I like to use a utility called Spyware Blaster to import a restricted site list. Spyware Blaster maintains a huge list of Web sites that are known to be malicious and can automatically import that list into Internet Explorer's Restricted Sites zone. You can then import this information into a Group Policy and use it to protect all of the computers on your network.
Importing the restricted site list into a Group Policy is a bit tricky. The first thing that you have to do is to open Spyware Blaster on a computer that's running Windows XP and select the Restricted Sites tab. It is important that you perform this entire procedure on a computer that's running Windows XP and not on a server because the import procedure that we will be using later tends to be problematic when used directly from a server console.
When you select Spyware Blaster's Restricted Sites tab, you will see a really long list of sites that are known to be malicious. If you look at Figure A, you will notice that there is a Protect Against Checked Items button. You must select the sites that you want to protect your PC against and then click this button. You will probably notice that there are hundreds, if not thousands, of malicious sites on the list and there is no obvious Select All option. Fortunately, you don't have to select each site manually. You can instead right click on any of the sites and choose the Select All option from the shortcut menu. After doing so, click the Protect Against Checked Items button and the sites that you have selected will be added to Internet Explorer's Restricted Sites zone.
Figure A: Spyware Blaster contains a list of malicious Web sites.
The next thing that you have to do is to open the Group Policy editor and create a policy that reflects the newly added zone settings. Begin by entering the MMC command at the Run prompt to open an empty Microsoft Management Console. When the console opens, select the Add / Remove Snap-In command from the File menu. When you do, Windows will open the Add / Remove Snap-In properties sheet. Click the Add button found on the properties sheet's Standalone tab and you will see a list of all of the available snap-ins. Select the Group Policy option and click the Add button. Select the Group Policy that you want to modify and click Finish, followed by Close and OK.
When the local security policy opens, navigate through the console tree to User Configuration | Windows Settings | Internet Explorer Maintenance | Security. When you select the Security container, you will see a couple of options appear in the computer's Details pane. Double click on the Security Zones and Content Ratings option. You will now see the Security Zones and Content Ratings dialog box that's shown in Figure B. Select the Import the Current Security Zones and Privacy Settings option and click the Modify Settings button.
Figure B: Select the Import the Current Security Zones and Privacy Settings option and click the Modify Settings button.
At this point, you will see the same Internet Properties dialog box that you see when you modify the security zones through Internet Explorer. Verify that the Restricted Sites zone has all of the sites that you want to restrict listed. This is also the time to make any changes that you want to any of the other security zones. Click OK twice and the zone settings that you have specified will be imported into the Group Policy.
About the authorBrien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit his personal Web site at www.brienposey.com.
