+ Post New Thread
Results 1 to 12 of 12
Windows Thread, Web Filtering in Technical; Just wondering if it is possible to set a setting so that only Teachers under the group policy of active ...
  1. #1

    Join Date
    Mar 2007
    Location
    Leicestershire
    Posts
    274
    Thank Post
    4
    Thanked 3 Times in 3 Posts
    Rep Power
    15

    Web Filtering

    Just wondering if it is possible to set a setting so that only Teachers under the group policy of active directory can access the google search engine?

    we have webfiltering which is provided by our ISP Synetrix and i can do the filtering myself but that means everyone will stop having access to Google.

    Is this possible at all or not?

  2. #2
    kevin_lane's Avatar
    Join Date
    Mar 2007
    Location
    Derby
    Posts
    505
    Thank Post
    23
    Thanked 20 Times in 20 Posts
    Blog Entries
    5
    Rep Power
    19
    the only thing you can do is either set the staff gpo to have the home page of google but if you just wanted to stop the kids from going onto the internet net you could set an application policy on the hash value of the IE to stop opening which would stop the kids from accesing the internet at our school we use impero which is really good becuase we can turn off the internet too either the room or to the pupil them selfs. or you say give them links that only you allow very customizable

  3. #3
    apeo's Avatar
    Join Date
    Sep 2005
    Location
    Lost
    Posts
    1,612
    Thank Post
    95
    Thanked 115 Times in 111 Posts
    Rep Power
    42
    If you wanted to block a site from one group and not another, the best way to do it is with a webfilter but you say yours only does its webfiltering on everyone. Dunno if its worth asking your ISP if the webfilter can filter by group in AD, if not maybe get a filter that will do what you want. If you want a paid version then Smoothwall Guardian can work or if you dont want to pay for it then you could create a nix box with dansguardian, squid etc.

  4. #4


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,463
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    Indeed - if your LEA level filtering isn't tied to your AD - which seems to be the usual way, a 3rd party filter is probably the best way round this.

  5. #5
    Unvalidated User
    Join Date
    Nov 2007
    Location
    the Pub
    Posts
    255
    Thank Post
    7
    Thanked 11 Times in 10 Posts
    Rep Power
    0
    One way is to have one OU (of users) to go through one proxy and the other through a different. You can have 2 proxys going, even on one box.
    Also a better way imo - you can use dansguardian/smoothwall etc. and use Ident if req. on machines so that you can then add exceptions on the filter to allow certain users through.
    Or find a windows AD solution..
    Last edited by blacksheep; 15th May 2008 at 08:58 AM.

  6. #6

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,781 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594
    I am not 100% sure of how you are using the RBC filtering so i will quickly run through the options for you with EMBC.

    You can have it so that no one logs in and they get a standard level of filtering ... using Netsweeper as a transparent proxy.

    You can have everyone login in and then put people into different groups (this is usually referred to as Portal Controlled Filtering, or PCF). For here you can put people who are students in a group (eg group2) and stop them from having access to the Google search engine, whilst you have staff in a group (eg group3) and they have access to Google. I would then also have 2 other groups ... group1 is the admins ... the important people that need access to lots of things and then group 4 is for those you want to be uber-filtered.

    Controlling what policies apply to these group means that you need to be able to log in to Netsweeper ... this is called Local Control of Filtering.

    The present admin tool, the WAT, cannot stick people into these groups at the moment so it is a support call I am afraid. It is going to be a but longer before you can do it directly with the support tool. I don't have a time frame I can give out right now.

    I hope this helps

  7. #7

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    737
    Thank Post
    17
    Thanked 105 Times in 65 Posts
    Rep Power
    36
    Quote Originally Posted by GrumbleDook View Post
    I am not 100% sure of how you are using the RBC filtering so i will quickly run through the options for you with EMBC.

    You can have it so that no one logs in and they get a standard level of filtering ... using Netsweeper as a transparent proxy.

    You can have everyone login in and then put people into different groups (this is usually referred to as Portal Controlled Filtering, or PCF). For here you can put people who are students in a group (eg group2) and stop them from having access to the Google search engine, whilst you have staff in a group (eg group3) and they have access to Google. I would then also have 2 other groups ... group1 is the admins ... the important people that need access to lots of things and then group 4 is for those you want to be uber-filtered.

    Controlling what policies apply to these group means that you need to be able to log in to Netsweeper ... this is called Local Control of Filtering.

    The present admin tool, the WAT, cannot stick people into these groups at the moment so it is a support call I am afraid. It is going to be a but longer before you can do it directly with the support tool. I don't have a time frame I can give out right now.

    I hope this helps
    So I take it single sign on is out of the equation? The user, when he/she logs into the network the AD account is not good enough and they have to log into the portal for proper use of web filtering??

    Ash.

  8. #8

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,781 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594
    SSO for LAN login will be worked on but I don't have details on the times on it yet. I know that there is a pilot project and it relies on agreeing to the standard network build, but I don't know where we are with that yet.

    I'll drop an email to EMBC and feed back as soon as I can.

  9. #9
    kevin_lane's Avatar
    Join Date
    Mar 2007
    Location
    Derby
    Posts
    505
    Thank Post
    23
    Thanked 20 Times in 20 Posts
    Blog Entries
    5
    Rep Power
    19
    i dont know if you have heard of them but web sense is a good one and i know you can have one of their servers which sit at your site and that ties to AD

  10. #10

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    737
    Thank Post
    17
    Thanked 105 Times in 65 Posts
    Rep Power
    36
    Quote Originally Posted by GrumbleDook View Post
    SSO for LAN login will be worked on but I don't have details on the times on it yet. I know that there is a pilot project and it relies on agreeing to the standard network build, but I don't know where we are with that yet.

    I'll drop an email to EMBC and feed back as soon as I can.
    I think if the NetSweeper or which ever filtering system EMBC uses if its compatiable with Shibbeloth then there is a potential for this to happen otherwise its a bit of pain for the the users to login.

    Ash.

  11. #11

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,781 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594
    A bit about the authentication process within RBCs ...

    RBCs are the Regional Identity Provider (Regional IdP) and they are slowly coming over the the UK Access Management Federation. Services they make available to schools are meant to be tied in with a single login to their central Directory Service.

    In EMBC this is a regional AD. This is already hooked into Netsweeper so that as you log into the Sharepoint based gateway you can access files are resources you have permissions to see, but also have your filtering level set for using Netsweeper (if you school is using PCF).

    The key is to hook in to the Regional AD and there are mechanisms in place for this already. IIRC it had been tested under Fujitsu already. Other services, such as compliant VLEs, can also hook in to this as an authentication service as long as they meet the correct standards, which are those set out under UKAMF.

    Presently in Northants we are working with both LP+ and Synetrix to get this sorted, and other LAs may vary (slightly dependent on things like BSF, whether your LA has opted for a single VLE / Learning Platform / MLE and whether your school is based on the standard network build).

    I have asked for clarification about it and hopefully I will get that on Friday afternoon. People may wish to contact their LA directly to see if they have any news. Please remember that presently this forum is not a substitute for direct contact with your LA about EMBC (except perhaps Northants, but it should be done through official channels ... if nothing else so they know I am actually doing some work and not just reading forums ... erm ...)

  12. #12

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,781 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594
    I now have an answer ...

    There are likely to be two methods for this ... the first is LAN Login which is being piloted in June. I don't have the methodology behind it to hand but I believe there is an agent that sits between your DS and the EMBC DS ... I will feed back once the pilot is started.

    The second is ADI (Active Directory Intergration) which ... erm ... integrates directly with your AD ... this is a difficult one as things can go pear-shaped and can cause problems in your local AD ... so this one will be done very carefully and will not be rushed.

    I hope this helps clear things up.

SHARE:
+ Post New Thread

Similar Threads

  1. ISA - URL Filtering
    By Steve500 in forum Wireless Networks
    Replies: 1
    Last Post: 9th May 2008, 06:46 PM
  2. Web Filtering
    By Sunderwood in forum How do you do....it?
    Replies: 14
    Last Post: 23rd April 2008, 11:27 AM
  3. Web Filtering
    By ltunstall in forum Network and Classroom Management
    Replies: 7
    Last Post: 14th April 2008, 06:08 PM
  4. Web Filtering
    By SpuffMonkey in forum How do you do....it?
    Replies: 20
    Last Post: 17th May 2006, 09:10 PM
  5. Web Filtering
    By pooley in forum Windows
    Replies: 38
    Last Post: 1st April 2006, 12:16 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •