Logging in Locally and not on a AD Domain

[unklebk]

We have a customer that has a question regarding the AD connector. They have the AD connector working fine that this location when the users login to the windows domain. The question is if the user does not login to the domain, but instead uses the local account on the workstation and does not run the AD login script, what if any filtering stop gaps are now in affect ? The Users ID will not be present to identify any filtering, and they use DHCP not static IP's for the workstations. Can the user bypass running the login script and filters to get out to the internet when they were previously locked down.

Thanks for any input on this !!!

[sky-knight]

Welcome,

That would only happen if you configured a policy to specifically redirect a user name into a custom rack. More than likely you just configured the default rack, which all users are subject to.

[unklebk]

Ok I see. So even if the user is a local user on that machine, I should be able to script the user in to the restricted rack that is setup now if I read you correctly.

[kirkalmquist]

Without knowing all the details as to why they would even be allowed to log onto the local machine when running in a Windows AD enviroment, my suggestion would be to talk the customer into removing all local accounts...

Just my 2 cents worth as a network admin

[sky-knight]

Quote:

Originally Posted by unklebk

Ok I see. So even if the user is a local user on that machine, I should be able to script the user in to the restricted rack that is setup now if I read you correctly.

No actually I was pointing out the exact opposite.

Untangle only has the ability to use Active Directory accounts to redirect traffic. Technically speaking from what I have seen of the Active Directory script it may be possible to have it pick up a local account and pass that information to Untangle... but you're moving in a custom (unsupported) direction.