Nowadays, there are all kinds of bad information in the network. Even some regular websites are mixed with various vulgar content. However, in the context of “Internet+â€, people’s lives are increasingly inseparable from the Internet. Even children’s studies need to rely on the Internet to a large extent. How to protect children from bad information and create a green and safe online environment for their children is a headache for every parent. Today I would like to introduce to you the use of the system's group policy function to achieve control of the computer access to the network, by setting the computer can only allow access to the licensed site. Add a filter action Press Win + R, open "Run", enter "gpedit.msc" to open the group policy, navigate to "Computer Configuration → Windows Settings → Security Settings → IP Security Policy on the local computer." Right-click on the white space on the right side and select "Manage IP filter list and filter operation" from the pop-up menu to open the "Manage IP filter list and filter operation" window. Switch to the "Manage Filter Action" tab, click the "Add" button, pop-up wizard, click "Next", enter the "prohibit connection" in the name, click "Next", click "Block", click "Down One step → finish." Continue to click the "Add" button, click "Next", enter "Allow connection" at the name, click "Next", click "Permit", and click "Next → Finish" (Figure 1). Add a block filter In the Manage IP Filter Lists and Filter Actions window, switch to the Manage IP Filter Lists tab. Click the "Add" button, enter "Block all network connections" at the name, remove the "Use Add Wizard" checkbox, and click the "Add" button. Open the "IP Filter Properties" window, change the source address to "My IP Address", keep the "Target Address" as "Any IP Address" (Figure 2), the rest are the default settings, click "OK" to return, and then click OK closes the IP Filter List window. Add Allow Filter This step is set to allow the computer to visit the site, here computer enthusiasts website (), for example, through the Ping command to know its IP address: 101.201.80.41. Click the "Add" button on the "Manage IP Filter List" tab. The "IP Filter List" window appears. Enter "Allow access to computer enthusiast sites" under "Name" and remove the "Use Add Wizard" check box. Select, click the "Add" button. Open the "IP Filter Properties" window, change the source address to "My IP Address" and select "A specific IP address or subnet" at the "Target Address" (this is Windows 7 and above, Windows XP is For "a specific IP address"), enter the IP address "101.201.80.41" in the input box (Figure 3). By default, click "OK" to return to the list and click "OK" to close the IP filter list. window. Repeat this step to add other IP addresses that need to be accessed to the list. Finally don't forget to add the DNS server address to the list, otherwise you can't access the website through the domain name. If you do not know your own DNS server address, you can check it with the "IPCONFIG /ALL" command or use "114.114.114.114" (Figure 4). Create an IP security policy Right-click in the empty space on the right side of the Group Policy window, select "Create IP Security Policy", pop up the wizard, click "Next", enter the name "Green Internet", click "Next", check the "activate the default response rules", Click "Next" twice to pop up a warning, click "Yes", check "Edit Attributes", and click "OK". In the pop-up "Green Internet Properties" window, remove the "Use Add Wizard" check box, click the "Add" button, select the "IP Filter List" tab in the "New Rule Properties" window, click "Block All "Network connection", switch to the "Filter operation" tab, click "Prohibit connection" and click "OK". Continue to click "Add", select "Allow access to computer enthusiast sites" on the "IP Filter List" tab, select "Allow connection" in the "Filter Action" tab, and click "OK". Repeat the above steps to set the remaining allowed addresses and DNS servers to allow access (Figure 5). Click "OK" to close the properties window. Enable policy When the Group Policy "IP Security Policy, on the local computer" appears on the right side of the "Green Internet" policy, right-click on it, pop-up menu, select "Assign" (Windows XP system selects "Assign"), "Policy Assigned" becomes "Yes" (Figure 6), the policy setting is complete. The computer can only access the licensed website at this time. Right-click in the blank space and select "All Tasks → Export Policy" to export the set policy to a file. You can restore it later by using "Import Policy" or copy it to another computer for rapid deployment. To prevent the policy from being modified, Group Policy can be disabled through the registry. Open the registry, navigate to [HKEY_CURRENT_USER\Software\Policies\Microsoft\MMC\{8FC0B734-A0E1-11D1-A7D3-0000F87571E3}] and change the "Restrict_Run" value to "1". If there is no such item, the DWORD value can be created according to the path (Figure 7). In addition to creating a green Internet environment, this feature can also be used to prevent office computer outreach. For example, if you want to restrict a computer to access only websites whose IP address starts with "192.168" (intranet), you can change the "destination address" to "a specific IP address or subnet" when adding a filter in step 3 (this For Windows 7 and above, Windows XP is "a specific IP subnet", and then enter "192.168.0.0/16" in the input box (Figure 8, Windows XP enters in the "IP address" field. "192.168.0.0", enter "255.255.0.0" in the "Subnet Mask" field. If the policy fails or fails to start properly, make sure that the PolicyAgent service (display name: IPsec Policy Agent) starts normally. Shenzhen Ruidian Technology CO., Ltd , https://www.szwisonen.com
