Strategie de groupe - Internet explorer - Windows & Software
Marsh Posté le 05-05-2006 à 00:19:58
Si tu as un serveur ISA (Internet Security Acceleration) installé sur ton server 2K3, tu peux arriver à rediriger les requetes webs pour certain sites vers une page spéciale qui est hosté quelque part sur ton réseau interne.
Il faut évidemment que ton serveur ISA contrôle tout l'accès Internet de ta compagnie (~ qu'il fasse office de "proxy" ). Si c'est le cas, alors dans la console ISA, tu dois créer un "destination set" qui contient la liste de site webs que tu veux rediriger vers une autre page. Ensuite tu dois créer une rêgle "site and content" qui interdit l'accès aux sites de la "destination set" et qui redirige les requetes webs vers une autre page (ex: http://10.0.0.1) (plus d'infos ici).
Si tu n'as pas ISA, tu peux acheter Websense, mais ca coute cher.
Sinon pour faire cela avec les GPO, c'est certainement avec un Security Template, mais je n'ai pas encore trouvé la solution... je cherche ;-)
Marsh Posté le 05-05-2006 à 00:35:24
Je pense que j'ai trouvé, mais apparement tes PC doivent avoir Windows XP SP2.
http://www.microsoft.com/technet/p [...] nload.mspx
Procedures for Setting the Security Level to High for Specific Web Sites
The procedures that follow provide information about how to set the security level for a particular Web site to High, which prevents actions such as the running of scripts and the downloading of files from the site. For information about planning a configuration for your organization to control whether Internet Explorer allows downloads or allows plug-ins, ActiveX controls, or scripts to be run, see Examples of the Security-Related Features Offered in Internet Explorer 6 and Learning About Security and Privacy Settings in Internet Explorer 6, earlier in this section.
To Configure a Specific Computer with a Security Level of High for Specific Sites
1. On the computer on which you want to configure a security level of High for specific sites, in Internet Explorer, click Tools, click Internet Options, and then click the Security tab.
2. Select Restricted sites.
3. Under Security level for this zone, make sure the slider for the security level is set to High. If the security level for the zone is Custom, click Default Level and make sure the slider for the security level is set to High.
You can view the individual settings that make up High security by clicking Custom Level. For example, you can click Custom Level and then scroll down to confirm that for High security, the settings for active scripting and for file download are both Disable. After viewing the settings, click Cancel.
4. With Restricted sites still selected, click Sites.
5. In Add this Web site to the zone, type the Web site address. You can use an asterisk for a wildcard. For example, for Web sites at Example.Example.com and www.Example.com, you could type: http://*.Example.com
6. Click the Add button.
To Use Group Policy to Set the Security Level to High for Specific Sites That Users in Your Organization Might Connect To
1. As needed, see Appendix B, "Learning About Group Policy and Updating Administrative Templates," and then edit an appropriate GPO.
2. In Group Policy, click User Configuration, click Windows Settings, click Internet Explorer Maintenance, and then click Security.
3. In the details pane, double-click Security Zones and Content Ratings.
4. Under Security Zones, click Import the current security zones and privacy settings, and then click Modify Settings.
5. Select Restricted sites.
6. Under Security level for this zone, make sure the slider for the security level is set to High. If the security level for the zone is Custom, click Default Level and make sure the slider for the security level is set to High.
You can view the individual settings that make up High security by clicking Custom Level. For example, you can click Custom Level and then scroll down to confirm that for High security, the settings for active scripting and for file download are both Disable. After viewing the settings, click Cancel.
7. With Restricted sites still selected, click Sites.
8. In Add this Web site to the zone, type the Web site address. You can use an asterisk for a wildcard. For example, for Web sites at Example.Example.com and www.Example.com, you could type: http://*.Example.com
9. Click the Add button.
Tu peux aussi télécharger le document suivant qui a l'air très intéressant: Using Windows XP Professional with Service Pack 2 in a Managed Environment: Controlling Communication with the Internet
Bon amusement
Marsh Posté le 05-05-2006 à 09:47:16
OK super les infos!! je regarde ca et je te tiens au courant!!!
Encore merci!!
Marsh Posté le 05-05-2006 à 23:27:29
tiens j'ai trouvé ceci sur une autre forum:
Citation : In the GPO under User Configuration|Windows Settings|Internet Explorer Maintenance|Security double-click on Security Zones and Content Ratings. |
dis moi si cela fonctionne...
Marsh Posté le 04-05-2006 à 14:11:49
Bonjour à tous!
Je suis sous windows 2003 server avec des postes en windows XP.
Je voudrais ajouter des "sites sensibles" dans les options internet...au lieu de me taper tous les postes, j'aimerais le faire via ma console de strategie de groupe, je vois bien un dossier "Internet explorer" mais je vois pas comment ajouter mes sites sensibles sur chaque postes!??
Est ce que qq1 aurait une idée!?
Merci!!