User precedence

WinGate Proxy Server and other Qbik products

Switch to full style
Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Post a reply
geoffmgreen

User precedence

Apr 09 07 10:44 am

Hi.

Successfuly using NTLM authentication with a created policy for "everyone" under WWW Proxy properties (ignore default rights).

The desire is to create individual policies for a few users that will be enforced prior (or instead of) the one for everyone.

The "everyone" policy seems to be applied no matter what I configure.

Everyone has a ban list and time restrictions.

Would like the seperate policy to only allow a few sites.

Is there a way around this.

Using manual proxy on clients.

Thanks.
ChrisH
  • ChrisH
  • Posts: 388
  • Joined: Sep 13 03 1:38 am
  • Location: Canada

Apr 09 07 3:00 pm

There are several ways this could be accomplished. I would suggest that you create a new group in NT user manager that doesn't include those users and then replace the Everyone group in the WWW service policy with this new group that has all the same policy features as the old Everyone group had. Then create a new policy for each of these users with the same time restrictions and authentication levels as the new group policy and in the Advanced tab set filters for each site you wish to allow them access to. See here The Everyone group includes all users and groups so if you create another policy for a user then WG has to look at both policies to determine access rights and the one with the least restrictive policy will prevail. You found this out when you tried to put a more restrictive policy on a user. This sometimes can come in handy though.
ALainONE

Apr 09 07 7:47 pm

You could put the everyone group with the time and ban list on the system policies, then put your "special users" on the service policies with "system policies may be used instead" as default.

Hope it helps!

Best regards,
Alain
geoffmgreen

policies cont'd

Apr 10 07 9:10 am

Thanks for great ideas.

Next Q begs to ask is there any way to copy over the ban list easily. I can find it in the registry so I suppose I could export and import theroretcially?

Running latest v6 Wingate 50 user.

Thanks.
ChrisH
  • ChrisH
  • Posts: 388
  • Joined: Sep 13 03 1:38 am
  • Location: Canada

Apr 10 07 12:58 pm

If you are going to replace the Everyone group I would suggest using the registry to rename. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient4 (where Recipient 4 in this case is the Everyone group) Modify the UserName Key to the new group name and also modify the key SpecifyUser to 1. This way your Ban list stays intact. You will have to stop and restart the WG engine for changes to take effect. I suppose in theory you can copy a ban list . You would have to export a Recipient Key then rename the key to a new recipient name then import the previously saved key back then modify UserName key. Just be sure to back up entire WG registry before doing anything - just in case.
Post a reply
Switch to full style

Powered by phpBB © phpBB Group.

phpBB Mobile / SEO by Artodia.

Board index