blocking HTTPS sites

[BOB IROC]

Here in my school district we have a huge problem with our students (and in some cases staff) trying to use proxy sites to circumvent our WebSense filtering. Most of the time the sites are blocked by Websense default policies, but I have blocked many sites manually. The problem is now there is this one (possibly more) proxy site that uses HTTPs that I cannot seem to block. I was on the phone with Websense and we tried getting our PIX firewall to send https traffic through Websense so we can filter individual HTTPs sites. Unfortunately that blocked all HTTPs traffic and I was told to take it off. I must be missing something on the PIX or on Websense but I do not know what I am missing to resolve it

I was just wondering if there were any methods that I could use Active Directory Group Policy or maybe even local settings on the workstations themselves to block this (and possibly other offending sites) I was thining that maybe I could use the restricted Zone settings in IE GPO to do this, but I was not sure. I am afraid to put the site in this post as it is possible that people that read these things could get the site and use it at their school and I definately do not want to advertise it. so if you want the site please message me or email me here.

On a side note, are there any good free/cheap methods that we could send messages through the network to computers/users and have the ability to view their screen live and even take control of the workstation anonymously. Remote assistance works nicely, but the user definately knows were are in their computer. This is fine when helping a staff member, but not when you want to see their screen and get screen shots and see exactly what they are doing without them knowing it. Also even the ability to send them a message saying get off that site or your are being watched would be nice. This was one of the nice feature we had when we had Novell. Could send messages to users from the server and could anonymously take over and view their computer. I see a remote control tab under the user objects when looking in "Active Directory Users and Computers", but I cannot figure out how to get that to work and neither can the company that helped us set up our Active Directory.

[NooNoo]

One of the VNC family? Ultra has a chat facility and can be remotely installed or pushed...

[BOB IROC]

One of the VNC family? Ultra has a chat facility and can be remotely installed or pushed...

Is Ultra VNC completely free? Also can it be restricted so the user has no idea I am in the machine and restrict the user from changing any options or disconnecting?

Are there any CISCO PIX firewall guru's out there? From what I have been searching on the net I think you cannot completely block the site using AD GPO's. I am pretty sure I can do it on the PIX itself but I do not know what exactly to type and I think you need the IP address of the site which I do not have. I cannot ping the https site like I can a http site.

[NooNoo]

Ultra vnc is free. It does have a completely silent install as well... I remember seeing one of VNC family can be used that way, but I can't remember which one.

As for your https sites problems... while not just use the hosts file?

[BOB IROC]

Well I made an updated hosts file and added a bunch of https proxy sites that I came across kids were using and a couple I found by searching. Using ghost solutions suite I can tranfer the file down to the workstations.

I will look into UltraVNC and see if we can get that to work for our messaging and monitoring needs.