I'm one of the four IT guys at our ever-growing medium sized company. We've ran into a few problems this week where people are getting nasty viruses on their PC's by visitting sites that they shouldn't be while working; Myspace, Foreign Radio Stations, etc. Currently we have no system in place to block users from accessing anything on the internet, we just have Symantic antivirus and firewall in place on all PC's and the servers (I know, thats one problem right there). The virus definition updates get pushed out by the server daily whenever there is an update.
One of the other IT guys and myself think we should nip the problem in the bud and restrict users from visitting harmful sites. The tricky part is that we don't always know the URL of the site they plan on visitting, as new ones can crop up daily; so for the users we know as troublesome we want to restrict them to the few trusted sites we know. Or at least no URL's ending in
We're running Active Directory on W2K3 Servers, we want to be able to filter internet access by groups, with varying degrees of internet Access. Whats the best solution to our problem?"