How to Blacklist/ Whitelist and Bookmark select Websites on Browsers using GPO
Organizations frequently need to block or restrict access to specific websites and applications for security and management reasons. Certain websites may not be safe and might include malicious content. This in turn will potentially threaten the security of an organization. This is one of the reasons to block certain websites, which prevents the employees from accessing them and leading to a possible breach in security. In addition to this, employees might use websites that tend to reduce their productivity. This usually includes social media, gaming, and entertainment websites. Hence organizations block these websites to curb security risks and network connectivity problems, generally caused as a result of streaming music and videos. There are generally two approaches adopted by IT administrators to overcome these problems – blacklisting and whitelisting.
Blacklisting involves blocking or restricting access to websites that are considered unsafe. This process usually involves making a list of websites that tend to threaten the security of the organization. These sites are then blocked access. All other websites are allowed access. Hence, blacklisting is said to be a threat-centric approach. While this approach may be easier to implement, it is considered to be less effective in terms of security.
Whitelisting involves using an approach that is opposite to the one used in blacklisting. Here, access is provided only to those websites which are considered to be safe and trustworthy. This involves making a list of websites that can be provided access while restricting all the others. As a result, this method is much more effective when compared to blacklisting. However, this is considered to be more complicated, since making a list of trustworthy websites can be quite intensive. In case, essential sites such as the ones used for email are not added to the list, it may result in unnecessary chaos.
Using Group Policy Objects to Blacklist, Whitelist, and Bookmark Websites
The list of blocked or trusted websites needs to be distributed to all employees in the organization, in order for the blacklisting or whitelisting to be effective. This can be implemented with the help of Group Policy Objects (GPOs). This simplifies the process of implementing the required settings to all the computers within the domain. In addition to this, specific users can be restricted access to certain websites, by placing them in an organizational unit (OU) and applying the group policy to it. Websites can also be bookmarked or added to Favorites for easy access. This can be done by means of the Group Policy Management Console (GPMC).
Installing the Group Policy Management Console (GPMC)
The Group Policy Management Console is an MMC snap-in that is used to create and manage group policies. It can be installed using the instructions given below.
- On Windows Server 2008 and 2008 R2
- Open the Start menu and navigate to Control Panel --> Programs and Features --> Turn Windows Features on or off.
- From the left pane of the Server Manager dialog box, select Features.
- Click on Add Features and select Group Policy Management.
- Click Install to complete the process.
- On Windows Server 2012 and higher versions
- Open the Start menu and navigate to Control Panel --> Programs and Features --> Turn Windows Features on or off.
- From the left pane of the Add Roles and Features Wizard dialog box, select Group Policy Management from the Features tab.
- Click on Next to process to the confirmation page.
- Click Install to complete the process.
Blacklisting a Website using Group Policy
To blacklist or restrict access to a website, follow the instructions given below.
- Create the Organizational Unit (OU) for which the Group Policy needs to be applied.
- Open the Group Policy Management Console (GPMC). This can be done by navigating to Start > Run and typing gpmc.msc.
- Locate the desired Organizational Unit and expand User Configuration, expand Windows Settings and expand Internet Explorer.
- Click on Security and select Security Zones and Content Ratings by double-clicking on it.
- In the Security Zones and Content Rating dialog box, select Import the current Content Rating settings option under the Content Rating section.
- Click on Modify Settings and click OK.
- In the Content Advisor dialog box, click on the Approved Sites tab.
- In the Allow this website field, enter the name of the website you want to blacklist/block and click on Never.
- Click on OK.
Whitelisting a Website using Group Policy
To whitelist or allow access to a specific website follow the instructions given below.
- Follow steps 1 through 7 for blacklisting a website. These steps are similar for both processes.
- In the Allow this website field, enter the name of the website you want to whitelist/allow and click on Always.
- Click on OK.
Bookmarking a Website using Group Policy
A website can be bookmarked or added to favorites using Group Policy by following the instructions given below.
- Open the Group Policy Management Console.
- Create a new Group Policy Object in the required domain and name it accordingly.
- Add the users, computers, or groups to which the group policy needs to be applied, under the Security Filtering tab.
- Navigate to User Configuration > Preferences > Windows Settings > Shortcuts.
- Right-click on the Shortcuts page. Click on New > Shortcut and set the following options.
- Action: Update
- Name: Enter the name of the shortcut
- Target Type: URL
- Location: Explorer Favorites
- Target URL: Enter the full URL of the shortcut
- Click on OK.
Thus Group Policy Objects can be used to blacklist whitelist or bookmark specific websites on a browser and implement it to all the computers within the domain.