Set up of Untangle.
-
I haven't used Untangle in that way before but I believe that it can only block when being used as a proxy and can only block HTTP not HTTPS which makes it a lot less useful than you would hope since nearly everything that you would want to block is HTTPS today.
-
I can now connect to internet but i cannot block youtube.com for example.
-
Do you have Active Directory?
-
@scottalanmiller No. its not connected in Active Directory
-
Do you have internal DNS at all? With AD you have to, without it it is optional.
-
@scottalanmiller No in this network we are not using AD. Computers network are Workgroup only.
-
But what about DNS? DNS is not related to AD other than AD relies on it. Many more networks have DNS than have AD.
-
it is difficult to control a work group environment, because users are admin over their computers, so they can change proxy setting, your only solution is to set your proxy in transparent mode, the problem in this mode as Mr Scott mention, you can only block http not https,
the other way to do web filtering is by DNS, so you can resolve youtube.com to your local ip or any private ip -
@IT-ADMIN said:
it is difficult to control a work group environment, because users are admin over their computers, so they can change proxy setting, your only solution is to set your proxy in transparent mode, the problem in this mode as Mr Scott mention, you can only block http not https,
the other way to do web filtering is by DNS, so you can resolve youtube.com to your local ip or any private ipNothing makes them be admins more than in a domain environment. You can still lock them down the same in that way. More effort but same capacity.
-
@scottalanmiller but in domain environment, once you joint a machine into your domain and login as a limited users, they cannot do anything, in opposition to work group except if you change the local policy setting
-
i mean by : they cannot do anything ----> they cannot change the system setting
-
@IT-ADMIN said:
@scottalanmiller but in domain environment, once you joint a machine into your domain and login as a limited users, they cannot do anything, in opposition to work group except if you change the local policy setting
You can expose or lock out those settings in both settings. It's just manual in the workground setting. Definitely more work, a lot more work if you have a large number of users.
-
@Joyfano Any reason that they are avoiding a domain setup? You have hundreds of users, it seems like being on a domain would be very important.
-
@IT-ADMIN said:
it is difficult to control a work group environment, because users are admin over their computers, so they can change proxy setting, your only solution is to set your proxy in transparent mode, the problem in this mode as Mr Scott mention, you can only block http not https,
the other way to do web filtering is by DNS, so you can resolve youtube.com to your local ip or any private ipSorry but we have around 10 computers only in Workgroup. I created a standard account for them so they still don't have admin access in computers.
-
@scottalanmiller said:
@Joyfano Any reason that they are avoiding a domain setup? You have hundreds of users, it seems like being on a domain would be very important.
We are using Domain in our production area. It happen that we need to set up a workgroup network in case of emergency " you know we are always having an internet problem,so i think that set up would be appropriate for them"
-
@Joyfano said:
@scottalanmiller said:
@Joyfano Any reason that they are avoiding a domain setup? You have hundreds of users, it seems like being on a domain would be very important.
We are using Domain in our production area. It happen that we need to set up a workgroup network in case of emergency " you know we are always having an internet problem,so i think that set up would be appropriate for them"
Does your Internet problems affect your domain? If so, how?
-
@Joyfano said:
@IT-ADMIN said:
it is difficult to control a work group environment, because users are admin over their computers, so they can change proxy setting, your only solution is to set your proxy in transparent mode, the problem in this mode as Mr Scott mention, you can only block http not https,
the other way to do web filtering is by DNS, so you can resolve youtube.com to your local ip or any private ipSorry but we have around 10 computers only in Workgroup. I created a standard account for them so they still don't have admin access in computers.
Why not have the Wordgroup use the DNS from the AD then? Then you could use your DNS to block YouTube, Facebook, etc. But not MangoLassi, obviously
-
@scottalanmiller said:
Do you have internal DNS at all? With AD you have to, without it it is optional.
We have Local Domain in our Network. Sorry my answer is not clear.
-
@scottalanmiller said:
@Joyfano said:
@scottalanmiller said:
@Joyfano Any reason that they are avoiding a domain setup? You have hundreds of users, it seems like being on a domain would be very important.
We are using Domain in our production area. It happen that we need to set up a workgroup network in case of emergency " you know we are always having an internet problem,so i think that set up would be appropriate for them"
Does your Internet problems affect your domain? If so, how?
Its not. But we used to transfer the computers to other network if the other internet provider is down.
-
@scottalanmiller said:
@Joyfano said:
@IT-ADMIN said:
it is difficult to control a work group environment, because users are admin over their computers, so they can change proxy setting, your only solution is to set your proxy in transparent mode, the problem in this mode as Mr Scott mention, you can only block http not https,
the other way to do web filtering is by DNS, so you can resolve youtube.com to your local ip or any private ipSorry but we have around 10 computers only in Workgroup. I created a standard account for them so they still don't have admin access in computers.
Why not have the Wordgroup use the DNS from the AD then? Then you could use your DNS to block YouTube, Facebook, etc. But not MangoLassi, obviously
We are using separate network for our Production who are doing online and Offline project.