190
Chapter 15
User Accounts and Groups
User accounts in
WinRoute
improve control of user access to the Internet from the local net-
work. User accounts can be also used to access the
WinRoute
administration using the
Admin-
istration Console
or the
Web Administration
interface.
WinRoute
supports several methods of user accounts and groups saving, combining them with
various types of authentication, as follows:
Internal user database
User accounts and groups and their passwords are saved in
WinRoute
. During authenti-
cation, usernames are compared to the data in the internal database.
This method of saving accounts and user authentication is particularly adequate for net-
works without a proper domain, as well as for special administrator accounts (user can
authenticate locally even if the network communication fails).
On the other hand, in case of networks with proper domains (
Windows NT
or
Active
Directory
), local accounts in
WinRoute
may cause increased demands on administration
since accounts and passwords must be maintained twice (at the domain and in
WinRoute
).
Internal user database with authentication within the domain
User accounts are stored in
WinRoute
. However, users are authenticated at
Windows NT
or
Active Directory
domain (i.e. password is not stored in the user account in
WinRoute
).
Obviously, usernames in
WinRoute
must match with the usernames in the domain.
This method is not so demanding as far as the administration is concerned. When, for
example, a user wants to change the password, it can be simply done at the domain and
the change will be automatically applied to the account in
WinRoute
. In addition to this,
it is not necessary to create user accounts in
WinRoute
by hand, as they can be imported
from a corresponding domain.
Import of user accounts from Active Directory
If
Active Directory
(
Windows 2000 Server
or
Windows Server 2003/2008
) is used, auto-
matic import of user accounts from it can be enabled. It is not necessary to define ac-
counts in
WinRoute
, nor import them, since it is possible to configure templates by which
specific parameters (such as access rights, content rules, transfer quotas, etc.) will be set
for new
WinRoute
users. A corresponding user account will be automatically imported
upon the first login of the user to
WinRoute
. Parameters set by using a template can be
modified for individual accounts if necessary.
Note:
This type of cooperation with
Active Directory
applies especially to older versions
of
WinRoute
and makes these versions still compatible. In case of the first installation of
WinRoute
, it is recommended to apply transparent cooperation with
Active Directory
.
Summary of Contents for KERIO WINROUTE FIREWALL 6
Page 1: ...Kerio WinRoute Firewall 6 Administrator s Guide Kerio Technologies s r o...
Page 157: ...12 3 Content Rating System Kerio Web Filter 157 Figure 12 7 Kerio Web Filter rule...
Page 247: ...19 4 Alerts 247 Figure 19 14 Details of a selected event...
Page 330: ...Chapter 23 Kerio VPN 330 Figure 23 55 The Paris filial office VPN server configuration...
Page 368: ...368...