Control services by Windows Groups with logon credentials

Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems

Moderator: Qbik Staff

Control services by Windows Groups with logon credentials

Postby Martin Verkerk » Oct 08 03 7:41 pm

Dear,

I wonder if it is possible to give control to a group (made with Windows 2000 server) in the policy of a service instead of a manually making users in Wingate. I tried many things but it didn't work.
Do I have to install the Wingate Client on every machine or is the change of the proxyport enough?

Kind Regards,

Martin Verkerk
Martin Verkerk
 
Posts: 8
Joined: Oct 04 03 7:59 pm

Postby adrien » Oct 08 03 7:58 pm

looks like about 3 issues here.

1. Using the local user account database on your machine. This is possible, go into the Users tab in GateKeeper, select "Database Options" and choose "Windows NT/ 2000 / XP Pro User Database"

2. WGIC. You need to install the client on any machine that wishes to access WinGate through this method, which will allow them also to authenticate to your NT user database automatically with the same credentials as they log on with to their local machine.

3. port number change... not sure what you mean here...

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Postby Martin Verkerk » Oct 08 03 8:57 pm

Very quick, thanks!

What I normally do now is to change manually for each user the proxysettings in the internet explorer, port 80 (for controled internet) or 8080 (for complete internet). Without Interquick, that controles port 80 in Wingate, I want to uninstall it an make a new www service for port 80 in Wingate. Then make a policy for www-service port 80 for 'users internet controled' en a policy for www-service port 8080 for 'users internet complete'. When a user wants to use internet I want that Wingate looks if the user is a member of the specified group and give him the good rights. Is this the right way?

Kind Regards,

Martin
Martin Verkerk
 
Posts: 8
Joined: Oct 04 03 7:59 pm

Postby adrien » Oct 08 03 10:59 pm

What you can do, is only have one WWW Proxy that everyone uses.

However, you edit the policies for the WWW Proxy, down the bottom where it mentions default policies select "will be ignored"

then you add 2 recipients to the policy

1. People who can do everything. Select the group for this - by default that will allow members of that group to do anything.

2. people who can do less than everything. Select "everybody" for this, and set the restrictions you want.

People in the group in 1 will get their access granted by 1, and everyone else will have to comply with the rules in 2.

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Postby Martin Verkerk » Oct 08 03 11:43 pm

Thanks a lot!

For the mean time (I shall install the WGIC on 25 stations) it is no problem to make a second wwwservice?

Kind Regards,
Martin
Martin Verkerk
 
Posts: 8
Joined: Oct 04 03 7:59 pm

Postby adrien » Oct 09 03 1:06 am

no problem to make a second one, however bear in mind that if it is not on port 80, then the WGIC connections made by web browsers on your LAN will not be redirected through to it.
Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland


Return to WinGate

Who is online

Users browsing this forum: No registered users and 21 guests

cron