I support a local organisation which works with school children. The organisation has 15 Vista and Windows 7 desktops, all joined to the same workgroup. All the computers simply connect to a wireless router.
Up until now all the computers ran a single limited account. We use Windows Family Safety to protect the users on the internet and we manually restrict particular social networking sites and various other sites.
We now have a need for users to be able to log into the computers with their own accounts. If we continued to use Windows Family Safety we would need to join each account up to the service, something we would like to avoid as this would be difficult to manage.
Are there any solutions that we can operate centrally that automatically block out known bad sites and also allow us to blacklist sites. Ideally the rules we set should be for each computer, regardless of the account.
Would love to hear your thoughts and ideas? Maybe I'm going about this all wrong and there is a better solution in the form of external hardware. Please advise.
This might not be a solution that you're looking for, but this is an extremely easy solution and have recommended it myself in the past. Use OpenDNS.
OpenDNS has all kinds of filters and the paid version of OpenDNS will allow for faster DNS lookups and better security.
If you simply add the DNS servers to the main router on the network, it would simply assign all the computers on the network to OpenDNS's DNS servers, that is, as long as you have it to auto DHCP on every computer...
Then after that's all set up, you'll be good to go with a better DNS server and full protection. Just make sure that the settings are locked down (I'd assume they already are), so you won't have any smart ones tinkering with the DHCP settings.
As the others said, you could go with a hardware/software solution, but OpenDNS is much more cost effective as you will not need to manage the server controlling the DNS and everything else in that regards. Just takes a toll off your system administrators.
You might want to think about blocking (if the router supports it) visiting IPs directly as some smart one could run a DNS lookup on a site and go to the IP directly. So if you're going to use a DNS solution, blocking direct access to an IP would be best.
If you don't want to reconfigure each machine and account, the only way is though a server side solution. Which means putting a proxy/cache/filtering server between your local network and the internet. So you have to put a server PC between your AP and the gateway.
Now the cheapest solution is a linux box with squid and dansguardian installed, but this solution requires an advanced degree of technical competency. Its the best solution for me since I'm a technical guy.
But is not for everybody, especially if you have angry bosses pressuring to get it done quickly. Then you can buy a specialized software and putting it on another pc box:
Cyberoam NetGenie is one of them:
There is an commercial offshoot squid called SafeSquid:
Both provide trial versions, there are many others, just google for content fitlering software.
One last thing, there is no such thing as perfect content filtering nor internet security. They are impossible. Security is a process not a product. Processes requires discipline and dedication and stress. Therefore there are always gaps, using direct IPs instead of urls, alternate ip encodings on octal and binary, proxy sites, ssl ports pass thorugh, tor network, etc, etc. You can stop/protect the lazy and uneducated, children might be uneducated but are not lazy at learning specially with the spectative of finding porn.
The way you choose does not matter, it has the potential to be a long adventure.
There is a file called HOST file in all windows OS systems Just login as administrator and find this host file as per the OS and make changes what ever you would like to black web sites No matter what user login it applies to all users including administrator
Windows 95/98/Me c:\windows\hosts Windows NT/2000/XP Pro c:\winnt\system32\drivers\etc\hosts Windows XP Home c:\windows\system32\drivers\etc\hosts
Source: http://www.accs-net.com/hosts/how_to_use_hosts.html