How to manage whitelist of websites for a school lab?
December 18, 2008 4:56 AM   Subscribe

How can I remotely manage a whitelist of allowed websites for a computer lab of 20 iMacs?

I run a lab of 20 iMacs used for teaching electronic music, etc. In the past I didn't mind if there was some extraneous web browsing going on but there is a lot of off-task activity now and I'd like to limit browsing to a whitelist of music-related sites that I will manage remotely using Apple Remote Desktop or something else.

The computers all have both Firefox and Safari installed, so whichever one provides the better solution will be the one that remains enabled. Other things to keep in mind...
  • We are running 10.5.5, and I am the only instructor who uses the lab, I have full access to all machines. I am comfortable editing config files and that sort of thing if necessary
  • Apple Remote Desktop is used for managing lots of other things in the lab already
  • the school district has a county-wide proxy that has to be used for any outgoing connections and blocks lots of stuff already...but not enough to keep the lab in use for its intended purpose only
  • I want to be able to update the whitelist on all machines simultaneously and keep them the same, as I find more sites that should be made available
I have a colleague who uses Parental Controls to manage the Safari allowed-sites list in his lab, but it doesn't seem to be possible to do this on all 20 of my machines at the same time...I want a solution that lets me manage the whitelist immediately and on all machines.
posted by those are my balloons to Computers & Internet (6 answers total)
 
Squid.
posted by orthogonality at 5:23 AM on December 18, 2008


Response by poster: That's what I've been thinking. I have no experience with it other than as a client...I was playing with SquidMan this morning and it seems like this could work well, are there any docs for doing what I want to do without becoming a full-time Squid admin?
posted by those are my balloons at 5:38 AM on December 18, 2008


If youre not familiar with web proxies you might want to just remove the DNS setting from their computer and edit their host files (one on each machine) to resolve these sites.

You could also write a start up script to copy a host file located centrally. That way you dont need to add new host entries to every single machine.

Its important to make sure they do not have full admin rights as someone can easily just add the DNS servers back.

Also, it might just be a lot easier to enable parental controls on these computers. OSX has a pretty good parental control system. You'll still need to take away their admin rights.
posted by damn dirty ape at 6:48 AM on December 18, 2008


Squid is the only simple and effective way to do this.
posted by Jairus at 7:01 AM on December 18, 2008


Response by poster: Well...I installed Squid on my master mac station, and it seems to work well. I guess a followup question is... is there anyway to lock the proxy preferences in Firefox, so they can't bypass it back to the regular school proxy?

If not, I guess we'll just use Safari but I'd rather keep Fx around as a matter of preference.

My main thing is solutions that I can configure remotely on all the machines at once if possible. I'd rather not have to set Fx proxy on 20 machines separately if possible. (I reset the master system proxy to the new squid over ARD.)
posted by those are my balloons at 11:21 AM on December 18, 2008


Response by poster: damn dirty ape... a few have parental controls turned on experimentally, but the thing is, they aren't really modifiable as a lab. You have to log in to each one individually to change any settings.
posted by those are my balloons at 11:22 AM on December 18, 2008


« Older Studying Japanese in London?   |   Canon of love Newer »
This thread is closed to new comments.


Tags

Share