Using Group Policy Editor, The Windows Hosts file or Internet Explorer Security Options
to force Internet Explorer users to use the Proxy connection or go to a redirected site

If you are reading this page, it means that you are trying to block access to specific websites from a Windows PC running Internet Explorer. There are two ways, the first is to use a Proxy Server, like the one at SMUHSD, the second way is to edit the "hosts" file in such a way as to point traffic to the "wrong" site instead of the one requested. This stuff may be just a bit difficult to grasp if you are not already a Windows master user, but if you want to venture out in to some more detailed territory, here you go.

Method 1 Proxy setttings and Group Policy

Open gpedit.msc from the Start / Run box, right click the top of the tree, and select Properties.
Checking those boxes turns OFF any restrictions you apply there. That wat you can work on the PC without having to deal with things that are turned off or restricted. Then when you have finished making changes in the Group Policy editor, you can UNCHECK those boxes to apply the policy.


01

The boxes are checked in this picture, so the policies are NOT effective.


Remember to leave yourself a way to open the Group Policy editor, it is possible to have such a restrictive policy that you actually lock yourself out! Yikes. So I recommend making sure that you are able to at least access a command line window ( DOS Window), from the Programs/Accessories menu.

Feel free to explore the folders one at a time and consider the possible results of any thing you change. See anything useful? Apply a policy to it by checking the appropriate boxes. There are not many things that can't be controlled from here.

Group Policy edits for : Proxy Settings and Internet Control Panel

To impose  restrictions , you need to go two places in that window.
1. As you can see, there are TWO main directories (folders) named

Computer Configuration
User Configuration

02

The basic difference is that one controls settings for ALL the computer, and the other only for specifically for the Users of the computer.

Ok, now to getting MySpace blocked.
First place to go: The User Cofiguration folder , open the first level, then open the folder labeled Windows Settings, then open the Connection folder
You should be here:
02
Double Click the folder labeled Proxy Settings


This window opens
03
note that in the Exceptions box, the two addresses are separated by a semicolon (important!!!)
So the proxy server address is: oz.smuhsd.k12.ca.us  
Port number is : 4004
Check all the boxes!! Like the picture above. J
Close and go back to the main window

 

Now we are ready to do the next setting

Starting in the
Computer Configuration folder go to the
Administrative Templates,  
then Windows Components,
then Internet Explorer,
then Internet Control Panel
The Window should look like this:
04
Double Click the item labeled “Disable the Connections page

 

05
Check the radio button to ENABLE that condition. The Click Apply, and OK.

You have now forced all internet page requests to go through the District Proxy Server, then blocked the page in Internet Settings that enables users to change the settings.

 

 

Method 2: The Other Way to block access to naughty sites….
come over to the
dark side of Windows XP

 Stopping access to ANY internet website you want using the Windows "hosts" file.

Note" If you chose this method, you must disable all of the proxy settings described above.

Deep in the endless directories of the Windows XP Operating System is a small file named: “hosts”.
It resides in a folder called “etc
You can access this folder by going to the Start / Run box and typing the path to the folder:
C:\WINDOWS\system32\drivers\etc
Or open any Windows Explorer Window and type the path into the address box to get to the same place.

Note the following is an important step:

Once we are in the "C:\WINDOWS\system32\drivers\etc" folder we want to go to the Tools Menu then scroll down to Folder options and open that window.
Make sure the entry labeled “Hide extensions for known file types” is UNCHECKED.  You may have to scroll down in the list to find it. After unchecking that option, refresh the window by pressing the “F5” function key.

In the folder you will see various files most importantly the one named
hosts”   If it has a an extension like ".sam" then you will have to change the name to "hosts" with NO extension. Do this by "right clicking" and select
"rename", then type in the name "hosts". But ....

....What we are going to do is replace this file with a customized ‘hosts’ file.
I have a "special one" posted that file on the Capuchino website at:
http://chs.smuhsd.org/Tech/depot/misc/annoyance_suppression/host/

So go ahead and use the hyperlink above to get the new file.

Right click the file named hosts and select “Save target As..”  use the desktop or a convenient place to save the hosts file to because we are going to use it to replace the one that is on the PC.
Then….
open the “C:\WINDOWS\system32\drivers\etc”  folder.

Locate the hosts file. Right click it , then select rename. Type in something like “hosts.old” . This is to retain the old hosts file in case there is a problem with the new and improved one.

Locate the new and improved hosts file and right click it
Select COPY
Then navigate back to the C:\WINDOWS\system32\drivers\etc”  folder
Go to the Edit Menu and PASTE it into the “etc” folder.
If Windows asks “do you want to replace the original file”, say YES. This probably won't happen if you successfully renamed the original. But nevertheless it might happen.

During this process it is possible that Windows put the extension “.txt” at the end of your new hosts file. Check to make sure the file  has NO extension, that the name is “hosts” .  If you need to, then rename it without the .txt and use the “all files” instead of “text” option in the save process .
You should be able to see all the file extensions now that we turned off the stupid windows “Hide extensions for know file types” option.
Ok, so in the “C:\WINDOWS\system32\drivers\etc”  folder should be one file named “hosts.old” (the old one) , and the new one we copied in to the folder simply named “hosts”. If all is well, then close all those windows. :)

Restart Internet Explorer, and open the Tools menu, select Internet Options , and then the General tab.

Delete all the temporary internet files, the history, and all cookies, then close the Options dialog and close down Internet Explorer to make sure all the files are purged.

Re-open Internet Explorer .... and type in “myspace.com” If you have successfully replaced the hosts file then it will re-direct to a different site. ( Like Barney.com)

Remember you can re-direct traffic to anywhere you want as long as you know the IP Address of the site you want to send people to instead of "theirstupidsite.com".

How do get the IP? Go to the Start/ Run Menu , type "cmd" if you have a Windows 2000 or Windows XP machine, or "command" if you have a Windows 98 or older machine.

Type the command "ping" , leave one space, then type regular internet address of the site ,
for example: "ping barney.com" will produce output to the screen that will inlcude the ip address for barney.com. Write that down, then add it to your hosts file.
________________________________hosts file begins here______________________

# anything you type on a line AFTER the "#" sign is "remarked out".

# leave at least one space between the address and the name of the site

# You must leave the first entry as it appears below or you will screw up everything

127.0.0.1 colevall.ipowermysql.com

217.64.234.232 myspace.com

______end of hosts file________________

This will only redirect myspace.com traffic to barney's.

Coming soon......

Using the Restricted Sites tab in the Internet Explorer Security settings

If the little buggers have STILL gotten around all your traps?

headbang

Perhaps they have discovered "Proxy bypass" sites on the internet. What is that? A place where you type in the address of the forbidden site then it takes you there, anonymously, thus thwarting the best efforts of the IT guy to stop them.

Ok here is how you fight back:

(Tune in next week....:)