Active Directory

Active Directory

Active Directory Sync Tool

With our new Sync Tool you can integrate DNSFilter with your Active Directory, click the link above to learn more about our new features.

DNSFilter can be deployed easily and quickly in your Active Directory environment. However, there are some limitations. Most customers choose to implement a combination of Roaming Clients and DNS forwarding from the Domain Controller to have comprehensive filtering. This article outlines capabilities, limitations, and best practices for using our service in an AD environment.

 GPO distribution of Roaming Clients Limited to Windows OS only
 Per-machine filtering
 AD Forwarding configuration
 Per-user logging
 Per-user filtering
 OU integration

Installation Best Practices

Setting up DNSFilter on the Domain Controller

The starting point for using DNSFilter on your Active Directory network is to configure it as an upstream DNS resolver on your Domain Controllers. This will ensure a blanket level of filtering for your entire network. This can be done easily by setting our Anycast IPs into Server Manager. A full text and video walkthrough is located here.

Distributing the Roaming Client

Per-device filtering and reporting can be achieved easily by deploying the Windows Roaming Client. The Roaming Client is distributed as an MSI file. Installation can be through a script, or using a Group Policy Object (GPO). By default, Roaming Clients inherit the Policy of the network to which they are assigned. You can easily change this to another policy for each machine or for a group. They will then have that policy whether on or off your corporate network.

Tip: We recommend taking advantage of the "tags" system when rolling out the Roaming Client. Using TAGS="tag1,tag2" as a command-line flag, you can set tags at install time which correspond to your user groups in Active Directory, such as "Sales" or "Development". This will help you to have a similar structure reflected in the dashboard to what you have in Active Directory.

Applying Policies

Once the Roaming Clients are deployed, they will be populated in the Roaming Client management panel. From here, you can mass-select Roaming Clients by tags and then apply filtering policies to them. You can get as granular as desired, even customizing individual policies to apply to each client.

Selecting Roaming Clients by tag

Auditing Queries

Once the Roaming Client is installed on a machine, it will begin logging traffic to the DNSFilter dashboard. By navigating to the Query Log tool, you can filter traffic by Site or by individual machine. Selecting a specific computer will allow you to see a time-stamped log of DNS requests from that specific machine. This is useful for auditing the traffic of your users.

    • Related Articles

    • UW Active Directory Modifications

      Issue: How does Lenovo Unified Workspace affect Active Directory and specifically the Schema? Solution: Why does UW need to extend the Schema of AD? Please see the following KB article for a full explanation: ...
    • Verify Active Directory SSL

      How can I check if my Microsoft Active Directory Domain controller / LDAP Server has SSL ?   The following URL has a nice write up about the Microsoft Tool called LDP.exe You can download ...
    • List of Active Directory Error Codes

      The error codes for Active Directory can be found at this Microsoft URL.
    • Lingering Objects and Tombstones in Active Directory

      Issue Due to the way Active Directory works when removing objects, administrators can run into directory issues with Unified Workspace when AD doesn't completely do away with the object (leaving a tombstone behind). Finding and Removing Lingering ...
    • How do I backup Microsoft Active Directory ?

      While backing up AD is not a function of Stoneware, here are some urls that have some good information. Simple script to start a backup: ntbackup backup systemstate /J "AD Backup" /F "C:\\ADbackup.bkf" Best Practices for Active Directory Schema ...
    • Popular Articles

    • Configuring and Troubleshooting Wake on Lan

      This content has moved! Visit the new LanSchool Classic Help Desk It looks like you may be interested in Configuring and Troubleshooting Wake on Lan.
    • Reporting server discovery

      The discovery of the reporting server is done automatically and cannot be configured by the end user.  The reporting server will broadcast on UDP 796 a packet containing the address of the reporting server.    - In a peer to peer environment, the ...
    • Registry Switches for Options

      Problem: What are the registry switches for the Options key? Solution(s): In the registry of the Teacher or Student machine, locate the following registry location and make changes to the key named Options: 32-bit:  HKLM\Software\Lanschool 64-bit:  ...
    • Configuring Enterprise Data Collection on the LCS

      Get even more from your classroom management solution with educator usage data. Determine whether or not LanSchool is effectively incorporated into the classroom on a school- or district-wide scale.  This guide will show you how to enable and ...
    • Creating a shortcut to Open Teacher Console

      Problem: How to create a Teacher Console shortcut on Windows. Cause: N/A Prerequisite(s):  LanSchool Teacher on Windows Solution(s): To create a shortcut and have the console popup in Windows.  To create a shortcut and send the LanSchool Teacher to ...
    • Recent Articles

    • X-Content-Type-Options=nosniff header breaks Public webApp

      Issue Customers have added security headers to their SSL Offloading appliance to meet new security standards.  Now when launching a Public webApp, instead of the application properly launching the browser just displays the HTML code. Solution We've ...
    • Unified Workspace Support for Windows Server 2022

      Issue Is Windows Server 2022 supported by Unified Workspace? Solution We are still in full testing of UW on Windows Server 2022, however we are seeing that UW functions properly on Server 2022. The issue we have with Windows Server 2022 is that our ...
    • Log4J 1.x Vulnerability CVE-2021-4104

      Issue A vulnerability was discovered in Apache Log4j1.x. Does this vulnerability affect Unified Workspace? If so, how do we go about mitigation of the vulnerability? CVE-2021-4104 Solution Unified Workspace does use Log4J 1.2.16. This vulnerability ...
    • Log4J Vulnerability CVE-2021-44228

      Issue A vulnerability was discovered in Apache Log4j2. Does this vulnerability affect Unified Workspace? If so, how do we go about mitigation of the vulnerability? CVE-2021-44228 Solution Unified Workspace does use Log4J 1.2.16. We have confirmed ...
    • Management Console non-directory credentials

      Question How can I access Unified Workspace if my directory credentials are not working? For example: We are having directory issues and need to configure Unified Workspace to connect to a different Directory Controller. Solution The Management ...