6. Save the file (**Ctrl + S**) and close it.

> ⚠️ **Important:** For this to work permanently, your employees **must be Standard Users, not Administrators**. If they have Admin rights, they can just open the file and delete those lines.

---

## Method 3: Cloud DNS Filtering (Best for the Entire Office Network)
If all your employee PCs are in the same office or connected to the same Wi-Fi network, the most elegant solution is to block websites at the network level using a free service like **NextDNS** or **OpenDNS Home**.

1. Create a free account at [OpenDNS](https://www.opendns.com/) or [NextDNS](https://nextdns.io/).
2. Go to their dashboard's **Blacklist** or **Web Content Filtering** section.
3. Type in `gmail.com` and your other unapproved websites.
4. Change the DNS settings on your office router (or on the individual employee PCs) to point to the OpenDNS/NextDNS IP addresses.

**Why this is great:** It blocks the websites on *everything*—PCs, laptops, and phones connected to the office Wi-Fi—without you having to configure each computer manually.

---

## 🔒 Crucial Security Step: Revoke Admin Rights
No matter which method you choose, **ensure your employees are using "Standard User" Windows accounts**, not "Administrator" accounts. 

If they are Administrators, they can easily disable extensions, modify the Hosts file, or change their network settings to bypass your blocks. You can check this by going to **Settings > Accounts > Other users** and ensuring their account type is set to **Standard User**.

How many employee PCs are you looking to deploy these restrictions on?


-----------------------------------

To block specific websites across employee Windows PCs in a business or organization, the best approach depends on how many computers you manage.
The three most effective methods range from small-office fixes to enterprise-level management.
Method 1: Router or DNS-Level Blocking (Best for Small Offices)
Instead of configuring every computer individually, you can block websites for the entire office network at once.


How it works: You switch your office router's DNS settings to a secure provider like Cloudflare Gateway or OpenDNS Home/Enterprise.


The Benefit: It is incredibly easy to manage from a single online dashboard, and employees cannot bypass it just by changing browser settings. You can block categories (like "Webmail" to catch Gmail and Yahoo) or type in specific URLs.


Method 2: Group Policy Objects (Best for Active Directory Networks)
If your office uses a Windows Server with Active Directory, you can enforce a blocklist across all managed PCs simultaneously using Group Policy Objects (GPO).
Blocking via Microsoft Edge or Google Chrome GPO
You can manage browser settings directly by installing the administrative templates for Chrome or Edge.


Download the official Chrome/Edge Administrative Templates (.admx) and add them to your Policy Definitions.


Open the Group Policy Management Editor and navigate to:
Computer Configuration > Policies > Administrative Templates > Google Chrome (or Microsoft Edge).


Find the policy named Block access to a list of URLs.


Enable it and click Show... to add the URLs you want to block.


To block Gmail specifically, add: [https://mail.google.com](https://mail.google.com)


To block all personal Google services but keep Google Search open, you can use wildcards like *[.google.com/mail](https://.google.com/mail)*.




Method 3: Mobile Device Management / Intune (Best for Remote/Hybrid Teams)
If your employees work from home or travel, network-level blocking won't protect them when they leave the office. If you use Microsoft Intune (part of Microsoft 365 Business Premium or Enterprise), you can push out configuration profiles.


You can configure Microsoft Defender for Endpoint web content filtering.


In the Microsoft Defender portal, you can go to Settings > Endpoints > Indicators > URLs/Domains and add mail.google.com as an "unallowed" item. This blocks the site at the system level across any network they connect to.


Method 4: The Local Hosts File (Best for 1-5 Local PCs)
If you only have a couple of computers to manage manually and don't have a server, you can edit the Windows hosts file on each machine.

⚠️ Note: This method must be done on each PC individually using an Administrator account, and tech-savvy employees can technically undo it if they have local admin rights.

 




1.Open Notepad as Administrator:Prerequisite.
Click the Windows Start menu, type Notepad, right-click it, and select Run as administrator.





2.Open the Hosts File:File Path.
In Notepad, go to File > Open and navigate to:

C:\Windows\System32\drivers\etc

Change the file type dropdown in the bottom right from Text Documents (.txt)* to All Files (.), then double-click hosts.





3.Add the Blocklist Lines:Editing.
Scroll to the very bottom of the document and add the websites you want to block, pointing them to the local loopback IP address (127.0.0.1). For example:




Plaintext
     


127.0.0.1 mail.google.com
127.0.0.1 chatexample.com









4.Save and Flush DNS:Activation.
Save the file (Ctrl + S). Then, open Command Prompt and type ipconfig /flushdns to make the blocks take effect immediately.