WinGate Forums

[giuliano]

Hi.
I'd like to set some restrictions on users of my network. I used a policy to restrict access to some sites (group Everyone with a "banlist"). I'd like also that some PC can access to Internet only in certain times. I tried to add a policy for "assumed used" (using IP address) with Times --> Specify times ... but I can still connect from that PC.
Any ideas ?

Thanks in advance,
Stefano

[jamesc]

I'd like also that some PC can access to Internet only in certain times. I tried to add a policy for "assumed used" (using IP address) with Times --> Specify times ... but I can still connect from that PC.

1. Where did you create the policy? WWW Proxy Service, or the System Policies / Default rights?
2. If you did it in the WWW Proxy Service, did you set the default rights to
"Must also be granted" or "Are Ignored" as shown in the blue box below.

If you need more assistance, can you try and describe where you are setting up these policies?.


*** Extra Info on policies.

In the picture below, there is a policy for Joan, and a policy for Everyone.
In the Policy for Joan, I have set time restrictions.

Because WinGate policies allow the least permissive permission, this is what happens:

WinGate looks at the policy for, Joan, and finds she is not allowed to access the internet at that time.
WinGate then looks at the policy for Everyone, and sees no restrictions.

Joan can access the internet, because she is part of the everyone group. (But we could open the everyone group policy in the WWW Proxy Server, and in the advanced tab, add a policy that reads "this critereon is NOT met" if Userame EQUALS Joan"; but that is just a quick fix.) Instead of using the everyone group in this example for the WWW Proxy Service, you could use two groups. E.g FullInternetAccess and TimeRestrictedInternetAccess

[giuliano]

First of all thanks for you answer.
I used System Policies ... is it better to set in WWW Proxy Service ?

So if I understand I have to duplicate the policy for user "Joan" if I want that has ban site and time limits ?

My problem is that I have to update the bansite list ... and in this way I have to add site at two policy instead of only one. Is this right ?

What I need is a general policy (ex. bansite) that ALL users must "respect" and other policies (ex. time limit) that some users must "respect" but the standard policies must also be granted.

[ChrisH]

IMHO I would suggest that you keep Everyone group in system policies and enter, as you have done, the master ban list there. Then in WWW service policy create policies for each group or user on your system (but don't have an Everyone group here) based on your criteria for time, location, etc and ensure the setting Default rights (Sytem policies) MUST also be granted is selected.

This way you need only to update one system policy to add or remove banned sites for all users. This policy setup will restrict browsing to the times you select for each user.