Ways to block websites on your network

For a home or small network, if you have a broadband router such as Linksys or DLink, there should be an option that allows you to enter the addresses of sites you want to be blocked. Depending on the size of your network, you may want to consider a content-filtering proxy. This will also give you the ability to block websites. Many proxies will give you the ability to access only allowed sites. This may be the method you want to employ.

For a small number of computers you can edit the host file (Windows). Add the site and set the IP address to 127.0.0.1. This method can be time consuming unless you deploy the host file from a central location/file. If you are running your own internal DNS server that forwards requests to other DNS servers you can employ this technique.

Create a forward lookup zone for the site you want to block. Example: badsite.com 
Create a host record for the site. 
Set the record's IP address to 127.0.0.1 
Make sure you deleted the CACHED zone for the site you want to block. 
This technique also works well with other unwanted hosts such as messengers, ftp sites and P2P hosts.


Another way, if you are in a Workgroup and don't have to contact your 
DNS server for accessing local network resources then you can try 
Opendns which is free. Available here: http://www.opendns.com/
You can purchase the enterprise version as well.


Another good rated free product is Untangle which does the decent job of firewall and security in a small size networks.
http://www.untangle.com/


Internet Explorer also have a nice way to control website access. Go to the Internet Options > Content > Content adviser > Enable. One new box will open and inside that go to General > Create Password. Give some password which you want.
Now when you try to open any website it will ask for the password. 
If the requirement is such that you do not want to block the internet completely, 
open the website which you want to open all the time and when it will ask for the password then give the password and remember to click the option i.e always allow to view the website. After that it will not ask for the password at any time you want to open that particular website, but if you try to open some other site then it will ask for the password. 
Like this the websites you want to open, just give the password and also tick mark the option i.e always allowed that website to view. 

Biometric Logon in Windows 7 and 2008 R2

Windows 7 and Windows Server 2008 R2 include the Windows Biometric Framework (WBF), which provides native support for biometric technologies, specifically fingerprint devices.

To set up biometric (fingerprint) logon to a Windows 7 computer, you first need a fingerprint reader. This can be an add-on device, or a reader that comes built-in (as is the case with many modern laptops). The proper drivers for the device must be installed. Windows 7 comes with drivers for a number of biometric devices. If yours isn’t one of them, Windows will attempt to find the correct drivers on the Windows Update site. If that doesn’t work, check the web site of the device vendor (or the computer vendor for built-in devices).

Once the drivers are installed, the next step is to set up the biometric software with your fingerprint data. Follow these steps:

1. Log on to the user account with which you want to use biometric logon.
2. Click Start | Control Panel.
3. In Classic View, click the Biometric Devices applet. If you don’t see this applet, check Device Manager to ensure that your biometric device is listed.
4. In the dialog box, click “Use your fingerprint with Windows.”
5. Next, you’ll be asked to provide your password. Do so and click OK.
6. The Fingerprint Reader enrollment dialog box requests that you click the finger you want to set up. You can set up one, some or all of your fingers. It’s usually a good idea to set up more than one, as sometimes the reader may not recognize one of your fingers (perhaps because it’s dirty or oily or injured) but will recognize a different finger.
7. Next you’ll be asked to swipe the finger on the reader so the reader can get a good reading. A successful swipe will result in a green checkmark; an unsuccessful swipe will result in a red X. You’ll need three successful swipes to proceed.
8. After three successful swipes, you’re notified that the finger is set up for logon and access functions and you can click Finish.
9. You can repeat the process to enroll other fingers.

Now you need to test and ensure that the fingerprint logon works. Log off (or lock the computer). Instead of your photo  and a credentials box for entering your password, you’ll now see a fingerprint icon, as fingerprint logon has been set as the default logon method. Don’t worry; if it doesn’t work, you can click the “Other credentials” button and log on with your username and password as usual.

Swipe one of the fingers that you set up and the system should log you on.

Managing Biometrics in Windows 2008 R2 Domain

We can enable, limit or block the use of biometric devices in a Windows Domain by using Group Policy. In the Group Policy Management Editor on Windows Server 2008 R2, in the left pane right click the Group Policy Object (GPO) you want to configure (for example, the default domain policy) and select “Edit,” as shown below.

In the left pane, expand Policies, then Administrative Templates: Policy definitions, then Windows Components, and click Biometrics as shown below.

In the right pane, you’ll see four choices:

• Allow the use of biometrics
• Allow users to log on using biometrics
• Allow domain users to log on using biometrics
• Timeout for fast user switching events

Note that this same Group Policy settings are available in the Local Group Policy Editor on Windows 7 and Windows Server 2008 R2 computers. The permissions and behaviors of biometrics can be configured in the local policy; however, domain policy will override local policy.

Allow the use of biometrics: If you enable the “Allow the use of biometrics” policy setting, this makes the Windows Biometric Service available to user applications. This means users will be able to run biometric applications on their Windows 7 clients or on Windows Server 2008 R2 servers. This setting does not enable users to log on with biometric data; it only allows them to run the biometric-enabled applications.

If the policy is not configured, WBS will still be available, as that is the default. If you don’t want it to be available (thus prohibiting users from running biometric applications), you need to explicitly disable this policy setting. This prevents users from using any of the biometric features in Windows 7 and Windows Server 2008 R2. To enable or disable the policy setting, double click it or right click it and select “Edit.”  There you have three option buttons: Not Configured, Enabled and Disabled. Click the one you want and then click Apply and OK.

Allow users to logon using biometrics: If you enable the “Allow users to log on using biometrics” policy setting, users will be able to log onto their computers by swiping a finger. They will also be able to elevate User Account Control (UAC) permissions with a finger swipe (if they are logged on with an administrative account). This only allows users to log onto the local computer; it does notenable them to log onto the Windows domain.

As with the previous policy, the default of Not Configured has the same effect as selecting Enabled, so if you don’t want users to be able to log onto their computers or elevate privileges using biometrics, you’ll need to explicitly disable the policy setting. This is done in the same way we edited the policy setting above.

Allow domain users to logon using biometrics: The purpose of this policy setting is self evident; if you enable it, users who have domain accounts will be able to log onto the Windows domain, or elevate privileges with a logged on domain account, by swiping a finger. The default here is different from those above. Because in a domain, the principle of least privilege applies, domain users can not use biometrics to log on by default. Thus the “Not Configured” selection in this case has the same effect as the “Disabled” selection, and you will need to explicitly enable the policy setting if you want domain users to be able to log onto the domain using biometrics.

Timeout for fast user switching event: You can use this policy setting to set a specified time period (in seconds) for which a fast user switch event stays active before the switch happens. The default time period is 10 seconds. The maximum time period you can configure is 60 seconds. You need to enable the policy setting to change the specified time period.

Getting started with Xendesktop 4 - Part 2 Installation and configuration of the product using free XenDesktop express version.

First, we need to download the XenDesktop software from the Citrix site. You need to have or create a My Citrix account to be able to download the product. At present version 4.0 is available for download. Optionally, Feature Pack 1 and Feature Pack 2 can be downloaded and installed afterwards. The download includes the XenServer, the XenServer Management Console and the actual XenDesktop software components, so you don’t have to download these parts separately. Remember that XenServer is not required to run XenDesktop. XenDesktop is also supported on other hypervisors like VMware ESX or Microsoft Hyper-V.

First check if the hardware you would like to use complies with the hardware requirements and/or is mentioned on the Hardware Compatibility list. If you don’t have any hardware available you can install XenServer as a virtual machine for example, within VMware Workstation although, this is not officially supported. Just Google “install xenserver on vmware workstation” and you will find several documents and videos on how this can be accomplished.

The installation of XenServer is delivered as an ISO file with the name `XenServer_virtulization_platform.iso`. Make sure that the media is available for installation, by burning the ISO file onto a CD. The installation of XenServer starts with a screen asking you if you would like to install XenServer using the standard installation steps or the advanced steps.

 

When you choose F1 or <ENTER> you opt for the default installation steps. Selecting F2 delivers the option shown in Figure 2.

 

Here we won’t be using the advanced options. The standard installation procedure is envoked by pressing  <ENTER> or the <F1> key. During the installation the first dialog box asks you to specify which kind of keyboard layout you are using. By pressing the spacebar you can select the correct keyboard layout. Via <TAB> you can move to the next button to continue the installation, another way to accomplish this is using <F12> to also continue to the next dialog box. 

The XenServer boot media can also be used to convert a physical machine into a virtual machine (P2V). Because we are installing a XenServer host, we have to choose the option Install or upgrade XenServer Host. Like the previous dialog box you can use <TAB>, <F12> or <ENTER> to continue after the selection or the right option.

 

The next dialog box is just an informative message that you will start the XenServer installation and that all current data on the disks will be erased. Via the OK button the installation will continue. 

Like all other installations the License Agreement will be shown and you need to accept the license agreement to continue with the installation using the “Accept EULA” button.

Hopefully the next dialog box must not shown, because it informs you that your machine does not have hardware virtualization support available. First of all this will impact the performance and secondly you don’t have the possibility to run based Windows Virtual Machines on your XenServer host, so you won’t be able to use XenDesktop. Most time this is caused that hardware virtualization is disabled in the BIOS. Otherwise you should search for other hardware. 

XenServer can be installed from a CD or from a network location using HTTP, FTP or NFS based resources. I expect you will use the local media option for this setup, otherwise you already have a couple of XenServers running in your infrastructure. In that case you are already familiar with installling XenServer. 

 

When using Linux Virtual Machines on your XenServer you should install the Linux Pack. Depending on your condition say Yes or No.

XenServer offers the possibility to verify the installation source on any errors. If you would like to that you select the option Verify Installation Source, if you would like to skip this test choose Skip Verification. 

The following step is an imporant step. In the dialog you need to add a password for the root account of the XenServer. This password is needed to logon the XenServer both on the console as to set-up a connection using the administration tools later. Choose a good password and fill this in two times.

Logically the XenServer need to have a connection with the network. In the next dialog you need to fill in the network address, subnetmask and gateway for the XenServer. It is possible to use a DHCP server, but I advise to use a fixed IP addres or at least a reserveration in the DHCP scope for XenServer hosts. 

A second dialog for the network components is displayed. Here you need to fill in a (unique) hostname and the DNS server available within your infrastructure. As for every hypervisor DNS is critical, so double check the settings you configure. 

Next the Time Zone needs to be configured, this is done by selecting first selecting the area your data centre is located, followed by selecting a nearby city as shown in the below displayed figures.

The last step for the time setting is to specify if you would like to manual configure the correct time or use the NTP protocol. While correct time settings are crucial in every infrastructure I advise to use the NTP option but remember that you need to have a NTP server address.

 

When choosing NTP the next dialog box option you will be asked to fill in (up to three) NTP servers. After filling in the NTP server or when you choose manual time entry the last dialog box will be shown that all information needed is collected and that the actual installation can be started using the Install XenServer button.

After the reboot the the server will show the console as shown in the next figure. You can re-configure settings in case you made a mistake for example, reconfiguring the nework setings. Also some new configuration can be made via this console like adding the server to a resource pool.

 

Getting started with Xendesktop 4 - Part 1

Xendesktop Editions

Citrix XenDesktop is available in several editions, which logically offer different options and functionalities. The needs and wishes in your infrastructure determine which version should be applied when implementing a VDI environment. Let’s take a look at those editions and what they offer.

• XenDesktop Express - The Express edition is the most basic edition with a limited of functionality. If offers the standard XenDesktop features, but is limited to a maximum of 10 users using XenDesktop sessions. But this edition is a freeware version, so you use this one for no costs. Citrix recommends this version for test purposes and get familiar with the product. With the release Citrix also states that Citrix Xenserver (this is Citrix Hypervisor for server virtualization). This product is actually always a free download from Citrix, but logically Citrix is promoting to use this hypervisor for hosting the XenDesktop environment. 
• XenDesktop VDI - This is the first paid version of the XenDesktop family. This version has no limitation to the amounts of users using the hosted desktops by the product.  Also several other features are available within this edition:
• Provisioning Services - Provisioning Service is Citrix implementation of Operating System virtualization, which is also available as a separate product. Provisioning Services makes it possible to use a so called standard image, which can be used/enrolled to server systems at the same time. With a standard disk the system does not need to have an own disk, so to apply this technique to virtualized desktops you need less expensive SAN/NAS storage in comparison when each virtualized desktop has his own virtualized disk with the operating system installed on it.
• Workflow Studio - Workflow studio is also another product by Citrix. Workflow Studio is product that automates installation and configuration tasks for Citrix products like XenApp, XenDesktop, XenServer and Netscaler using Windows PowerShell and Windows Workflow Foundation. The product supplies an easy to use graphical interface for workflow composition without the need to have scripting knowledge.
• Profile Management - To get the real benefit of VDI infrastructures you would like to share the virtual desktops between users. However in these situations you would like to retain the user settings. Just like Server Based Computing environments a roaming profile solutions is not the best way to go. Therefore products were developed to preserve the user settings using a flex/hybrid profile solution. Citrix is implementing such a solution using Citrix Profile Manager.
• StorageLink - Citrix StorageLink is an add-on for the Citrix XenServer product supporting third party storage architecture and delivers integration with leading storage platforms. In this way StorageLink arranges that XenServer fully leverages all the resources and functionality of existing storage systems. 
• EasyCall - Easycall arranges together with softphones that out of an application or website where a telephone number is shown that with a click the phone number can be selected and the number will be parsed to the phone.
• Access Gateway (limited) - The access gateway solution of Citrix provides the possibility to encapsulate the ICA traffic (the protocol that’s being used by Citrix between the client and the virtualized desktop) into a SSL stream. Besides security reasons, this also arranges that only one communication port is needed between the client and the XenDesktop infrastructure. With the XenDesktop edition the Access Gateway can only be used to connect to a XenDesktop session.
• XenDesktop Enterprise - XenDesktop Enterprise is the third available edition within the XenDesktop family. XenDesktop offers the same functionality/features of the XenDesktop VDI edition extended with following features.
• XenApp Enterprise - Besides the XenDestkop functionality the users can also use Citrix “old” flagship XenApp. XenApp is the most used product for implementing Server Based Computing infrastructures. So the users can also connect to a Terminal Server to use applications. Also (and actually even more useful) you can also use Citrix Application Streaming to provide virtualized applications to the virtualized desktop (which is included within the Citrix XenApp Enterprise edition).  It’s good to know that Citrix expects that users outside the office connect to virtualized desktop provided by XenDesktop because this edition of XenDesktop also only offers XenDesktop sessions via the Access Gateway. In other word direct XenApp session using the Access Gateway is not allowed.
• HDX3 for Professional Graphics - One of the characteristic a remote desktop Server Based Computing (and corresponding protocols) environments was that graphical intensive applications such as AutoCAD. With this XenDesktop Add-on it’s possible to host such applications on remote desktops platform providing the users a good performance over LAN and WAN connections. A requirement of HDX3 Pro is that the host workstation should be run on local hardware like a normal desktop workstation or a blade PC. It’s not possible to use virtualized workstation because the technique uses the hardware acceleration provided by the underlying GPU. A good summary of the technique is described in this article by Alexander Ervik Johnsen (it’s based on XenDesktop3, but this also applies to XenDesktop 4).
• XenDesktop Platinum - XenDesktop Platinum is the last available edition of XenDesktop. XenDesktop is also offering the same functionality as XenDesktop VDI, but just like Enterprise several addition functionalities are added and some other functionalities are offered in a higher edition.
• XenApp Platinum - Just like the Enterprise XenDesktop Edition XenApp is added as an component into this suite. The difference is that the platinum edition is added of the XenApp product, where XenApp Enterprise is offered in the XenDesktop Enterprise edition. The differences between XenApp Enterprise and Platinum can be found in this comparison sheet provide by Citrix.
• Access Gateway (full) - XenDesktop Platinum offers also a full version of the Access Gateway so also XenApp sessions can be offered to the users directory from the Access Gateway Entrance.
• HDX 3D for Professional Graphics - This version also includes the HDX 3D for Professional Graphics feature.
• EdgeSight for Virtual Desktops - Cirix EdgeSight is a product that enables real time monitoring and troubleshooting capabilities to the XenDesktop product.
• Branch Repeater - The Citrix Branch repeater is a WAN optimization product that increases WAN throughput and improved application performance. This edition offers the licenses for using the branch repeater functionality, but you need to purchase the actual device (hardware or virtualized appliance) separately.
• Password Manager -  The last additional component enables Single Sign On within the XenDesktop infrastructure. With Citrix Password Manager users only have to log-on to Windows and the other applications with a logon can be automated to fill the users credentials and password.  Password Manager also offers Self Service Password Reset functionality.   

Choosing the Editions

Logically every version has own purchase costs, where the price rises when more functionalities are added. So logically choosing the version depends on the budget available, but when all version are within the budget it depends on the needs within the infrastructure. You should have at least Citrix Provisioning Server and Citrix Profile Manager, but those are available in all the commercial versions. Because the XenApp feature adds Application Streaming functionality, the Enterprise and Platinum versions can be very interesting. Application Streaming is a pretty critical component for success when the company is using several applications, which have regularly updates. When using graphical intensive application you should definitely need Enterprise or Platinum because these editions include the HDX 3D Pro feature. Personally I think many companies will need Enterprise or the Platinum edition, where the platinum edition will be interesting for companies who wants real time monitor software (and don’t have another product already), have server branch offices with restricted bandwidth or where Single Sign On is a requirement.