Monitoring AD user's browsing habits

[joblo37pam]

I've been asked to help implement a network (rebuild from scratch) at a local high school. It will be a Win2k3 Active Directory environment.

It's a pretty basic setup, but I did have a request from an administrator that I'm not quite sure how to implement. He wants to be able to track what web sites each student is visiting while on the network.

Is this something I can do with group policy and just dump the browser history to a share, or is there a better way to do this? It's something I've never even attempted, so I'm not really sure where to start.

Thanks for your help.

 

[TrueBuckeye]

You'll want to go for an enterprise internet monitoring solution, but it isn't cheap.

I've used SurfControl and Websense to do this. Of the two, I found Websense to be far superior for both consistency and lower daily maintenance.

The problem is the cost. For roughly 1200 users, Websense (with a few additional packages) can run $20,000.

There are probably some less expensive solutions out there, but this is all I have experience with.

 

[pigster]

You could do this with ISA server, logs would provide that information easily.

 

[LittleMe]

Since I work at a high school and have setup the original 2000 AD installation, moved it to 2003, and now to R2. I'd tell you to go with ISA Server, deploy the proxy via Group Policy and don't allow them access to the Connections page or access to change the settings.

I've created a security group called stuInternet (all my student groups start with stu and all my staff start with stf) and another called stuNoInternet. If a kid is bad, they get removed from stuInternet and added to stuNo Internet which sets the proxy settings to localhost so they aren't prompted for credentials because then they could supply their buddy's login information. On the ISA Server, it's set so the only people who can get internet access are those in either the stfInternet or stuInternet groups.

Then, there are several programs out there that can gather crap loads of information from the logs (make sure to turn logging on) but I use a really simple one called Proxy Log Analyzer by Mechanical Minds.

This has worked great for years with 500 PC's and 2,100 users. We're in the planning process of migrating the entire district away from Netware to a single AD Forest with the same setup as this high school. Feel free to PM me if you'd like.

 

[Cuthrick]

We run squidGuard on a Debian Linux system with pretty good results. You can run any number of accesslog graphing utilities so computer illiterates can have pretty pictures, pie graphs and what not. Fairly easy to set up, easy to control block lists and it's free.

 

[SVT4ME]

Another vote for Websense.
The reporting module is impressive. People like pretty charts

 

[oakfan52]

We run squidGuard on a Debian Linux system with pretty good results. You can run any number of accesslog graphing utilities so computer illiterates can have pretty pictures, pie graphs and what not. Fairly easy to set up, easy to control block lists and it's free.

But can you intergrate this with AD? IP adress or machine name don't do a lot of good when your looking for user reports.


We use websense but money is also no object in an enterrpise. I'd give ISA server a try and see how that works for you before you spend a ton of money on some of these good 3rd party solutions.

 

[pigster]

Then, there are several programs out there that can gather crap loads of information from the logs (make sure to turn logging on) but I use a really simple one called Proxy Log Analyzer by Mechanical Minds.

We log to a SQL server, makes analyzing and sorting the raw data very simple.

 

[Farva]

We run squidGuard on a Debian Linux system with pretty good results. You can run any number of accesslog graphing utilities so computer illiterates can have pretty pictures, pie graphs and what not. Fairly easy to set up, easy to control block lists and it's free.

it looks like u can use squid guard on pretty much and *nix system. good thing to know

 

[LittleMe]

We log to a SQL server, makes analyzing and sorting the raw data very simple.

Do you have something that you wrote to query it, or do you have a product that does it? I'd like to do it, but haven't cared enough to code anything yet.

 

[joblo37pam]

I like the idea of ISA server. I don't have much experience with it, but there are plenty of other thing it can do that would be nice to use. Getting them to fork out the extra money may be a challenge, though, which is why websense is out of the question.

I'm going to play around with Microsoft's ISA server virtual lab, just to see what I can do.

Any other suggestions?