A great Web Filtering Solution

Do you have a useful link that involves the Church and the technology discussed on this site? Post your links and resources here.
russellhltn
Community Administrator
Posts: 31512
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#21

Post by russellhltn »

Techgy wrote:Second, the family history machines do not require the 5.5 desktop since they're not administrative machines.
Correct. In fact FHC machines should NOT be running Desktop 5.5

So the Landisk isn't an issue on the FH machines.
This tells me you aren't running the FHC as intended. FHC computers haven't been discussed much in this forum and if I didn't belong to some email lists I might not know about it myself.

You'll find LANDesk for FHCs at http://remote.familysearch.org/. Once the FHC version of LANDesk has been downloaded, you can obtain Symantec Antivirus as well as some other software such as DeepFreeze. It's also the method for obtaining the security certificates that is needed to access the FHC Portal that gives FHCs access to certain on-line sites.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
User avatar
mkmurray
Senior Member
Posts: 3233
Joined: Tue Jan 23, 2007 9:56 pm
Location: Utah
Contact:

#22

Post by mkmurray »

Techgy wrote:Since the ASA doesn't block the use of Email, I use the proxy to specify enhance the restrictions on these machines. I have all Email blocked and only allow sites that are related to family history. This hasn't been an issue since most everyone is currently using NFS in our stake anyway. Although we do permit, Ancestry, Rootsweb and a few other popular ones.
While I certainly understand the concern and the advantages in security that come with restricting such access, I personally would hate to not be able to email another individual for communication purposes while doing Family History work.

Do every one of those sites allow for some type of messaging system from within the domain of their site (since you allow only certain domains)? I doubt it, but perhaps I'm wrong.
techgy
Community Moderators
Posts: 3183
Joined: Sun Jan 13, 2008 6:48 pm
Location: California

#23

Post by techgy »

RussellHltn wrote:Correct. In fact FHC machines should NOT be running Desktop 5.5




This tells me you aren't running the FHC as intended. FHC computers haven't been discussed much in this forum and if I didn't belong to some email lists I might not know about it myself.

You'll find LANDesk for FHCs at http://remote.familysearch.org/. Once the FHC version of LANDesk has been downloaded, you can obtain Symantec Antivirus as well as some other software such as DeepFreeze. It's also the method for obtaining the security certificates that is needed to access the FHC Portal that gives FHCs access to certain on-line sites.
These are not official FHC's. They're class rooms in each facility with a couple of computers in each room.
techgy
Community Moderators
Posts: 3183
Joined: Sun Jan 13, 2008 6:48 pm
Location: California

#24

Post by techgy »

mkmurray wrote:While I certainly understand the concern and the advantages in security that come with restricting such access, I personally would hate to not be able to email another individual for communication purposes while doing Family History work.

Do every one of those sites allow for some type of messaging system from within the domain of their site (since you allow only certain domains)? I doubt it, but perhaps I'm wrong.
Not being able to use Email hasn't been an issue. I've not had any complaints and activity is good.
Our efforts at the time are centered around teaching the membership how to use NFS, which was only recently activitated in our stake. When we started our efforts years ago we didn't have the proxy. We had problems with downloading software, music and other uses that were not centered around FH. So I added the proxy to tighten things a bit. At first we had the proxy setup so that we only prohibited certain activities. Most of the Internet was still open. However, a log was maintained. When I checked the logs periodically I'd still find downloading of software and other uses that were not conducive to FH research. Think of it this way. Why do they have locks on the lockers of the temple dressing room?
russellhltn
Community Administrator
Posts: 31512
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#25

Post by russellhltn »

Techgy wrote:These are not official FHC's. They're class rooms in each facility with a couple of computers in each room.
Ah, what I call Family History Workrooms :)

Techgy wrote:We had problems with downloading software, music and other uses that were not centered around FH.
I find setting users to "Users" (not power users) puts a stop to many things. Installs become difficult.

Another of my tricks for severely locked down machines to so set the "Internet Zone" to "High Security". So the Internet as a whole is treated the same as the "Restricted Zone". Then elevate the "Trusted Zone" to "Medium-High" (this is the default for "Internet"). Now add the sites that you allow to the trusted zone. You can use wildcards such as "*.familysearch.org", "*.lds.org", etc.

Of course given the limited usage, a password, either in Windows or in th BIOS is not out of the question.

Is there a way to install the proxy software on the machine itself, so there's no need for a "server"?
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
techgy
Community Moderators
Posts: 3183
Joined: Sun Jan 13, 2008 6:48 pm
Location: California

#26

Post by techgy »

Russell,

When we first started this process we tried several ideas among them some of what you suggested including using the content advisor in IE. They worked but each of these "fixes" required individually configuring each workstation. With about 16 computers spread around the stake, I needed a solution that didn't involved this level of contact.

The proxy gives me a way of modifying only 1 computer in each building and the others feed off of it. Works like a charm. The logon accounts are also limited. The only thing that's necessary at the workstation level is to direct the browser to the proxy. It's not bullet-proof as anyone with a little smarts can go around this with a click of the mouse, but it works well enough that we haven't had any problems.

Lest anyone get confused, these computers are in "Family History Workarea" :) and include the ASA 5505 Firewall. They are not official FH center computers and in fact a few of them are older model P3's and wouldn't support the landesk, etc.
russellhltn
Community Administrator
Posts: 31512
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#27

Post by russellhltn »

Understood. Always good to have more tools in the toolbox.

Can this software work for a single PC install? In other words the client is it's own server?
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
cvacanti-p40
New Member
Posts: 13
Joined: Sun Feb 10, 2008 7:13 pm
Location: Omaha, NE, USA

K9 Rocks!!

#28

Post by cvacanti-p40 »

I have taught many classes and always recommend K9...it is the BEST app on the market (and yet it's free).
techgy
Community Moderators
Posts: 3183
Joined: Sun Jan 13, 2008 6:48 pm
Location: California

#29

Post by techgy »

RussellHltn wrote:Understood. Always good to have more tools in the toolbox.

Can this software work for a single PC install? In other words the client is it's own server?
Yes, but it would require you to configure each pc individually and although it would work, it's a lot of extra work. It's much easier to just set all the pc's up in a peer-to-peer configuration and choose of them as the "server" or primary machine. Put the proxy on this machine and configure it as you wish. The point the browsers of the other pc's to this proxy.

I wouldn't recommend trying this on the ward admin machines. But, it works great on the older pc's that are often found in an "unofficial" family history (FH) classroom.

As I said, it's not bullet-proof, but it is easy to set up and gives you a lot of freedom.
Have you read the Code of Conduct?
russellhltn
Community Administrator
Posts: 31512
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#30

Post by russellhltn »

Techgy wrote:I wouldn't recommend trying this on the ward admin machines.
Unfortunately, that's exactly what I was thinking about. A way to limit the Admin machines over and above what might be available on the network.

Suggestions?
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
Post Reply

Return to “Links & Resources”