Hi Qbik Stuff!
Sorry for my English.
I have difficulties while I try to setup policies into 2 different groups with couple of same users? e.g. BIGGROUP and SMALLGROUP. I wanna to make 1 rule to BIGGROUP and another to SMALLGROUP, but users, who consist in 2 groups simultaneously are out of the some rules.
It's hard for me to explain, but I try another way :)
BIGGROUP with users: Jane, Pite, Tom and Alice have 10 rules to HTTP Requests and in the same time Jane and Pite is belong to SMALLGROUP with another 3 rules. How to make work 13 rules to Jane and Pite and 10 rules for Tom and Alice. Really rules count are out of 200, and it's not a good idea to make 2 different groups same rules with couple of differences.
Can you help me with this problem?
And about next versions, I think, if you add possibility to view DHCP leases (MAC and IP) in DHCP service, it wheel be a very good thing!
Mixed Policies (HTTP Requests)
Moderator: Qbik Staff
5 posts
• Page 1 of 1
Mixed Policies (HTTP Requests)
by Vladlen » Aug 02 07 3:49 am
- Vladlen
- Posts: 3
- Joined: Aug 02 07 1:17 am
by ChrisH » Aug 02 07 3:45 pm
I think you need to create another policy and adjust the two you have now.
I am going to assume you are using the Ban Lists in your policies to restrict the groups to your wishes.
In BIGGROUP you would add a filter in the Advanced section that the critierion would read USER is not a member of group SMALLGROUP . In SMALLGROUP you would add a filter in the Advanced section that the critierion would read USER is not a member of group BIGGROUP . So now these policies won't apply to those users who are members of both groups.
Now you need to create a policy that applies only to those users of both BIGGROUP and SMALLGROUP. I would suggest adding a policy for the Everyone group with the same authentication requirements but in the Advanced section set two critierion - one that reads USER is a member of group BIGGROUP and the other USER is a member of group SMALLGROUP - see below.
Filter 1
USER is a member of group BIGGROUP
USER is a member of group SMALLGROUP
Next you need to add the Ban List sites from BIGGROUP and the sites you want from the SMALLGROUP.
You indicate you have a large number of sites. This method does require that you make up another list but there are ways to copy such lists using Regedit. See this posting http://forums.qbik.com/viewtopic.php?t=10467
All warnings about messsing with the registry apply though!
Let us know if this helps.
I am going to assume you are using the Ban Lists in your policies to restrict the groups to your wishes.
In BIGGROUP you would add a filter in the Advanced section that the critierion would read USER is not a member of group SMALLGROUP . In SMALLGROUP you would add a filter in the Advanced section that the critierion would read USER is not a member of group BIGGROUP . So now these policies won't apply to those users who are members of both groups.
Now you need to create a policy that applies only to those users of both BIGGROUP and SMALLGROUP. I would suggest adding a policy for the Everyone group with the same authentication requirements but in the Advanced section set two critierion - one that reads USER is a member of group BIGGROUP and the other USER is a member of group SMALLGROUP - see below.
Filter 1
USER is a member of group BIGGROUP
USER is a member of group SMALLGROUP
Next you need to add the Ban List sites from BIGGROUP and the sites you want from the SMALLGROUP.
You indicate you have a large number of sites. This method does require that you make up another list but there are ways to copy such lists using Regedit. See this posting http://forums.qbik.com/viewtopic.php?t=10467
All warnings about messsing with the registry apply though!
Let us know if this helps.
Chris H.
- ChrisH
- WinGate Master
- Posts: 388
- Joined: Sep 13 03 1:38 am
- Location: Canada
by Vladlen » Aug 03 07 9:46 pm
Thank's, I'is good idea, but groups created for better ban list administration, but this advice excepts easy administration.
My idea was in creation group for all users with restrictions for all and another group(s) for department(s) with addition restrictions.
Maybe another ideas?
By the way? can you describe me registry values for keys such as:
"Type"="CRequestCriterion"
"Comparison"=dword:00000003
"DataIndex"=dword:0000000f
"VariableName"="contains"
"Not"=dword:00000000
"DataType"=dword:00000002
"dwData"=dword:00000000
"nData"=dword:00000000
"dData"=hex:00,00,00,00,00,00,00,00
I wanna write migration and string conversion utility while new version 7 isn't out.
And another question, not for this topic. What type of encryption used to store user passwords in registry. I'm trying to write CGI app for remote server administration, witch can be used on pocket devices with various OS'es. So i need user verification.
My idea was in creation group for all users with restrictions for all and another group(s) for department(s) with addition restrictions.
Maybe another ideas?
ChrisH wrote:You indicate you have a large number of sites. This method does require that you make up another list but there are ways to copy such lists using Regedit.
By the way? can you describe me registry values for keys such as:
"Type"="CRequestCriterion"
"Comparison"=dword:00000003
"DataIndex"=dword:0000000f
"VariableName"="contains"
"Not"=dword:00000000
"DataType"=dword:00000002
"dwData"=dword:00000000
"nData"=dword:00000000
"dData"=hex:00,00,00,00,00,00,00,00
I wanna write migration and string conversion utility while new version 7 isn't out.
And another question, not for this topic. What type of encryption used to store user passwords in registry. I'm trying to write CGI app for remote server administration, witch can be used on pocket devices with various OS'es. So i need user verification.
- Vladlen
- Posts: 3
- Joined: Aug 02 07 1:17 am
by ChrisH » Aug 04 07 12:25 pm
Vladlen wrote:My idea was in creation group for all users with restrictions for all and another group(s) for department(s) with addition restrictions.
Maybe another ideas?
If you want to have a master ban list that applies to all then try setting the list in System policies and in WWW proxy set Default Rights (System policies) to MUST also be granted. For each group in WWW server policy you can then add sites as necessary to that ban list.
However you cannot use HTTP URL contains in System policy. But see this post for a work around. The only issue might be is that these system policies apply to everything.
Vladlen wrote:By the way? can you describe me registry values for keys such as:
"Type"="CRequestCriterion"
"Comparison"=dword:00000003
"DataIndex"=dword:0000000f
"VariableName"="contains"
"Not"=dword:00000000
"DataType"=dword:00000002
"dwData"=dword:00000000
"nData"=dword:00000000
"dData"=hex:00,00,00,00,00,00,00,00
I wanna write migration and string conversion utility while new version 7 isn't out.
Not all of them. The developers know much more than I do.
Vladlen wrote:And another question, not for this topic. What type of encryption used to store user passwords in registry. I'm trying to write CGI app for remote server administration, witch can be used on pocket devices with various OS'es. So i need user verification.
I don't know.
Chris H.
- ChrisH
- WinGate Master
- Posts: 388
- Joined: Sep 13 03 1:38 am
- Location: Canada
5 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 2 guests