+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 19
Windows Server 2000/2003 Thread, Monitoring internet use per AD login in Technical; We have a Server 2003 r2 DC and a Watchguard Firebox Firewall but currently we have no way to audit ...
  1. #1

    Join Date
    Oct 2008
    Posts
    94
    Thank Post
    8
    Thanked 16 Times in 10 Posts
    Rep Power
    26

    Monitoring internet use per AD login

    We have a Server 2003 r2 DC and a Watchguard Firebox Firewall but currently we have no way to audit internet use on a per AD user basis. Our firewalls log server does support logging web use via Active Directory user name but we are currently struggling to get it to work correctly and even when we do have it setup I still won't be entirely happy with doing it that way as users will have to login as per usual to AD and then they'll have to manually authenticate against our firewall if they want to access the internet. Ideally users would only need to login once as usual with no need to authenticate again to get out onto the net but we'd still be able to see what sites every user has visited per AD user name.

    I'm wondering what other options we might have and if they may work better than using our firewalls log server? We're not running squid at the moment but I suspect that might be able to do what we want? If we did use squid, would users have to manually authenticate against it before they can access the internet or can this be automated?

  2. #2
    ricki's Avatar
    Join Date
    Jul 2005
    Location
    uk
    Posts
    1,475
    Thank Post
    20
    Thanked 164 Times in 157 Posts
    Rep Power
    52
    Hi

    I run a danguardian box with indentd on the windows clients which records who is on. It works a treat but does take a bit of work to get it how you want it but it will run on a 2 gig old pc with a gig of ram and a new hand drive and the rest is time to set it up.

    Richard

  3. #3

    Join Date
    Oct 2008
    Posts
    94
    Thank Post
    8
    Thanked 16 Times in 10 Posts
    Rep Power
    26
    "indentd"? Is that a typo? Have you got a link to its homepage? I presuming its free?

    If we were to use i(n)dentd, would users have to autheticate to access the web or is this a single sign-on solution?

    Is indentd tied to dansguardian or will we be able to use it alongside our existing firewall?

    If you found any useful guides to getting this app setup I'd be grateful for any links you can provide

    Thanks!

  4. #4

    SpuffMonkey's Avatar
    Join Date
    Jul 2005
    Posts
    2,229
    Thank Post
    54
    Thanked 278 Times in 186 Posts
    Rep Power
    134
    You could grab the script posted somewhere on here that grabs the temp internet stuff and collects it into a html file for each user...or get Smoothwall...

  5. #5

    Join Date
    Oct 2008
    Posts
    94
    Thank Post
    8
    Thanked 16 Times in 10 Posts
    Rep Power
    26
    SpuffMonkey:

    This script sounds interesting and could be the easiest solution- where can I find it? Whats it called?

    Smoothwall sounds great and I know its got lots of fans on here but replacing our hardware fw is a last resort- certainly at least until our current firewall license expires. I would however be interested to hear from anyone who has used both a Watchguard Firebox firewall and smoothwall to get comments on how they compare- ease of setup and maintainance etc. as we may decide to switch in the future?

  6. #6
    ricki's Avatar
    Join Date
    Jul 2005
    Location
    uk
    Posts
    1,475
    Thank Post
    20
    Thanked 164 Times in 157 Posts
    Rep Power
    52
    Sorry its identd DansGuardian - True Web Content Filtering for All half way down the page are the ident programs there are several one of which is retina scanner and identd is part of that.

    Richard

  7. #7
    ricki's Avatar
    Join Date
    Jul 2005
    Location
    uk
    Posts
    1,475
    Thank Post
    20
    Thanked 164 Times in 157 Posts
    Rep Power
    52
    Smoothwall is also a good option but check the cost its the commercial version of dansguardian.

    Richard

  8. #8
    monkeyx's Avatar
    Join Date
    Nov 2006
    Posts
    364
    Thank Post
    8
    Thanked 52 Times in 41 Posts
    Rep Power
    25
    We use Squid, as it allows for user and group AD integration. We then use sarg for analysing usage.

    We did use Squid/Dansguardian in the past and may go back to that combination as it worked well. Dansgaurdian did not integrate as well with AD groups as I remember though.

    Tim

  9. #9


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,461
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    You could use smoothie *with* your WG if you felt that way inclined.
    I doubt identd will help - it sounds to me like your wg is already identifying users - which is what identd is for. Is that right? If it is identifying users we are 99% of the way there

  10. #10

    Join Date
    Oct 2008
    Posts
    94
    Thank Post
    8
    Thanked 16 Times in 10 Posts
    Rep Power
    26
    Tom:

    No, our WG FW is totally unaware of AD users and groups until users log into its web gui and authenticate against it. Otherwise we can only see info about MACs and IP addresses etc. which is no use if you're trying to pinpoint what a student was looking at a certain time. However this has been a right royal pain to setup and we haven't got it to work properly just yet.

    Monkeyx:

    OK so you can do this with squid. When your users log on, do they have to authenticate manually with squid before they can browse the web or does it provide a single sign-on AD user/group aware web monitoring solution when setup correctly? Is this difficult to get working?

  11. #11
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,762
    Thank Post
    897
    Thanked 416 Times in 350 Posts
    Blog Entries
    12
    Rep Power
    86
    Check this thread for the script most of us use. It's really good and easy to install.

    Index.dat Analyzer

  12. #12

    Join Date
    Oct 2008
    Posts
    94
    Thank Post
    8
    Thanked 16 Times in 10 Posts
    Rep Power
    26
    ittech:

    I presume you are referring to inetlogger.vbs that is linked at the bottom of the thread you linked to? I forgot to mention that another requirement is that the logging system is it would ideally be browser independent as well as 'single sign-on' as I'm under the impression that inetlogger.vbs would only log pages visited under IE, which we do keep installed but I have zero respect for as a browser. Most machines also have FF installed and a fair few have Chrome on too so we would have to uninstall any 'alternate' browsers if inetlogger was to be any use.

  13. #13

    Join Date
    Sep 2009
    Posts
    224
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    12
    I'm trying to get hold of this script so that i can have a go at running at our school...however, i can't find a working copy.

    There is a thread with a link to download it as a .zip file, but i've done this about 5 times, and used various bits of software to unzip it...each time it doesnt work.

    There's also a thread with the code of this said script pasted into it. I copied the code, and pasted it into my own script...but there LOADS of things which needed changing...so much so that i abandoned it.

    Anyone got a working copy of this script which they could e mail me?

    Many thanks

    Aaron

  14. #14
    monkeyx's Avatar
    Join Date
    Nov 2006
    Posts
    364
    Thank Post
    8
    Thanked 52 Times in 41 Posts
    Rep Power
    25
    Quote Originally Posted by danboid View Post
    Tom:

    Monkeyx:

    OK so you can do this with squid. When your users log on, do they have to authenticate manually with squid before they can browse the web or does it provide a single sign-on AD user/group aware web monitoring solution when setup correctly? Is this difficult to get working?

    Our squid setup is fully AD integrated, ie no username or password needs be entered as long as you are logged into our domain. The users AD name is recorded in the squid log.

    Websites and file types are blocked for users based on their AD group. The blocking of sites and file types is done via webmin and all of our support team can do this very easily.

    Setting up squid for AD is well documented on the squid website and support forums. But if this is your fist *nix project then it is not a beginners project either. It tooks me ages to the AD groups working properly! But now it I am kicking myself that I missed the obvious!

    The sarg reporting is great to show usage, when we get requests to show the web history of users.

    Tim

  15. #15

    Join Date
    Oct 2008
    Posts
    94
    Thank Post
    8
    Thanked 16 Times in 10 Posts
    Rep Power
    26
    Hi Monkeyx!

    Thanks for that - squid definitely sounds like the best solution in that case.

    I've been a Linux user since '96 but its only in the last couple of years I've started playing with it for setting up servers. I don't know a whole lot about AD but I expect setting this up should teach me a thing or two about both.

    I'm presuming that once I have this setup correctly, we could install any browser (any being IE 6/7/8, FF, Chrome and maybe even Opera) and web traffic would be logged?

    Chrome is installed on very few machines but what if a user used its 'incognito browsing' mode? Would squid still register sites visited in that mode?

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Block internet to Internet Explorer 7 on Vista
    By BSOD in forum Windows Vista
    Replies: 6
    Last Post: 9th December 2009, 08:00 AM
  2. Internet speed monitoring?
    By mrbios in forum Windows
    Replies: 13
    Last Post: 1st November 2009, 10:03 AM
  3. Internet monitoring/managment software
    By Rick2134 in forum Internet Related/Filtering/Firewall
    Replies: 11
    Last Post: 14th August 2009, 02:20 PM
  4. Internet Monitoring for audit purposes
    By ajsidike in forum Network and Classroom Management
    Replies: 3
    Last Post: 23rd April 2008, 09:30 AM
  5. Can you update Internet mobile to Internet Explorer?
    By thegrassisgreener in forum Windows
    Replies: 1
    Last Post: 16th July 2007, 01:48 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •