How to block websites from AD DC Windows Server 2012 - windows-server-2008-r2

How to block websites from Active Directory Domain Controller Windows Server 2012
request form our company.. to block YouTube.com from Domain controller ( which is windows server 2012) from morning 9am to evening 5pm.
how can i achieve this requirement. i saw some online blogs which is showing group policy settings but they just blocks the website with GPO. what i want is to block website for a specific time (Like morning 9 am to evening 5pm) not all the time....
please help me

This can be achived with an ISA server or Forefront TMG (http://www.microsoft.com/downloads/details.aspx?familyid=e05aecbc-d0eb-4e0f-a5db-8f236995bccd&displaylang=en) or any other proxy solution like SQUID(it's free http://www.squid-cache.org)

"AD has no interaction with the users browsing experience, web traffic is directed through your proxy if you have one, then your gateway and so it is at these points you would need to filter the traffic."
I wouldnt agree. You can restrict websites via DNS (but im not sure about time period thing though). Set new DNS zone in DNS manager, and call it, for example Facebook.com. Then, right click on zone, and click on New Host (AAAA), and set Facebook to imaginary ip address such as 0.0.0.0, and voila. Your clients won't be able to connect to Facebook.com

Related

Hosting Website LIVE on the domain I've bought

I'll get straight to the point.
I have bought a domain. I want to host it on my computer, maybe on a raspberry pi since only 50 persons/month will visit it.
Anywhere I've looked I see two hosting methods, using IIS/WAMP/XAMPP to only create a localhost website or adding the domain to C:\Windows\System32\drivers\etc\hosts.txt that is also... localhost.
What is the magic answer here? How can I host LIVE a website with the domain that I have bought? Am I stuck to using a hosting service? Am I missing something really important?
using IIS/WAMP/XAMPP to only create a localhost website
You need an HTTP server if you want to host a website. It needs to run on the computer you want to host the website from.
adding the domain to C:\Windows\System32\drivers\etc\hosts.txt
That's what you do as a poor man's solution instead of buying a domain name.
The Domain Name needs to be associated with a DNS server (and secondary DNS server) by your registrar.
Usually, a registrar will provide DNS hosting services as part of the deal.
The DNS server needs an A record pointing at the IP address of the computer running the web server. This IP address needs to be available to whomever is going to visit it (which almost certainly needs to be public facing) and should be static (unless you want to play games with very short TTL values and frequent reconfiguration of the DNS servers).
If you plan to host multiple different websites on the same server, you'll probably want to configure the HTTP server software to handle Virtual Name Hosting (whereby it pays attention to the Host header in the request and dynamically serves different content based on it)

Sharepoint 2013 top-level site with unique IP

We have a newly-configured Sharepoint 2013 server installation, which serves our company Intranet.
The new Intranet is now in service and operational.
Next, we need to create another top-level site which will serve as an Extranet portal for clients.
Sharepoint Central Administration does not provide a method by which a separate IP address can be
selected for a new site; instead, it provides port selection or entry only.
We need to route external traffic to the extranet site, which requires either a mapped internal IP
address or a different port. The main limitation we face is that most of our public-sector clients
cannot use a non-standard port due to their firewall restrictions. So, this means a unique IP.
In the exhaustive research conducted concerning this issue, it appears that the "best practice"
receommended by Microsoft themselves is nothing but a workaround, where part of the process is
performed in SP Central Admin and the other half in IIS.
We have found many articles and blogs mentioning alternative ports, but none which address this situation directly.
Now we're trying to contend with Alternate Access Mappings, which are confusing our admins.
We really need the voice of experience from someone who has actually done this before.
Question: what is the correct way of achieving our goal?
Your users will access the site based on a host name I guess, not on an IP address?
So, you will have an intranet under http://intranet and you now want to create an extranet under http://extranet.
The fact that extranet is on another IP address and routed to your SharePoint farm is not really an issue.
What you need to do, is to create another web application with as host name http://extranet
Your firewall / network hardware must then forward http://extranet to your SharePoint servers. IIS will see "extranet" and serve the extranet.
If your users will access it via the IP-address, it's similar. Instead of http://extranet, you enter http://ext.ip.addr as the host name.

Intranet Domain name without domain

We have an internal webserver, I made a user on this server (Openlogic 6.6, Centos Web Panel installed).
the domain : testnet.company.local
In the dns I have a record testnet which resolves to the ip of the server.
In a browser when you go to "http://testnet.company.local/application" it works.
But if I want users to be able to go to testnet/application or just to "http://application" what are the steps I need to take? Is this possible? Our DNS server is a Windows Server 2012.
Do the users have a common search list on their machines? I don't suggest using barewords as DNS names without some serious investigation.
However, say, for example, that all of your users have company.local in their searchlist. You can then add "testnet" to the company.local DNS zone and it will resolve because the user's machines will automatically add "company.local" to the request.

DHCP Server not Authorized

I have two Active Directory servers performing both authentication and DNS.
One server is 2003 and the other is 2008. It is my understanding that there is no primary Domain server in this scenario and that everything will replicate from 2003 to 2008 without issue.
I have a 3rd virtual 2008 server which has been preforming DHCP for over 2 years without a problem.
It is now appearing that I cannot properly authorize DHCP (Red downward arrow).
When I attempt authorization, I do not get an error. It simply does not function and appears to not be authorized. I also tried netsh for authorization.
I have an error in the logs of the DHCP stating:
"The DHCP Service failed to see a directory server for Authorization"
One change that was made recently was that I tried to revive the old physical DHCP server for performing another service. I changed the IP and the Computer name before I networked it. I have since turned it off, but I believe that this is when the problem began.
What is the problem?
Additionally, are one of the AD servers more primary in the authorization of DHCP, or are they of equal authority?
Thanks
Note: I have removed all outdated entries regarding DHCP from DNS.
Also, forest functionality level is set to Windows 2000, though we have nothing on our network older than XP.
Your first domain controller in your network is the "primary" domain controller. The primary domain controller keeps 5 FSMO roles of the entire Active Directory forest.
In your case, I think there might be some problems with DNS. Most of these types of problems were caused by DNS. You can try to use DCDiag utility to test the connection and DNS configuration from both domain controllers.
After fixing your DNS, you might want to restart the Net Logon service on both Domain Controller to refresh the SRV Record.
In the worst case that it happens to me, I had to dis-join the DHCP server (standalone server) from the domain, and join it back it, re-authorize it with AD.

Point/Send domain name to website on Windows Server 2008 R2

Okay, can't seem to find a great article or info on this. My client purchased a domain for his company (domain.com) through Network Solutions. He has a local server running Windows 2008 R2 that he wants to host his company's website on. I've created the website and have it running with Apache on localhost. The server does have a static IP, but when I visit it, I'm prompted for credentials (user, password) which is expected as it's meant to be protected.
My question:
How would I point the domain to the website on his server?
From what I've researched, I have options that include:
Pointing the domain to the static IP (what about the credentials?)
Creating A and CNAME records for the DNS server on Network Solutions
Setting up a local DNS server w/ Active Directory on the Windows machine
Creating a couple name servers that would tell Network Solutions
where to send the domain
It's safe to say I'm effectively confused, so any help would be very much appreciated.
So basically you have to associate the domain name to the IP address, and that is done using DNS.
I'd suggest option 2 where you let Network Solutions manage the DNS, and you create an A record for www.domainname.com that points to the IP address on your server. Keep in mind it might take 24-48 hours for this new record to propagate across the internet. Take a look at http://www.networksolutions.com/support/dns-manager-advanced-tools/ and http://www.networksolutions.com/support/a-records-ip-addresses/
Regarding the credentials prompt, I assume you are using IIS and so you'd want to check the Authentication settings for the site. If you want anonymous access to the site, you would enable it there.

Resources