I have a need to allow certain exceptions to the web content filtering. I am not seeing this intuitively (I can't access Active Directory with granularity - only "Active Directory Users").

Anyone?

I think no one has responded because it's not clear what you're trying to accomplish. There is total granularity with content filtering, so maybe you could elaborate a little on who and what you want to block and allow?

Cheers - Bob

__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!

I'm just trying to have two groups from Active Directory - one that is subject to filtered internet and another that is not. Right now, I have everyone up and running on the filtered set but don't see how to configure the unfiltered set.

We recommend that one always have the default definition (the one behind 'Web Security >> HTTP/S') be the most-restrictive one.

For each access, the Astaro will process the defined 'HTTP/S Profiles' in sequence until it finds one for which the access qualifies, and will not consider any succeeding Profiles affter that one. If an access doesn't qualify for any Profile, it is handled by the default above.

Inside a Profile, Astaro will process the Filter Assignments until it finds one for which the access qualifies, and will not consider any succeeding Filter Assignments after that one. If it doesn't qualify for any Assignments, the 'Fallback Action' for that Profile will be applied.

Since you have AD, you will want to run the Proxy in AD-SSO mode and, if you haven't already done so, push out a GPO to force all browsers to point at the Astaro Proxy ('Internal (Address)') on port 8080. Once you've done this, create a group definition in the Astaro based on the "unfiltered internet" group in AD and use that in a Filter Assignement for wide-open access.

Cheers - Bob

__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!