IE Security

[Guest]

Hi,

This is a general question and I'm not sure where to post. I have a client
that is trying to give users access to the Internet via IE 6.0, and 7.0. But
we want all sites restricted except for a half dozen or so that they need
for work. I started using the Content Advisor which was going really well,
except a couple of the sites are secure using https protocol. So I wasn't
able to access them, I've tried many different ways (One being adding it to
the Approved Site) to do it as well, but as long as the Content Advisor is
on I'm stuck. Also, with Content Advisor it's not a very efficient way to
Administer the network. I'm using SBS 2000 on the server and XP Pro on the
workstations.
Any thoughts would be appreciated as to the question is there something I
can do with SBS or is there a 3rd party program that would work.

Thanks, Craig

 

[Harry Johnston]

This is a general question and I'm not sure where to post. I have a client
that is trying to give users access to the Internet via IE 6.0, and 7.0. But
we want all sites restricted except for a half dozen or so that they need
for work.

If you want this to be a firm restriction - that is if you don't want it to be
easy to circumvent - you'll need to enforce it at your network edge. That is,
instead of configuring the machines you need to configure your router.

One way to do this is to prevent the machines from accessing the internet
directly, requiring them to use a proxy server, which can then be configured to
only allow access to the specific sites you want.

Harry.

 

[Harry Johnston]

This is a general question and I'm not sure where to post. I have a client
that is trying to give users access to the Internet via IE 6.0, and 7.0. But
we want all sites restricted except for a half dozen or so that they need
for work.

I previously said you'd need to enforce this at the network edge. That's still
the most robust way to do this, but provided the users don't have administrative
accounts on the workstation, you could also use IPSec policy on the computers to
restrict what network sites they can access.

Harry.

 

[Guest]

Yep, I'd suggest a proxy. Proxomitron, Privoxy or Jana Server are possible
options if you don't want to spend a wad of cash on MS Proxy.

Might also be worth considering a more secure browser than IE. It's what
gets IN that you should be worrying about, not who gets out where!

 

[Ken Zhao [MSFT]]

Hello Craig,

Thank you for using newsgroup!

Based o your request, I suspect a proxy server or ISA server can meet your
requirement.

More references:
================
Whitepapers about ISA
<http://www.microsoft.com/isaserver/evaluation/whitepapers/default.asp>

Implementing ISA Server in a Domain
<http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deplo
yguide/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/all/d
eployguide/en-us/dnsbi_per_jonj.asp>

Platform and Infrastructure
<http://www.microsoft.com/technet/security/topics/identitymanagement/idmanag
e/P1Plat_5.mspx>

Deploying ISA Server Arrays with Active Directory
http://www.microsoft.com/technet/prodtechnol/isa/2000/deploy/isaad.mspx

Thanks & Regards,

Ken Zhao

Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.





--------------------
| From: <[email protected]>
| Subject: IE Security
| Date: Fri, 20 Apr 2007 08:34:11 -0400
| Lines: 18
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.3028
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
| Message-ID: <##[email protected]>
| Newsgroups: microsoft.public.windowsxp.security_admin
| NNTP-Posting-Host: cblmdm72-240-127-118.buckeyecom.net 72.240.127.118
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windowsxp.security_admin:4579
| X-Tomcat-NG: microsoft.public.windowsxp.security_admin
|
| Hi,
|
| This is a general question and I'm not sure where to post. I have a
client
| that is trying to give users access to the Internet via IE 6.0, and 7.0.
But
| we want all sites restricted except for a half dozen or so that they need
| for work. I started using the Content Advisor which was going really
well,
| except a couple of the sites are secure using https protocol. So I wasn't
| able to access them, I've tried many different ways (One being adding it
to
| the Approved Site) to do it as well, but as long as the Content Advisor
is
| on I'm stuck. Also, with Content Advisor it's not a very efficient way to
| Administer the network. I'm using SBS 2000 on the server and XP Pro on
the
| workstations.
| Any thoughts would be appreciated as to the question is there something I
| can do with SBS or is there a 3rd party program that would work.
|
| Thanks, Craig
|
|
|