3

I'm working for a library who uses Internet-connected catalog machines that are designed to allow only a single website - www.catalog.com. All other sites are blocked via a Content Advisor GPO.

However, we're migrating machines to Server 2012 r2, which no longer supports this option.

Where do I start now? I've read about DNS redirection and firewall solutions, but those seem like LAN-wide solutions. I need something that can be applied to 3/100 machines.

Any leads for solid tutorials or a point in the right direction would be much appreciated.

Craig
  • 141
  • 1
  • 1
  • 10

2 Answers2

1

Even better for our purpose was to use Inteset Secure Lockdown, which blocks absolutely everything except a website for some solid kiosk-style operation for public computers.

There are plenty of settings to throttle how 'locked down' you want the machine as well, including hiding the desktop/taskbar, etc. It's obviously a policy/registry override by the software, but it's VERY clean, VERY easy, and only $25 for a license - including on RDS servers.

Craig
  • 141
  • 1
  • 1
  • 10
-1

Content Advisor needs to be enabled in a User or Computer group policy:

Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Content Page

Setting: Show Content Advisor on Internet options

The policies correspond to the following registry values: 

 HKCU\Software\Policies\Microsoft\Internet Explorer\Main!ShowContentAdvisor  
 HKLM\Software\Policies\Microsoft\Internet Explorer\Main!ShowContentAdvisor

Reference:

Group Policy Settings Reference for Windows and Windows Server

http://www.microsoft.com/en-us/download/details.aspx?id=25250

GPO

Content Advisor - General Tab

Content Advisor - Approved Sites

Screen shot of Windows Server 2012 showing Content Advisor blocking websites works exactly the same as in previous versions of Windows:

Content Advisor - Blocked

Greg Askew
  • 39,132