Csa policy to give time limited webbrowser access when not on lan

Hi There
Has anyone done a policy for allowing users to use a webbrowser for a specific amount of time, when they are off the internal lan ? I have done a policy that classifies webbrowsers when they connect on any tcp port in a system state that off-lan (done by dns suffix check), my problem is that i wan't to secure the webbrowser until the user has logged in to whatever hotspot page he needs to, in order to create a vpn connection, and then be classified as "on-lan". But i can't restrict what addresses this browser can reach, since this is very different from hotel to airport to generic hotspot, so i wan't to restrict the time the user has to login, after which he has to reboot or login to vpn to do anything network related. I have a policy that does all that, except for the time period, only thing the user has to do is close his browser and start it again, and then my dynamic appl. rule gives them another 5 minutes....which is not acceptable. Anyone done this ?

Hello all
I have the same issue.
What I tried is to change the query response from allow to ?terminate?.
No when the user answers (his only choice is terminate) the browser windows closes and the user can?t open it again. That?s what I want, but he cannot login to some hotspots.
Then I created I first query with an ?allow? and after 5 minutes a second with ?terminate?. Now the user first selects allow and has then 5 minutes to login to some hotspots and after 5 minutes the second query pops up and he is asked to terminate the web browser. He that can only select ?terminate? and the web browser closes. The problem is that this time, even though this is a ?terminate?, he can open the web browser again and continue to surf without any further queries.
I haven?t further analyzed this issue, but I think this has to do with the processes and not with the application itself.
Any ideas are welcome.

Similar Messages

  • I received a text today while at work about iCloud keychain verification code. I have not signed up for it or anything that uses it. I work out of the city with limited internet access so not sure why I would be getting this. Is my info safe??

    I received a text today while at work about iCloud keychain verification code. I have not signed up for it or anything that uses it. I work out of the city with limited internet access so not sure why I would be getting this. I only got this number about a month ago. Apparently someone else had the number before because I get texts from his family members wondering whats going on. I got one yesterday and the person didn't seem to thrilled that the number was cutoff and today I got 2 texts about iCloud Keychain which I don't even know what it is. Seems suspicious to me. If the person who use to own the number is doing it he should know it is not his number anymore because he obviously didn't pay his bills.  I'm not too sure about iCloud Keychain so just want to know my info safe?? It says it can store credit card numbers which is what gets me worried. Frankly I think it's pretty stupid to save that kind if information with any kind of app. But I don't want some random person trying to access my personal information because they are bitter they lost their number.  Please let me know as soon as possible so I can change passwords or anything that is needed.
    thanks

    If it were me, I would go to my carrier and get a new number. Since you have only had it for a month, the inconvenience would be minimal.
    Barry

  • Can documents saved on my time capsule be accessed if not connected i.e. I am away from home and want to access documents saved on my time capsule

    Can documents saved on my time capsule be accessed if not connected i.e. I am away from home and want to access documents saved on my time capsule

    Yes, if you setup one of the methods.. see
    https://discussions.apple.com/docs/DOC-3413
    You must use a Mac for any of those.. if you want to use some other OS tell us. 

  • Can free online books be downloaded to memory of ipad2 so that book can be accessed when not within wi-fi range

    can free online books be downloaded to memory of ipad2 so that book can be accessed when not within wi-fi range

    It depends on what books you're referring to. All books from the iTunes Store are downloaded to your iPad and except for any special features the book may contain that requires an Internet connection will be readable without such a connection.
    If you're talking about books from some other source, we'd need to know the source before we could offer opinions.
    Regards.

  • TC name must be short, or Time Machine/disc access will not work

    I painfully learned, after a few hours on my own, followed by 50 minutes on hold waiting for a great customer support guy, the following:
    When you install your TC, it will take the name of the computer from which it is being configured. "John Doe's Time Capsule." If you have a long computer name, or otherwise end up with greater than 23 (I think he said 23, maybe 26) characters, TC will not work correctly. I hope this saves someone some grief.

    Open up your console application and peruse the error logs (i.e. type console in spotlight). If you see stuff like this, you should probably change your TC's name:
    Mar 7 09:20:26 justin-lapres-computer /System/Library/CoreServices/backupd[2534]: Error: (-36) Creating directory Justin LaPre’s Computer 7
    Mar 7 09:20:26 justin-lapres-computer kernel[0]:
    Mar 7 09:20:26 justin-lapres-computer kernel[0]: disk2s2: 0x14 (UNDEFINED).
    Mar 7 09:20:26 justin-lapres-computer kernel[0]:
    Mar 7 09:20:26 justin-lapres-computer kernel[0]: 64406896] [FSLogMsgOrder Last]
    Mar 7 09:20:26 justin-lapres-computer kernel[0]: disk2s2: 0x14 (UNDEFINED).
    Mar 7 09:20:26 justin-lapres-computer kernel[0]:
    Mar 7 09:20:26 justin-lapres-computer /System/Library/CoreServices/backupd[2534]: Error: (-36) Creating directory Justin LaPre’s Computer 8
    Mar 7 09:20:26 justin-lapres-computer kernel[0]: gMsgID 511692335] [FSLogMsgOrder Last]
    Mar 7 09:20:26 justin-lapres-computer /System/Library/CoreServices/backupd[2534]: Error: (-36) Creating directory Justin LaPre’s Computer 9
    Mar 7 09:20:26 justin-lapres-computer kernel[0]: Num 11845] [FSLogMsgID 572506533] [FSLogMsgOrder First]
    Mar 7 09:20:26 justin-lapres-computer /System/Library/CoreServices/backupd[2534]: Error: (-36) Creating directory Justin LaPre’s Computer 10
    Mar 7 09:20:26 justin-lapres-computer kernel[0]: SLogMsgID 1220045630] [FSLogMsgOrder Last]
    Mar 7 09:20:26 justin-lapres-computer /System/Library/CoreServices/backupd[2534]: Error: (-36) Creating directory Justin LaPre’s Computer 11
    Mar 7 09:20:26 justin-lapres-computer kernel[0]: disk2s2: 0x14 (UNDEFINED).
    Mar 7 09:20:26 justin-lapres-computer /System/Library/CoreServices/backupd[2534]: Error: (-36) Creating directory Justin LaPre’s Computer 12
    Lots more garbage.

  • Phone number - access when not on line

    Hi
    If using a Skype Phone Number for people to contcat me and i am not on line can i divert the call to a landline/mobile as i can when people try to ocntcat me on Skype and i am off-line?
    Thanks
    robert

    Hi, Avenue, and welcome to the Community!
    Please review this library of information relating to call forwarding so you can make an informed decision:  https://support.skype.com/en/category/CALL_FORWARDING/
    Regards,
    Elaine
    Was your question answered? Please click on the Accept as a Solution link so everyone can quickly find what works! Like a post or want to say, "Thank You" - ?? Click on the Kudos button!
    Trustworthy information: Brian Krebs: 3 Basic Rules for Online Safety and Consumer Reports: Guide to Internet Security Online Safety Tip: Change your passwords often!

  • Time limits for time capsule access

    I want to set time limits for individual devices on my Time Capsule network. How do I set this up??

    You will need a hardware address for each wireless device that you want to be able to control. If you do not have the device listed, it will have "default" access to the wireless network, which means that it will have unlimited access at all times.
    If you are having difficulty finding a hardware address for a given device, turn off all the wireless devices that will connect to the network except your Mac. You know the hardware address of your Mac already, correct?
    Turn on one other wireless device and look for the info about that device. Then turn on the next device to get info about that device. You may not see a device name and instead see something like 10.0.1.x for the device name. Click on the 10.0.1.x display to reveal more information about the device, including the hardware address.
    You can set up rules for each device on either the Time Capsule or the AirPort Extreme and the settings will automatically be transferred to the "other" device, so you only have to enter the rules on one device.
    Open Airport Utility again and click on the Time Capsule if that is your "main" base station or router. Otherwise click on the AirPort Extreme if that is the main base station.
    Click Edit
    Click the Network tab at the top of the window
    Look toward the bottom of the next window and make sure that there is a check mark next to Enable Access Control. Later, you will need to make sure that the other router you have is also enabled.
    Click on Timed Access Control
    Here you will see the "default' rule for the network of Unlimited Access. This means that any device that has not been assigned a specific rule will be able to connect to the network at any time. Leave this rule alone.
    Click on the + (plus) button at the bottom of the Wireless Clients box
    Type in a device name next to Description.....example.....iPad
    Type in the hardware address of the device next to MAC Address
    You probably want to have the rule in effect Everyday, so leave that box the same. If you click on the box, you will see that you are able to have the rule in effect with a number of other options.
    Click on the All Day box and change that to Between
    Double click on each time display to edit the start time and end time for the device each day. For example, the device might be able to connect Everyday, Between 9 AM and 10 PM. It is possible to have multiple rules for the same device by clicking the + button in this area to add another time slot.
    Click Save
    Click Timed Access Control again and repeat the process for the next device, etc until entries for all wireless devices that you want to control are complete
    Click Update to save all of the settings and the Time Capsule will restart in 30 seconds.
    Be sure to enter a check mark on the other router that you have to Enable Timed Access and Update to save the setting.  This will transfer the stored settings from the Time Capsule to the AirPort Extreme or vice versa.
    Good luck.

  • How do I set access time limits for my kids devices?

    I had a Time capsule installed.
    How do I set time limits on my kids devices or can I?

    You can set individual daily time limits for any wireless devices that connect to the network using the Timed Access feature in AirPort Utility.
    First look carefully on the back or bottom of each of your kids' devices for label that has a MAC Address. This is an ID number that will have a form of  xx : xx: xx : xx : xx : xx.  The "x" can be either a letter or number.
    Write down each MAC Address carefully, noting which device is which.
    Post back when you have done this. Do not post these ID numbers....just let us know that you have them in hand.
    We will also need to know what operating system that you are using on the computer that is used to configure the Time Capsule.
    If you have a Mac, and are not sure what operating system it is using.....click the Apple icon in the upper left corner of the Mac's screen, then click About This Mac. Post back with the OS X Version number that you see there.

  • I am trying to setup time limits in airport 5.6

    I am trying to setup time limits for internet usage in airport 5.6—
    but i don't get a timed access control "option. Tried on both imac and macbook pro.

    What are you setting it up as.. join wireless network .. the very worst setup, it will disappear.. reboot the whole network in order modem. router TC.. clients and it will likely reappear.
    Tell us what network setup you are using..
    If you setup with cable to a computer completely isolated from the network with TC also isolated.. finish the setup of everything you want. .before update.. then plug it into the network. .then restart everything in correct order.. it will work most of the time.

  • How do to set up time limits on a guest network

    I have a new generation Airport Time Capsule and I have set up a Guest Network for my kids but I would like to set up time limits on the Guest Network also, is there a way to do it?

    It is not possible to set up specific time limits for the Guest Network as a whole, but it is possible to set up individual time limits for each device that will be connecting to the Guest Network.....and, also the main network for that matter.
    If you can provide us with some more specifics on what you are trying to accomplish, how many devices will be involved, etc.......that will help us craft our answer to provide accurate information.
    Meanwhile, if you want to take a look at the general settings in Timed Access....
    Open Macintosh HD > Applications > Utilities > AirPort Utility
    Click on the Time Capsule icon, then click Edit
    Click the Network tab at the top of the screen
    Enter a check mark in the box next to Enable Timed Access
    Click on the Timed Access button
    Click Cancel to avoid making any changes to your current setup

  • How to record a time-limited video with Adobe AIR for iOS

    I am trying to record a time-limited video with Adobe AIR for iOS.
    For example, I want to implement the following function. Start a one-minute timer before launching CameraUI to record video. When the timeout event happens after one minute, stop recording video, close the CameraUI view and obtain the video data so far.
      I have several questions related to that.
      1. How to stop recording video from outside the CameraUI view(in this case, from the timeout event handler) and then close the CemeraUI view? As far as I know, to close the CameraUI view, the only way is to press the [Use Video] button or the [Cancel] button from inside the CameraUI view. Is it possible to close it from outside?
      2. Even if the first problem mentioned above is solved, then how can I get the video data so far(in this case, the video data before the timeout). I know that normally we can get a MediaPromise object from MediaEvent parameter of the  complete handler, and read the video data from the MediaPromise object. But obviously in this case, we can not access the MediaPromise object just because the complete handler itself will not be executed since the [Use Video] button is not pressed.
      3. Is it possible to add a stopwatch to show possible remaining recording time when CameraUI view is open? It seems that the CameraUI automatically uses the full screen of iOS device(in my case, iPad) and there is no extra space to show the stopwatch.
      Are there any solutions or workarounds about the three problem above? I really appreciate it if anyone has any idea about this. Thanks in advance.

    You'd have more control by using the Camera object, showing the camera on a video object inside a Sprite, and capturing that. Then you could put whatever graphics alongside it on the stage.. I've used FlashyWrappers in a test to capture the video to the library.  It took some work, but the test worked well...
    Flash/AIR record videos of your apps and games: Rainbow Creatures

  • Can I give our AD users access to Visual Studio Online?

    Our AD is connected to our Azure Active Directory and synced via DirSync.
    Is it possible for me to give our AD users access to VSO and they use their organizational login credentials OR do they need to create Microsoft accounts?
    Our goal is single sign-on with our AD credentials. Please let me know if this is possible?
    Thanks, Sam

    Hi Sam,
    You can link your Visual Studio Online account with your Azure Activy directoy. Directory administrators control who joins the directory and has possible access to your Visual Studio Online account. The users can use Azure Active directory accounts
    to sign in Visual Stduio Online account. You can check this
    page for more information about manage organization access for your account.
    The numbers of users can access Visual Studio Online account depend on your license of Visual Studio Online account. You can add no more then 5 basic users and unlimited MSDN subscriptions if you have Basic license of Visual Studio Online account. Check
    this
    page for the pricing. However, you can assign team members stakeholder license if the users only view the project-level information. Check this
    page for more information about stakeholder license of Visual Studio Online.
    Best regards,
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click
    HERE to participate the survey.

  • The timer service encountered an exception checking for the upgrade mode registry key. Requested registry access is not allowed.

    Once in a while i get the error
    Event ID 6463
    The timer service encountered an exception checking for the upgrade mode registry key. Requested registry access is not allowed.
    This also happens when i restart the timer service.
    I already cleared the SharePoint cache (xml's) but no success with that.
    Environment is
    SharePoint 2013 SP1 + CU Dec 2014

    This is a brand new SP13 with SP1 installation after binaries installation i also installed Dec 2014 CU and then created the SP farm.
    The Apppool/Timer account is member of WSS_ADMIN_WPG.
    Issue can be reproduced with restarting SharePoint Timer Service.
    Hereby the Process Monitor output. Hence i filtered it on NOT SUCCESS and Path contains the word UPGRADE
    11:37:57,4244851 OWSTIMER.EXE
    6272 RegQueryValue
    HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\15.0\WSS\UpgradeLogLevelOverride
    NAME NOT FOUND Length: 144
    11:37:57,6632057 OWSTIMER.EXE
    6272 RegOpenKey
    HKLM\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.15.0.Microsoft.Office.Access.Services.Moss.Upgrade__71e9bce111e9429c
    NAME NOT FOUND Desired Access: Read
    11:37:57,6632889 OWSTIMER.EXE
    6272 RegOpenKey
    HKLM\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.15.0.Microsoft.Office.Access.Services.Moss.Upgrade__71e9bce111e9429c
    NAME NOT FOUND Desired Access: Read
    11:37:57,7140763 OWSTIMER.EXE
    6272 RegOpenKey
    HKLM\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.15.0.Microsoft.PerformancePoint.Scorecards.Upgrade__71e9bce111e9429c
    NAME NOT FOUND Desired Access: Read
    11:37:57,7141089 OWSTIMER.EXE
    6272 RegOpenKey
    HKLM\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.15.0.Microsoft.PerformancePoint.Scorecards.Upgrade__71e9bce111e9429c
    NAME NOT FOUND Desired Access: Read
    11:37:57,7313089 OWSTIMER.EXE
    6272 RegOpenKey
    HKLM\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.15.0.Microsoft.SharePoint.Portal.Upgrade__71e9bce111e9429c
    NAME NOT FOUND Desired Access: Read
    11:37:57,7313403 OWSTIMER.EXE
    6272 RegOpenKey
    HKLM\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.15.0.Microsoft.SharePoint.Portal.Upgrade__71e9bce111e9429c
    NAME NOT FOUND Desired Access: Read
    11:37:59,2026527 OWSTIMER.EXE
    6272 RegQueryValue
    HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\15.0\WSS\MS_InternalUse_Only_UpgradeableVersion
    NAME NOT FOUND Length: 144
    11:37:59,2109400 OWSTIMER.EXE
    6272 RegQueryValue
    HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\15.0\WSS\MS_InternalUse_Only_UpgradeableVersion
    NAME NOT FOUND Length: 144
    11:38:05,3534303 OWSTIMER.EXE
    6272 RegQueryValue
    HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\15.0\WSS\MS_InternalUse_Only_UpgradeableVersion
    NAME NOT FOUND Length: 144
    11:38:05,3537846 OWSTIMER.EXE
    6272 RegQueryValue
    HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\15.0\WSS\MS_InternalUse_Only_UpgradeableVersion
    NAME NOT FOUND Length: 144
    11:38:05,3594290 OWSTIMER.EXE
    6272 RegQueryValue
    HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\15.0\WSS\MS_InternalUse_Only_UpgradeableVersion
    NAME NOT FOUND Length: 144
    11:38:05,3597316 OWSTIMER.EXE
    6272 RegQueryValue
    HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\15.0\WSS\MS_InternalUse_Only_UpgradeableVersion
    NAME NOT FOUND Length: 144
    11:38:05,3653094 OWSTIMER.EXE
    6272 RegQueryValue
    HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\15.0\WSS\MS_InternalUse_Only_UpgradeableVersion
    NAME NOT FOUND Length: 144
    11:38:05,3656118 OWSTIMER.EXE
    6272 RegQueryValue
    HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\15.0\WSS\MS_InternalUse_Only_UpgradeableVersion
    NAME NOT FOUND Length: 144

  • Parental Controls -- Managed Account Time Limits

    My son's MacBook Air is running Mavericks OS X 10.9.3; MacBookAir6,1; Intel Core i5
    I set a 2 hour time limit per day and upon the 2 hours expiring, the system logs him off.  Then he shuts it and closes it for the night.
    However, upon opening it the next day, the login screen prompts him for a time extension.  It's a whole new day and the 2 hours should start over, but they don't.
    Worse, when I go to extend his time to let him log on, it sometimes gets caught in a loop of some sort where it will allow him back on per my administrator password to allow it.  It will allow him on for a split second, then immediately restrict him again saying he reached the maximum time limit and the administrator box shows up again.   The only way I've been able to fix this is by deleting his managed user profile, then adding it in again, once again defining all the parental control parameters, allowed websites, etc.  It's a pain.  I do try to have him log off at the end of his sessions thinking that it will help keeping things orderly, but if the computer cuts him off, I'm guessing that he was automatically logged out and I am not sure that's the case.  It cuts off his time (as it's supposed to) nonetheless.  Overall, it's as if the computer's date/time function doesn't factor in to the parental control settings.   How could Apple overlook such an obvious detail when planning for time limits?   Please, Apple, get these two parts of the OS working together.  So...
    Honey-Do List for Mavericks OS X Gurus
    Get the Date-Time settings to jive with Parental Controls; kill the loop that occurs when time extension requirement shows up first thing the next day
    Create a countdown timer of a sort for managed accounts that keeps the user aware of how much of their logon time is used/still left
    Pretty please 
    Thanks!

    I have found the most common way is simply this: he knows your administrator password. To see if this is the case just change your password (don't leave a sticky note laying around with the written down password on it please) and see if he's still able to get his way.
    Also, restrict access to applications like Terminal. Some Google searches could have shown him how to get stuff done through the command line.

  • Parental Controls Time Limits circumvented after upgrading to 10.6.5

    Sometime after upgrading to Mac OS 10.6.5, my son discovered a way to circumvent some of the time limits in Parental Controls.
    Here is the procedure: If I have allotted him 30 minutes, before his allotted time runs out, all he has to do is return to the Login Window (by any means) and then log in again. Doing this resets the time he has used up back to zero, meaning he gets another 30 minutes of computer use upon logging in (or whatever amount of time he was originally allotted). If he lets his time completely run out, the hack doesn't work.
    This didn't seem to be possible in Mac OS 10.6.4, but I don't know at what point my son discovered this hack. He likely discovered the hack by logging out to conserve his allotted time while he went to the bathroom, and upon logging back in, was treated with this lovely bonus.
    Not only would it be nice to have this security hole plugged, it would be nice to be able to check how much time is left (like, perhaps a countdown timer in the menu bar while my son is logged in) instead of having to wait for the pop up windows that gives 15-, 10-, and 5-minute warnings.

    Makes perfect sense to me that ending one session by logging out enables him to begin a new session by logging back in. I give the young man credit for figuring out how to get around this deficiency in Parental Controls, as, deep down, I'm sure you do, too.
    If you can't trust him to stick to his agreed upon half an hour a day, you can always (threaten to) lock him out of the computer for 23.5 hrs/day using the Bedtime settings. ; )

Maybe you are looking for