User accounts can be sorted into groups. Creating user groups provides the following benefits:
Specific access rights can be assigned to a group of users. These rights complement rights of individual users.
Each group can be used when traffic and access rules are defined. This simplifies the definition process so that you will not need to define the same rule for each user.
User groups can be defined in
.Use the Domain option to select a domain for which user accounts or other parameters will be defined. This item provides a list of mapped Active Directory domains (see chapter 15.4 User accounts in Active Directory — domain mapping) and the local user database.
In WinRoute, it is possible to create groups only in the local user database. It is not possible to create groups in mapped Active Directory domains. It also not possible to import groups from the Windows NT domain or from Active Directory.
In case of groups mapped in Active Directory domains, it is possible to set only access rules (see below — step 3 of the user group definition wizard).
The Search engine can be used to filter out user groups meeting specified criteria.
The searching is interactive — each symbol typed or deleted defines the string which is evaluated immediately and all groups including the string in either Name or Description are viewed. The icon next to the entry can be clicked to clear the filtering string and display all groups in the selected domain (if the Search entry is blank, the icon is hidden).
The searching is helpful especially when the domain includes too many groups which might make it difficult to look up particular items.
In the Domain combo box in Groups, select Local User Database.
Click
to start a wizard where a new user group can be created.Group name (group identification).
Group description. It has an informative purpose only and may contain any information or the field can be left empty.
Using the 15.1 Viewing and definitions of user accounts).
and buttons you can add or remove users to/from the group. If user accounts have not been created yet, the group can be left empty and users can be added during the account definition (see chapterWhen adding new users you can select multiple user accounts by holding either the Ctrl or the Shift key.
The group must be assigned one of the following three levels of access rights:
Users included in this group cannot access the WinRoute administration.
Users included in this group can access the WinRoute administration. However, they can only read the records and settings and they are not allowed to edit them.
Users in this group have full access rights.
Additional rights:
User belonging to the group can customize personal web content filtering settings (see chapter 15.2 Local user accounts).
This option allows its members one-shot bypassing of denial rules for blocked websites (if allowed by the corresponding URL rule — see chapter 12.2 URL Rules). All performed unlock actions are traced in the Security log.
If the Internet connection uses dial-up lines, users of this group will be allowed to dial and hang up these lines in the Web interface (see chapter 11 Web Interface).
Members of the group can connect to the local network via the Internet using the Kerio VPN Client (for details, see chapter 23 Kerio VPN).
Members of this group will be allowed to access shared files and folders in the local network via the Clientless SSL-VPN web interface.
The Clientless SSL-VPN interface and the corresponding user right in WinRoute is available for Windows only. For details, see chapter 24 Kerio Clientless SSL-VPN (Windows).
The P2P Eliminator module (detection and blocking of Peer-to-Peer networks — see chapter 17.1 P2P Eliminator) will not be applied to members of this group.
Users in this group will be allowed to view firewall statistics in the web interface (see chapter 11 Web Interface).
Group access rights are combined with user access rights. This means that current user rights are defined by actual rights of the user and by rights of all groups in which the user is included.