Managing Websites using Active Directory Group Policy Objects (GPO)

Managing Websites using Active Directory Group Policy Objects (GPO)

How to Blacklist/ Whitelist and Bookmark select Websites on Browsers using GPO

Organizations frequently need to block or restrict access to specific websites and applications for security and management reasons. Certain websites may not be safe and might include malicious content. This in turn will potentially threaten the security of an organization. This is one of the reasons to block certain websites, which prevents the employees from accessing them and leading to a possible breach in security. In addition to this, employees might use websites that tend to reduce their productivity. This usually includes social media, gaming, and entertainment websites. Hence organizations block these websites to curb security risks and network connectivity problems, generally caused as a result of streaming music and videos. There are generally two approaches adopted by IT administrators to overcome these problems – blacklisting and whitelisting.

Blacklisting involves blocking or restricting access to websites that are considered unsafe. This process usually involves making a list of websites that tend to threaten the security of the organization. These sites are then blocked access. All other websites are allowed access. Hence, blacklisting is said to be a threat-centric approach. While this approach may be easier to implement, it is considered to be less effective in terms of security.

Whitelisting involves using an approach that is opposite to the one used in blacklisting. Here, access is provided only to those websites which are considered to be safe and trustworthy. This involves making a list of websites that can be provided access while restricting all the others. As a result, this method is much more effective when compared to blacklisting. However, this is considered to be more complicated, since making a list of trustworthy websites can be quite intensive. In case, essential sites such as the ones used for email are not added to the list, it may result in unnecessary chaos.

Using Group Policy Objects to Blacklist, Whitelist, and Bookmark Websites

The list of blocked or trusted websites needs to be distributed to all employees in the organization, in order for the blacklisting or whitelisting to be effective. This can be implemented with the help of Group Policy Objects (GPOs). This simplifies the process of implementing the required settings to all the computers within the domain. In addition to this, specific users can be restricted access to certain websites, by placing them in an organizational unit (OU) and applying the group policy to it. Websites can also be bookmarked or added to Favorites for easy access. This can be done by means of the Group Policy Management Console (GPMC).

Installing the Group Policy Management Console (GPMC)
The Group Policy Management Console is an MMC snap-in that is used to create and manage group policies. It can be installed using the instructions given below.

  1. On Windows Server 2008 and 2008 R2
  2. Open the Start menu and navigate to Control Panel --> Programs and Features --> Turn Windows Features on or off.
  3. From the left pane of the Server Manager dialog box, select Features.
  4. Click on Add Features and select Group Policy Management.
  5. Click Install to complete the process.
  6. On Windows Server 2012 and higher versions
  7. Open the Start menu and navigate to Control Panel --> Programs and Features --> Turn Windows Features on or off.
  8. From the left pane of the Add Roles and Features Wizard dialog box, select Group Policy Management from the Features tab.
  9. Click on Next to process to the confirmation page.
  10. Click Install to complete the process.

Blacklisting a Website using Group Policy

To blacklist or restrict access to a website, follow the instructions given below.

  1. Create the Organizational Unit (OU) for which the Group Policy needs to be applied.
  2. Open the Group Policy Management Console (GPMC). This can be done by navigating to Start > Run and typing gpmc.msc.
  3. Locate the desired Organizational Unit and expand User Configuration, expand Windows Settings and expand Internet Explorer.
  4. Click on Security and select Security Zones and Content Ratings by double-clicking on it.
  5. In the Security Zones and Content Rating dialog box, select Import the current Content Rating settings option under the Content Rating section.
  6. Click on Modify Settings and click OK.
  7. In the Content Advisor dialog box, click on the Approved Sites tab.
  8. In the Allow this website field, enter the name of the website you want to blacklist/block and click on Never.
  9. Click on OK.

Whitelisting a Website using Group Policy

To whitelist or allow access to a specific website follow the instructions given below.
  1. Follow steps 1 through 7 for blacklisting a website. These steps are similar for both processes.
  2. In the Allow this website field, enter the name of the website you want to whitelist/allow and click on Always.
  3. Click on OK.

Bookmarking a Website using Group Policy

A website can be bookmarked or added to favorites using Group Policy by following the instructions given below.

  1. Open the Group Policy Management Console.
  2. Create a new Group Policy Object in the required domain and name it accordingly.
  3. Add the users, computers, or groups to which the group policy needs to be applied, under the Security Filtering tab.
  4. Navigate to User Configuration > Preferences > Windows Settings > Shortcuts.
  5. Right-click on the Shortcuts page. Click on New > Shortcut and set the following options.
  6. Action: Update
  7. Name: Enter the name of the shortcut
  8. Target Type: URL
  9. Location: Explorer Favorites
  10. Target URL: Enter the full URL of the shortcut
  11. Click on OK.
Thus Group Policy Objects can be used to blacklist whitelist or bookmark specific websites on a browser and implement it to all the computers within the domain. 
    • Related Articles

    • Group Policy Objects

      Group Policy settings are stored in the form of Group Policy Objects (GPOs). GPOs can be created like any other active directory object and is linked to a Site, domain or OU in which the policy settings have to be applied. The GPO stores its ...
    • How to Change Account Lockout Policy using Group Policy Objects in Active Directory

      Changing the Active Directory Account Lockout Policy  Introduction to Active Directory Account Lockout Policy Account lockout policies are used by IT administrators to lock out an Active Directory account after multiple unsuccessful attempts. It is ...
    • Group Policy

      In a nutshell, a Group Policy is a collection of settings, which determine how a unit of users/computers should behave. The Two Types of Group Policies: Administrators can use Group Policies to enforce a set of configuration settings to both the ...
    • Group Policy Object

      Administrators frequently turn to group policy objects to control user accounts and user activity in an Active Directory environment. In this video, we deep-dive into GPO basics such as why group policies are needed, the components of group policies, ...
    • Best Practices for Configuring Group Policy Objects

      GPO Best Practices Group Policy makes dealing with your operating system easier and more effective. In addition, this allows you further control over network accounts. This makes your network safer from outsiders. Moreover, it reduces the trusted ...