+ 2 Votes Two different approaches/solutions robo_dev 1 year ago Locking down the Windows computers is relatively simple but perhaps not so easy... you need to create and deploy Windows group policy, which would require you to create a Windows domain on the network. Learn it, figure it out, do it. The Web content is a different approach. The most common solution is a content-filtering proxy server such as WebSense or an education-specific solution such as cymphonix. The simplest approach is a proxy server appliance...WebSense makes lots of different models that do that. You configure the network so that the only way to the Internet is through the proxy server, and the proxy server both filters and logs the Web traffic. There are several open-source content filtering solutions such as Untangle or SafeSquid, however these are more difficult to deploy. + 0 Votes Use Qustodio patmilton 1 year ago Easiest would be to use a complete content filtering application such as Qustodio. I use it and can vouch for its features and ease of use and administration. Its free and has a great reporting feature in addition to real time blocking of sites. + 2 Votes Web filtering Rob Kuhn 1 year ago robo_dev already suggested the use of domain accounts and using Active Directory policies ... the only thing to add to that would be CALs. I don't know off hand if you will need a CAL for each machine if the server is just an domain controller and AD server. As for web filtering, again robo_dev summarized what you need to do. You could user your Windows server as a proxy server but it would I would recommend the use of a stand alone device/appliance to handle that. Question - do you have access to the firewall or is that handled by a formal IT department or your ISP? If you have control (and manage) your own firewall you could use something like OpenDNS.com to help filter and control access. Another question - do you anticipate the number of machines and users to grow beyond the 40 you have now? If so I would highly recommend that you start to plan and design your infrastructure now - one that can easily expand and manage. If you don't have it in your budget to implement this year at least put together a shopping list to be submitted for your 2013 budget. Good luck! + 0 Votes Suggestion for web filtering JPElectron 1 year ago We use DNS Redirector http://dnsredirector.com for web filtering, you can block sites by categories, which update every night, or you can add any site to the list to block or allow. It can run on the same server your using for the domain controller, so you don't need to purchase more hardware. You can further combat the running or installation of un-wanted software using Group Policy, a local policy such as a white-list of allowed exe's to run, Microsoft steady state (only for XP) or 3rd party software like deep freeze, shadow defender, etc. + 0 Votes Managed school environment davep.l 1 year ago Having managed the network in a large UK High School, I'd suggest the only way forward is to control access to machines is by Group Policy. If your part of a local authority, I'd be surprised if there wasn't some kind of support from the authority to help set this up if you're not familiar with the system. Where I'm from we used to have dedicated IT staff working for the Authority, particularly with Internet access and blocking of inappropriate sites. + 0 Votes Education Pricing a.portman 1 year ago You should buy a server class machine. You should be able to find one for less than $1,000 to do active directory. Find a reputable brick and mortar based software distributor. Microsoft offers excellent education pricing, but it is confusing. A good reseller can find the best fit for you. Wind 7 has features XP does not. You may need to have a separate group policy for the windows 7 machines. But it can be done and works well. + 1 Votes School Environment. mrsharyf 1 year ago To achieve this, eploy the use of Win Server 2008s group policy. Youll be able to create groups with certain defined privelages and add users to them as you see fit. This is pretty much a domain. + 2 Votes Question about using desktop PC as a server robo_dev 1 year ago Well, if on a tight budget, you do what you have to do. Personally, I would goto the used market on eBay and shop for server hardware there. The advantages of a rack-mount server in a server cabinet vs. a PC on the floor of an office somewhere. a) in terms of theft/tampering, you can lock a server cabinet and thus the server is safe. A PC acting as a server can be on a rack shelf, as well. If a device spits sparks or catches fire, it's inside a metal box, so it's safer for your facility. b) Servers tend to have: -more fans -monitored fans, so when a fan fails, it sends an alert, and the device does not cook -redundant power supplies, so when one fails, the other one takes over -redundant disk storage, so when one fails, the server keeps going -remote hardware management, so when something fails, you can fix it from home -faster disk controllers, and multiple processors, for more throughput -typically error-correcting memory, so memory errors don't mean BSOD - hot swappable front access hard drives, so the server can stay online when you need to install more disk or replace a disk (vs. taking the machine apart). c) What to buy? My choice is Dell, HP, or a good budget server is SuperMicro. There are LOTS of used servers out there, and hardware is dirt cheap. On eBay I bought three rack mount SuperMicro servers for a grand total of $17, with free local pickup. I just had to add some hard drives and I was all set. I spent $150 for a basic Dell server. + 0 Votes Use Qustodio patmilton 1 year ago Easiest would be to use a complete content filtering application such as Qustodio. I use it and can vouch for its features and ease of use and administration. Its free and has a great reporting feature in addition to real time blocking of sites.