All You Need to Know About Site Blocking
This article will detail the few caveats to use our blocking feature and provide some steps to ensure it is set up for optimal usage. Click this link for an in-depth look at how to block sites using ActivTrak.
- Blocking can only be done on a per-computer basis. This means that no matter which user is logged into the computer, the website will be blocked. Blocking can be based on group selections if you do not want to block a website on all of the organization's computers.
- Blocking also can't be done on a schedule. The website will be blocked even if a user is accessing it outside of their tracking schedule.
- Blocking can only be applied at the domain level and not to sub-domains. For example, you would need to youtube.com instead of youtube.com/c/ActivTrak-App.
websiteisblocked.com
Employees accessing a blocked website will instead be redirected to websiteisblocked.com. with the message shown below. However, it's possible you may instead receive a "network error has occurred" or "your connection is not private" page when unable to redirect to websiteisblocked.com; this typically happens with secured websites that require a login, such as Gmail, Facebook, etc.
- Blocking is done through the computer's Hosts, so if there is an Anti-Virus, Firewall, or other DNS Filter installed on the machine or network, the machine may attempt to use those settings before those that are implemented by us.
Microsoft & ActivTrak Blocking:
It is important to understand that Microsoft protects its operating system from malicious attackers by preventing some of its own websites from being blocked using the host file. These sites cannot be blocked using ActivTrak. Below is a list of sites included:
- www.msdn.com
- msdn.com
- www.msn.com
- msn.com
- go.microsoft.com
- msdn.microsoft.com
- office.microsoft.com
- microsoftupdate.microsoft.com
- wustats.microsoft.com
- support.microsoft.com
- www.microsoft.com
- microsoft.com
- update.microsoft.com
- download.microsoft.com
- microsoftupdate.com
- windowsupdate.com
- windowsupdate.microsoft.com
These fully qualified domain names (FDQNs) are hardcoded in the following DLL: %WINDIR%\system32\dnsapi.dl
Do Not Track & Blocking:
Putting a user on the Do Not Track list will not remove blocking from a machine as this is machine-based. If you wish to not monitor a user, but still block website access, you will need to log into the machine with a user who is not on the Do Not Track list to ensure an update to the blocking list has been made.
Was this article helpful?
4 out of 8 found this helpful
Comments
No comments