Allow access at certain sites:
1) In Internet Explorer click Tools / Internet Options … then the Content tab.
2) Click the Settings button … then the Sites tab allowed.
3) In the text box Allow this website, type this : *.*
4) Click on the button Never.
5) Manually enter the addresses of sites you allow. For example: http://www.microapp.com.
6) Click the Always button.
7) Click the General tab.
Uncheck Users can visit the sites without access control.
It is perhaps easier to uncheck the The case manager can enter a password to enable users to view the content of pages to access limited.
9) Validate the rest …
To go back you have two choices: Disable Content Advisor or check the box Users can visit sites without access control.
Note Settings Manager Default access is a file named Rsaci.rat located in \ Windows \ system32.
Block selectively your Internet traffic using IPSec
IPSec is a protocol designed to provide different security services. While its primary application lies in the development of a private network virtual, it can also function as a firewall Internet connection.
Here is an example of using simple block all traffic Internet allowing data exchange the Intranet. We describe the procedure on a computer locally, but it is of course possible to deploy this type of strategy in a field.
1) Click on Start / Run and enter : Gpedit.msc
You can add this snap in MMC: IP Security Monitor.
2) In the Group Policy editor, open Computer Configuration / Windows Settings / Settings Safety / Security Strategy IP on Local Computer.
3) With the right mouse button, click on this container then the submenu Manage Address filter lists IP filter actions …
4) Click the Add button …
5) In the Description section, type what you want : HTTP, for example.
6) Click the Add … then Next.
7) In the Source address drop-down list: let the default (My IP) and click the button Next.
In the Destination address drop-down list: select Any IP address selection and then click the Next button.
9) In the Select Type drop Protocol: select TCP and then click the button Next.
10) Check the radio button To this port number and enter the 80 then click the Next button.
11) Check the box then Edit Properties click the Finish button.
You can also block the secure pages (HTTPS:) specifying the time, as the destination port 443.
To allow traffic Intranet, repeat same procedure, but in the combo Destination Address: Select a DNS name choice specific or a specific IP address. You enough to enter the server name, IP address or range IP address. If you choose option A subnet Specifically, you must enter the IP address and the subnet mask.
In short, specify any filter actions which you need.
12) Click the Manage filter actions then click the Add …, Next.
13) Enter a name and description for your filter action : Block, for example, then click the Next button.
14) Check the radio button and click the Reject button Next and Finish.
15) With the right mouse button, click the container IP Security Policies on Computer then the local sub-menu Create a strategy IP Security … and the Next button.
16) Again, enter a name and description will best define your strategy, then click the Next button.
17) Uncheck Enable response rule default and then click the Next and Finish.
18) Check the radio button All possible connections network and then Next.
19) Click on the Add … and Next.
In the case of a local computer, select the radio button Use a certificate issued by this CA :, Then click the Browse button …
Then select the certificate: Microsoft Root Authority.
20) In section lists filter IP, select the radio button which corresponds to the filter that you created and then click the Next button.
21) In the section Actions Filtering, select the radio button which corresponds to the filter action that you created then click the Next and Finish.
22) Click OK and Close buttons.
The procedure is the same on your ruler to allow traffic in Intranet.
If you return to the Group Policy window, your strategy is listed, but in the column Strategies attributed, it is stated that is not allocated.
23) With the right mouse button, click on its name and the command Assign.
Make a test by trying to surf the Internet …
With Internet Explorer, you will get a window warning you it is impossible to view the page.
With Mozilla, there is a dialog box telling you the connection is refused when attempting to contact with the requested site.
Of course, you normally have access to your mail and your intranet network. If with the right mouse button, click on your strategy and then on the Delete attribution, everything works again.
To export your strategy to implement on another machine, follow these steps:
1) With the right mouse button, click the container IP Security Policies on Computer Local then All Tasks / Export strategies …
2) In the Name text file:, type a descriptive name then click the Save button.
One file with the extension. Ipsec will be generated.
You can export or import using mode GUI or from command netsh the Command Prompt:
1) Click on Start / Run and enter : Cmd
2) In Command Prompt, enter one of these commands:
* Netsh ipsec static exportpolicy .. \ ipsec_policy.ipsec
* Netsh ipsec static importpolicy .. \ ipsec_policy.ipsec