Filter by computer name

BigKnot · 09-13-2010, 12:56 AM

In AD i can arrange users as well as computer objects into groups. Will this transfer to a working situation in UT? What i'm looking for to achieve is something like this:

- User A may do everything
- Computer B may not use FTP (member of group "noFTP")

When User A is using Computer B, he will not be able to use FTP. When he uses any other Computer he can use FTP.

Or make it work the other way around: no user may use FTP, but only when they are using a Computer which is a member of the group "FTPallowed" they can use FTP.

I would try this myself, but will have to make my SBS 2003 server single homed before i am able to try these examples

sky-knight · 09-13-2010, 01:06 AM

With the AD connector, you can link policy manager rules to use name, and change the security policy based on user name.

To control a computer, you need to define a DHCP reservation, or give the machine you want to control a static address.

Once those two things are in place, you can define whatever control you want.

BigKnot · 09-13-2010, 03:01 AM

OK, so i understand that the use of computer object in AD groups isn't going to work. Using DHCP reservations as a workaround is no problem however.

From your answer i'm also doubting if AD groups are supported at all?
I would like to manage access by AD groups (like you can do in ISA) and have groups like "noInternet", "restricedInternet", "fullAccess" in which i can place users. Is this also a no-go and will i have to resort to using usernames synced from AD in UT to achieve this?

Thanks!

WaLshy11 · 09-13-2010, 03:26 AM

Quote:

Originally Posted by BigKnot

OK, so i understand that the use of computer object in AD groups isn't going to work. Using DHCP reservations as a workaround is no problem however.

From your answer i'm also doubting if AD groups are supported at all?
I would like to manage access by AD groups (like you can do in ISA) and have groups like "noInternet", "restricedInternet", "fullAccess" in which i can place users. Is this also a no-go and will i have to resort to using usernames synced from AD in UT to achieve this?

Thanks!

AD groups do work in untangle

09-13-2010, 12:56 AM	#1 (permalink)
BigKnot Untangler Join Date: May 2010 Posts: 66	Filter by computer name In AD i can arrange users as well as computer objects into groups. Will this transfer to a working situation in UT? What i'm looking for to achieve is something like this: - User A may do everything - Computer B may not use FTP (member of group "noFTP") When User A is using Computer B, he will not be able to use FTP. When he uses any other Computer he can use FTP. Or make it work the other way around: no user may use FTP, but only when they are using a Computer which is a member of the group "FTPallowed" they can use FTP. I would try this myself, but will have to make my SBS 2003 server single homed before i am able to try these examples

09-13-2010, 01:06 AM	#2 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 8 Posts: 15,454	With the AD connector, you can link policy manager rules to use name, and change the security policy based on user name. To control a computer, you need to define a DHCP reservation, or give the machine you want to control a static address. Once those two things are in place, you can define whatever control you want. __________________ Rob Sandling, BS:SWE, MCP Intouch Technology Phone: 480-272-9889 rob@intouchtechllc.com UntangleAppliances.com Phone: 866-794-8879

Protect

Filter

Perform

Connect

Manage

Add-Ons

09-13-2010, 03:01 AM	#3 (permalink)
BigKnot Untangler Join Date: May 2010 Posts: 66	OK, so i understand that the use of computer object in AD groups isn't going to work. Using DHCP reservations as a workaround is no problem however. From your answer i'm also doubting if AD groups are supported at all? I would like to manage access by AD groups (like you can do in ISA) and have groups like "noInternet", "restricedInternet", "fullAccess" in which i can place users. Is this also a no-go and will i have to resort to using usernames synced from AD in UT to achieve this? Thanks!