Adding a Group Policy to differentiate between teachers and students.

Bob1030
Just browsing

Adding a Group Policy to differentiate between teachers and students.

Hi, 

This setup is in a k-8 school where we have numerous Content and Threat Categories blocked by network default. I want to create a Group Policy that will bypass most of the restrictions created in the default setting to allow school admin staff and teachers to access additional sites blocked in the prior default settings. 

These are the various settings I have altered for the Teacher Group Policy.

I chose to override the blocked categories and URL list leaving them blank. The Allow list I set to Append and added the few sites the teachers need. The 3 are listed as blocked in the default setting. 

When I try to access sites blocked by the default school wide settings with the new Group Policy, the sites are still blocked. 

What, of many things, am I doing wrong?

Thanks everyone!

Bob1030_1-1702150340849.png

 

 

 

 

5 Replies 5
Brash
Kind of a big deal
Kind of a big deal

How are you assigning the group policy? Can you confirm it is assigned to the user/device you're testing with?

Bob1030
Just browsing

I have been assigning to the device as opposed to the user. It's a mixed environment of chromebooks and Windows 10.

GIdenJoe
Kind of a big deal
Kind of a big deal

In a combined network with access points the GPO will be enforced on the AP which does not have the full possibility to have URL filtering like that.  In that case you will have to split up your network.

 

Or if the routing happens on the MX directly you could also force the clients on a different VLAN and then apply the GPO to the VLAN instead.  Then you can combine Wireless and MX on one network with the desired policies.

mlefebvre
Building a reputation

This is not correct, I tested it myself on MX18.1 and MR30 firmware and if you have content categories blocked on your MX but with specific URLs allowed in your GPO, those specific URLs are correctly permitted even on a wireless client. The problem is something else.

PhilipDAth
Kind of a big deal
Kind of a big deal

Is the default gateway for the machines with the group policy pointing to the MX (this is a requirement)?

 

Sometimes it takes 10 minutes for the changes to kick in the first time.  What you have done looks correct to me.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels