Kaseya Community

Monitor Non-Internet Access PC's with Kaseya

  • We have a potential client (Physicians Clinic) that only grants Internet access to a limited # Users. What's the best way to Monitor/Remote Control all their PC's using Kaseya, but still prevent the Non-Approved Users from accessing the Internet?

    Thanks!

    Legacy Forum Name: Monitor Non-Internet Access PC's with Kaseya,
    Legacy Posted By Username: billmccl
  • Simple... block all LAN outgoing ports to the internet (where applicable of course!) except the port used by the K client.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: boudj
  • You can use the Kaseya agent to restrict which applications have access to the internet. Or, you can use a decent firewall that allows you to restrict outbound ports and only allow the port that your agents use. Either way, there shouldn't be any way around the block. Using the agent to block all access to the internet seems like the better option, as it allows you a much finer level of control (you can allow access based on application, or PC).

    Legacy Forum Name: How-To,
    Legacy Posted By Username: arobar
  • As mentioned above, you can use the Kaseya agent to block Internet access for all users on a specific machine. However, it sounds like you want to grant access to some users and deny others.

    Check out the UTM network security products at cyberoam.com.

    I just saw a demonstration of this product at the ASCII Tech Bootcamp. It will allow you to open and close ports based on the user login. The user identity can be authenticated via Active Directory, RADIUS, or a user directory configured on the Cyberoam device itself.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: djeffrey
  • How do I set the Kaseya Agent up to block Internet access on a particular PC?

    Thanks!

    Legacy Forum Name: How-To,
    Legacy Posted By Username: billmccl
  • billmccl
    How do I set the Kaseya Agent up to block Internet access on a particular PC?


    Under the Audit tab, click on Network Access. Make sure the driver is enabled for the PC you wish to limit access on. If it is not, check the box next to the PC and click the Enable button (under "Enable/Disable driver at next reboot"), then reboot the PC. Once the drive is enabled, click the checkbox next to the PC you want to limit access on, select the Deny all unlisted radio button, and click the Apply button.

    Now you must specifically add a particular EXE to the allow list for it to gain access to the internet. For example, you can grant outlook.exe access to the internet, while iexplore.exe and firefox.exe still remain blocked.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: arobar
  • Is there a log somewhere that will show which applications have tried to access the Internet? Example, McAfee AV. How do I know which of the McAfee .exe's I need to Allow so that it can Update the Virus Defs, etc?

    Thanks!

    Legacy Forum Name: How-To,
    Legacy Posted By Username: billmccl
  • billmccl
    Is there a log somewhere that will show which applications have tried to access the Internet? Example, McAfee AV. How do I know which of the McAfee .exe's I need to Allow so that it can Update the Virus Defs, etc?


    Unfortunately I have not used this feature extensively, so I do not know the answer to your question. I can tell you that if you click on the name of an agent in the Network Access screen, it will give you a list of applications on that PC and allow you to approve or deny them. You can also tell the agent to alert the user when an application is blocked (which would allow you to get the names of all of the blocked applications if you sat at a PC and tried to access everything your staff would need to).

    Legacy Forum Name: How-To,
    Legacy Posted By Username: arobar
  • I would not use this method for blocking and allowing internet access over a company network.

    Use a firewall/router and set it up that way. Then you control everyone in one place and allow by ports rather than programs on a pc. For example we have a customer who does not allow internet access to their employees but does for management. However all employees raise tickets to us through Kaseya using IE so we have set it up on their firewall that our url is allowed as is the kaseya port and a few others (such as AVG etc.).

    Very simple and much easier to manage on a firewall. If you dont have or want a hardware firewall then use ISA Server (most of our customers have SBS Server Premium which comes with ISA built in).

    Legacy Forum Name: How-To,
    Legacy Posted By Username: Mark Shehan