Forcing safe-search for Google is very simple, and pretty hard to turn off. Couple it together with filtering DNS queries and you’ve got yourself a pretty robust content filter.
First I’m going to show you the powershell way (run powershell as admin), then I will show you the GUI way.
add-dnsserverprimaryzone -ReplicationScope Forest -Name www.google.com -Verbose Add-DnsServerResourceRecord -DName -ZoneName www.google.com -name "@" -DomainNameAlias forcesafesearch.google.com -Verbose Add-DnsServerResourceRecordA -IPv4Address 216.239.38.120 -name "@" -ZoneName www.google.com -Verbose
As you can see the powershell way is the preferred method.
Here’s how to do it the GUI way:
Open up AD DNS or just type dnsmgmt.msc in a RUN box.
Add a new primary zone, replicated to the whole forest for “www.google.com”
Now go to the zone, and create a A record pointing to “216.239.38.120”.
Now right click and create ” other new records…” we’ll select DNAME.
Now add “forcesafesearch.google.com” as the FQDN, leave alias name blank.
Now flush your DNS and test it out!
if we try to turn safesearch off via the settings, it does not work!!!
Same result.
Powershell command (needs to be run as admin)
Set-DnsServerForwarder -IPAddress "208.67.222.123","208.67.220.123"
Close and reopen DNS to make sure you got the new forwarders.
Enjoy.