Chapter 13 User Accounts and Groups

The following operations will be performed automatically within each conversion:

substitution of any appearance of the local account in the WinRoute configuration (in traffic rules, URL rules, FTP rules, etc.) by a corresponding account from the Active Directory domain,

removal of the account from the local user database.

Accounts not selected for the conversion are kept in the local database (the collision is still reported). Colliding accounts can be used — the accounts are considered as two independent accounts. However, under these circumstances, Active Directory accounts must be always specified including the domain (even though it belongs to the primary domain); username without the domain specified represents an account belonging to the local database. However, as long as possible, it is recommended to remove all collisions by the conversion.

Note: In case of user groups, collisions do not occur as local groups are always indepen- dent from the Active Directory (even if the name of the local group is identical with the name of the group in the particular domain).

13.5 User groups

User accounts can be sorted into groups. Creating user groups provides the following benefits:

Specific access rights can be assigned to a group of users. These rights complement rights of individual users.

Each group can be used when traffic and access rules are defined. This simplifies the definition process so that you will not need to define the same rule for each user.

User groups Definitions

User groups can be defined in User and Groups Groups.

Domain

Use the Domain option to select a domain for which user accounts or other parame- ters will be defined. This item provides a list of mapped Active Directory domains (see chapter 13.4) and the local user database.

In WinRoute, it is possible to create groups only in the local user database. It is not possible to create groups in mapped Active Directory domains. It also not possible to import groups from the Windows NT domain or from Active Directory.

In case of groups mapped in Active Directory domains, it is possible to set only access rules (see below — step 3 of the user group definition wizard).

204

Page 204
Image 204
Kerio Tech Firewall6 manual User groups Definitions, 204