Novell is now a part of Micro Focus

Blocking Web Sites without a Firewall

Novell Cool Solutions: Trench
By Bryan Berns

Digg This - Slashdot This

Posted: 5 Sep 2002

Recently, you had an article concerning how one can block access to Web sites in IE (without use of a firewall). The following is essentially a different way using 'Content Advisor'. It will work across all platforms of Microsoft Windows which use Internet Explorer as a browser. It is much more difficult to bypass than some other mentioned methods. The following is an example how to set this up on one machine and then make it distributable to other machines through a login-script.

Please note that Z:\ is used a network location. You can you use any drive letter / path. Depending on what version of Internet Explorer you're using, the directions to access 'Content Advisor' may vary slightly. This particular example was created using Internet Explorer 6.0 on Windows 2000. When asked to type 'something', please do not type the quotes.

To prevent internet access on one machine

I. Creating The Content File

  1. Go to Start -> Run and type 'NOTEPAD Z:\DEFAULT.RAT'
  2. Create the file and paste the following into it. Then save it.

    ((PICS-version 1.0)
    (rating-system "")
    (rating-service "")
    (name "Default")
    (description "")
    (transmit-as "")
    (name "All Sites Restricted")

II. Configuring Internet Explorer

  1. In Internet Explorer, go to Tools -> Internet Options -> Content -> Settings.
  2. Uncheck 'Users can see sites that have no rating'.
  3. Click 'Change Password' and enter a password.
  4. (Optional) Uncheck 'Supervisor can type a password....' if you do not wish to be able to bypass the blocked web pages with the password you just set.
  5. Click 'Rating Systems' and remove any existing entries.
  6. Add Z:\DEFAULT.RAT and Click 'OK'.
  7. Click OK to exit.

III. Allow Certain Sites (IE Versions 5.5 and Later)

  1. In Internet Explorer, go to Tools -> Internet Options -> Content -> Settings.
  2. Click on 'Approved Sites'
  3. Enter a site to allow access to. Wildcards are permitted. For example:

    Type '*' to allow access to novell sites.
    Type '*.edu' to access sites with an educational classification.

Spreading It To Multiple Machines

  1. Go To Start -> Run and Type 'REGEDIT /E Z:\CONTENT.REG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings'
  2. In your Login Script, After you mount Z:\, add this entry:
  3. In Windows 9X, I also found that a hidden file C:\WINDOWS\SYSTEM32\RATINGS.POL is also needed, and thus also would need to be distributed on the machines.

If you have any questions, comments, compliments, or concerns, feel free to e-mail me at

Bryan Berns
Computer Aided Engineering
University of Wisconsin - Madison

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© Copyright Micro Focus or one of its affiliates