Restricted Access

Discussions around the setup, operation, replacement, and disposal of clerk computers, not to include using MLS
greggo
Member
Posts: 276
Joined: Thu Jan 24, 2008 9:36 am
Location: Paw Paw, MI, USA

Restricted Access

Postby greggo » Mon Aug 11, 2008 10:28 am

I'm sure my issue has been addressed in another thread somewhere, but in the limited time that I spent searching, I couldn't find an answer (possibly due to my limited knowledge on the subject and unfamiliarity with the acronyms/lingo - I'm not a network administrator).

It was obvious to me that our ward clerk computer is configured with the "restricted access option" due to it only being able to connect to church sponsored websites. I therefore asked our stake tech specialist how we go about requesting the "extended access."

After some checking (he wasn't aware of different options), he said that it was because of a Norton firewall that comes pre-configured by the church. But in a later email he stated that he has given extended access to the wards and stake so far and asked if the ward has the rights to make the change.

According to the ward tech specialist, the restricted/extended access options that I referred to is for a separate firewall device that is not installed in the clerks office. The "filtering" that only allows church sites is due to a Norton program that was installed when we upgraded the operating system with the new desktop software from CHQ. The settings are restricted and he doesn't have the password. When I tap into the wireless network with my laptop, it is not restricted in any way, so the issue is only on the ward desktop computer.

I have yet to receive a reply from the stake tech specialist on whether he has a password or not, but I have doubts that he knows whats going on. Can anyone:
1) Tell me exactly what the issue is? And
2) Tell me how to fix it so we can get the extended access?

Thank you.

User avatar
aebrown
Community Administrator
Posts: 14693
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Postby aebrown » Mon Aug 11, 2008 10:51 am

Greggo wrote:I'm sure my issue has been addressed in another thread somewhere, but in the limited time that I spent searching, I couldn't find an answer (possibly due to my limited knowledge on the subject and unfamiliarity with the acronyms/lingo - I'm not a network administrator).

It was obvious to me that our ward clerk computer is configured with the "restricted access option" due to it only being able to connect to church sponsored websites. I therefore asked our stake tech specialist how we go about requesting the "extended access."

After some checking (he wasn't aware of different options), he said that it was because of a Norton firewall that comes pre-configured by the church. But in a later email he stated that he has given extended access to the wards and stake so far and asked if the ward has the rights to make the change.

According to the ward tech specialist, the restricted/extended access options that I referred to is for a separate firewall device that is not installed in the clerks office. The "filtering" that only allows church sites is due to a Norton program that was installed when we upgraded the operating system with the new desktop software from CHQ. The settings are restricted and he doesn't have the password. When I tap into the wireless network with my laptop, it is not restricted in any way, so the issue is only on the ward desktop computer.

I have yet to receive a reply from the stake tech specialist on whether he has a password or not, but I have doubts that he knows whats going on. Can anyone:
1) Tell me exactly what the issue is? And
2) Tell me how to fix it so we can get the extended access?

Thank you.


I'm not sure where you are getting your information, but much of it is incorrect. The filtering on Internet connections in Church meetinghouses is not controlled by Norton software at all. Rather, it is controlled by the Church-managed firewall device. There is only one firewall device per building.

There are two different kinds of configurations: one is typical for a building containing a Family History Center, which has typically had a Cisco PIX firewall. In this case, there is a filtering configuration that is common to all Family History Centers, and any administrative computers will have that same filtering.

The other configuration is used for buildings with Internet connections set up for the new Meetinghouse Internet program (which began in February of this year in selected locations, and as of last week is now rolled out to all of the US and Canada). In this case, the stake president may specify that the firewall should use the LDS Restricted Access or the LDS Extended Access filtering.

In either case, the decision is made for an entire building. A ward may not choose filtering different from that determined by the Church-managed firewall. Your stake technology specialist, under the direction of the stake president, can communicate with the Global Service Desk to specify either LDS Restricted or Extended Access for each building.

The Desktop 5.5 image which you referred to is a prerequisite for connecting administrative computers to the Internet, but has nothing to do with the filtering that occurs. Again, that is controlled by the firewall.

russellhltn
Community Administrator
Posts: 20767
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Mon Aug 11, 2008 11:08 am

Didn't someone else run into an issue where the clerk computer appeared to be more restrictive then the network? What was the outcome of that?

User avatar
Mikerowaved
Community Moderators
Posts: 3132
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

Postby Mikerowaved » Mon Aug 11, 2008 11:33 am

Greggo wrote:When I tap into the wireless network with my laptop, it is not restricted in any way, so the issue is only on the ward desktop computer.

Is it possible you tapped into a neighboring WiFi signal and not the ward's? Did you need a key to access it or was it open?
So we can better help you, please edit your Profile to include your general location.

User avatar
mkmurray
Senior Member
Posts: 3241
Joined: Tue Jan 23, 2007 9:56 pm
Location: Utah
Contact:

Postby mkmurray » Mon Aug 11, 2008 11:33 am

Alan_Brown wrote:...the new Meetinghouse Internet program (which began in February of this year in selected locations, and as of last week is now rolled out to all of the US and Canada).

Really? Please provide more details. (Let's be careful not to fork the thread too much though).

User avatar
aebrown
Community Administrator
Posts: 14693
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Postby aebrown » Mon Aug 11, 2008 11:43 am

RussellHltn wrote:Didn't someone else run into an issue where the clerk computer appeared to be more restrictive then the network? What was the outcome of that?


You're referring to this post; if you read the whole thread, it seems clear to me that the person was using some odd software supplied by his FM group, so I don't think it really has general application.

User avatar
aebrown
Community Administrator
Posts: 14693
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Postby aebrown » Mon Aug 11, 2008 11:51 am

mkmurray wrote:Really? Please provide more details. (Let's be careful not to fork the thread too much though).


Hopefully it will be posted soon clerk.lds.org with the other similar letters. But my stake president handed it to me yesterday. The letter is dated 8 August 2008, is addressed to all stake presidents (and some other leaders) in the US and Canada.

It is word for word the same as the [url=http://www.lds.org/Static%20Files/PDF/STS/Letters/English/06908_000_notice[1].pdf]26 March 2008 letter[/url], except that it says "Effective August 8, 2008, stake presidents in the United States and Canada Areas may authorize and fund, out of local unit budgets, broadband Internet connections for meetinghouses within their stakes...."

jdlessley
Community Moderators
Posts: 6526
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Mon Aug 11, 2008 12:01 pm

RussellHltn wrote:Didn't someone else run into an issue where the clerk computer appeared to be more restrictive then the network? What was the outcome of that?
You are correct. I delt wilth this situation on our stake clerk computer. I never did figure out how the computer based filtering was set up. I had assumed it was configured as part of Desktop 5.5. But there is nothing in any other administrative computer configuration to verify this. I did find the implementation was in the internet options applet. In Desktop 5.5 one or more tabs of the internet options applet are disabled. I don't recall if the connections tab is disabled. It is the connections tab in which the additional filtering is set up.

I am not at the clerk computer so I am going by memory as to what the configuration details are. You can check the filtering by opening the internet options applet, inetcpl.cpl. I will make the assumption you know how to do this. Click the 'LAN settings' button at the bottom of the connections tab. If you have additional filtering then the 'Proxy Server' section will have the 'Use a proxy server for your LAN..." checkbox checked and something like "INETPROXY" in the 'Address' text box with the port set to '80'. You can edit the whitelist of sites by clicking the 'Advanced' button to edit the 'Exceptions' list.

If any of the seven tabs of the Internet Options applet; General, Security, Privacy, Content, Connections, Programs, Advanced; are not available you can get them back by editing either the registry (not recommended) or using the Group Policy Editor to enable/disable any of the tabs.

Alan_Brown wrote:You're referring to this post; if you read the whole thread, it seems clear to me that the person was using some odd software supplied by his FM group, so I don't think it really has general application.
While it may sound like it was some odd software it was in fact software provided by the Church in which the FM group saved to CD for distribution. Instructions with the CD indicated all the applications on it were required for any computer connecting to the internet. It was the Cisco VPN Client 4.8.1.0003 with new Local LAN access profile that created the additional filtering. This software package was used for Church computers connecting to the internet prior to the February 2008 initiative. Our FM group assumed the software was required in light of the February 2008 policy. I installed the software thinking it was required. There may be others who had that same software installed and will now experience the additional filtering. It can be removed or left in place and taylored to local needs.
JD Lessley
Have you tried finding your answer on the LDS.org Help Center page or the LDSTech wiki?

User avatar
aebrown
Community Administrator
Posts: 14693
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Postby aebrown » Mon Aug 11, 2008 12:16 pm

jdlessley wrote:While it may sound like it was some odd software it was in fact software provided by the Church in which the FM group merely saved to CD for distribution. Instructions with the CD indicated all the applications on it were required for any computer connecting to the internet.


I certainly didn't mean to imply that anyone did anything wrong in the case you refer to. You were given software by your local FM group, and policy certainly says that they have an important role in establishing Internet connections.

All I meant by the word "odd" was that it is not referred to in any Church-wide documentation, and that many stakes have connected with no problems and completely within policy without using that software. In fact, I have not heard of a single other stake that has used that software.

jdlessley
Community Moderators
Posts: 6526
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Mon Aug 11, 2008 12:27 pm

I understand. It sounds to me that Greggo may have run into the same situation as I ended up with.

By the way... the local computer additional filtering can be removed without any problem. I just chose to retain it to provide more control over internet access.
JD Lessley
Have you tried finding your answer on the LDS.org Help Center page or the LDSTech wiki?


Return to “Clerk Computers”

Who is online

Users browsing this forum: No registered users and 1 guest