Set up of Untangle.
-
@IT-ADMIN said:
it is difficult to control a work group environment, because users are admin over their computers, so they can change proxy setting, your only solution is to set your proxy in transparent mode, the problem in this mode as Mr Scott mention, you can only block http not https,
the other way to do web filtering is by DNS, so you can resolve youtube.com to your local ip or any private ipNothing makes them be admins more than in a domain environment. You can still lock them down the same in that way. More effort but same capacity.
-
@scottalanmiller but in domain environment, once you joint a machine into your domain and login as a limited users, they cannot do anything, in opposition to work group except if you change the local policy setting
-
i mean by : they cannot do anything ----> they cannot change the system setting
-
@IT-ADMIN said:
@scottalanmiller but in domain environment, once you joint a machine into your domain and login as a limited users, they cannot do anything, in opposition to work group except if you change the local policy setting
You can expose or lock out those settings in both settings. It's just manual in the workground setting. Definitely more work, a lot more work if you have a large number of users.
-
@Joyfano Any reason that they are avoiding a domain setup? You have hundreds of users, it seems like being on a domain would be very important.
-
@IT-ADMIN said:
it is difficult to control a work group environment, because users are admin over their computers, so they can change proxy setting, your only solution is to set your proxy in transparent mode, the problem in this mode as Mr Scott mention, you can only block http not https,
the other way to do web filtering is by DNS, so you can resolve youtube.com to your local ip or any private ipSorry but we have around 10 computers only in Workgroup. I created a standard account for them so they still don't have admin access in computers.
-
@scottalanmiller said:
@Joyfano Any reason that they are avoiding a domain setup? You have hundreds of users, it seems like being on a domain would be very important.
We are using Domain in our production area. It happen that we need to set up a workgroup network in case of emergency " you know we are always having an internet problem,so i think that set up would be appropriate for them"
-
@Joyfano said:
@scottalanmiller said:
@Joyfano Any reason that they are avoiding a domain setup? You have hundreds of users, it seems like being on a domain would be very important.
We are using Domain in our production area. It happen that we need to set up a workgroup network in case of emergency " you know we are always having an internet problem,so i think that set up would be appropriate for them"
Does your Internet problems affect your domain? If so, how?
-
@Joyfano said:
@IT-ADMIN said:
it is difficult to control a work group environment, because users are admin over their computers, so they can change proxy setting, your only solution is to set your proxy in transparent mode, the problem in this mode as Mr Scott mention, you can only block http not https,
the other way to do web filtering is by DNS, so you can resolve youtube.com to your local ip or any private ipSorry but we have around 10 computers only in Workgroup. I created a standard account for them so they still don't have admin access in computers.
Why not have the Wordgroup use the DNS from the AD then? Then you could use your DNS to block YouTube, Facebook, etc. But not MangoLassi, obviously
-
@scottalanmiller said:
Do you have internal DNS at all? With AD you have to, without it it is optional.
We have Local Domain in our Network. Sorry my answer is not clear.
-
@scottalanmiller said:
@Joyfano said:
@scottalanmiller said:
@Joyfano Any reason that they are avoiding a domain setup? You have hundreds of users, it seems like being on a domain would be very important.
We are using Domain in our production area. It happen that we need to set up a workgroup network in case of emergency " you know we are always having an internet problem,so i think that set up would be appropriate for them"
Does your Internet problems affect your domain? If so, how?
Its not. But we used to transfer the computers to other network if the other internet provider is down.
-
@scottalanmiller said:
@Joyfano said:
@IT-ADMIN said:
it is difficult to control a work group environment, because users are admin over their computers, so they can change proxy setting, your only solution is to set your proxy in transparent mode, the problem in this mode as Mr Scott mention, you can only block http not https,
the other way to do web filtering is by DNS, so you can resolve youtube.com to your local ip or any private ipSorry but we have around 10 computers only in Workgroup. I created a standard account for them so they still don't have admin access in computers.
Why not have the Wordgroup use the DNS from the AD then? Then you could use your DNS to block YouTube, Facebook, etc. But not MangoLassi, obviously
We are using separate network for our Production who are doing online and Offline project.
-
@Joyfano said:
Its not. But we used to transfer the computers to other network if the other internet provider is down.
Sounds like this could be made more efficient. Why not have both ISPs available to all computers and switch using a router?
-
@Joyfano said:
We are using separate network for our Production who are doing online and Offline project.
You can keep on separate subnets and/or VLANs but still share DNS.
-
i think they have 2 diffirent remote location,
-
@IT-ADMIN said:
i think they have 2 diffirent remote location,
They do, but they walk in between. I'm not sure if they have connectivity between or not.
-
Thank you guys for all of your replies, Sad things i didn't got any chance to restore the correct settings of our Untangle due to lack of time to troubleshoot.
After a long hour of Audit for our client Compliance.. Finally we don't have any major problem specially in IT department.
Next project would be continuation of my last post about installing firewall using Linux and also set up of our Dokuwiki. -
@scottalanmiller said:
@Joyfano said:
We are using separate network for our Production who are doing online and Offline project.
You can keep on separate subnets and/or VLANs but still share DNS.
This suggestions is great. it will help our leaders and supervisors work efficiently and also synchronize our files in both network location.
I haven't tried working with this kind of network set up. -
DokuWiki is super easy. Just copy the files to the server and... done. There is no database so it is about the easiest thing to deploy ever.
-
@scottalanmiller said:
DokuWiki is super easy. Just copy the files to the server and... done. There is no database so it is about the easiest thing to deploy ever.
Really? I will try this later.. looking forward to start working with this.