Blocking Google Talk and other sites using Group Policies.
One easy way to block access to users from visiting specific domains is to change the contents of hosts file.
In your AD Environment, you will not surely go to each computer to edit hosts file.
Here's what I did at mine:
1. First, copy your hosts file from C:\Windows\System32\drivers\etc\ to your Desktop.
2. Open file with notepad and add the domain names you want to block and loop them back to localhost. Following is mine example:
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
127.0.0.1 talk.google.com
127.0.0.1 talkx.l.google.com
127.0.0.1 chatenabled.mail.google.com
127.0.0.1 talkgadget.google.com
3. Save a copy of the file on a share that is easily accessible ex. //servername/share/hosts, but make sure it is read only file and no one can make changes to this file.
4. Now Open Up Group Policies on Domain Controller or AD computer using gpmc.msc
5. Within an existing Group Policy Object or a new one, add computers on which you want to block it.
Then, when your policy gets updated, you have blocked gtalk on your domain. :)
In your AD Environment, you will not surely go to each computer to edit hosts file.
Here's what I did at mine:
1. First, copy your hosts file from C:\Windows\System32\drivers\etc\ to your Desktop.
2. Open file with notepad and add the domain names you want to block and loop them back to localhost. Following is mine example:
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
127.0.0.1 talk.google.com
127.0.0.1 talkx.l.google.com
127.0.0.1 chatenabled.mail.google.com
127.0.0.1 talkgadget.google.com
3. Save a copy of the file on a share that is easily accessible ex. //servername/share/hosts, but make sure it is read only file and no one can make changes to this file.
4. Now Open Up Group Policies on Domain Controller or AD computer using gpmc.msc
5. Within an existing Group Policy Object or a new one, add computers on which you want to block it.
6. Then right click on GPO to edit its settings. and then change its settings to one like following.
Labels: Microsoft
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home