How To: Exclude users and/or groups from a Custom Access Policy

From burstekwiki
Jump to: navigation, search

Excluding a user(s) from a Custom Access Policy

  1. Open up the bt-WebFilter Console

  2. Left click on the Custom Access Policies

  3. In the right hand window pane, right click on your Policy and select Properties

  4. Click on the Exemptions tab and click the Add button, and select User or IP

  5. Select the user or type in the user name or IP address and click the OK button

  6. Click the Apply button, then the OK button

Excluding a Group(s) from a Custom Access Policy

With bt-WebFilter 4.50.26 and above, it is now possible to exclude nested Active Directory groups from their parent groups defined in a “Custom Access Policy”.

Nesting occurs when one group is made a member of another group, and the nested group inherits all of the privileges and permissions that are granted to the parent.

Consider the Following Example:

The members of the Active Directory group “Finance” who are a subgroup of the “Business Services” group need access to the “Financial” category in WebFilter but not all members of the “Business Service Group” should be granted access.

In the bt-Webfilter console, you can use the “Display Group Members” feature to locate and exempt the “Financial Group” from the Custom Access Policy.

To exempt members of one group from another group’s policy, do the following:

  1. Open up the ISA Management console

  2. Click the “+” next to Configuration

  3. Click on Networks

  4. On the Right pane, right click on the Internal, and select Properties

  5. Click on the Web Proxy tab

  6. Click on the Authentication button

  7. Integrated should already be checked. Check the box next to require all users to authenticate.

  8. Apply the changes

Personal tools