SecureSchool setup guide: filters, auth, proxy, DNS, and NTP best practices.
Your SecureSchool appliance is preconfigured to work on most networks out of the box. However, your network administrator must complete a few key steps so that SecureSchool can properly filter Internet traffic for your users. This article outlines the recommended setup and best practices to get you started.

1. Setting Up Filters #

A filter set is a collection of rules that control how Internet content is filtered. These sets are then assigned to groups of users.

• We recommend creating separate groups for students and teachers, so that each can have appropriate filtering levels.
• Typically, students receive the strictest filtering, while teachers may have more flexibility.
• For detailed guidance, see:
  Best Practices for Filter Sets

2. Authenticating Your Users #

SecureSchool needs to know who your users are so the correct filter set can be applied. Authentication methods include:

• Windows Domain (NTLM/Active Directory)
  • Recommended if you use a Windows Server domain controller (2016/2019/2022 supported).
  • Create security groups in Active Directory with names matching your SecureSchool filter sets.
  • Add users to the appropriate group.
  • Join SecureSchool to your domain.
  • Step-by-step instructions:
    Authenticating Web Browsing with Your Windows Domain
• LDAP
  • Supported for Apple, Novell/Netware, and other directory services.
• SecureSchool Internal Database
  • Create and maintain users directly within SecureSchool if no external directory is available.

Note: While NTLM is still supported, many newer deployments use Active Directory with LDAP for broader compatibility across modern Windows Server versions.

3. Proxy Settings #

In order to filter traffic, users must connect through SecureSchool’s proxy.

• The recommended method is Proxy Auto-Configuration (PAC / WPAD).
• This allows proxy information to be delivered automatically, simplifying workstation setup.
• For details, see:
  Proxy Auto Detect (WPAD)
  Windows Server 2016/2019/2022 Group Policies for Proxy Auto Configuration

4. DNS Forwarding #

SecureSchool must see all DNS requests in order to provide complete filtering across every device type, including handheld devices, Chromebooks, tablets, and laptops.

• Configure your internal DNS servers to forward requests to SecureSchool.
• This ensures consistent filtering even on devices that may not be fully managed or where proxy settings are bypassed.
• See:
  Setting up DNS Forwarders in Windows

Why this matters: If DNS traffic is not forwarded through SecureSchool, users may be able to bypass filtering by manually setting external DNS servers (such as Google or Cloudflare) or using DNS-based apps. Forwarding guarantees that SecureSchool enforces filtering policies on all devices.

5. NTP (Time Synchronization) #

Accurate time synchronization is essential, especially if you use NTLM authentication.

• We recommend using SecureSchool as your NTP server.
• The SecureSchool appliance and your Windows domain controller must be within 5 minutes of each other for authentication to work.
• See:
  Windows Time Service Synchronization

With these steps completed, SecureSchool will be ready to filter content reliably and securely for your network.