locked
Internet access in proxy server environment RRS feed

  • General discussion

  • I have moved to Steady State from SCT in our department's classrooms which connect to the internet through the school's proxy server.

     

    Previously, with SCT, I had disconnected the internet because of lack of precise control but the promised capability of Steady State to allow access to a predetermined list of websites seemed ideal.

     

    So I prohibited internet access except for a list of sites.

     

    However the sites are not available. Although the browser is set to access the internet through a proxy server the request for credentials (a prerequisite for access to the internet) is not made, and neither the specified home page nor other permitted pages are accessible. I note that the list of permitted sites has been transferred to the "do not use proxy for" setting in Connections-Lan Settings-Advanced. As these addresses are not sent to the proxy it seems that Steady State is blocking what it allows!

     

    This seemed strange until I read another message posted here which stated that Steady State is not designed for proxy server environments and that the proxy server mechanism had been used to allow/restrict sites.

     

    Clearly this is a great disappointment to us. Is there no workaround? We would be most grateful to learn of it.

     

    Many thanks

     

    Jim

     

    Wednesday, September 26, 2007 2:46 AM

All replies

  • Hi Jim,

     

    This is an expected issue. When you set the “Prevent Internet access (except Web Sites below)” option, the system will set the proxy server in IE to a non-exist one (NoInternetAccess) and add web sites allowed to the “Exceptions”. The “Use the same proxy server for all protocols” option is checked. In this way, all web site access except for those allowed sites are blocked. Based on the design of SteadyState, this option will not work under environment where already has a proxy server. As you have learned that, your proxy server already has options to block/allow websites.

     

    For your reference, to only allow some specific websites, you can use IE’s Content Advisor feature. Please refer to the following thread:

     

    http://forums.microsoft.com/WindowsToolsandUtilities/ShowPost.aspx?PostID=1909916&SiteID=69

     

    Note: You can add websites from Approved Sites tab and uncheck “Users can see websites that have no rating” option under General tab to block other websites.

     

    Best Regards,

    Thursday, September 27, 2007 10:11 AM
  • Thank you Shawn.

     

    I have realised that Content Advisor may offer the best workaround and have started using it, particularly when I discovered that the use of a wildcard e.g. *www.bbc.co.uk gives permission to access all pages on the specified website. (Interestingly I couldn't find information about the use of wildcards on any of the MSoft documentation.)

     

    However, once Content Advisor has been set up, it is of very limited use because each computer in the cluster needs to be identically configured as all students should have access to the same resources. Content Advisor will only allow changes on a per computer advisor.

     

    I (and others I am sure) work by creating and replicating an image, a procedure which takes a minimum of several hours. This effectively means that I have to attempt to predict, for weeks in advance, which sites are going to be required.

     

    Would it be possible to consider some additional functionality for Steady State in a future version to allow for what I think would be a fairly typical school situation whereby groups of like-configured computers have different internet access requirements.

     

    What is required is a means by which the computers in particular cluster can be quickly given access to a new website. If a set of computers under control of Steady State could get their permissions list from a central site, e.g. the teacher's computer, that would be ideal. Immediately the teacher learns of a new web resource that would be helpful (or wants to block an existing one) they would just add it to an appropriate list.

     

    As you mention the school's proxy server does have the ability to block and permit individual sites. However the procedure required, contacting the site administrator by email, is too slow.

     

    Thanks for considering this and for the improvements which have been provided in the new version of SCT/SS.

     

    Jim

    Thursday, September 27, 2007 7:38 PM
  • Hi Jim,

     

    Thank you for your sharing and suggestions on this issue.

     

    If these clients are in a domain, you can use the [User Configuration\Windows Settings\Internet Explorer Maintenance\Security\Security Zones and Content Ratings] policy to deploy Content Advisor settings. However, please understand that SteadyState is client based program and no centrally manage option is provided. Thus, you need to change this kind of configurations manually on every computer. If the access list will be updated frequently, SteadyState may not be a proper solution.

     

    Regards,

    Friday, September 28, 2007 8:32 AM
  • Thank you Shawn.

     

    The more I use Steady State the more I like it and I will try to make it work for us.

     

    We aren't logging into a domain at present for this purpose.

     

    Two possible mechanisms occur to me.

     

    The first is whether it would be possible to create our own content advisor like the ICRA3.

     

    The other is if there is registry hive which I could replicate from one computer to the others.

     

    Your thoughts would be welcomed.

     

    Jim.

    Friday, September 28, 2007 9:20 AM
  • Hi Jim,

     

    Based on my further research,  Content Advisor information were stored in the following place. You may setup it on one computer and then replicate the registry keys to other computers.

     

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

     

    Regards,

    Monday, October 1, 2007 5:56 AM
  • Hi,

    I recently installed SteadyState. I am using only one computer. So i made another account named Check Mail. I checked the "Prevent Internet Access (except Web sites below)" and in entered yahoo.com;gmail.com;swissmail.net;hotmail.com; but when i logged into Check Mail, i can't access any of them including the homepage (http://www.google.com.ph)

    I did not do anything with proxies etc. What did i do wrong?

    I'm using a Cable Modem conncted through LAN.

    Thanks!
    Thursday, November 1, 2007 2:30 AM
  • Hi Janix,

     

    You can try the suggestions in the following thread:

     

    Blocking all but selected websites

    http://forums.microsoft.com/WindowsToolsandUtilities/ShowPost.aspx?PostID=2068409&SiteID=69

     

    Regards,

    Friday, November 2, 2007 3:05 AM