Internet Administrator for Network
1. I have installed the server part of the "Internet Administrator". Installation went ok and the service was launched, but the users and workstations are not revealed for a long time, or they are revealed, but their actions are not tracked, blocking is not accomplished.
This problem has several reasons. First of all, it is necessary to be sure that the Internet traffic actually passes through the segment and goes to the net map. Check whether you have connected the computer at the right place of network and selected a correct network card - this is described in the documentation. Do not forget about the limitations of network switch. Also be sure that your adapter can support promiscuous mode or this mode is enabled. This is frequently encountered on the built-in motherboard net cards. Try to work on the simplest adapter, Realtec 8139, for example. The fact of absence of Internet traffic can be also revealed, after installing any sniffer on the server. If the traffic exists, the sniffer captures the packets, which go from the users to the Internet. If the packets go through then the entire problem is only in the incorrectly indicated local addresses. Addresses are assigned as the address and the net mask of IP network, i.e., if workstations use addresses from 192.168.0.1 to 192.168.0.254, then the local segment is described as follows: address 192.168.0.0, mask 255.255.255.0. If you use a proxy server, for example, with an internal address 192.168.0.1, then this address must be added to the list of excluded ones, since the traffic from the users does not go straight to the Internet, but to the proxy server.
2. I assigned to the user the limit of traffic (time) with the period of 1 day. When the limit was reached the user needed additional resources and I supplemented the limit. What will occur the next day?
The next day the user will have his established limit again. Replenishment, even if the user did not use it, will be closed and become not accessible for use. Replenishments are active only during their reference period.
3. A proxy server is installed in my network . It is also used as an application server (databases, etc.). In this case the traffic of these resources is written on the users’ account. Can I do anything about this?
The fact is that the proxy server is excluded from the local addresses and is the Internet host. In order to solve this problem the "Monitoring ports" are used. If the port, over which the server application works is known to you simply add it in the list of the non monitored ports. If the application works over dynamic ports, then it is necessary to assign ports so that the "Internet Administrator" would track only them, and ignore everything else. The proxy server usually gives access to the defined collection of resources like HTTP, FTP, SMTP, etc. Precisely these known ports must be assigned for monitoring.
4. I use a proxy server with the switched-on function of caching. In this regard the traffic, registered by the "Internet Administrator" exceeds the one registered by the internet provider. What is the problem?
The essence of the problem is in the proxy server. The "Internet Administrator" registers traffic, which passes from the proxy to the users. If the function of caching is included, then the proxy server checks whether there is a page in its cache and it did not become obsolete. If everything is normal, then it sends it to the user. In this case the size of the page and the size of request from the proxy of the server in the Internet differ. In this situation it is possible either to open the function of caching or to leave everything as is. Indeed the user has actually loaded these data from the Internet, caching only economizes your funds.
5. In one rule I assign blocking of specific domains, FTP protocol and specific time. In this case the users easily examine the pages of these domains, but FTP is not blocked at all.
Rules have aggregated effect on the Internet resources, which are included into this rule. In your case the rule works the following way. All requests to hosts of the given domains will be blocked only over the FTP protocol and only at the indicated time. If you wish to block, for example, the entire FTP for all, it is necessary to create a separate rule.
6. Is it possible to block the download of specific files according to their extension with the help of the rules?
Yes. To this use the Internet resource "Words in URL". Add the required file extensions there, but without the asterisks, simply .zip or .exe. Here it is possible to indicate the extensions of pages, pictures and animation too.
7. Is it possible to block the root domain (by .com .info)?
Yes. Add the name of the root as the name of domain in the resources.
8. I installed the client part of the "Internet Administrator". After a reboot the client cannot be connected to the server part. What is the matter?
For connection with the server the client part of the "Internet Administrator" uses Microsoft DCOM technology (Distributed Component Object Model). There are several reasons for the absence of connection. First make sure that there is a possibility to obtain access to the server through the network, for example, to examine files on it. In the second place, check, if IAdmin server service has started. Thirdly, it is necessary for the RPC (remote procedure calls) service to work without failures and there is no firewall between the server and the client part.
The absence of rights of the user that is logged on at the workstation to the access the server or to DCOM subsystem sometimes lead to the impossibility of connection. If your network is a workgroup, i.e., does not have Active Directory controllers, this problem appears rarely. If the network has a domain controller, then workstations with the operating systems Windows XP (2000) must be the members of domain, and their users (and on workstations Windows 98, ME) must be logged on under the domain accounts. If there is no connection in this case (and also in any other situations) use the following method. On the server, where the "Internet Administrator" is installed from the command line run the dcomcnfg utility ("Component services"). In this case you must be logged as administrator . In the list of applications find "IAdminSvc.ComServer" and open its properties. On the property page Security establish "Use Custom Access Permition", and add Everyone to the list of the users, that have the right to be connected to this server. Restart the "IAdmin server" service.
If the server part is installed on Windows XP (2000 prof.), with the help of the utility of the "Component services" open: "Component services" - > "Computers" - > "My Computer" -> "DCOM config -> "IAdminSvc.ComServer" properties". Go to the "Security" page. Then change the "access rights" and establish the "remote access" right for all, and also change the "permission to the starting and activation" and establish the "remote activation" right for all.
Check, is DCOM enabled on server and client computers. Use dcomcnfg and open MyComputer properties. On Default Property page Enable DCOM check box must be set. Also on server computer go to Com Security page. Edit limits for Access and Lunch permissions. Set to Everyone group Local Access, RemoteAccess, Local Activation, Remote Activation, Local Lunch rights.
9. I installed the "Internet Administrator" on the server and server IP address is excluded from the local ones. I installed the client part of the "Internet Administrator" on the workstations. In this case, if access to the user is blocked or he has still not registered in the mode of "User and Pass" identification , the client cannot be connected with the server. What can I do to solve this problem?
Actually, since access to the Internet is closed, then access to proxy server itself will also be closed and the client will not be able to connect with it. Here there are two solutions. First of all, if your proxy server works over specific protocols, then with the help of "Monitored ports" you must make such settings so that only the given ports would be tracked, and the rest would be ignored. If you have NAT (Network Address Translator) installed in and you should register direct requests to the Internet, or the first variant does not suit you for other reasons, it is necessary to do the following. Set on your server another IP address, accessible in your segment, as your main IP address of. As the second, additional address set the current IP address. Restart the server. Now all requests to the server in the network will be made over the main local IP address, and requests to the Internet through the proxy server over the additional IP address. Now, if the user is blocked, the access for him will be closed only over the additional IP address. Now the client will be able to establish connection on any situation, since it works with the address, which is local. Requests through NAT will pass just as before. Additionally it is possible to retune the proxy server, if there is this possibility that would assume the requests only from the additional IP address. Also when the client is installed it should be indicated in computer properties, where the server part of the "Internet Administrator" is installed, not the name of the proxy server, but its new main IP address.
10. Service IAdmin server stopped to start after a certain period of time. With the launching attempt appears message "Incorrect function". What is the matter?
Message "Incorrect function" is the normal processor of the errors of IAdmin server service. During the transmittal of this message the information about the error is written to the Windows Event Log. Events are written to the Application log by the name Internet Administrator. In this case most likely the period of the trial use of the product has ended, which is 15 days from the moment of installation.
11. Which programs are incompatible with the "Internet Administrator"?
The "Internet Administrator" was developed in the concept of independence from third-party software - the technology of interception of net packets used in this program helped with this in many respects. But it so turned out that there are its negative moments too. The "Internet Administrator" can incorrectly or not at all work, if in you have installed third-party sniffers. Complete incompatibility has been revealed with CommTraffic program from TamoSoft. This program establishes its virtual adapters and completely blocks the work of any sniffers. This software must be completely removed to provide normal work.