+ Post New Thread
Results 1 to 10 of 10
Internet Related/Filtering/Firewall Thread, Smartcache & Admin Domain in Technical; Hi there, I am new to this school and one of things I found out first was that all the ...
  1. #1
    bodminman's Avatar
    Join Date
    Apr 2007
    Location
    Sunny Suffolk
    Posts
    1,153
    Thank Post
    724
    Thanked 224 Times in 116 Posts
    Rep Power
    85

    Smartcache & Admin Domain

    Hi there,

    I am new to this school and one of things I found out first was that all the teachers/staff on our Admin domain are not filtered/monitored for the web access. So I'm trying to push our Admin network through the Smartcache box for webfiltering but am scratching my head with some issues.

    The machines being tested are Windows XP sp3 running versions of IE 6 & 7. The issues are all the same.

    I have done the follwoing:
    Added the admin domain onto the SC box and after a refresh it has picked up all of our Admin domain machines.
    I then found my machine which is on the Admin domain and changed the filter level from DEFAULT to UNFILTERED.
    On my Admin machine I installed the RMSmartC component and made sure that port 113 was open in the firewall.
    After restartign my machine I added the SC details as the proxy settings for my browser.

    The issue(s):
    I can only browse the web with the security on the SC box set to 'Enabled without Security'. If it is set to 'Enabled eith Security' then I get an access denied page no matter where I try to browse.
    With security set to 'Enabled without Security', I can browse the web fine but get bocked on some sites by SC. It says that the DEFAULT poilcy has blocked me!?!?!
    When I do a search for where I have been, there is no domain or usernmame info in the audit log and my machine is recorded by its IP address and not its workstation name. Which is probably why the UNFILTERED policy isn't applying!

    Can someone please point out to me if I'm missing something somewhere! Does anything need to be done to the Admin network DNS?

    Please help if you can.

    Much appreciated.

  2. #2

    russdev's Avatar
    Join Date
    Jun 2005
    Location
    Leicestershire
    Posts
    6,926
    Thank Post
    709
    Thanked 552 Times in 367 Posts
    Blog Entries
    3
    Rep Power
    204
    On phone at moment so better reponse will come later.

    But not using security will use the default policie. right as for problem is domain on different ip range as that could be an issue need to reconfig with two ranges if so. is the client seeing everything ok look at rm website for tec article on how to bring client up as info escapes me.

    if not got ther replies when get back on my laptop will post a fuller reply.

    russ

  3. Thanks to russdev from:

    bodminman (4th August 2009)

  4. #3
    bodminman's Avatar
    Join Date
    Apr 2007
    Location
    Sunny Suffolk
    Posts
    1,153
    Thank Post
    724
    Thanked 224 Times in 116 Posts
    Rep Power
    85
    Hi Russ,
    thanks for the response.

    Since posting my original post earlier this mornign there has been a slight improvement.

    I uninstalled the RMSmartC iDent client and installed a DansGuardian one and since doing so, I now get access when the security is set to 'Enable with Security' which is good.

    However, I have added my IP address to the SC box as a non AD machine and set it us as unfiltered and also I have set myself up as unfiltered but am still getting blocked by a DEFAULT policy!

    So I can say that all is looking better but just need to get the filtering bit right before I can take the testing to the next level.

  5. #4
    bodminman's Avatar
    Join Date
    Apr 2007
    Location
    Sunny Suffolk
    Posts
    1,153
    Thank Post
    724
    Thanked 224 Times in 116 Posts
    Rep Power
    85
    Hi there,
    as the day has evolved the weirdness increases!

    We have just created the accounts for the new teachers and tested them on several machines that have been setup to go via the Smartcache and hey presto, all seems to work fine. SC records the user logged on and the machines IP address aswell as the URL info.

    However, the older/more established user accounts on the admin domain keep on being given the DEFAULT filtering policy when used on these machines.

    For example, the new teachers (created within the last 24 hours) have exactly the same priviages as the existing ones in the domain and yet the 'STAFF' filtering works fine for them. The older/established user accounts just will not pickup any policies applied to them! Arrrrggggghhhh - So near yet so far!

    I don't care if all the admin domain users/PC have unfiltered access at the moment as long as we can get some sort of accurate logs of where they're going!

    Any is as always greatly appreciated.

  6. #5
    bodminman's Avatar
    Join Date
    Apr 2007
    Location
    Sunny Suffolk
    Posts
    1,153
    Thank Post
    724
    Thanked 224 Times in 116 Posts
    Rep Power
    85
    Anyone have any clues?

  7. #6

    russdev's Avatar
    Join Date
    Jun 2005
    Location
    Leicestershire
    Posts
    6,926
    Thank Post
    709
    Thanked 552 Times in 367 Posts
    Blog Entries
    3
    Rep Power
    204
    right let me step back a bit:-

    -If create a new account on domain works ok no problem
    -Existing accounts are not working through


    Are the old admins users listed in the smartcache user management area if not then make sure hit refresh button.

    Maybe try deleting users not working from the SC and hit refresh to get them back in to get it all syced backup.

    But as usual before doing the above make sure you take a backup.

    Russ

  8. Thanks to russdev from:

    bodminman (4th August 2009)

  9. #7
    bodminman's Avatar
    Join Date
    Apr 2007
    Location
    Sunny Suffolk
    Posts
    1,153
    Thank Post
    724
    Thanked 224 Times in 116 Posts
    Rep Power
    85
    Good morning Russ,

    All the users both old and new from the Admin domain are listed.

    I'll have a go at re-creating a user and then restoring their info just for the sake of seeing if it works.

    Weird though isn't it? I thought the only requirements for getting Smartcache logging user activity were having port 113 open on the client PC/laptops and having an iDent client installed!

    Cheers

  10. #8

    russdev's Avatar
    Join Date
    Jun 2005
    Location
    Leicestershire
    Posts
    6,926
    Thank Post
    709
    Thanked 552 Times in 367 Posts
    Blog Entries
    3
    Rep Power
    204
    It should be but only thing I can think of is that admin users have got out of sync somewhere on smartcache just makes sure that we cover basis before we start to look at other stuff.

    Also what happens if set one of the non working users filter level at individual level instead of it inheritance.

    Russ

  11. Thanks to russdev from:

    bodminman (4th August 2009)

  12. #9
    bodminman's Avatar
    Join Date
    Apr 2007
    Location
    Sunny Suffolk
    Posts
    1,153
    Thank Post
    724
    Thanked 224 Times in 116 Posts
    Rep Power
    85
    Also what happens if set one of the non working users filter level at individual level instead of it inheritance.
    Hi Russ,

    This doesn't make any difference what so ever.

    I am refreshing Smartcache with AD before I create the new user but I'll update here once I've completed the new user creation etc.

    Cheers

  13. #10
    bodminman's Avatar
    Join Date
    Apr 2007
    Location
    Sunny Suffolk
    Posts
    1,153
    Thank Post
    724
    Thanked 224 Times in 116 Posts
    Rep Power
    85
    Hi there,

    It turns out that it is to do with having the same username on the different domains!

    Staff have users accounts setup on the RM server so that they get an EasyMail account setup etc and they have an identical one setup on the admin domain for their day to day working. Crap setup I know but I'm new here and this has been setup for several years now!

    Now we have to work out a suitable way around this issue!

    Anyone have any suggestions as to where I might start with this one?

    Many thanks

SHARE:
+ Post New Thread

Similar Threads

  1. Change domain admin password
    By chrbb in forum Windows
    Replies: 9
    Last Post: 23rd March 2009, 06:23 PM
  2. Domain Local Admins - Does not have admin rights
    By dhoward_westexetc in forum Windows
    Replies: 2
    Last Post: 7th July 2008, 10:43 AM
  3. Is my domain Admin account screwed?
    By HodgeHi in forum Mac
    Replies: 2
    Last Post: 9th January 2008, 03:38 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •