Site restrictions are common in business networks. Mangers and entrepreneurs want to limit potential distractions and Microsoft offers a range of solutions to achieve the objective. An usual practice is to adopt a proxy server but you can enforce site restrictions on Internet Explorer – even the latest versions – using a simple Active Directory Group Policy.
In this tutorial we’ll take advantage of the Content Advisor functionalities of Internet Explorer, a feature Microsoft hid in IE 10 and IE 11.
The first step is to download and install the Internet Explorer Administration Kit (IEAK). We’ll use it to create a configuration executable for IE.
Choose a shared folder (accessible by the restricted users) where to save the package:
Select the target platform:
Select the target language:
Check Configuration-only package:
Clear All then check Security Zones and Content Ratings:
Synchronize your version of IE with the latest available and click Next:
Check Import the current Content Ratings settings then click Modify Settings:
We’re now in the Content Advisor configurator. Unrestrict all the ICRA3 categories:
In the Approved Sites tab you can restrict the sites. Specify a domain and click Never, it will appear in the list below:
In the General tab check Users can see websites that have no ratings then click Create password:
Specify the supervisor password:
You’re ready to generate the .msi package:
The executable is ready, now we need to install it on the client machines. Open the Group Policy Management panel and create a new policy:
Configure the Security Filter:
From the Settings tab right-click on User Configuration and select Edit:
Add a new software package:
Select the .msi file:
Choose the deployment method:
The Group Policy is ready:
Activate the Group Policy:
After a reboot the client machines won’t be able to access Facebook, Twitter and Pinterest: