Manualshelf

- Kerio WinRoute Firewall Administrator's Guide

ManualsBrandsKerio Tech ManualsNetwork RouterFirewall6
201202203204205206207208209210
Chapter 13 User Accounts and Groups
204
The following operations will be performed automatically within each conversion:
substitution of any appearance of the local account in the WinRoute configuration (in
traffic rules, URL rules, FTP rules, etc.) by a corresponding account from the Active
Directory domain,
removal of the account from the local user database.
Accounts not selected for the conversion are kept in the local database (the collision is
still reported). Colliding accounts can be used the accounts are considered as two
independent accounts. However, under these circumstances, Active Directory accounts
must be always specified including the domain (even though it belongs to the primary
domain); username without the domain specified represents an account belonging to the
local database. However, as long as possible, it is recommended to remove all collisions
by the conversion.
Note: In case of user groups, collisions do not occur as local groups are always indepen-
dent from the Active Directory (even if the name of the local group is identical with the
name of the group in the particular domain).
13.5 User groups
User accounts can be sorted into groups. Creating user groups provides the following
benefits:
Specific access rights can be assigned to a group of users. These rights complement
rights of individual users.
Each group can be used when traffic and access rules are defined. This simplifies the
definition process so that you will not need to define the same rule for each user.
User groups Definitions
User groups can be defined in User and Groups Groups.
Domain
Use the Domain option to select a domain for which user accounts or other parame-
ters will be defined. This item provides a list of mapped Active Directory domains
(see chapter 13.4) and the local user database.
In WinRoute, it is possible to create groups only in the local user database. It is not
possible to create groups in mapped Active Directory domains. It also not possible
to import groups from the Windows NT domain or from Active Directory.
In case of groups mapped in Active Directory domains, it is possible to set only
access rules (see below step 3 of the user group definition wizard).