Web filter & SSO2 Kerbmap filter - no logs in Win 2003

Similar Messages

• How to get user 'logged in' to ironport web filter without launching IE

  We have an issue with some employees who use third party programs that traverse the Internet.  These programs are 100% allowed by the organization as they are required for day to day business.  Some programs go over the Internet to communicate for certain reasons, such as a live chat help support, or ordering products, etc..
  The problem is that some of these users log in and never even touch Internet Explorer for awhile.  They will go on and start working right away.  Well if they don't try to access an Internet site via IE, then the Ironport does not 'log them in', and they are known as unauthenticated.  Of course this doesn't happen with everyone.  There's nothing wrong with people coming in a little early and checking the local news online.
  We were thinking up if it's possible to have each user 'touch' the ironport web filter in some way during a logon script, unbeknown to the end user, so that they are 'signed in' and whatever Internet connected application they launch has access through to the Internet.  Right now they need to at least launch IE and go to some site (say Google or MSN) and via NTLM credentials transparently passed through IE7, 8 or 9, they can simply close the page and go about their business.  Note: they MUST go to an external site.... not an internally hosted one (such as our Intranet, time clock or HR self service pages).
  So is there any commands we can put in via kix or bat or something that will say "Hey Ironport, %username% just logged in at 10.x.x.x".  Then maybe to make it more advanced, a logoff script that says "Hey Ironport, %username% just logged OFF of 10.x.x.x".  This way when our hourly timeout happens, they aren't immediately booted from their Internet applications (if they don't keep an IE window open that is).
  Right now our ASA Firewall uses WCCP to forward port 80 to the ironport web filter.  The Ironport is a transparent proxy.
  Thanks!

  So it looks like you are moving the authentication from the Ironport S160 to the ASA5500 series firewall?
  I guess we are looking at something simpler, like a way to 'touch' the internet and pass NTLM credentials, because then the Ironport knows who the user is.
  If the user does not 'touch' the internet with IE, and say they use some other program that does not pass NTLM credentials (say Firefox or live chat program, or an ftp program, etc...) They are likely to be blocked, because the Ironport doesn't know who they are.
  Your link seems to lead to a complicated setup for something that seems so simple.  I'm not sure how that relates to an Ironport S160.. it seems to focus on the ASA5500. Also we want it to be completely 100% transparent to the end user.
  This is how it worked with a Barracuda web filter appliance...
  A DCAgent program sat on each domain controller. As users logged in or out of the domain, this agent passed this current activity to the Barracuda web filter appliance.
  The Barracuda appliance knew exactly who was logged in because of this little program on the domain controller(s) that kept it updated. Based on this, policies could be assigned based on Active Directory group memberships. ie) HR and Marketing can access Facebook, while others cannot.
  I guess I'm looking for similar functionality with the Ironport S160. If there's any way the domain controller, or even the client PC can say "Hey Ironport, %username% is logged on here at %ip_address%". That way the Ironport would know who they are, and there would be no unnecessary authentication boxes (besides the user logging into the windows domain). They could use internet connected apps that do not pass NTLM authentication. I guess the client PC or the domain controller would also have to tell the IronPort when they signed off, just so we don't have to deal with authentication timeouts. This way, say they are in our internet chat help program... after an hour, it will cut out and disconnect them - because the IronPort forgets who they are (unless they are actively using the internet with IE).
  So for now, we just use the bypass option for the affected internet services.  The default browser is IE, so the reality is that we are not suffering any tremendous inconvienence.  It's just that we want to ensure we have the best robust solution, and we can handle these types of situations with programs other than IE accessing internet resources.

• Downloading through a web filter..

  I want to download iOS5 through a Sophos web filter but it times out with error 3259. What URL can I use to whitelist downloading from Apple?

  I have a similar problem. When I'm logged into my company's online bank, I sometimes need to e-mail some account transcripts, but the Adobe reader pop up a box, and telling it's been a fatal error, and need to be shut down. I couls easily do that before, but suddenly it don't work. What is the problem with this program? It really sucks!!

• After ios5 upgrade cant get out to the internet via wireless, it wont  get past our Smart Filter (web filter)

  I just upgraded my 3GS to IOS5, and now at work when i am connected to our WiFi I can no longer get out to the internet.
  A little back story on how it worked prior to ios5:
  I would connect via wireless, and then load Safari and type in a webpage I wanted to go to.  A pop up box would come up, to authenticate me on our Web filter server (Running Smartfilter), I woudl enter my regular Active Directory username and Password and boom, i could then surf to my hearts content.
  After the upgrade, I connect to the wireless, load Safari, type in the webpage i want to go to, and the progress bar moves abotu 3mm and then stops, I never get the smart filter prompt.
  I have tried a full reset on the phone, forget network, reset all network settings, I even tried putting in the IP address of the smart filter box as a proxy and still it doesnt work.  I have gone to smartfilters website to see if anyone else has posted there, or if there was a clue as to why it doesnt work, but nothing so far.
  anyone else having this problem? any ideas?
  If it wasnt broken, why would apple mess with it!  a LOT of companies run smartfilter as well as other web filters.  I thought apple was trying to seduce corporate customers, and so far a lot of poeple are dissapointed that they cant get to the internet.
  tha
  nks in advance for any assistance.
  j

  I am having the same problem.  The issue also occurs with Safari on Mac OS 10.7.  I work for a school and I am sure that other schools are using smartfilter too.

• Problem with my company's web filter, Barracuda when I try to access the internet

  I'm having problems accessing the internet on my tour.  Ever since my company put me on their BlackBerry Enterprise Server it appears that when accessing certain web sites the Barracuda web filter comes on.  It's so frustrating... on top of it my company doesn't pay for my phone at all.  Therefore, I do use my BlackBerry for personal as well as business. 
  I spoke with the IT guy and he initially thought it was the Desktop Software I downloaded to my computer, but we have uninstalled it and re-booted my phone and it's still happening.  I called Verizon Wireless and they tell me that it's because I'm on the company's enterprise server and that I am tied to their internet service and that's why I'm getting the Barracuda access denied on certain sites that they have restricted.  I am incredibly frustrated and don't know what to do...  I want to stay on their server because of the push email and the synchronization  for all my contacts and calendar.  Any help is much appreciated...
  Thanks.
  TinaMarie

  mabbas wrote:
  The blackberries are designed to send everything through the corporate network, when using an Enterprise Server.
  Hi and Welcome to the Forums!
  Just to be sure that this is clear -- they are not "designed" as you state...rather, the BES admins can force all Internet traffic through BES (and thereby apply filters) or they can allow it to go direct through the carrier network. The IT Policy placed onto the device at BES activation is in control of how the traffic flows.
  Cheers!
  Occam's Razor nearly always applies when troubleshooting technology issues!
  If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
  Join our BBM Channels
  BSCF General Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code

• How to display the bw-variables in webi Filter

  Hi,everyone,
       When I  set default values ( ex. last month ) to BW-variables in the BW enhanmance, this default valuse can not display in webi. I use the routing: BW-QUERY --> Universe --> webi. So I hope to display the BW-variable in the Webi filter, with which ,I can set the default values . Could you help me?

  Thanks for your help again. I create the universe after had coded  the enhanmance of BW variables.  The engine type universe connection is SAP Business Warehouse.
  So I can see the variables when run the webi query or run the webi but not showing the default value. But the default value effect if I do not set value in prompt.

• What is a web filter and why is it prevetning me from using firefox?

  Firefox allows me to search on google but as soon as i click the next link/to go on the page i want is doesnt work. Instead it talks about a web filter saying that the page i tried to visit could not be checked by web filter. This also happens when i use internet explorer. How do i fix this?

  A web filter can be a piece of software installed on your computer, or on a network you are connected to that checks the content of the sites you are trying to visit. Talk to the owner of the network you are trying use, or the owner of the computer.
  It's also possible you have malware, try scanning for malware with the directions at [[Troubleshoot Firefox issues caused by malware]]

• Best Web Filter and Application control for K-12 School using Chromebooks

  Sophos UTM has good education pricing and provides all this and a lot more
  Wil replace the firewall and has excellent web filtering and application control
  Also nice features for education like allowing google apps but limiting to your google domain

  We are currently using Barracuda Web Filter (410) with a Watchguard firewall. This school year we are launching Google for Education with 160 Chromebooks to start the program.
  We need to upgrade our webfilter and are considering another Barracuda as well as Litespeed, Websense and perhaps OpenDNS. 
  is there anyone who is in a similar situation that has some recommendation?
  Here are a few more details:
  School is 900+ students
  300 wired workstations
  Active directory environment
  Ruckus Wireless with 30+ access points
  This topic first appeared in the Spiceworks Community

• Uploading a text file from webi filter area as part of the query condition

  Post Author: balasura
  CA Forum: Publishing
  Requirement : Uploading a text file from webi filter area as part of the query condition Hi, I am in a serious requirement which I am not sure available in BO XI. Can some one help me plz. I am using BO XI R2, webi I am generating a ad-hoc report, when I want to give a filter condition for a report, the condition should be uploaded from a .txt file. In the current scenario we have LOV, but LOV could hold only a small number of value, my requirement is just like a lov but the list of values will be available in a text file ( which could number to 2000 or 2500 rows). I would like to upload this 2500 values in the form of a flat text file to make a query and genrate report. Is it possible in BO XI? For Eg:- Select * from Shipment Where u201CShipment id = u2018SC4539u2019 or Shipment id = u2018SC4598u2019u201D The u201Cwhereu201D condition (filter) which has shipment id will be available in a text file and it needs to be loaded in the form of .txt file so that it will be part of the filter condition. Content of a .txt file could be this shipment.txt =============== SC4539 sc2034 SC2343 SC3892 . . . . etc upto 2500 shipment Ids I will be very glad if some could provide me a solution. Thanks in advance. - Bala

  Hi Ron,
     This User does not have the access to Tcode ST01.
     The user executed Tcode SU53 immediately following the authorization failure to see the authorization objects. The 'Authorization obj' is blank and under the Description it has 'The last Authorization check was successful' with green tick mark.
    Any further suggestions, PLEASE.
  Thanks.

• Web Filter Recommendations

  Hi All,I have a couple of computers that are in need of some kind of web filtering. They run 24/7 and are out in the boonies somewhere where the nights are long and boring. Thus the night shift likes to surf the web to pass the time. This is causing issues, such as a crypto locker variant that has now rendered one of the machines useless. This is costing money as operating out there without a computer causes major production problems. To that end, I am looking for a web filter that I can use on these machines that wont necessarily require a huge amount of trial and testing, talking to sales people, getting quotes, etc. While an enterprise solution would be nice, for now I just need to put something on these 2 machines, quickly and relatively inexpensively that will allow me to block traffic to all web sites except those deemed...
  This topic first appeared in the Spiceworks Community

  Josh,
  I have 10,000 wireless devices. I call BS. You are right some vendor / dept yelled loud enough .. I feel for you.. It will be a up hill battle.
  I would do this . Create a standard that will get most devices to conform to. Some older medical devices wont be able to do AES. So you may be stuck with a WPA/TKIP security.
  Good luck .. hit me up on my blog my80211.com if you have specific questions. Ill see what I can do to help .. We likely run the same equipment and apps and have good relationships with some of the vendors.
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
  ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

• Symantec web filter cloud server with wccp

  Hi All,
  My web filter is now from symantec cloud.  Which I created a vm windows 2008 r2 and install the client site proxy.  So all user now are using proxy settings on that local server IP with the port 3128.  
  Is it possible to make that server connect to wccp on cisco asa 5515x?  It's annoying to have proxy settings especially on smart phones.  I don't know if symantec have a linux CSP version, maybe wccp will work fine with a linux server.
  Thanks and more power.

  Hello Phillipe,
  Yes, You nail it down.
  With this Setup the asa is going to generate a Router ID and Just like OSPF is going to use the higher Ip . In this scenarios should use the interface where the Iron port is. But sometimes the higher is the outside interface ( public one) so we are going to have an issue and there is no solution . The Iron Ports servers can handle this. Other than those ones cannot.
  Just like OSPF is going to use the higher Ip as the Router Identifier so when he SENDS the packets to the server is going to send it with the wrong ip
  Regards

• Web filter policy route

  Hello,
  We currently have our gateway / web filter routing setup in this manor:
  lan --- 2921 ---asa(firewall) ---internet
            |
             ------  web filter
  So the traffic destined to the internet that is not supposed to be filtered goes right through the router to the asa.  The traffice that is destined to be filtered gets policy routed to the web filter which then gets routed back to the 2921 and out to the asa.  This is a bad design, I will admit that.
  What I want to do is this:
  lan - 2921 --- asa(firewall) --- internet
            |                    |
            --- web filter ---
  With this change the traffic will not have to go back to the router and then back out to the asa.  This will cut the traffic going through the router in half, which will result in lower cpu usage.
  My question about changing this is as follows.
  The asa has a route to the lan networks that are getting filtered.  Lets say they are 172.16.0.0/16.  The route comes from the lan which is advertiesed to the router which in turn is advertized to the asa.  If I use a route-map to policy route certain networks to the web filter, will the return traffic go back through the web filter or will it go back directly to the router?  I don'th have a spare ASA to test this with.
  Thanks,
  Dan.

  not possible.
  If you want this behavior, you can achieve it by source nating on the next-hop all traffic going to the CSS. This will force the CSS to responds back to the nated ip address on the same interface.
  Gilles.

• [Server 2008R2] Filter event logs for logged in users from clients on domain

  Hi All,
  I am looking for a script which can be run on a domain controller to check which user accounts logged in on the domain. I am looking for both the username and client. Reason why I need this is to check where service accounts are used.
  Thanks.
  Kind regards,
  Bart
  Bart Timmermans | Consultant at inovativ
  Follow me @
  My Blog | Linkedin |
  Twitter
  Please mark as Answer, if my post answers your Question. Vote as Helpful, if it is helpful to you.

  Hi Bart,
  To parse the event log, you can refer to the cmdlet "Get-WinEvent", and how to use this cmdlet to parse event log, please check this article, you can also add the "-computername" to query event log from remote computers:
  Use PowerShell Cmdlet to Filter Event Log for Easy Parsing
  To monitor the logon history, please check this function to start:
  function Get-Win7LogonHistory {
  $logons = Get-EventLog Security -AsBaseObject -InstanceId 4624,4647 |
  Where-Object { ($_.InstanceId -eq 4647) -or (($_.InstanceId -eq 4624) -and ($_.Message -match "Logon Type:\s+2")) -or (($_.InstanceId -eq 4624) -and ($_.Message -match "Logon Type:\s+10")) }
  $poweroffs = Get-EventLog System -AsBaseObject -InstanceId 41
  $events = $logons + $poweroffs | Sort-Object TimeGenerated
  if ($events) {
  foreach($event in $events) {
  # Parse logon data from the Event.
  if ($event.InstanceId -eq 4624) {
  # A user logged on.
  $action = 'logon'
  $event.Message -match "Logon Type:\s+(\d+)" | Out-Null
  $logonTypeNum = $matches[1]
  # Determine logon type.
  if ($logonTypeNum -eq 2) {
  $logonType = 'console'
  } elseif ($logonTypeNum -eq 10) {
  $logonType = 'remote'
  } else {
  $logonType = 'other'
  # Determine user.
  if ($event.message -match "New Logon:\s*Security ID:\s*.*\s*Account Name:\s*(\w+)") {
  $user = $matches[1]
  } else {
  $index = $event.index
  Write-Warning "Unable to parse Security log Event. Malformed entry? Index: $index"
  } elseif ($event.InstanceId -eq 4647) {
  # A user logged off.
  $action = 'logoff'
  $logonType = $null
  # Determine user.
  if ($event.message -match "Subject:\s*Security ID:\s*.*\s*Account Name:\s*(\w+)") {
  $user = $matches[1]
  } else {
  $index = $event.index
  Write-Warning "Unable to parse Security log Event. Malformed entry? Index: $index"
  } elseif ($event.InstanceId -eq 41) {
  # The computer crashed.
  $action = 'logoff'
  $logonType = $null
  $user = '*'
  # As long as we managed to parse the Event, print output.
  if ($user) {
  $timeStamp = Get-Date $event.TimeGenerated
  $output = New-Object -Type PSCustomObject
  Add-Member -MemberType NoteProperty -Name 'UserName' -Value $user -InputObject $output
  Add-Member -MemberType NoteProperty -Name 'ComputerName' -Value $env:computername -InputObject $output
  Add-Member -MemberType NoteProperty -Name 'Action' -Value $action -InputObject $output
  Add-Member -MemberType NoteProperty -Name 'LogonType' -Value $logonType -InputObject $output
  Add-Member -MemberType NoteProperty -Name 'TimeStamp' -Value $timeStamp -InputObject $output
  Write-Output $output
  } else {
  Write-Host "No recent logon/logoff events."
  Get-Win7LogonHistory
  Refer to:
  https://github.com/pdxcat/Get-LogonHistory/blob/master/Get-LogonHistory.ps1
  If there is anything else regarding this issue, please feel free to post back.
  If you have any feedback on our support, please click here.
  Best Regards,
  Anna Wang
  TechNet Community Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• BB Internet Browser traffic flowing thru company web filter

  I have a BES server, with all users on corporate email.
  When using the BB handset to access a website, some users are blocked
  from certain sites by the corporate web filter.  Others are not.
  I did not know any BB Handset internet traffic was routed thru the
  corporate internet network.  What determines this?  Why are some
  going thru the filter, while others do not?
  Thanks for the help.

  While they are on your corporate BES, all traffic that is through the blackberry browser goes through the BES.  On the blackberry, you can change the browser to the device browser or another one of your choosing, but the blackberry browser is for interal usage. Just have the user use a diffrent web browser on his blackberry if he really wants to get around it.
  If someone helped you give them kudos. Research all info!

• Configuring your web-filter to sync iPads with the cart.

  Just to let everyone know who is in the school systems using iPads with sync-carts, when you try to use the Apple Configurator and your behind a web filter you need to allow a certain IP address so you can communicate with apple. I kept getting an error that said " retreiveing iOS information from apple" then it would time out and get an internet error.
  The IP address that I allowed was 17.154.66.38.
  This IP needs contacted so that Apple can communicate with your iPads and register them or something IDK but I know now that it works and i'm happy.
  I used Activity Monitor to check what IP or port the program was trying to access and sure enough it was 17.154.66.38.
  I hope this helped some tech people out their, hence their is no resource for this important step in iPad deployment.

  Just to let everyone know who is in the school systems using iPads with sync-carts, when you try to use the Apple Configurator and your behind a web filter you need to allow a certain IP address so you can communicate with apple. I kept getting an error that said " retreiveing iOS information from apple" then it would time out and get an internet error.
  The IP address that I allowed was 17.154.66.38.
  This IP needs contacted so that Apple can communicate with your iPads and register them or something IDK but I know now that it works and i'm happy.
  I used Activity Monitor to check what IP or port the program was trying to access and sure enough it was 17.154.66.38.
  I hope this helped some tech people out their, hence their is no resource for this important step in iPad deployment.