I'm re-configuring a small school network which is being connected to an ADSL Broadband connection for the first time, which has a number of XP clients and a SBS2003 server.
I've put a second network card in the server to connect to the router, which should allow me to use ISA server (which I must admit I have not used before).
There are two users defined - pupil and staff.
The requirements are:
* Email to be always available for all users
* Web access for the staff to be always available
* Web access for pupils to be easily enabled/disabled by staff, so
that it is only available when a staff member is supervising.
Email access is not currently but could be routed via Exchange. I
realise that ISA server can have schedules set, and can restrict
access to sites and so on, but I'm not sure about the best way to
achieve the third requirement.
A brutal way - since only staff have physical access to the server - is to switch email usage to Exchange and then allow staff to turn on or off the ADSL router box.
As a more elegant approach, I was wondering about something like setting a GPO so that pupils have the SBS server configured as an http proxy while staff have no proxy, and then have a script for staff which turns on and off ISA server proxying.
This would be easily defeated, but we are allowed to assume that pupils will not try to defeat restrictions (yeah, I was sceptical about that too, but that's what they told me).
While I think the above approaches are workable, I'm hoping there is are some better ways.
Any ideas or pointers?