One of the requests we get is to place a restriction on which Internet sites that users would commonly visit during working hours or at all.
In ISA 2004, we would do the following:
- Open the ISA Management Console
- Right click on Firewall Policy -->New --> Access Rule
- We call them Workhours Deny
- Rule Action: Deny
- Selected Protocols: HTTP, HTTPS, MSN Messenger
- Access Rule Sources: Internal & Local Host
- Access Rule Destination: Add
- New: URL Set
- Name: Workhours Deny
- Add: http://*.rad.msn.com/*
- Some sites at the bottom of this post.
- Click on + beside URL Sets and double click on "Workhours Deny"
- All Users -->Next
- In the ISA Console, double click on the Rule before clicking Apply in there
- Click the Action Tab: Tick "Redirect HTTP requests to this Web page:"
- We create an AUP page for Companyweb: http://companyweb/General%20Documents/AcceptableUsePolicy.aspx?PageView=Shared
- We set 0800 to 1800 for the times as a rule for all 7 days.
During the working hours specified, if the user tries to connect to the Web sites that are listed in the Deny List, they will be greeted with the following:
Here is a partial list of sites that we tend to restrict out of the box as part of the SBS Premium setup:
Any site that would essentially waste a user's time or open the network to possible compromise would normally make the list.
In almost all cases, most people figure it out and there is not a problem. Once in a while a little more is needed, so with the Client Contact's approval, a simple email with a screen shot of an ISA report showing the user name and sites being visited is sent to the problematic user. This usually kills the behaviour immediately.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.