You are on page 1of 22

Quick Start Guide

PHONE: (519) 633-9551 E-MAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

WinGate is a registered trademark of QBIK IP Management Limited.


TABLE OF CONTENTS my users are browsing to, not an IP address!
Title Page
I've Installed WinGate, Now What? 1

Logging in 1

Activating a License 1

Deactivating licenses 5

Setting Up Your Network 6

Client connection methods 7

Network Address Translation (NAT) 7

WinGate Internet Client (WGIC) 8

Proxy 9

I need to see the URLs that my users are browsing to, not an IP 10
address!

Transparent Proxy - Applying Policies, Scanning etc. 10

I need to make my users authenticate before they get access to the 11


Internet

I need to stop certain users from browsing/allow certain users to 12


browse

Creating WWW proxy policies 12

Restricting client access to Specific URL's and Sites 13

Restricting client access to explicitly allowed sites only 14

Restricting Access times for clients using WinGate 15

Advanced time restriction policy 17

I need to scan Internet traffic/emails for viruses before they reach 19


my network

I need to prohibit access to offensive content on the Internet 19

I need to synchronize WinGate with my Active Directory User 20


Database

PHONE: (519) 633-9551 E-MAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

WinGate is a registered trademark of QBIK IP Management Limited.

2
I've Installed WinGate, Now What?

Great, you’ve installed the best Windows proxy server software around, but now you need
to know what to do with it? It’s easy if you know how, but if you’re not a Networking
Wizard then it can be a little daunting at first. So read on to find out what to do after
you’ve installed WinGate, and how to go about configuring your LAN to get your client
machines connecting to the Internet.

Logging in

The first time that you log in to WinGate you must log in as the Administrator. When you
installed the software you were asked whether you wanted to use the WinGate user
database or the Operating System (OS) user database.

If you chose the WinGate user database then you’ll need to log in as
USERNAME: administrator
PASSWORD: (blank – i.e. no password)
You will then be asked to set a password for the user administrator

If you chose the OS user database then you’ll need to log in as the local machine
Administrator with the appropriate password.

Activating a License

WinGate v6 requires an activated license before it will work, you can either activate your
purchased license or a 30 day free trial license.

You must deactivate a license if you are moving WinGate to a different machine, this
should be done before you uninstall the software.

PHONE: (519) 633-9551 E-MAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

WinGate is a registered trademark of QBIK IP Management Limited.

3
Activating a License

You can activate your license from within the License Manager as follows:
Open GateKeeper, go to the Help menu and select License Management
The Qbik License Viewer will open displaying your activated licenses
Click the Add new button
Click the Next button
Select the radio button Activate a license key
Enter your license details
Click the Next button

Note:
Pre-version 6 WinGate licenses were in the format:
XXXXXXXXXXXXXXXXXXXXXX

Version 6 and later licenses are in the format:


XXXXXXXX-XXXXXXXX-XXXXXXXX-XXXXXXX

If you enter an old (pre-version 6) license key into the license manager you will see
that a new license key appears in the License Manager, in the version 6 format. This
new key is substituted for your old key to allow you to run WinGate.

PHONE: (519) 633-9551 E-MAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

WinGate is a registered trademark of QBIK IP Management Limited.

4
A connection will be made to the QBIK
activation server and you should receive
a message that your license has been
successfully activated.

If you can not connect to the activation


server over the internet then you can
make an email activation request. Follow
the same steps to activate your license,
but before you click the Next button,
click the Configure button.

PHONE: (519) 633-9551 E-MAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

WinGate is a registered trademark of QBIK IP Management Limited.

5
Change the radio button to Activate Licenses
by email

Click OK
Click Next
You will see an encrypted text, Ctrl-C to copy
the contents of the box and Ctrl-V into an
email, then send it to activation@qbik.com.

You will receive a file to place into your WinGate directory. When you restart your WinGate
engine the license will be added to the License Manager.

PHONE: (519) 633-9551 E-MAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

WinGate is a registered trademark of QBIK IP Management Limited.

6
Deactivating Licenses

You can activate and deactivate a license as many times as you like, and we allow you to
move your license to a new machine whenever necessary. Before you activate your license
on a new machine the license must first be deactivated.

To deactivate a license:
Open the License Manager
Highlight the license that you wish to deactivate
Click the Deactivate button

A connection will be made to the QBIK activation server and your license will be
deactivated. You can now move your license to a new server.

PHONE: (519) 633-9551 E-MAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

WinGate is a registered trademark of QBIK IP Management Limited.

7
Setting Up Your Network

Believe it or not, that’s the hard part done. WinGate is designed so that it’s ready to share
and manage your Internet connection as soon as it’s installed. As long as WinGate is in-
stalled on your Internet Gateway and your LAN adapter is marked as Internal and your
Internet adapter is marked as External, then everything is set up and ready to go.

Now all you have to do is set your LAN client machines so that their default gateway and
DNS server settings point at the WinGate server. WinGate comes with a built-in DHCP
server that will automatically assign IP addresses in the range of the WinGate LAN adapter
and set the WinGate server as the default gateway and DNS server, so all you have to do
now is reboot your LAN client machines. They should now get an IP address from the
WinGate server and have their default gateway and DNS server listed as the WinGate
server. Now open a web page on the LAN client machine and check the Activity pane in the
GateKeeper User Interface. You should see a connection from that LAN machine to an IP
address on the Internet. Woo-hoo, you’re good to go! You’re now making what we refer to
as a NAT connection, basically all Internet traffic from your LAN machines must pass
through the WinGate server, this gives you control over what your users are doing and
allows you to see what they access.

Proxy and WGIC connections can also be made when the WinGate server is the
gateway machine.

Now, there are a few exceptions to the above scenario, the most obvious being if you’re
running an Active Directory domain. In this case you may already have a DHCP server
running on your network and you’ll definitely need to set the LAN clients’ DNS server
settings to point at the AD DNS server. If you’re already running DHCP on your network
then you can set the default gateway as the WinGate server, this will allow you to make a
NAT connection as above. You should stop the WinGate DHCP server if you already have a
DHCP server running.

Another common, if not recommended scenario, is to have WinGate installed on one of the
LAN machines and have all machines connecting to a Router. This means that the LAN
traffic cannot be forced through WinGate and will allow users to connect to the Internet
without connecting through the WinGate server. While this is a potential security risk in
that Internet traffic can not be definitely intercepted, NAT connections will still work and
there are two other connection methods available. Clients can make a Proxy connection
by entering the IP address of the WinGate server in an Application’s proxy server settings,
or they can make a WGIC (WinGate Internet Client) connection by installing the WGIC
on the LAN machines. The WGIC hooks into the OS of the client machine and redirects all
Network traffic to the WinGate server. This method of connection is very popular in Active
Directory domains as it gives the Network Administrator an almost unprecedented level of
control over the LAN machines.

PHONE: (519) 633-9551 E-MAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

WinGate is a registered trademark of QBIK IP Management Limited.

8
Client Connection Methods

After TCP/IP is installed on the client machines and IP addressing has been configured, the
next step is to choose which connection method your clients will use to access the
Internet.
WinGate offers the choice of three different methods that clients on the LAN can use when
connecting through WinGate.
These are:
Network Address Translation
Wingate Internet Client
Proxy Method

Network Address Translation (NAT)

NAT is the easiest of the client connection methods to configure and use.
Network Address Translation happens when clients send their Internet requests to the
WinGate server.
The WinGate server keeps track of which client is making the request. The WinGate server
then makes the request on behalf of the client, out to the location on the Internet using its
public IP address (appearing to the outside world as though it is the computer that
originated the request.)
When the Web or remote server sends back the information to the public IP address of the
WinGate server, the WinGate server translates the address back to the private address of
the relevant client on the LAN, and redirects the incoming data back to that client who
originally requested the information.

Pros
NAT provides fast and seamless low-level sharing of a connection to the internet. It is
the simplest approach to sharing an internet connection as all clients Internet
requests (regardless of the type of program or activity) are sent to the WinGate
server for it to handle on behalf of the client. With little overhead, it is very
reliable.
It is also extremely flexible as it gives access to a shared Internet connection for any
platform that supports TCP/IP (e.g. Windows, Mac, Unix, Linux) unlike the Windows
Internet client that can only be installed on a Windows based machine. This makes it
ideal when you have non-Windows operating systems on the network that need to
use WinGate to access the Internet. Since all Internet requests will be sent to the
WinGate (gateway) machine, virtually any TCP/IP based client application (web
browsers, mail programs, newsgroups, FTP etc.) should be able to use it without
having to configure that application itself.
There is no software to install and no applications to configure.
With transparent redirection there is easy integration with the power of WinGate
proxy services.

PHONE: (519) 633-9551 E-MAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

WinGate is a registered trademark of QBIK IP Management Limited.

9
Cons
Because NAT is implemented as a low-level driver, there may occasionally be so
compatibility problems with some hardware.
Due to its light weight nature, NAT alone does not allow the access or policy control
available when clients are using WGIC, or running applications directly through
WinGate proxies. However this can now be alleviated by the use of transparent
redirection.

Conclusion
For many, NAT is an excellent choice. It's particularly well-suited to LANs that contain
a mix of Windows platform and non-Windows machines. It is also ideal in situations
where you don’t want to have to install client software or configure individual
applications on many different machines.

WinGate Internet Client (WGIC)

The WinGate Internet Client is a small application that can be installed on client
machines in order to communicate with the WinGate server.
When the WGIC is installed, all network/Internet requests from WinSock based
applications (most Windows programs) on the client computer will be intercepted and
serviced by the WinGate Server. This allows administrators to have strong control
over what applications clients use to access the Internet, and how they will access
the Internet.

Pros
Provides tight control over users Internet usage and allows the efficient running of
server applications.
Provides an elegant way for users to authenticate for Internet usage. It can be
configured so the user has to enter username and password the first time they
access the Internet making it ideal for tracking and auditing purposes.
Allows policy control from just one place in WinGate (the WRP service, which is the
service that intercepts the WGIC requests) rather then configuring policies per
WinGate service.
When used with a WinGate Enterprise license, WGIC user Internet access and
operations can be controlled from a central configuration menu in Gatekeeper on the
WinGate server.
With the WGIC software packaged in an MSI installer, system administrators in an
Active directory can set automatic installation to client machines across the domain.

PHONE: (519) 633-9551 E-MAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

WinGate is a registered trademark of QBIK IP Management Limited.

10
Cons
You have to install client software.
Can only be installed to Windows based machines, and used by Winsock based
programs.

Conclusion
If you have a small to medium sized LAN of Windows clients or a domain scenario,
where control of user Internet applications is required, we recommend using the
WGIC.

Proxy
The Proxy connection is one of the most direct client connection methods used by
WinGate.
Rather then configuring the client machine to use WinGate for all Internet access,
each application on the client machine such as web browser, mail program, chat
program etc must be configured individually to connect through WinGate (proxy
server) to the Internet.
Most TCP/IP based programs will have an option to use a Proxy server. This is where
access through WinGate will need to be configured.
WinGate's specific proxy services (such as HTTP, FTP, Telnet) etc have been
specifically designed to handle these types of connections and as such handle the
entire connection between the client application and the remote server/site on the
Internet.
The WinGate Internet Client and NAT connection methods have decreased the
importance of application proxies.
You may still choose to use proxies to exert per-service control over policies, however
the advent of transparent redirection means that there is nothing you can do with
proxies that you now cannot do with the other two client connection methods.

Pros
Since the client application request is handled by the specific WinGate proxy service,
it allows you the greatest control over data passing through your network as you can
set policies and restrictions etc in the relevant proxy service used in WinGate.
Although, with transparent direction (see page 10), these benefits are now
available through NAT and WGIC.

Cons
Works only for existing protocols that each Proxy service in WinGate is designed for.
If a new protocol is devised and used by a client application, you wont be able to set
the application to use WinGate as a proxy server, since there will be no proxy service
available in WinGate for it.

PHONE: (519) 633-9551 E-MAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

WinGate is a registered trademark of QBIK IP Management Limited.

11
I need to see the URLs that my users are browsing to, not an IP address!

If you’re seeing an IP address when your LAN clients are browsing the Internet then that’s
great, it means that they’re making a NAT connection through WinGate. NAT connections
happen at a low level in the WinGate driver, and they don’t show URLs. You need to
Transparently Redirect these NAT connections to the WWW Proxy service to view the URL,
fortunately that’s really easy.

Transparent Proxy - Applying Policies, Scanning etc.

Using the Proxy services in WinGate allows you to scan traffic for viruses or prohibited
content, and control user access through the use of policies.

You can intercept NAT and WinGate Internet Client (WGIC) connections and redirect them
to the proxy, where they will be scanned or have policies applied to them. We call this
Transparent Proxy or Transparent Redirection (TR) and it is enabled on the Sessions
menu in the Proxy services.

Transparent Proxy is very useful for web connections as this is where you commonly need
to scan traffic or control user browsing. The image below shows Transparent Redirect
enabled on the WWW proxy service, intercepting connections on port 80.

PHONE: (519) 633-9551 E-MAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

WinGate is a registered trademark of QBIK IP Management Limited.

12
You must check the box to turn on Transparent Proxy and then you must select the port
that you wish to intercept. In the case of web traffic you will normally want to intercept
port 80.

Important: You should never try to intercept a secure port, ie port 443 as this will
break the connection.

I Need to Make My Users Authenticate Before Gaining Access to the


Internet

Authentication is used in WinGate to control user access to the WinGate services, and by
extension the Internet. Policies can be created to control users on a user or group basis
but if you want to differentiate between users you must use some form of authentication.

If no authentication is used then the WinGate server has no way of discovering which user
is connecting to it, so all user connections will show up as coming from the GUEST account.

There are a few authentication options available in WinGate:


• User Assumption - by IP address, or if you are using the WinGate DHCP service, by
machine name.
• Basic Authentication
• Java Authentication
• NTLM Authentication

There are three levels of Authentication in WinGate and the above Authentication options
fit into these levels of Authentication.

User may be Unknown:


This is the Unauthenticated level, all users will
be seen to be GUEST and no Authentication is
required to connect to the WinGate services.
Policies can still be set to control access to the
Internet, these policies will affect all users.

PHONE: (519) 633-9551 E-MAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

WinGate is a registered trademark of QBIK IP Management Limited.

13
User may be Assumed:
An intermediate level of Authentication
that does not provide a high level of
security. Used with either Basic
Authentication or Assumptions. It can be
convenient to set up Assumptions by IP
address, this allows you to create policies
based on the machine that the user is
connecting from and does not require
any input from the user. Using
Assumptions grants access rights on a
per machine basis so any user accessing
WinGate from a particular machine can
be assumed to be a specified user.

User must be Authenticated:


The highest level of security, uses either
the Java login through the WWW proxy,
NTLM authentication if using the
Operating System database, or the
GateKeeper login method to authenticate
users.

I Need to Stop Certain Users From Browsing/Allow Certain Users to


Browse

Creating WWW Proxy Policies

When your users connect through the WWW proxy service, whether by a Transparently
Proxied NAT/WGIC connection, or a direct proxy connection, you have the ability to apply
policies to them.

To apply a policy by Username you must have some form of Authentication (refer to page
11) so that WinGate can learn the Username.

PHONE: (519) 633-9551 E-MAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

WinGate is a registered trademark of QBIK IP Management Limited.

14
Restricting Client Access to Specific URL's and Sites

Because URL’s are somewhat complex in what they can contain, WinGate provides policies
to block specific sites and ban access to sites that have specific phrases in their URL’s.
To do this:
Open Gatekeeper on the WinGate server.
Select the WWW Proxy Server from the Service tab.
Open the Policies tab.
Underneath the Recipient/Rights window in the middle of the dialog, make sure
that the Default Rights (System Policies) are set to “Are Ignored”, then click on
the Add button below this.
The new dialog “Properties of new recipient” will appear.
Open the Recipient tab and select the Users/groups to whom this will apply.
Open the Advanced tab and select the Specify which requests this recipient has
rights for radio button then click on the Add filter button below this (which will now
be highlighted).
A Filter 1-icon will appear in this window.
With this highlighted, click the Add criterion button.
To block specific sites:
On the criterion dialog that has appeared select, This criterion IS NOT met if radio
button.
From the first dropdown menu select HTTP URL
From the Second drop down menu select CONTAINS
In the last test box input the words or phrases that might be in the URL that you
would like to block (e.g. sex, or a phrase like porn.com etc)
Continue adding criterion for each URL word or phrase to what you wish to restrict
access.
Click OK back through each dialog until you have exited the WWW Proxy Server.
Save changes in GateKeeper.

Now this policy has been set, whenever an affected user attempts to access a URL
containing this word or phrase, access will be denied.

Please Note: The words or phrases entered in the last box of the filter are entered as
strings, and WinGate reads them as such.

(For example if the phrase “money.net” is entered in the criterion then the site would be
blocked if the URL was business.money.net, BUT it would not block the site if the URL was
business.money.org, as “money.net” is a different string then “money.org”)

This is why using simple words in each filter can be very effective because if the word
“money” was used in the criterion then both sites will be blocked as the string “money”
appears in both URLS.

PHONE: (519) 633-9551 E-MAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

WinGate is a registered trademark of QBIK IP Management Limited.

15
PureSight for WinGate is a plug-in that allows you to control user access to sites that
contain undesirable content. To find out more about the PureSight plug-in please visit our
web site (www.ccsoftware.ca/wingate/content_filter/).

Restricting Client Access to Explicitly Allowed Sites Only

Often we need to allow clients to only access particular sites.


To do this:
Open Gatekeeper on the WinGate server.
Double click the WWW Proxy Server from the Service tab.
Open the Policies tab.
Select Default Rights (System Policies) are ignored,
Click Add.
In the Properties for new recipient dialogue select the Recipient tab and select
the Users/groups to whom this policy will apply.
Select the Advanced tab and choose Specify which requests this recipient has
rights for
Click Add filter, Add criterion.
Choose This criterion is met if
HTTP URL contains WinGate
Ok your way out.

This has created a policy


that allows access ONLY to
any URL that contains Win-
Gate. If you wish to explic-
itly allow access to more
sites repeat steps 7-12. We
could have specified a com-
plete URL, eg http://
www.wingate.com but this
is more restrictive.

PHONE: (519) 633-9551 E-MAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

WinGate is a registered trademark of QBIK IP Management Limited.

16
Resticting Access Times for Clients Using WinGate

One of the most common administration jobs is to monitor Internet usage by users on the
LAN, and ensure that they are only using the Internet during certain times. Using WinGate,
this can be easily achieved:

If your clients are using the WinGate Internet Client (WGIC)


Open GateKeeeper on the WinGate Server.
Open the Winsock redirector service (Which is listed under the System tab).
Select the Policies tab.
Ensure the Rights option at the top of the Policies tab, has User can access these
services selected.
Make sure the Default Rights (System Policies) are set to are ignored
Click the add button below the Window.
Select the user(s)/groups to whom you want to restrict access by time.
Select the Time tab and select Specify times when this recipient has rights.
Click Add and you will be presented with the Time Slice dialog.
Choose/configure the appropriate times you need to choose.
Click OK back through each menu.
Save changes in GateKeeper.

PHONE: (519) 633-9551 E-MAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

WinGate is a registered trademark of QBIK IP Management Limited.

17
Please Note:

For clients using the NAT, and manual proxies, the process of restricting based on time is
similar, however you must ensure that Transparent Redirection has been switched on in
the WWW Proxy Server. (refer to page 10 for details )

To configure clients using NAT and manual proxies:


Open GateKeeeper on the WinGate Server.
Open the WWW Proxy Server (Which is listed under the Services tab)
Select the Policies tab.
Ensure the Rights window at the top of the Policies tab has User can access these
services selected.
Make sure the Default Rights (System Policies) are set to Ignored.
Click the add button below the Window.
Select the user(s)/groups to whom you want to restrict access by time.
Select the time tab and select Specify times when this recipient has rights.
Click add and you will be presented with the Time Slice dialog.
Choose the appropriate times you need to configure.
Click OK through each menu.
Save changes in GateKeeper.

PHONE: (519) 633-9551 E-MAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

WinGate is a registered trademark of QBIK IP Management Limited.

18
Advanced Time Restriction Policy

You may want to allow users to browse the internet during lunch breaks or after hours, but
restrict them to permitted sites during work hours.

Because WinGate uses the most permissive policy, you would create your restrictions, then
add a more permissive policy to allow access. When the permissive policy does not apply,
ie outside the allowed hours, the more restrictive policy is the only policy available, and is
applied.

WinGate's policies make this quite straightforward:

Open the WWW proxy service

Create a policy to restrict access to specific sites only (refer to page 13). This will be the
policy that applies during work hours and these will be the only sites that are available.
Alternatively, create a policy restricting access to certain sites, users will then be able to
browse to everything except the sites you specify (refer to page 14).

For example, create a policy to allow access to wingate.com. This is now the only site that
is available.

PHONE: (519) 633-9551 E-MAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

WinGate is a registered trademark of QBIK IP Management Limited.

19
Create a second policy which is a time policy for the time that you don't want to restrict
user access. This can be for the lunch hour, or after hours depending on your
requirements.

For example, create a time policy


for the period 12:00pm to
1:00pm with no other
restrictions. During this period
browsing will not be restricted.
Create a second policy which is a
time policy for the time that you
don't want to restrict user
access. This can be for the lunch
hour, or after hours depending
on your requirements.

For example, create a time policy


for the period 12:00pm to
1:00pm with no other
restrictions. During this period
browsing will not be restricted.

You should end up with your WWW proxy service policies looking like this:

PHONE: (519) 633-9551 E-MAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

WinGate is a registered trademark of QBIK IP Management Limited.

20
Please note that your clients must be connecting through the proxy, or you must have
Transparent Proxy enabled to intercept their traffic to apply this policy. For more informa-
tion on Transparent Proxy please refer to page 10.

I Need to Scan Internet Traffic/Emails for Viruses

Sounds like you need Kaspersky Anti-Virus for WinGate, this is a plug-in for the Win-
Gate server that will scan traffic for viruses/malware as it passes through the server. You
can download a 30 day free trial from the C&C website (http://www.ccsoftware.ca/
wingate/antivirus/.)

I Need to Prohibit Access to Offensive Content on the Internet

The easiest way to do this is by getting the PureSight for WinGate plug-in which is
powered by ICognito. This will scan web traffic for prohibited content such as Pornography
and Gambling, and can be set up to deny access to sites containing Webmail, Hate Speech,
Stockmarket content and more. You can download a 30 day free trial from the C&C website
(http://www.ccsoftware.ca/wingate/content_filter/.)

I Need to Synchronize WinGate with my Active Directory User Database

With WinGate version v6 and up the option to use a Domain Controller user database is
presented in the GUI which greatly simplifies its use. Using a Domain Controller user
database allows you to import your list of Domain users into WinGate. You can also use
NTLM authentication which allows users to authenticate using their NT login information.
To use a Domain Controller user database:

1. On the Users tab in GateKeeper double click Database options


2. Check the option Use the Operating system user database
3. If your Domain Controller is not the machine that WinGate is installed on you will need
to tell WinGate where to find the user database. Select the option Use remote user
database and enter the path to the server
4. Select your synchronization options
When you're ready to import the user database click the button Synchronize now

PHONE: (519) 633-9551 E-MAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

WinGate is a registered trademark of QBIK IP Management Limited.

21
Please Note: For Active Directory Domain Controllers
When using an Active Directory Domain Controller for a database there is one futher step
required for this work correctly:

1. Open the Computer Management MMC (found in Administrative tools in Win-


dows) and open the Services and Applications configuration that lists all Ser-
vices.
2. Select the Qbik WinGate Engine service.
3. Right click on this service and select Properties.
4. Select the Log On tab.
5. Where it says Log on as, select the This Account option and browse the Ac-
tive directory for a suitable account with Domain Adminstration equivilent
privilages. (It is recommended that administrators create a special account in
Active Directory Users and Computers for this purpose.)
6. Stop and then Restart the WinGate engine for the changes to affect.
7. Re-synchronise the database from the User database configuration found under
the Users tab in GateKeeper.

PHONE: (519) 633-9551 E-MAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

WinGate is a registered trademark of QBIK IP Management Limited.

22