7:51 AM Leythos said the following:<span style="color:blue">

> In article <gmlu71$c25$1@news.motzarella.org>, V@nguard.LH says...<span style="color:green">

>> That's how OpenDNS works (if you open a [free] account with them).

>> Rather than have the router configured to use the ISP's DNS server (via

>> DHCP), configure it by entering the IP addresses for OpenDNS' DNS

>> servers.

>></span>

>

> I was considering OpenDNS, and I think they have a client tool that you

> can install on the laptop/computer, but I've not had time to look today.

>

> If we had a nice firewall this would be done, already resolved, but,

> since the laptop can be in multiple locations I was looking for some

> simple software that might work - not having ever used those types of

> products I was wondering what others have used.

> </span>

You need to provide more details.

on 2/8/09 7:49 AM Leythos said the following:<span style="color:blue">

> In article <O0wk7tXiJHA.996@TK2MSFTNGP02.phx.gbl>,

> erratic@nomail.afraid.org says...<span style="color:green">

>> Can you control the laptop's DNS lookups? Not the hosts file,

>> but the primary and secondary servers? Just thinking out loud

>> here, but a proxy DNS could function as a whitelist couldn't it?</span>

>

> At this time the laptop is uncontrolled, not part of a domain, and the

> laptop is used at homes as well as their construction trailer where

> there is just a ATT wireless DSL setup. While they remote into the

> Terminal Server they have found many times when people are surfing the

> net and doing questionable things online - there is no real firewall

> appliance and it's just an off-the-shelf (cheap) Vista laptop with no

> important files stored on it.

>

> At this time the DSL assigns 192.168 addresses and we have no real

> option to install a firewall or other hardware at this location.

> </span>

So you have a WiFi router and the laptop connects to it via WiFi? Or

you have a 3G card for the laptop?

In article <6v8kliFinp8oU2@mid.individual.net>, dan@nospam.net says...<span style="color:blue">

> on 2/8/09 7:51 AM Leythos said the following:<span style="color:green">

> > In article <gmlu71$c25$1@news.motzarella.org>, V@nguard.LH says...<span style="color:darkred">

> >> That's how OpenDNS works (if you open a [free] account with them).

> >> Rather than have the router configured to use the ISP's DNS server (via

> >> DHCP), configure it by entering the IP addresses for OpenDNS' DNS

> >> servers.

> >></span>

> >

> > I was considering OpenDNS, and I think they have a client tool that you

> > can install on the laptop/computer, but I've not had time to look today.

> >

> > If we had a nice firewall this would be done, already resolved, but,

> > since the laptop can be in multiple locations I was looking for some

> > simple software that might work - not having ever used those types of

> > products I was wondering what others have used.

> > </span>

>

> You need to provide more details.</span>

Laptop, Vista, could be used anywhere, need to limit what sites and

content any user of the laptop can get to. All users would be "limited"

users, none would be local admins.

No domain, no network, just laptop connected into any network they

happen to have handy.

--

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

In article <6v8ko8Finp8oU3@mid.individual.net>, dan@nospam.net says...<span style="color:blue">

> on 2/8/09 7:49 AM Leythos said the following:<span style="color:green">

> > In article <O0wk7tXiJHA.996@TK2MSFTNGP02.phx.gbl>,

> > erratic@nomail.afraid.org says...<span style="color:darkred">

> >> Can you control the laptop's DNS lookups? Not the hosts file,

> >> but the primary and secondary servers? Just thinking out loud

> >> here, but a proxy DNS could function as a whitelist couldn't it?</span>

> >

> > At this time the laptop is uncontrolled, not part of a domain, and the

> > laptop is used at homes as well as their construction trailer where

> > there is just a ATT wireless DSL setup. While they remote into the

> > Terminal Server they have found many times when people are surfing the

> > net and doing questionable things online - there is no real firewall

> > appliance and it's just an off-the-shelf (cheap) Vista laptop with no

> > important files stored on it.

> >

> > At this time the DSL assigns 192.168 addresses and we have no real

> > option to install a firewall or other hardware at this location.

> > </span>

>

> So you have a WiFi router and the laptop connects to it via WiFi? Or

> you have a 3G card for the laptop?</span>

Could be both, as the user can move from network to any other network,

depending on if they are at home or at the office or at a WiFi spot,

etc...

This has to be a solution that works at the laptop, no hardware

permitted.

--

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

"Leythos" <spam999free@rrohio.com> wrote in message

news:MPG.23f8ef7d4f91e1b79898e9@us.news.astraweb.com...<span style="color:blue">

> In article <6v8ko8Finp8oU3@mid.individual.net>, dan@nospam.net says...<span style="color:green">

>> on 2/8/09 7:49 AM Leythos said the following:<span style="color:darkred">

>> > In article <O0wk7tXiJHA.996@TK2MSFTNGP02.phx.gbl>,

>> > erratic@nomail.afraid.org says...

>> >> Can you control the laptop's DNS lookups? Not the hosts file,

>> >> but the primary and secondary servers? Just thinking out loud

>> >> here, but a proxy DNS could function as a whitelist couldn't it?

>> >

>> > At this time the laptop is uncontrolled, not part of a domain, and the

>> > laptop is used at homes as well as their construction trailer where

>> > there is just a ATT wireless DSL setup. While they remote into the

>> > Terminal Server they have found many times when people are surfing the

>> > net and doing questionable things online - there is no real firewall

>> > appliance and it's just an off-the-shelf (cheap) Vista laptop with no

>> > important files stored on it.

>> >

>> > At this time the DSL assigns 192.168 addresses and we have no real

>> > option to install a firewall or other hardware at this location.

>> ></span>

>>

>> So you have a WiFi router and the laptop connects to it via WiFi? Or

>> you have a 3G card for the laptop?</span>

>

> Could be both, as the user can move from network to any other network,

> depending on if they are at home or at the office or at a WiFi spot,

> etc...

>

> This has to be a solution that works at the laptop, no hardware

> permitted.</span>

I was thinking of a loopback to a proxy DNS on the laptop. Not sure

if anyone has written such a thing - or if it is even feasible. If an AV can

proxy/filter outgoing SMTP why can't a program proxy/filter outgoing

DNS requests and onlylet certian ones through.

on 2/8/09 12:33 PM Leythos said the following:<span style="color:blue">

> In article <6v8ko8Finp8oU3@mid.individual.net>, dan@nospam.net says...<span style="color:green">

>> on 2/8/09 7:49 AM Leythos said the following:<span style="color:darkred">

>>> In article <O0wk7tXiJHA.996@TK2MSFTNGP02.phx.gbl>,

>>> erratic@nomail.afraid.org says...

>>>> Can you control the laptop's DNS lookups? Not the hosts file,

>>>> but the primary and secondary servers? Just thinking out loud

>>>> here, but a proxy DNS could function as a whitelist couldn't it?

>>> At this time the laptop is uncontrolled, not part of a domain, and the

>>> laptop is used at homes as well as their construction trailer where

>>> there is just a ATT wireless DSL setup. While they remote into the

>>> Terminal Server they have found many times when people are surfing the

>>> net and doing questionable things online - there is no real firewall

>>> appliance and it's just an off-the-shelf (cheap) Vista laptop with no

>>> important files stored on it.

>>>

>>> At this time the DSL assigns 192.168 addresses and we have no real

>>> option to install a firewall or other hardware at this location.

>>></span>

>> So you have a WiFi router and the laptop connects to it via WiFi? Or

>> you have a 3G card for the laptop?</span>

>

> Could be both, as the user can move from network to any other network,

> depending on if they are at home or at the office or at a WiFi spot,

> etc...

>

> This has to be a solution that works at the laptop, no hardware

> permitted.

> </span>

use http://www.netnanny.com/products/netnanny and then set up a

whitelist. Do not allow user to modify netnanny or install/config other

software.

Leythos wrote:

<span style="color:blue">

> In article <6v8kliFinp8oU2@mid.individual.net>, dan@nospam.net says...<span style="color:green">

>> on 2/8/09 7:51 AM Leythos said the following:<span style="color:darkred">

>>> In article <gmlu71$c25$1@news.motzarella.org>, V@nguard.LH says...

>>>> That's how OpenDNS works (if you open a [free] account with them).

>>>> Rather than have the router configured to use the ISP's DNS server (via

>>>> DHCP), configure it by entering the IP addresses for OpenDNS' DNS

>>>> servers.

>>>>

>>>

>>> I was considering OpenDNS, and I think they have a client tool that you

>>> can install on the laptop/computer, but I've not had time to look today.

>>>

>>> If we had a nice firewall this would be done, already resolved, but,

>>> since the laptop can be in multiple locations I was looking for some

>>> simple software that might work - not having ever used those types of

>>> products I was wondering what others have used.

>>> </span>

>>

>> You need to provide more details.</span>

>

> Laptop, Vista, could be used anywhere, need to limit what sites and

> content any user of the laptop can get to. All users would be "limited"

> users, none would be local admins.

>

> No domain, no network, just laptop connected into any network they

> happen to have handy.</span>

You want a client-side solution (so it moves with the mobile computer).

Well, that sure sounds like you are trying to find censorware (i.e.,

software you install on the host to control to where it can connect).

It also sounds like the abusive users of this laptop are NOT given

limited user accounts or made to share a general-purpose limited user

account. Find some censorware, like NetNanny, install using an admin-

level account, and enable password-protect on the censorware (if it

doesn't already restrict non-admin users from changing its settings).

That won't prevent the abuser from booting using a live CD to load a

different OS (or the same OS but a different instance of it) and use

that to make the Internet visitations to the porn sites. The laptop

owner will need to go into BIOS to enable a BIOS password (to prevent

users from entering the BIOS to make changes), and perhaps even enable

the system password in BIOS (to prevent unwanted users from booting the

laptop to load the OS). Then configure the BIOS to use the hard disk as

the first bootable device (and deselect any other device as a boot

device). The admin for the laptop will probably also want to disable

auto-play in Windows.

I've heard of some censorware, like NetNanny, but never used any.

However, getting back to OpenDNS, you don't have to install any software

to use OpenDNS and you can use it no matter to whose network you happen

to connect at the time. You configure the TCP parameters to use the

OpenDNS server. Whether at someone's home, in the construction trailer,

while travelling, or wherever, that laptop will still be using the

OpenDNS server to resolve IP name-to-address lookups. Because the

laptop will likely be getting a dynamic IP address from whomever's DHCP

server is available on the current network, you need to use a DNS

reporter client on the laptop to tell your OpenDNS account what is your

current IP address. Then when you connect using that IP address,

OpenDNS knows to apply your account's settings to your network traffic.

Obviously the abusive employees must be using a limited user account so

they cannot alter the TCP setup (to revert to DHCP-assigned DNS servers

and get away from using the OpenDNS servers). Since you're talking

about Windows Vista, again, no software install is needed. Just create

a limited user account (LUA) that all the non-admin users must share (or

give them each their own LUA account).

Of course, if the company were really interested in controlling what

their employees do with the company's property, like the laptop, then

they should establish policies and enforce them. To that end, and since

it is the company's property, they could install monitoring software to

see just where their employees are visiting on the Net. I've heard of

SpectorSoft as one vendor of spy software (never used it, though).

In article <gmodtp$257$1@news.motzarella.org>, V@nguard.LH says...<span style="color:blue">

> I've heard of some censorware, like NetNanny, but never used any.

> However, getting back to OpenDNS, you don't have to install any software

> to use OpenDNS and you can use it no matter to whose network you happen

> to connect at the time. You configure the TCP parameters to use the

> OpenDNS server. Whether at someone's home, in the construction trailer,

> while travelling, or wherever, that laptop will still be using the

> OpenDNS server to resolve IP name-to-address lookups. Because the

> laptop will likely be getting a dynamic IP address from whomever's DHCP

> server is available on the current network, you need to use a DNS

> reporter client on the laptop to tell your OpenDNS account what is your

> current IP address. Then when you connect using that IP address,

> OpenDNS knows to apply your account's settings to your network traffic.

> Obviously the abusive employees must be using a limited user account so

> they cannot alter the TCP setup (to revert to DHCP-assigned DNS servers

> and get away from using the OpenDNS servers). Since you're talking

> about Windows Vista, again, no software install is needed. Just create

> a limited user account (LUA) that all the non-admin users must share (or

> give them each their own LUA account).</span>

I'm aware of OpenDNS, and I'm aware of the client tool for dynamic

clients, but it was a concern that they could stop the client and still

surf or other method. Not having used the client, I wasn't sure how it

would work if they didn't run it - I would assume that the DNS would

fail if the client wasn't running, at least I would hope so.

<span style="color:blue">

> Of course, if the company were really interested in controlling what

> their employees do with the company's property, like the laptop, then

> they should establish policies and enforce them. To that end, and since

> it is the company's property, they could install monitoring software to

> see just where their employees are visiting on the Net. I've heard of

> SpectorSoft as one vendor of spy software (never used it, though).</span>

If the company was able to put money into this project I would have

already completed the solution, but they have several issues and are

moving and etc.... They don't want to "Monitor" them, just block all

except approved sites.

Thanks for the discussion - I think that NetNanny may be the route to

take this one.

--

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

In article <6v9fqrFipgk7U1@mid.individual.net>, dan@nospam.net says...<span style="color:blue">

> use http://www.netnanny.com/products/netnanny and then set up a

> whitelist. Do not allow user to modify netnanny or install/config other

> software.

> </span>

Thanks Dan, I believe that NetNanny is the direction to take this.

--

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

On Mon, 9 Feb 2009 06:23:08 -0500, Leythos wrote:

<span style="color:blue">

> If the company was able to put money into this project I would have

> already completed the solution, but they have several issues and are

> moving and etc.... They don't want to "Monitor" them, just block all

> except approved sites.

>

> Thanks for the discussion - I think that NetNanny may be the route to

> take this one.</span>

Considering your and their limitations, Net Nanny is about it. Install

and config it, then when they see the limitations, issues and potential

annoyances, be ready to give them a more professional solution.

--

Meet Ari! http://tr.im/1fa3

"To get concrete results, you have to be confrontational".

Windows Vista has a domain blocker.......go into control panel and

parental control. theer you can set sites you want other account users

to visit or you can block sites you dont want them to visit. you can

also block file downloads

--

cooldeal

------------------------------------------------------------------------

cooldeal's Profile: http://forums.techarena.in/members/cooldeal.htm

View this thread: http://forums.techarena.in/vista-security/1118334.htm

http://forums.techarena.in