Content Advisor Article

Recently, you had an article concerning how one can block access to websites in IE (without use of a firewall). The following is essentially a different way using 'Content Advisor'. It will work across all platforms of Microsoft Windows which use Internet Explorer as a browser. It is much more difficult to bypass than some other mentioned methods. The following is an example how to set this up on one machine and then make it distributable to other machines through a login-script.

Please note that Z:\ is used a network location. You can you use any drive letter / path. Depending on what version of Internet Explorer you're using, the directions to access 'Content Advisor' may vary slightly. This particular example was created using Internet Explorer 6.0 on Windows 2000. When asked to type 'something', please do not type the quotes.

To prevent internet access on one machine
-----------------------------------------

I. Creating The Content File

- Go to Start -> Run and type 'NOTEPAD Z:\DEFAULT.RAT'
- Create the file and paste the following into it. Then save it.

((PICS-version 1.0)
(rating-system "")
(rating-service "")
(name "Default")
(description "")
(category
(transmit-as "")
(name "All Sites Restricted")
))

II. Configuring Internet Explorer

- In Internet Explorer, go to Tools -> Internet Options -> Content -> Settings.
- Uncheck 'Users can see sites that have no rating'.
- Click 'Change Password' and enter a password. Add a 'hint' if you want, but that
will probably only encourage users to guess it.
- (Optional) Uncheck 'Supervisor can type a password....' if you do not wish to be
able to bypass the blocked web pages with the password you just set.
- Click 'Rating Systems' and remove any existing entries.
- Add Z:\DEFAULT.RAT and Click 'OK'.
- Click OK to exit.

III. Allow Certain Sites

- In Internet Explorer, go to Tools -> Internet Options -> Content -> Settings.
- Click on 'Approved Sites'
- Enter a site to allow access to. Wildcards are permitted. For example

Type '*.novell.com' to allow access to novell sites.
Type '*.edu' to access sites with an educational classification.

Spreading It To Multiple Machines
---------------------------------

- Go To Start -> Run and Type
'REGEDIT /E Z:\CONTENT.REG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings'

- In your Login Script, After you mount Z:\, add this entry:
'@REGEDIT /S Z:\CONTENT.REG'

Remember, one registry should contain the right settings form all platforms but it must be created from Windows 9x or Windows NT to be transferable to all other platforms. (Windows 2000 generated registry files will not import into windows 98). It does not necessarily need to be imported in a login script, but it should be imported before the explorer shell loads.

If you have any questions, comments, compliments, or concerns, feel free to email me at berns@cae.wisc.edu

Bryan Berns

Computer Aided Engineering
University of Wisconsin - Madison