Blocking Content On A Specific Computer

[Certain]

I ran into an issue today where a public computer in our building fell victim to sort of a practical joke. They changed the background and added adult material to it. Nothing major. Previously I decided to leave this computer open and carefree. I didn't add any kind of group policy restrictions to it nor did block any web content. I just didn't feel the need to because typically there are nothing but 35 to 40+ year old people here in this building. But I guess the internet can bring out the kid in any of us.

I don't have any problems restricting access to features inside of Windows 7 like the ability to change the background and things like that. I wanted to know if there was a fairly easy method to restrict certain web content like adult websites and social media sites if I so choose. I tried OpenDNS but I soon found out that it would not work on a private ip address range. Any insight on this would be appreciated.

 

[Lateralus]

How many computers do you want to implement this on? You can check out K9 Web Protection, but I believe it has to be configured on each PC. Could be a pain if it's more than just a few.

 

[exchange keys]

I would say use Windows Steady State, but it doesn't work officially on Windows 7 (unless this just changed recently?). As an alternative, I've used Comodo's Time Machine, and it seems to work fine. You can set an admin account on CTM to restore from a good snapshot. You can restrict/grant privileges as well (i.e. create a snapshot, mount volume, change password, etc...). It's pretty neat, and it's free. However, you might want to verify the EULA and see if it works for you.

So, once you locked your Windows 7 machine down, and you receive reports of "changes," you can instruct someone to revert back to a previous snapshot, or you can do it yourself.

Side question: why didn't OpenDNS work? Your private ip address range is not in the following, right?

10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
169.254.0.0 -169.254.255.255

 

[PTNL]

Windows Steady State isn't an option. Last I heard, the team was disbanded several years ago.

I've used a few products from Faronics lately that would really help: DeepFreeze and Anti-Executable in particular. Their "standard" editions of the software would be more appropriate for this one machine.

Alternatively, if you're running Windows 7 Ultimate or Enterprise, then MS's new AppLocker is an option that's available OOB.

 

[Lateralus]

I tried OpenDNS but I soon found out that it would not work on a private ip address range.

Wait, can you not obtain your company's public IP?

 

[Nocturnal]

Is it connected to a domain?

 

[Certain]

How many computers do you want to implement this on? You can check out K9 Web Protection, but I believe it has to be configured on each PC. Could be a pain if it's more than just a few.

Just one. So I may check out this solution.

Wait, can you not obtain your company's public IP?

Not sure, my control here is limited at the moment. I haven't been here too long. If I could I'm not exactly sure how to.

*edit* Nevermind. I figured that part out. Now that I think of it, OpenDNS was automatically picking up my public address. The only problem is, no matter what computer I'm on, it picks up that same address. I have a feeling I haven't completely wrapped my brain around this properly just yet.

Is it connected to a domain?

Yes.

 

[Certain]

I gave the K9 protection a shot and it works PERFECTLY. Thanks imyourzero. That was exactly what I was looking for. Thanks to everyone for all the other suggestions as well.

 

[dan__wright]

all your pcs will come from the same nat address but only pcs using the open dns server will be resticted so that will work for you.

 

[marley1]

opendns is great in a business block em all =)

 

[Tee]

Opendns all the way.

 

[MavsX]

Windows Steady State isn't an option. Last I heard, the team was disbanded several years ago.

I've used a few products from Faronics lately that would really help: DeepFreeze and Anti-Executable in particular. Their "standard" editions of the software would be more appropriate for this one machine.

Alternatively, if you're running Windows 7 Ultimate or Enterprise, then MS's new AppLocker is an option that's available OOB.

steady state works amazing. we've been using it for public business centers for the last few years...kind of bummed about them stopping their support.

 

[Certain]

Just for the sake of anyone else who reads this later, I'll post the rest of my experience based on the advice taken from this thread.

I did go back and mess around with OpenDNS. Yes. It is amazing. I love the customization options and some of the higher ups will love the fact that our logo is displayed whenever a page is blocked. One thing that K9 had that I didn't run across in OpenDNS was the ability to limit network access at a certain time of the day. Now, I'm aware that there are many ways that you may be able to do this, so it is no big deal. The computer that I had K9 working on a couple of days ago, I went ahead and let OpenDNS take over. Since K9 was still active, I just switched it to monitor only mode. I was also still able to utilize its NightGuard feature which is the feature I just mentioned a second ago that OpenDNS does not have. So to sum it up I have both of these running on that public pc. I use OpenDNS to act as a deterrent as it was intended as well as view logs and what not. And I use K9 to block access at a certain time of the day. That wasn't how I initially intended to use them, but hey, they work really well together.

 

[Lateralus]

Glad you found the combination to work well for you! It's always fun playing with cool new toys and pieces of software, and you learn some things in the process.