[windows2000] Re: Porn Crazy Users!
- From: "Chris Berry" <compjma@xxxxxxxxxxx>
- To: windows2000@xxxxxxxxxxxxx
- Date: Fri, 22 Aug 2003 13:02:37 -0700
From: Chris Berry [mailto:compjma@xxxxxxxxxxx]
From: "Durbin, Jeff" <jdurbin@xxxxxxxxxxxxxxxxxxx>
I've been hired to migrate the company to AD and Exchange 2000. Yes,
I'm working on a client's system. Yes, the employees are downloading
porn. I've been asked by the network administrator for advice on how to
eliminate the users-downloading-porn problem. I don't have the power to
fire anyone (nor does the network manager).
Three big questions:
1) Is there any budget available for this or does it have to be free?
2) Are Linux solutions acceptable?
3) Can it be per machine, or does it have to be by AD or some other
identifier such as a password?
From: "Durbin, Jeff" <jdurbin@xxxxxxxxxxxxxxxxxxx>
1. There is not budget, but that doesn't mean they won't find some money
if it's required to solve the problem.
Well the "microsofty" way to do it would be to buy ISA server $1337.00 at
www.atomicpark.com This lets you set everything according to AD group
memberships, requires a client to be installed on each machine. I have used
this successfully, and as long as you are a MS only shop it works fine, but
it doesn't play well with mac or linux clients.
2. I've finished the AD/Exchange project that raised the issue, so
fixing the problem is really off my plate for now, although they may
hire us to implement a solution. If it does fall to the network admin,
he doesn't know much about Linux. So, the answer is 'maybe'.
There are number of different ways that this could be accomplished, for
someone who isn't much of a linux guru I recommend installing an IPCOP
firewall (which includes a proxy/ids/ssh etc) and set up either ncsa or
winbind authentication. (this requires some minor editing of files, but
there are a number of good howto's out there) IPCOP is an image distro so
basically you just download, burn, install, it's pretty easy and can be up
and running in under an hour.
3. It would be preferable to have it work per user, but by machine would
probably acceptable, as that's how it was done in the past.
A simple free solution if per machine is acceptable is just to use the built
in win2k port filtering and block port 80.
Please don't top post, it messes up the archives and makes me cranky.
Chris Berry
compjma@xxxxxxxxxxx
Systems Administrator
JM Associates
"Conciousness: that annoying time between naps."
_________________________________________________________________
Enter for your chance to IM with Bon Jovi, Seal, Bow Wow, or Mary J Blige
using MSN Messenger http://www.msnmessenger-download.com/imastar
********************************************************
This Week's Sponsor - RTO Software / TScale
What's keeping you from getting more from your terminal servers? Did you know, in
most cases, CPU Utilization IS NOT the single biggest constraint to scaling up?!
Get this free white paper to understand the real constraints & how to overcome
them. SAVE MONEY by scaling-up rather than buying more servers.
http://www.rtosoft.com/Enter.asp?ID=148
**********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
Other related posts:
