Force start page in browser to Appropriate Use Policy?
I'm looking for a way to force the first page that is seen by any user opening a browser. I've seen it in hotels, but never been able to figure out how they do it.
I want the first page the browser opens to be our Appropriate Use Policy. I know how to do this through AD, but I want it to work like it would if I walked in off the street into a hotel and plugged in my laptop. How do they force your browser to that start page?
Thanks,
RushB
I want the first page the browser opens to be our Appropriate Use Policy. I know how to do this through AD, but I want it to work like it would if I walked in off the street into a hotel and plugged in my laptop. How do they force your browser to that start page?
Thanks,
RushB
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
dvt_localboy,
No offense bro...but what he means is he wants the page to display all the time, period, whenever any computers plugs into his network...whether he has immediate control over that machines local settings or not...
**********************
RushB,
Many firewall/routers offer the feature of opening a whole seperate page with an Appropriate Usage policy(or whatever you want there) that the user has to accept before being allowed to access the internet. This is what I would suggest, assuming you have it in your budget. Sonicwall offers this on the TZ-170 and above I think, though it is not the cheapest solution, it does offer alot of extra security/monitoring etc...I am sure many other brands offer something comparable.
Hope this helps,
1_UP
No offense bro...but what he means is he wants the page to display all the time, period, whenever any computers plugs into his network...whether he has immediate control over that machines local settings or not...
**********************
RushB,
Many firewall/routers offer the feature of opening a whole seperate page with an Appropriate Usage policy(or whatever you want there) that the user has to accept before being allowed to access the internet. This is what I would suggest, assuming you have it in your budget. Sonicwall offers this on the TZ-170 and above I think, though it is not the cheapest solution, it does offer alot of extra security/monitoring etc...I am sure many other brands offer something comparable.
Hope this helps,
1_UP
oops sorry my bad...i didn't read thoroughly
slap@me
slap@me
as an addition...m0n0wall does not need to be the only firewall used. I use it behind ASA appliances to keep the "public" traffic completely seperate from my internal traffic.
dvt_localboy,
No prob, man...happens.
1_UP
No prob, man...happens.
1_UP
ASKER
I have a Fortinet there, but can't find that in the options. I have a Cisco 565 cache engine, but can't find anything there either. Got a 3640 router, and a 6509 behind it, can't find anywhere to do it there either. The Fortinet firewall seems like the logical place, but I haven't been able to find a place to do it. Is there a way with any of the equipment I already have?
Cisco 3640->Fortinet 300->565 Cache Engine->Cisco 6509->Win 2k3 servers doing DNS and DHCP.
Thanks,
RushB
Cisco 3640->Fortinet 300->565 Cache Engine->Cisco 6509->Win 2k3 servers doing DNS and DHCP.
Thanks,
RushB
RushB,
I searched around on each of the units info online, but I couldn't find anything relating to page delivery...also are your user required to log-in to any of the units(locally or through RADIUS) as they come on the network??? If so then the unit where login takes place is where to look...
Sorry I couldn't find anything about your specific equipment :(
1_UP
I searched around on each of the units info online, but I couldn't find anything relating to page delivery...also are your user required to log-in to any of the units(locally or through RADIUS) as they come on the network??? If so then the unit where login takes place is where to look...
Sorry I couldn't find anything about your specific equipment :(
1_UP
Hmmm... I'm taking a variation on dvt's idea, but automating it through AD... if all the clients are part of a Windows AD Domain. --without having to configure network hardware or purchase new hardware.
Big Pic: Point IE (through a group policy) to use a local "Acceptable Use" html file at IE startup (Default Webpage).
1. Create an "Acceptable Use Policy" html file and place it on an accessable network share.
2. Tweek logon scripts to copy the "Acceptable Use Policy" file to the local computer in a standardized location for each computer (say, c:\winnt\aup.html)
3. Create a Group Policy (Domain Policy) to tweek IE to force the default web page to point to the local "aup.html" file on opening IE.
This policy would continue to be applied if a laptop is in the office or out of the office...
Hope it helps,
Scooter
Big Pic: Point IE (through a group policy) to use a local "Acceptable Use" html file at IE startup (Default Webpage).
1. Create an "Acceptable Use Policy" html file and place it on an accessable network share.
2. Tweek logon scripts to copy the "Acceptable Use Policy" file to the local computer in a standardized location for each computer (say, c:\winnt\aup.html)
3. Create a Group Policy (Domain Policy) to tweek IE to force the default web page to point to the local "aup.html" file on opening IE.
This policy would continue to be applied if a laptop is in the office or out of the office...
Hope it helps,
Scooter
ASKER
That's what I am doing currently, but I want to get those laptops that a guest might bring in to my district. So I need a way to throw up the AUP to those not in AD.
Thanks,
RushB
Thanks,
RushB
errrr... sorry. Need to work on my question reading skills...
I had another thought...I bet a proxy server would be the easiest way to go(assuming you have'nt figured out a way to do it on your firewall)...
1_UP
1_UP
m0n0wall will allow you to do it without changing anything on the workstation. All of the AD - IE solutions are too dependant on items you do not control. The depend on either control of the workstation or forcing a browser type. A proxy server would require settings to the browser, unless it is an in-line proxy, in which case you will break all sorts of other internet access. There are other products that do the captive portal, however m0n0wall is free, and is fairly well documented. It does not require any particular hardware, just an old pc with two nic cards (bootable ISO is available for download with configs being saved on a floppy disk)... I am very familar with fortinet and the cisco products and the ones you have do not allow the captive portal configuration, however depending on the sup modules in the 6509, you could use policy based routing to get the internet requests to go through the m0n0wall to use it as the solution.
It's free and it works.
in IE. Click
tools,
Internet Options,
Under the General Tab.
Set the required link as your Homepage Address.
In Firefox it's pretty similar
Tools,
Options,
Set the required link as your Locations