How To: Allow a specific Website for a Single User

From burstekwiki
Jump to: navigation, search

Allowing a specific website for a specific user(s)

To allow access to certain websites for certain users, there are two methods that can be used:

Option 1 – Create a Custom Access Policy to deny the specific website(s), and exclude the desired user(s):

  1. Exclude the websites/masks from their current category

  2. Include the websites/masks into a new custom category

    Note Note: Be sure to exclude the domain of the redirect page that will be used from the new category (i.e. *.burstek.com/*;*//burstek.com/*). This will ensure that the redirect page is displayed when the new category is blocked.

  3. Create a new Custom Access Policy that will deny the newly-created category with the desired website(s).

  4. Apply the newly-created Custom Access Policy to all desired users

  5. Either exempt, or do not apply the CAP to the users that should have access to the newly-created category.

    As an example:

    • User JDoe has a Custom Access Policy, named CAP1, which is applied to a group that he is a part of. CAP1 blocks the Social Networking category.

    • You want JDoe to be allowed to http://www.facebook.com, but don’t want the rest of the AD group to be allowed to this site.

Follow the below steps to implement the desired filtering:

  1. Exclude the following masks from the ‘Social Networking’ category:

    *//facebook.com/*;*.facebook.com/*;www.facebook.com:443
  2. Create a ‘Facebook’ category, and include the same masks that were excluded from the ‘Social Networking’ category:

    *//facebook.com/*;*.facebook.com/*;www.facebook.com:443
  3. Exclude the domain that is used for the redirect page from the new ‘Facebook’ category (i.e. for the default redirect page, *//burstek.com/*;*.burstek.com/* should be excluded)

  4. Create a new Custom Access Policy (named CAP2 for this example) to deny the ‘Facebook’ category.

  5. Add the new ‘Facebook’ category to the deny tab of CAP2.

  6. Apply CAP2 to all users that should be denied from the ‘Facebook’ category.

  7. Exempt the desired users from CAP2, so that they are able to access to ‘Facebook’.

Note Note: Nested groups can also be included in the ‘Exemptions’ tab of a Custom Access Policy.

Option 2 – Duplicate the policy, while excluding the desired website(s):

  1. Exclude the websites/masks from their current category

  2. Include the websites/masks into a new custom category

    Note Note: Be sure to exclude the domain of the redirect page that will be used from the new category (i.e. *.burstek.com/*;*//burstek.com/*). This will ensure that the redirect page is displayed when the new category is blocked.

  3. Ensure that the old Custom Access Policies that blocked the sites through the old category now block the additional category as well.

  4. Exclude the user(s) from the Custom Access Policies that block the new category

  5. Create a new Custom Access Policy that blocks the same categories, except for the newly created one.

As an example:

  • User JDoe has a Custom Access Policy, named CAP1, which is applied to a group that he is a part of. CAP1 blocks the Social Networking category.
  • You want JDoe to be allowed to http://www.facebook.com, but don’t want the rest of the AD group to be allowed to this site.


Follow the below steps to implement the desired filtering:

  1. Exclude the following masks from the ‘Social Networking’ category:

    *//facebook.com/*;*.facebook.com/*;www.facebook.com:443
  2. Create a ‘Facebook’ category, and include the same masks that were excluded from the ‘Social Networking’ category:

    *//facebook.com/*;*.facebook.com/*;www.facebook.com:443
  3. Exclude the domain that is used for the redirect page from the new ‘Facebook’ category (i.e. for the default redirect page, *//burstek.com/*;*.burstek.com/* should be excluded)

  4. In CAP1, add the new ‘Facebook’ category to the deny tab.

  5. Exempt user JDoe from CAP1.

    Note Note: Nested groups can also be included in the ‘Exemptions’ tab of a Custom Access Policy.

  6. Create a new Custom Access Policy for user JDoe (CAP2). This CAP should deny the same categories as CAP1, minus the ‘Facebook’ category.

  7. Apply CAP2 to user JDoe. To do this:

    1. Right-click your domain under ‘Access Rules’, then click ‘Properties’

    2. Click the ‘Individual Rights’ tab

    3. Click the ‘Add’ button, then add the ‘JDoe’ user

    4. Click ‘Edit’ and navigate to the ‘Custom Access Policies’ tab

    5. Select the newly created Custom Access Policy (CAP2)

Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox