Block Facebook for selected users

proxy windows-server-2003 blocking

We have a few users here who are using Facebook during working hours and their productivity is through the floor, as a temporary measure I have remotely edited their hosts files to point facebook.com and its various subdomains to point to the loopback address and then manually comment out at lunch time so they can use it.

This is obviously a bit tiresome doing this for a number of users every day.

I am looking at trying to find something that can do this blocking automatically on schedule.

I was thinking some kind of proxy server which i can add to the proxy settings on their browser via group policy.

Does anyone know of any free or cheapish software solution for windows that will do this? Or maybe something standalone I can install on a PC/VM?

I guess I could always write and schedule some batch files to switch a blocked hosts file with a non blocked one.

Network is Windows 2003 SBS server, Windows XP sp3 workstations, single interface on server Netgear DG834 router which whilst it does have some scheduling it doesn't allow setting of a window only single block window - for example 9-5pm, but I would want to open it in the middle.


If what you're doing right now is working but the issue that it's taking too much of your time, then scheduled tasks are you friend :)

Pop the two versions of the hosts file on the network somewhere (With FB enabled/disabled), and then set up a scheduled task, pushed out by GPO.

At lunch time (say, 11:30) it copies the "FB Enabled" hosts file, and then after lunch (say, 13:30) it copies the "FB Disabled" hosts file.

Price: $free
Difficult: Easy
Effectiveness: Good
Management Overhead: Medium

For the record, squillman's answer is the one I would prefer as a sysadmin, but we all know that's not the way it works in real life


As someone who used to be responsible for the proxies, firewalls, and web filters I very much agree with @DanBig's comment and urge you to politely tell management "I don't care" and let them deal with it. Babysitting is a management / HR issue and should not be left to working level IT. If you have resource contention to the point where someone's Facebook activities are causing performance issues on your network and you don't already have filtering software in place, block their switch port or something and get management involved. Then work with management / HR on an acceptable use policy, which could also include a proxy / web filter to help enforce said policy. IT can help to define the policy, but HR should be the owner of the policy.

You do NOT want to get in the middle of legal battles or other conflicts with disgruntled [former] employees if / when they start coming down the pipe. It's not a long decline from exuberant Facebook usage to other questionable uses of the Internet.


Another alternative would be to block Facebook et al from people's work machines from 9-5 but set up an "Internet Cafe" in a communal area where they can have access to the internet for personal browsing at lunchtime.

These machines could be locked for most of the day but only open from 11 am till 2 pm (for example).

As these machines are effectively "public" people would then have to learn to log off when they've finished.

This would also help clearly delineate private and work usage of the internet.

Related

If I send data to my computer using its public hostname, does it actually go over the internet?
is it okay to use random URLs instead of passwords? [closed]
Network cables - make them or buy them
Why pay for UNIX?
Degraded Array. RAID 6 with three disk failure
Web Deploy to IIS 7 with Pass-through authentication
Why is Mac OSX Lion losing login/network credentials?
Tomcat 7 trailing slash issue with webapps
CentOS /dev/bus/usb structure
3Ware RAID6 array sometimes hanging. Undetected broken disk?
CIFS mounts hang on read
How does server-side `TIME_WAIT` really work?