block website on terminal server

By Cudmasters Los ·
I have a dc and a ts. i am trying to block certain websites. for example facebook. do i go thru the gpo on the dc or can i do it thru the security tab on the ts. i have tried everything. i enter the url in restricted sites area on the internet option tab on the ts, but then when i log into as a user thru the ts, they can still get to the page. very frustrating, time consuming. i wouldn't think it should be this difficult. if it says restricted, you put the url there, then why doesn't it restrict it?????? also, if it is thru the dc, where do i go to do this?

I have had this similar question on here before, but not in a position to set up a proxy yet.


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

"If it says restricted"

by seanferd In reply to block website on terminal ...

that is the same thing as Internet Properties on a desktop OS - it was never intended as a site blocker. You can configure from among the options how sites you place in the restricted zone are treated.

You can always block sites by using the HOST file to send requests for the certain domains to nirvana.

You could use content filtering systems anywhere from something like Websense to OpenDNS.

Collapse -

Re: Block websites

by christianshiflet In reply to block website on terminal ...

A free option that doesn't require you to deploy or install anything is setting up an account with OpenDNS. It is free and will allow you to blacklist specific domains (e.g. as well as domain categories, if you are so inclined. It is not a perfect solution, but it is a good start for simple website filtering.

I hope this helps. Let me know if you have any questions. Thanks.

Collapse -

Open DNS

by Cudmasters Los In reply to Re: Block websites

i'll try that, thanks

Collapse -

ah what do you have on the perimeter as the firewall ?

by CG IT In reply to block website on terminal ...

you really can't block web sites by url or keyword on your DC or even on the Terminal Server because their not instigating the traffic via their web browsers.

All traffic originating from the source [not the DC or terminal server] is allowed unless denied by a rule. That's how those firewalls work. So if your DC or Terminal Server is acting as a router, you would have to filter through the NIC properties and that is TCP/UDP and port numbers. Not something you want to do on a DC or the Terminal server.

Collapse -


by Cudmasters Los In reply to ah what do you have on t ...

got on to ask you a similar question, and you spoke of it i think. i kind of understand what you meant on your last.

i am using the open dns on my DC. Instead of my DC pointing to itself, it now uses the open dns ip's. It Works. However, the TS uses the DC as it's DNS and doesn't work. I don't understand?


Collapse -

opendns only works when DNS lookups are sent to them

by CG IT In reply to DC

So all traffic destined for the internet [DNS queries that can't be resolved by your internal DNS server] need to be sent to openDNS to get their filtering capabilities.

So your internal DNS server need to forward queries it can't resolve to openDNS rather than root hint.

really depends upon how your routing is done on your network. The router between your lan and the internet really handles the traffic in and out of your LAN. Imo, it is there, that you setup using openDNS rather than your ISP DNS server addresses. your DC and your DNS server aren't doing the routing for all lan traffic. The downside is openDNS ability to handle DNS queries in a timely manner if you send all your internet traffic to them.

This will give you network wide domain and URL filtering capabilities to block unwanted web sites so that terminal services users connecting to the terminal server can't go to unwanted web sites when they open a web browser and use a URL. Your internal DNS server will send that query it can't resolve to openDNs rather than the servers that are listed in the forwarders or root hint server lists.

Collapse -

Internet DNS belongs in the DNS server forwarders

by seanferd In reply to DC

Nowhere else. Instructions are rather specific at OpenDNS.

Collapse -

well that's the best place to look eh?

by CG IT In reply to Internet DNS belongs in t ...

is that OpenDNS addresses that's on his internal DNS server forwarders list? or his ISPs DNS servers?

not much mystery on how DNS works and how the internet works. No mystery on how openDNS filters DNS queries. Bottom line, internet web site name queries have to go to openDNS. If they go somewhere else, and another DNS server or roothint servers resolve the query the user will get the URL.

Collapse -

Yep. Some recursive server has to resolve the domains.

by seanferd In reply to well that's the best plac ...

Or no Internet, basically.

Collapse -

Touched before...

by TobiF In reply to block website on terminal ...

Related Discussions

Related Forums