We have a Draytek VigorPro 5510 that is configured to block downloads on the 10.0.65.xxx range (this is the range all of our user workstations are on) but allow them on 10.0.10.xxx range (this is the range all of our admin machines are on)
Obviously, this has stopped Windows Update working.
Is there a way I can set Group Policy to stop downloads (we use a mix of IE and Firefox)
Or is there something else I can do.
I've looked at WSUS but this seems a bit over-kill for what i require
-
You can't "block downloads" on the client systems; and even if you could do that for IE, Firefox is going to happily ignore any GPO you could ever set up.
The proper solution here is to configure your firewall/proxy to block all download except from Windows Update sites.
Aaron C. de Bruyn : Try installing firefox when I have downloads disabled... ;)Massimo : USB? CD-ROM? Floppy disk? Network share?From Massimo -
by block downloads you mean any traffic external to your network shouldn't be allowed? stop NAT'ing your workstations access to the internet & setup WSUS, then configure a GPO to point to your local server (as you've suggested).
THe alternative is to setup a proxy server, something like squid will do nicely, and only allow local IP's & windows update in the ACL. Setup a GPO to point your browser to the proxy server.
alex : would that still allow general web browsing however?Nick Kavadias : through the proxy, yes, if you want it toFrom Nick Kavadias -
WSUS really is the way forward on this one.
Richard Slater : +1 for WSUS. It is not particularly demanding on processor, memory or your brain. You also then get a better idea of which computers have which patches installed, and reduce the amount of traffic travelling across your internet connection on patch Tuesday.From Izzy
0 comments:
Post a Comment