School Guardian... in a boarding school.. Authetication help!
OK, here's the problem we have.
School Guardian seems to be working nicely for all the PCs connected to our AD Domain using NTLM Authentication.
Unfortunately we are a boarding school so we have kids who have their own laptops that aren't connected to the domain, but just use the internet connection, and we would like to filter them as well.
Ideally, I'd like them, when they try to connect to the internet on their own PCs to get a log-in screen from School Guardian where they add their School network credentials and get filtered then according to which AD group they are in. I know in theory this can be done, but I can't seem to get the hang of pushing out PAC scripts or WPAD so that they look at the filter. Instead they just get no connection to the internet at all.... Bearing in mind that they could be using PCs or Macs, IE, Firefox, Safari (or anything else) whats the best way to do this... and how?!
Alternatively, I'd just like to get their PCs to go through the SG as Unathenticated IPs with a policy applied as a blanket to the Unathenticated IPs group. If I set Unathenticated IPs to Unfiltered, they can access the internet without filtering by the SG as you would expect (fortunately we have secondary filtering by our ISP). Now, if I set Unathenticated IPs to Filtered, it just stops them getting to the internet completely instead of applying the policies I have set for Unauthenticated IPs (I presume they can't see the proxy?)
Of course the other problem is that we also have guests who need to access to the internet a lot as well so instead of authenticating them (and therefore having to create usernames and passwords for them in AD), the Unathenticated IP with filtering option makes sense...
... but how do I get it all working!