WinGate Forums

[Vyacheslav]

I have static Ip network.
Exist one WINGATE server. Exist many PC for clients.
Early PC don't have WGIC and work with internet by manually wrote ip address WG proxy server at browser. They use 80 port for it.
I setup WGIC atr one PC. And in preferences I point IPWGServ:80.
Then I DON'T insert IP that PC to WGServ config!!! But that PC CAN internet browsing. The question is WHY?
Any client can download WGIC installation and use it for cheating.
And no traffic at LOG files!
I hope you will answer :)

[Pascal]

If you install WGIC, that takes the place of having a proxy configured. It won't necessarily show in the same logfile - you need to check the WRP logfile unless you have Intercepts (6.0 or later) or Transparent Redirection (5.x) enabled.

If you don't want your users to use WGIC, simply disable the WRP and GDP services.

[Vyacheslav]

The services GDP(368) and WRS(2080) is disabled.
WGIC used standart service WWW Proxy server(80) to go to Interet.

[Pascal]

Without GDP the WinGate Internet Client will not be able to discover the server. (Gateway Discovery Protocol)

If your WRP Service is disabled WGIC should not operate (Unless it is finding another WinGate Server, and you indicate you only have one). That is why WRP is a system service, so you cannot remove or shift the ports, etc. There is a specific control protocol used between the Client and the Server, which a normal WWW Proxy will not understand.

Is your client configured to use proxies directly OR are they perhaps using NAT, rather than using WGIC? If you check in GateKeeper and click on the session that you believe is coming from WGIC, what does it's icon look like? And, if you right click on it, what Service name is listed in the menu?

[Vyacheslav]

Thnx Pascal
Really, I have two servers. The second is for tests and beta versions.
That server has Enabled GDP Service which was found by WGIC first.
But second server have not IP of any clients. And no one exists at policy GDP. Why that service is working successfully?

[Pascal]

Could be the system policies granting them rights? It depends on the settings- are they marked as being ignored, must also be granted or may be granted?

[Vyacheslav]

system policies on 2nd server (with enabled GDP) is granted to
"Everyone" with key rights="Unrestricted rights".
Does it mean that user PC CAN use GDP without any "marks" about him in GDP policy?

[Pascal]

It depends on the rights you have specified in the GDP Service itself. Or rather, how the GDP Service include System Rights. If you switch to the policies tab in GDP and check underneath the list of recipients. There should be a drop-down combo-box that indicates how System Rights are included. There will be three options:

* are ignored
* may be granted instead
* MUST also be granted

What is yours set to? Only the first option will ignore System Rights - otherwise, SystemRights can grant the right instead.

[Vyacheslav]

My GDP have option "may be used instead".
This means that GDP used System policy. And <System policy> used <Everyone with Unrestricted Rights>.
consequently GDP <Everyone with Unrestricted Rights> too?

[Pascal]

Exactly. Your easiest option is probably to lock it down at GDP level. But it might pay to check all your policies for all your services to make sure that you don't get undesirable rights being granted.

[Vyacheslav]

All clear.
Thank you, Pascal.