3

I'm working for a library who uses Internet-connected catalog machines that are designed to allow only a single website - www.catalog.com. All other sites are blocked via a Content Advisor GPO.

However, we're migrating machines to Server 2012 r2, which no longer supports this option.

Where do I start now? I've read about DNS redirection and firewall solutions, but those seem like LAN-wide solutions. I need something that can be applied to 3/100 machines.

Any leads for solid tutorials or a point in the right direction would be much appreciated.

Craig
  • 141
  • 1
  • 1
  • 10
  • 2
    I have yet to test this out, but I believe I found a solution to my particular case if anyone is interested. First, install Chrome on the target machine(s). Second, create a shortcut via GPO and set the target to your chrome application, appending --app=path/to/the/single/site. This operates Chrome in a custom browser mode and prevents navigation to other sites. Needless to say, you must also block manual opening of Chrome or any other browser. Not quick or clean, but it suits the purpose. I'd love to hear alternative solutions. – Craig Sep 21 '15 at 21:54
  • 1
    Tested and works. This solves our problem and might solve others' issues if you're looking at a similar use-case. – Craig Sep 22 '15 at 01:20

2 Answers2

1

Even better for our purpose was to use Inteset Secure Lockdown, which blocks absolutely everything except a website for some solid kiosk-style operation for public computers.

There are plenty of settings to throttle how 'locked down' you want the machine as well, including hiding the desktop/taskbar, etc. It's obviously a policy/registry override by the software, but it's VERY clean, VERY easy, and only $25 for a license - including on RDS servers.

Craig
  • 141
  • 1
  • 1
  • 10
-1

Content Advisor needs to be enabled in a User or Computer group policy:

Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Content Page

Setting: Show Content Advisor on Internet options

The policies correspond to the following registry values: 

 HKCU\Software\Policies\Microsoft\Internet Explorer\Main!ShowContentAdvisor  
 HKLM\Software\Policies\Microsoft\Internet Explorer\Main!ShowContentAdvisor

Reference:

Group Policy Settings Reference for Windows and Windows Server

http://www.microsoft.com/en-us/download/details.aspx?id=25250

GPO

Content Advisor - General Tab

Content Advisor - Approved Sites

Screen shot of Windows Server 2012 showing Content Advisor blocking websites works exactly the same as in previous versions of Windows:

Content Advisor - Blocked

Greg Askew
  • 34,339
  • 3
  • 52
  • 81
  • I don't have that option in Server 2012 R2. There's a ton of documentation on the problem out there, but I have yet to come across a conclusive fix. – Craig Sep 21 '15 at 17:33