Hello, Im manager of a small network, 10 computers at the business office and 3 at the house for the children. i configured open dns servers on all of the computers to block porn and time wasting sites for my workers and also for my children.
the problem begins when some wise guys noticed how to add the ISP provided DNS servers and just jumped over my security. also one of my sons already find out the way to do it by adding another dns server.

also i've spoted two of my workers using web based messenger clients using the IP instead of the domain and it opens right away.

please help me. how could i prevent users from changing DNS servers settings on windows XP and also, how to block direct IP request; like http://231.62.21.63 (e.g.)

Thanks folks i hope you can help me out with this.

You can also set and enforce policies regarding use of company time and equipment, but your first best step is to remove administrator privileges and set user policies on the operating system in use, as noted above.

any other provider or software that can help me?

For DNS overrides you could set your router to forward all traffic on port 53 to OpenDNS if your router has that functionality.

I guess you could also get your router to forward IP address's of known offending sites to something like hellokitty.com's IP address. Again if your router supports this. You might want to look into DD-WRT firmware for routers. I haven't used it (yet), but I probably can do these things.

You might use a GPO setting OpenDNS as default. Possible in standalone machines too.
few users know how to circumvent GPOs

finn

@rotblitz - Interesting. I've never thought of using IPv6 to circumvent security measures. How would the router send the response back to the client if it cannot perform network address translation? I need to learn much more about IPv6.

Wow. Thanks for the info rotblitz. This nullifies a lot of security. I'm going to have to test some things out. Interesting.