Make sure that all of your users have restricted operating system rights. If a user has no administrator rights it will be impossible for him/her to delete SafeDNS Agent, install any application, change 'hosts' file or change a DNS server IP address in the network settings.
Prohibit access to any other DNS. If devices connect to the internet via a gateway or router, prohibit access to any DNS servers, except SafeDNS public DNS servers (18.104.22.168 or 22.214.171.124) or to a caching server on your corporate network.
Prohibit access to HTTP proxies. To do that, restrict packet transfer to any IP addresses by TCP and UDP protocols on ports 3128 and 8080 in your router’s firewall settings.
Recommendations for system administrators:
Set up DNS requests rerouting to the SafeDNS public DNS server or to the caching server on your corporate network.
Prohibit access to any external proxy servers.
Restrict direct access to any website via its IP address.
Make impossible for users to connect to unknown external VPN servers.
Make impossible for users to run any unknown applications.
Make impossible for users to connect and use any unknown hardware.