No announcement yet.

Forefront TMG Safesearch

  • Filter
  • Time
  • Show
Clear All
new posts

  • Forefront TMG Safesearch

    Am hoping someone uses safesearch and has had this issue.

    Server is W2K R2 Running Forefront TMG Sp1 (with update for Sp1)

    According to MS article

    i should be able to do the following with safesearch

    "SafeSearch can be enforced on specific groups or to the entire organization. You can enable SafeSearch from the Tasks pane on the Web Access Policy node. "

    however the only options i have to configure is either off/on of or exempt users for having it enabled. If i open the rule up all the tabs on the Users config are greyed out (so cant modify what users will use safe search, and it is set to all users) So how can i restrict safe search to only to 1 group (which is a domain local group)

    background , we have 3 levels of access set , all users (which basically means anyone/anthing) can access a small list of sites which wont work any other way), limited WWW which applies to domain users group (for a limited set of URLS for authenticated users) and full access which is a domain local group.

    with safesearch enabled this now means that anyone/anything that connects to my proxy can now get to search engines pages and view content as safe search has given all all users access(which i cant change)

    I found a technet blog which states that you can create another rule to deny access to search engines however of course this will break access for all users and we have all users and domain users defined as groups. attached is SS of safe search properties.
    Attached Files

  • #2
    Re: Forefront TMG Safesearch

    FYI I figured out a workaround for the "workaround",

    - enabled safe search,
    - created access rule to deny search engines for all users
    - modified deny rule to excempt my domain local group from my newly created deny rule
    - moved deny rule infront of safesearch rule

    it would have been nice not to have done this and just have the one rule for safe search instead of 2 but at this point in time i dont care as i can now move on with my project to remove ISA 2006 from the network