General discussion

Locked

Keep users from downloading from the net

By KPotts ·
How can I keep users from downloading programs from the internet? I have a 2000 server and 98 workstations with a few 2000 workstations. Trying to upgrade workstations slowly. Users will download things like messenger etc... that is not permitted. We need access to the net for our jobs - so how do we block some things that are not appropriate to download in a work place? Tried the education route, did not prove to be sucessful...Thanks

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Keep users from downloading from the net

by R. A. Caluste In reply to Keep users from downloadi ...

do you have direct internet access and the workstations access this via router? you might consider getting a proxy server (we use MS ISA server 2000). in that way, you can control who can access the internet, what time should they use the internet, what contents are allowed access (html, application-zip, application-exe, etc). if you don't want them to download, you can restrict access to html content only.

hope this helps.

Collapse -

Keep users from downloading from the net

by KPotts In reply to Keep users from downloadi ...

Poster rated this answer

Collapse -

Keep users from downloading from the net

by mdmonte In reply to Keep users from downloadi ...

Before I start, what is the culture of your organisation? You say that these apps are not permitted, is there a formal policy that management have endorsed regarding the use of inappropriate apps etc? If so then you have a green light to successfully turn your situation around.
If not then I would counsel that it is always going to be difficult to police the access. You need to get formal support from management or risk having to reverse any changes you make.
Once you have the backing, & youhave revisited the education route, you could try any of the following:
1.Use ISA as a proxy and firewall. Leverage off ADS for the user/group membership to meet your client's needs. You mentioned that you need the internet access for your jobs, does this mean your clients need to download executables & zip files also? If so then you will need to use the ISA firewall to block the ports of messenger, kazaa & other inappropriate apps. Trawl the net to identify these ports first. You need to force all your clients to use ISA as the proxy.
2.Use an internet gateway solution like "Interscepter" from VisionGateway. Very simple to install & configure but you need to dedicate a separate machine for it. Only allow HTTP access. Again you need to ID the apps you want blocked by protocol & port to stop them being used if your clients install from CD etc.
3. Use an inline gateway device like PacketShaper from Packeteer or NetReality's WiseWan. Of the two WiseWan is easier to install & get running, but PacketShaper is more flexible IMHO. Cons: both expensive.
4.Install a dual NIC linux box as an inline device, acting as both a firewall & proxy (eg smoothwall & squid), force all clients to use the proxy & set simple ACL's to allow/block content types. All this costs is time, & an unused PII or PIII. Cons: you will need moderate linux skills to setup & takes lots of testing to get right.

Collapse -

Keep users from downloading from the net

by KPotts In reply to Keep users from downloadi ...

Poster rated this answer

Collapse -

Keep users from downloading from the net

by erikdr In reply to Keep users from downloadi ...

The proxy or firewall route is part of the solution, but often not enough. Another part is simply making it technically impossible to install sw on the desktop other than wanted.
With W98, forget about this - it is not secured well enough. With 2000/XP, you can do this through ACL's and policies. It is even possible to block launching EXE's from other directories (network), if needed through an add-on.

At your service,

<Erik> - The Netherlands

Collapse -

Keep users from downloading from the net

by KPotts In reply to Keep users from downloadi ...

Poster rated this answer

Collapse -

Keep users from downloading from the net

by jlepich In reply to Keep users from downloadi ...

this resolution will not stop people from downloading apps but it will disable some common IM programs. I have noticed if the messenger program does not work people tend to stop trying to download them...e-mail me if you want the fix.
It's simply .reg file that you can import into the registry that will disable common IMs and file sharing apps like kazaa etc.

Jesse
ISSO
PCRMC
jlepich@pcrmc.com

Collapse -

Keep users from downloading from the net

by KPotts In reply to Keep users from downloadi ...

Poster rated this answer

Collapse -

Keep users from downloading from the net

by KPotts In reply to Keep users from downloadi ...

This question was closed by the author

Back to Security Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums