Article

(View Disclaimer)

ENVIRONMENT: All of our student workstations are Windows XP Professional based so there was not a cross platform issue. This made distribution over ZENworks easy.

PROBLEM: In an educational environment we are constantly having to deal with students going to sites they are not supposed to go to. We have a content filter but students seem to get the password within a week after it has been changed. We were looking for a solution that the students would not be able to bypass by either finding out a password or loading another browser; ie: Mozilla Firefox.

SOLUTION: We found our solution in the Windows "host file". (File Location) C:\Windows\system32\drivers\etc. Basically the host file is an internal DNS lookup for that local machine. We modified the file in notepad and added the sites that we did not want to students to be able to go to. (See example) When you are viewing the code, the IP in front of the URL is the IP the DNS lookup request will receive. For example: myspace.com IP is: 216.178.32.51, but when the client browser goes to myspace.com and looks for the IP it will receive 140.147.249.7 which is actually the Library of Congress. This sends the student's browser to the Library of Congress site. We distributed this file with a force run app that copied the hosts file from the server to the workstation when a student logged in. We also set it to run always as we did the same deployment when a staff member logged in but instead of the modified host file we just copied the original blank one over. This allowed staff members to go wherever they want, while the students are restricted.

After we implemented this we found an added bonus. It cuts down on the amount of spyware/adware/viruses our workstations receive from the internet. It also cut down on internet bandwidth usage. Students can no longer visit bandwidth-intensive gaming sites.

EXAMPLE

File location in Windows XP: C:\windows\system32\drivers\etc

Original Host File:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost

Modified Host File:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost
140.147.249.7    myspace.com
140.147.249.7    www.myspace.com
140.147.249.7    login.myspace.com
140.147.249.7    aim.com
140.147.249.7    www.aim.com
140.147.249.7    facebook.com
140.147.249.7    www.facebook.com
140.147.249.7    aimexpress.aol.com
140.147.249.7    messenger.yahoo.com
140.147.249.7    messenger.msn.com
140.147.249.7    www.blogthings.com
140.147.249.7    blogthings.com

Note: This is only part of the sites that we have blocked.

As you'll note in the example, there is a catch when editing the host file. You have to put the plain URL (such as myspace.com) and the URL with "www" in front of it (such as www.myspace.com) as two separate entries. Otherwise one or the other will be left open.

If you have any questions you may contact Garrett at garrettpichlerTAKETHISOUT@TAKETHISOUTgmail.com

Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.