Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Permissions Based Surfing


  • Please log in to reply
5 replies to this topic

#1 pranaman

pranaman

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 20 July 2014 - 03:50 AM

I have a client who has an auto repair business. He has an XP machine in the garage where the workers are. 

 

They want internet access, to look up instructions for repair and related info. Owner doesn't want them fooling around online and watching porn, which one has been known to do.

 

I want to set up security and software that will restrict access. I don't know much about firewalls, and wonder if I should be included.

 

So far, I am planning on installing:

 

Avast! Free AV

Malwarebytes Free

Hostsman - http://www.abelhadigital.com/hostsman

 

Wondering if this is the best setup or if there is a better one.

 

Also wondering if there is a software that allows the owner and I to remotely review sites that are visited, and restrict or allow ones that he'd want blocked or allow ones that were blocked, but should not be.

 

Any ideas? 



BC AdBot (Login to Remove)

 


m

#2 scotty_ncc1701

scotty_ncc1701

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 AM

Posted 20 July 2014 - 07:39 AM

1.  Open Notepad.
2.  Copy and paste this into it:
 

(
  (PICS-version 1.0)
  (name "Thumbs Down")
  (description "A fake rating service that doesn't rate anything.")
  (rating-system "http://notreally.madeup")
  (rating-service "http://notreally.madeup")
  (category
    (transmit-as "Please Use The Approved Sites Tab Instead!")
  )
)


3.  Save it to (no quotes): "%windir%\system32\thumbsdown.rat"

4.  Launch Internet Explorer if it is not already open.

5. Click on the "Tools" menu of Internet Explorer.

6. Select "Internet Options..."

7. Select the "Content" tab.

8.  Under "Content Advisor", click on "Enable..."

9.  Click on general tab.

10.  Click on "Create password".

11.  Enter a strong password.  See a few steps below for the reason.

12.  Click OK until you get out to the Internet Option dialog box.  You should see a message saying the Content Advisor is enabled.

13.  Click OK.

14.  Click on Settings.

15.  Click the General tab.

16.  Clear the check mark on "Users can see websites that have no rating".

17.  Clear the check mark on "Supervisor cab type a password to allow users to view restricted content".

18.  If you see any Rating Systems listed, select each in turn and click the "Remove" button. You are doing this so that we can set up our special "fake" rating service that doesn't rate any sites. You can add other rating services back later if you change your mind about using this method.

19.  Click on Add.

20.  Find the "thumbsdown" file.

21.  Click on the thumbsdown file.

22.  Click Open

23.  Click OK

24.  Click on the "Approved Sites" tab in Content Advisor. Type in the name of a site you DO want to allow users to access, such as:

duckduckgo.com

25.  Now for the "gotcha".  Every possible combination for the sites must be added.  For instance, say you added "duckduckgo.com" (no quotes).  The user then put in "www.duckduckgo.com", they would be blocked.  So to get to "www.duckduckgo.com" or "duckduckgo.com", you have to add (no quotes):

"www.duckduckgo.com"
"duckduckgo.com"

26.  The above applies to the sites that the owner wants to allow.  For example:

www.partslookup.fake
partslookup.fake
gmc.partslookup.fake
volkswagon.partslookup.fake

Hope this helped - cost of solution - $0.00 (meaning you don't have to buy software).

The allowed sites are stored within the registry key: HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/policies

 

Have a great day!

:bananas: :bounce:


Edited by scotty_ncc1701, 20 July 2014 - 07:49 AM.


#3 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:06:07 PM

Posted 21 July 2014 - 12:33 AM

Another less labour intensive way of achieving a broader filter type is by using OpenDNS.

 

For a single machine you could get away with using the free home filter (no more naughty pics for the kids), but even some more involved business subscriptions are less than $30 a year. Well worth it.

 

As you mentioned, antivirus and Malwarebytes are a must for most users... and a hosts filter can never hurt. :thumbup2:

 

TsVk!



#4 pranaman

pranaman
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 21 July 2014 - 02:28 AM

Thank you scotty_ncc1701 and TsVk!

 

Is there a solution where I can remotely get a report of what sites have been visited, maybe a ranking of suspicious ones, and remotely allow or revoke access to certain sites, unless OpenDNS does this and I missed it?


Edited by pranaman, 21 July 2014 - 02:32 AM.


#5 scotty_ncc1701

scotty_ncc1701

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 AM

Posted 21 July 2014 - 09:12 AM

Thank you scotty_ncc1701 and TsVk!

 

Is there a solution where I can remotely get a report of what sites have been visited, maybe a ranking of suspicious ones, and remotely allow or revoke access to certain sites, unless OpenDNS does this and I missed it?

 

Personally, I think that the owner, or at least I would, want the computer locked down to only going to sites "X", "Y", and/or "Z".  The employees are there to do a job, and not being paid to get their jollies off on company/business time.

If they're not repairing vehicles, then they clean up, etc.

 

EDIT:  I had referenced a possible program.  After I had posted it, I downloaded it and AVAST pitched a fit, reference removed.  Site added to my "bad site" list.

Have a great day!

:bananas: :bounce:


Edited by scotty_ncc1701, 21 July 2014 - 09:32 AM.


#6 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:06:07 PM

Posted 21 July 2014 - 04:25 PM

Thank you scotty_ncc1701 and TsVk!

 

Is there a solution where I can remotely get a report of what sites have been visited, maybe a ranking of suspicious ones, and remotely allow or revoke access to certain sites, unless OpenDNS does this and I missed it?

I believe some of the "Net Nanny" type filtering applications can log the traffic and allow remote management. But the reality is (I think) the best way to do this is using a proxy. But probably not worth it for a single machine.

 

You could modify protect the internet history folder from deletion.. and just look at that data I guess. Not very graceful and won't give you times and duration of visits. Not ideal, but doable.

 

I think Scotty was getting closer to the solution with complete restriction, though this would stop essential research for parts and suppliers. I'd just fire the offending idiot, make an example of him. No-one else will do it again.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users