Looking for suggestions.
I need to deny windows desktops to getting to any sites other than ones specified by an admin. I was looking for ways I could do this and how to implement it. These are the thoughts I had.
Hosts files- this is the quick and dirty way but what is
www.blah.com changes IPs... then you have to edit the hosts files and get annoying calls from the desktop users... just not the best way I don't think
DNS server - this would be a cool way to do it if it was possible... I'm not sure if you can... the only thing I see this being a problem is; what happens when Bob, Joe, and Tom all need different access to different sites... then it seems you would need a different DNS server for each client... that wouldn't be fun...
Squid - This is the newest idea. You have a user that is restricted by their login to the proxy server. I'm not sure if this is possible though.
Any other ideas and/or ways you think my current ideas could be implemented?