WinGate Forums

[ngrayson]

Guys,

This is a bit naïve and I’m afraid to ask the question but here goes.

This far I have not used policies etc other than access to the dialer is restricted by time for my two kids. I recently noticed that in an audit log for one of them there was access outside the prescribed time. I assumed that since I was using my machine with full access and that since it was online, the dialer was not needed so it did not reject them. I guess that now I have to restrict access to those services I don’t want them to have like the web proxy but still allow myself access.

I know I can set times in the proxy server but ideally I want to be able to set the time restriction once and then apply this to the services I want to restrict. I’ve been running wingate for some years but am ashamed to say I don’t now how to go about this.

Any pointers?
Best regards
Neil

[ChrisH]

Neil,

IMHO, the simplest solution for you would be to create a new policy for Administrator (which I assume is you) in WG System policies with unrestricted time and then again in System policies restrict the Everyone group to the time parameters. Now, you will have to go into the policy of each service you want restricted and ensure that the Default rights (System policy) MUST also be granted is selected. That should do the trick. My other assumption is that your kids are not part of another group - just included in Everyone.

Just be sure to backup up your WG registry before making any changes - things have been known to go horribly wrong and suddenly you can't access GateKeeper to revert back.

Never hurts to ask questions.

Regards.

[ngrayson]

Chris,

many thanks for the advice, I will try this, this weekend.

Your assumption is right, I am God of the network. With the garbage thats out there aligned with the fact the phone & internet accounts are in my name I like to have some idea/control of what the kids are up to. Is this draconian and do I like it, yes and no but one has a duty.


Regards
Neil

[Pascal]

Definately. As Chris said, a backup is essential when you begin tinkering with policies. However, to ensure that you cannot be bitten is to setup a specific access right policy for somebody that has administrative rights in the Remote Control Service. You can then set the System Policies to "Are Ignored" for that service and you will be safe while administering to the System Policies.

[ngrayson]

Guys,

I tried as you suggested and Pascals suggestion saved the day. I would have locked out myself without it.

However, I’m having the hell confused out of me with access, policies etc. I created the everyone group, put the kids into it and took them out of the other group I have set up for them. I then assigned the everyone policy to the proxy server. Unfortunately, it had the wrong effect, when access time was valid, they could not gain access.

On a second attempt, it allowed them access when it should not have. Can I just clarify that I should set a policy for everyone (the group the kids are in) with the time restrictions and assign this to say the proxy server. Since I’m using ENS/NAT I guess that I have to assign it there also and probably the dialer.

I am using DHCP and assumed users. I have both set ups enabled, by IP and also by computer name although the computer names are fixed on each machine and not assigned by the DHCP server.

I will soon have ADSL and if I don’t find some method of control other than the dialer, the kids will be up all night.

All suggestions welcome.

[Pascal]

Neil, your easiest option might be to work with default policies (System) and to set the applicable service (ENS, from what it sounds like) to "MUST also be granted"

But tell you what - email me the details of what you want to do (times, etc) and I'll set it up for you here then email you a quick step by step back.
weekend now so there might be a bit of a turnaround, but shouldn't be too lengthy.