ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Set up of Untangle.

    Scheduled Pinned Locked Moved IT Discussion
    34 Posts 4 Posters 6.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller
      last edited by

      But what about DNS? DNS is not related to AD other than AD relies on it. Many more networks have DNS than have AD.

      1 Reply Last reply Reply Quote 0
      • IT-ADMINI
        IT-ADMIN
        last edited by

        it is difficult to control a work group environment, because users are admin over their computers, so they can change proxy setting, your only solution is to set your proxy in transparent mode, the problem in this mode as Mr Scott mention, you can only block http not https,
        the other way to do web filtering is by DNS, so you can resolve youtube.com to your local ip or any private ip

        scottalanmillerS JoyJ 2 Replies Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @IT-ADMIN
          last edited by

          @IT-ADMIN said:

          it is difficult to control a work group environment, because users are admin over their computers, so they can change proxy setting, your only solution is to set your proxy in transparent mode, the problem in this mode as Mr Scott mention, you can only block http not https,
          the other way to do web filtering is by DNS, so you can resolve youtube.com to your local ip or any private ip

          Nothing makes them be admins more than in a domain environment. You can still lock them down the same in that way. More effort but same capacity.

          IT-ADMINI 1 Reply Last reply Reply Quote 0
          • IT-ADMINI
            IT-ADMIN @scottalanmiller
            last edited by

            @scottalanmiller but in domain environment, once you joint a machine into your domain and login as a limited users, they cannot do anything, in opposition to work group except if you change the local policy setting

            scottalanmillerS 1 Reply Last reply Reply Quote 0
            • IT-ADMINI
              IT-ADMIN
              last edited by

              i mean by : they cannot do anything ----> they cannot change the system setting

              1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller @IT-ADMIN
                last edited by

                @IT-ADMIN said:

                @scottalanmiller but in domain environment, once you joint a machine into your domain and login as a limited users, they cannot do anything, in opposition to work group except if you change the local policy setting

                You can expose or lock out those settings in both settings. It's just manual in the workground setting. Definitely more work, a lot more work if you have a large number of users.

                1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller
                  last edited by

                  @Joyfano Any reason that they are avoiding a domain setup? You have hundreds of users, it seems like being on a domain would be very important.

                  JoyJ 1 Reply Last reply Reply Quote 0
                  • JoyJ
                    Joy @IT-ADMIN
                    last edited by

                    @IT-ADMIN said:

                    it is difficult to control a work group environment, because users are admin over their computers, so they can change proxy setting, your only solution is to set your proxy in transparent mode, the problem in this mode as Mr Scott mention, you can only block http not https,
                    the other way to do web filtering is by DNS, so you can resolve youtube.com to your local ip or any private ip

                    Sorry but we have around 10 computers only in Workgroup. I created a standard account for them so they still don't have admin access in computers.

                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                    • JoyJ
                      Joy @scottalanmiller
                      last edited by

                      @scottalanmiller said:

                      @Joyfano Any reason that they are avoiding a domain setup? You have hundreds of users, it seems like being on a domain would be very important.

                      We are using Domain in our production area. It happen that we need to set up a workgroup network in case of emergency " you know we are always having an internet problem,so i think that set up would be appropriate for them"

                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller @Joy
                        last edited by

                        @Joyfano said:

                        @scottalanmiller said:

                        @Joyfano Any reason that they are avoiding a domain setup? You have hundreds of users, it seems like being on a domain would be very important.

                        We are using Domain in our production area. It happen that we need to set up a workgroup network in case of emergency " you know we are always having an internet problem,so i think that set up would be appropriate for them"

                        Does your Internet problems affect your domain? If so, how?

                        JoyJ 1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @Joy
                          last edited by

                          @Joyfano said:

                          @IT-ADMIN said:

                          it is difficult to control a work group environment, because users are admin over their computers, so they can change proxy setting, your only solution is to set your proxy in transparent mode, the problem in this mode as Mr Scott mention, you can only block http not https,
                          the other way to do web filtering is by DNS, so you can resolve youtube.com to your local ip or any private ip

                          Sorry but we have around 10 computers only in Workgroup. I created a standard account for them so they still don't have admin access in computers.

                          Why not have the Wordgroup use the DNS from the AD then? Then you could use your DNS to block YouTube, Facebook, etc. But not MangoLassi, obviously 😉

                          JoyJ 1 Reply Last reply Reply Quote 0
                          • JoyJ
                            Joy @scottalanmiller
                            last edited by

                            @scottalanmiller said:

                            Do you have internal DNS at all? With AD you have to, without it it is optional.

                            We have Local Domain in our Network. Sorry my answer is not clear.

                            1 Reply Last reply Reply Quote 0
                            • JoyJ
                              Joy @scottalanmiller
                              last edited by

                              @scottalanmiller said:

                              @Joyfano said:

                              @scottalanmiller said:

                              @Joyfano Any reason that they are avoiding a domain setup? You have hundreds of users, it seems like being on a domain would be very important.

                              We are using Domain in our production area. It happen that we need to set up a workgroup network in case of emergency " you know we are always having an internet problem,so i think that set up would be appropriate for them"

                              Does your Internet problems affect your domain? If so, how?

                              Its not. But we used to transfer the computers to other network if the other internet provider is down.

                              scottalanmillerS 1 Reply Last reply Reply Quote 0
                              • JoyJ
                                Joy @scottalanmiller
                                last edited by

                                @scottalanmiller said:

                                @Joyfano said:

                                @IT-ADMIN said:

                                it is difficult to control a work group environment, because users are admin over their computers, so they can change proxy setting, your only solution is to set your proxy in transparent mode, the problem in this mode as Mr Scott mention, you can only block http not https,
                                the other way to do web filtering is by DNS, so you can resolve youtube.com to your local ip or any private ip

                                Sorry but we have around 10 computers only in Workgroup. I created a standard account for them so they still don't have admin access in computers.

                                Why not have the Wordgroup use the DNS from the AD then? Then you could use your DNS to block YouTube, Facebook, etc. But not MangoLassi, obviously 😉

                                We are using separate network for our Production who are doing online and Offline project.

                                scottalanmillerS 1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller @Joy
                                  last edited by

                                  @Joyfano said:

                                  Its not. But we used to transfer the computers to other network if the other internet provider is down.

                                  Sounds like this could be made more efficient. Why not have both ISPs available to all computers and switch using a router?

                                  1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller @Joy
                                    last edited by

                                    @Joyfano said:

                                    We are using separate network for our Production who are doing online and Offline project.

                                    You can keep on separate subnets and/or VLANs but still share DNS.

                                    JoyJ 1 Reply Last reply Reply Quote 0
                                    • IT-ADMINI
                                      IT-ADMIN
                                      last edited by

                                      i think they have 2 diffirent remote location,

                                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @IT-ADMIN
                                        last edited by

                                        @IT-ADMIN said:

                                        i think they have 2 diffirent remote location,

                                        They do, but they walk in between. I'm not sure if they have connectivity between or not.

                                        1 Reply Last reply Reply Quote 0
                                        • JoyJ
                                          Joy
                                          last edited by

                                          Thank you guys for all of your replies, Sad things i didn't got any chance to restore the correct settings of our Untangle due to lack of time to troubleshoot.
                                          After a long hour of Audit for our client Compliance.. Finally we don't have any major problem specially in IT department.
                                          Next project would be continuation of my last post about installing firewall using Linux and also set up of our Dokuwiki.

                                          1 Reply Last reply Reply Quote 0
                                          • JoyJ
                                            Joy @scottalanmiller
                                            last edited by

                                            @scottalanmiller said:

                                            @Joyfano said:

                                            We are using separate network for our Production who are doing online and Offline project.

                                            You can keep on separate subnets and/or VLANs but still share DNS.

                                            This suggestions is great. it will help our leaders and supervisors work efficiently and also synchronize our files in both network location.
                                            I haven't tried working with this kind of network set up.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 1 / 2
                                            • First post
                                              Last post