Hello,
I have the following situation:
I have a really large ban list setup on the group "content restricted". Which is the group the majority of the users are in.
I have removed the everyone group in 'system policies-user who can access this server'. And replaced it with "administrators" and "content restricted" (and a few others).
I added a group called "time restricted". And added this group to 'system policies-user who can access this server'. I set the time restriction - which worked. However this had the effect of overridding the banlist from the "content restricted" group - even though the user is a member of both groups.
What makes this more complicated is that I only want to restrict one user to a time period - not all of the members of the "content restricted" group.
Is that possible?
Thanks.
LImiting an account to a time range
Moderator: Qbik Staff
5 posts
• Page 1 of 1
LImiting an account to a time range
by 1ahanco » May 05 04 1:07 pm
- 1ahanco
- Posts: 8
- Joined: Mar 01 04 8:21 am
- Location: New Zealand
by MattP » May 05 04 1:47 pm
It sounds like you'd be better off just setting the time restrictions for that individual user, if you open the WWW proxy service then select the user that you want to restrict you can set the time settings for that user alone. They should still be restricted by the content settings.
Matt
Matt
- MattP
- Qbik Staff
- Posts: 991
- Joined: Sep 08 03 4:30 pm
by ChrisH » May 06 04 4:10 am
I would add to Matt's suggestion and move out that user from the 'content restricted' group. If you have a large ban list that you really don't feel like adding one by one again to this new 'time restricted' group, you could copy the registry key for the 'content restricted' into a new one for 'time restricted' group.
Since you are playing with the registry I strongly urge you to make a backup of the entire registry, do a restore point (if OS capable) and copy WG registry entries by opening GateKeeper, clicking on Options, Advanced, Save Registry Settings as problems sometimes happen.
Once you have done that, stop WG engine and open registry to HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\DefaultRights\Access and you will see listed under here different Recipient Keys.
Click on each Recipient Key - Recipient0, Recipient1,... until you find the one that has the 'content restricted' group listed in the subkey "UserName".
Then Export this Recipient Key and save it where you can find it easily.
Next rename this Recipient Key name to Recipientx where x is a number that is not one of the other Recipient Key numbers.
Go back to where you exported Registry Key and Merge it back into the registry.
Now you will have two entries exactly the same. You will now have to Modify the "UserName" subkey on one of these to 'time restricted' group.
Restart WG engine, open up GateKeeper and go to System policies. You should have an additional entry there for group 'time restricted' listing all banned sites. Now you can add the time restrictions to this group.
It is a bit cumbersome to do, but saves a lot of re-entering. Let us know if it helps.
Since you are playing with the registry I strongly urge you to make a backup of the entire registry, do a restore point (if OS capable) and copy WG registry entries by opening GateKeeper, clicking on Options, Advanced, Save Registry Settings as problems sometimes happen.
Once you have done that, stop WG engine and open registry to HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\DefaultRights\Access and you will see listed under here different Recipient Keys.
Click on each Recipient Key - Recipient0, Recipient1,... until you find the one that has the 'content restricted' group listed in the subkey "UserName".
Then Export this Recipient Key and save it where you can find it easily.
Next rename this Recipient Key name to Recipientx where x is a number that is not one of the other Recipient Key numbers.
Go back to where you exported Registry Key and Merge it back into the registry.
Now you will have two entries exactly the same. You will now have to Modify the "UserName" subkey on one of these to 'time restricted' group.
Restart WG engine, open up GateKeeper and go to System policies. You should have an additional entry there for group 'time restricted' listing all banned sites. Now you can add the time restrictions to this group.
It is a bit cumbersome to do, but saves a lot of re-entering. Let us know if it helps.
Chris H.
- ChrisH
- WinGate Master
- Posts: 388
- Joined: Sep 13 03 1:38 am
- Location: Canada
by 1ahanco » May 06 04 11:06 am
That didn't work - I left the user as a member of the "content restricted" group - because the user will have open access otherwise. I assume that this causes the problem. The WWW proxy 'default rights' set to 'May be used instead' - because no one would be able to log on otherwise.
What I need is a group that provides additional restrictions to the propertied of another group.
Is this possible?
What I need is a group that provides additional restrictions to the propertied of another group.
Is this possible?
- 1ahanco
- Posts: 8
- Joined: Mar 01 04 8:21 am
- Location: New Zealand
by adrien » May 06 04 11:25 am
Hi
WinGate policies work by adding further rights, rather than adding additional restrictions.
So you need to consider that the sum total of the rights that you grant are available to users who match them.
This means, if your user is a member of the large group with the banlist, then the granting of this right will allow the user, without any restriction on time. the fact that you have an additional right which grants that same user access but in a time-restricted fashion simply means that the user will be granted whichever of the rights will allow them access.
therefore, if you wish to have this particular user have time restricted rights, and also be restricted by the banlist, you would need to add a recipient to the policies for the particular services you wish to add the additional restriction for, and select "default rights must also be granted"
Then say in the WWW proxy, you would create 2 recipients of rights, one for this user, which is time limited, and one for everyone else (not including this user) which is not time limited. then with the banlist in system policies, this will be applied to all users as well.
That should do the trick.
Adrien
WinGate policies work by adding further rights, rather than adding additional restrictions.
So you need to consider that the sum total of the rights that you grant are available to users who match them.
This means, if your user is a member of the large group with the banlist, then the granting of this right will allow the user, without any restriction on time. the fact that you have an additional right which grants that same user access but in a time-restricted fashion simply means that the user will be granted whichever of the rights will allow them access.
therefore, if you wish to have this particular user have time restricted rights, and also be restricted by the banlist, you would need to add a recipient to the policies for the particular services you wish to add the additional restriction for, and select "default rights must also be granted"
Then say in the WWW proxy, you would create 2 recipients of rights, one for this user, which is time limited, and one for everyone else (not including this user) which is not time limited. then with the banlist in system policies, this will be applied to all users as well.
That should do the trick.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
5 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 50 guests