I suggest you swap your 3com router for a PC running a Linux firewall/router software setup



This will be more flexible and powerful than the firmware running in the 3com.



You will be able to do all the web filtering, NAT routing, firewalling etc, all within a cheap PC running Linux and some extra software.



You will have a much more scalable solution.



The workstation PC won't need special proxy settings, so that removes the possibility to bypass the proxy.

If you're using Windows Server 2003 then you need to learn Group policies and security settings bub!

Disabling NAT on a Residential Router is not recommended.. but there is a possibility to disable for Specific static IP addresses. This won't be efficient if you're running DHCP and the IP addresses cycle.



*~SERVER 2003~*

1) If you're using server to manage users... In "Active Directory Users and Computers"... on the OU(Org. Unit) with the users on there, right click and goto Properties.



2) Click on the Tab for "Group Policy"



3) Click on "NEW" and then "EDIT"



4) From this point, you will select

User Configuration>

Open brackets "Windows Settings"> Internet Explorer Maintenance> Connection & open Proxy Settings

Here you'll enter your Proxy settings, enter the exceptions if any apply (I.e. *.microsoft.com if you're letting all machines automatically update rather using WSUS)

NOW BLOCK THEM FROM REMOVING IT!



5) Close the Windows Settings bracket and Open Administrative Templates



6) Open the brackets; Windows Components> Internet Explorer> Internet Control Panel



7) Open "Disable the connections page" and Enable it.



8) Open the bracket Security Page and then enter any restricted websites or such... make sure you also get the IP address of that website should they try again. This will solve your issue of bypassing your own proxy.



9) Now make sure your PCs on your network are under YOUR command 100% even with Windows Firewall enabled. Stay in the Administrative templates bracket and go to

Network > Network Connections> Windows Firewall > Domain Profile > Enable “Windows Firewall: Allow remote administration exception”.



Now force an update with this Command Prompt Syntax! Or Create a batch file that will do it for you in the future when you perform other modifications to your group policy object.



At the client machines you can use this...

Gpupdate [/Target:{Computer | User}] [/Force] [/Wait:] [/Logoff] [/Boot] [/Sync]

Note: Target = Only which portion of the Group Policy. If you noticed... there was 2 parts of the GPO. Computer Settings and User Settings. We've only modified User settings to apply to the Users in that OU. Of Course you would apply Computer settings to the Computers OU if you wanted also.



From Command Prompt Type in:

Gpupdate /Force /boot (or /logoff)



Or Remote services like PsExec to perform these duties remotely from the Server.



Click this link to understand PSEXEC execution!

http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

Click this link to download PsExec System Internals for Server

http://download.sysinternals.com/Files/PsTools.zip









Be the man! lol

Just use your routers interface to block sites, to block a web site go in url filtering add the site address.. save the settings. That way you only have to put the address in once and not at all the pc's.

try out this BestSneakySite.INFO

check out this one http://www.BestSneakySite.INFO