Summary #

SecureSchool supports NTLM authentication, allowing your users to log in to their Windows domain accounts and automatically inherit the correct SecureSchool filter set.

With NTLM enabled, SecureSchool checks the user’s Active Directory (AD) group memberships. If a group name matches a filter set name in SecureSchool, that filter set is applied when the user browses the Internet.

How It Works #

• A user logs in to their Windows domain account.
• SecureSchool receives the NTLM credentials from the browser.
• SecureSchool queries Active Directory to confirm the login and retrieve group memberships.
• SecureSchool compares the AD group names against the SecureSchool filter sets.
• If a match is found, the corresponding filter set is applied.
• If no match is found, access is denied.

Important: Group names must exactly match the SecureSchool filter set names (including capitalization).

Creating Active Directory Groups for SecureSchool #

To use NTLM authentication, you’ll need to create AD security groups that align with your SecureSchool filter sets.

Step 1: Open Active Directory

1. Log in to your Windows Server with domain admin rights.
2. Open Active Directory Users and Computers (or Active Directory Administrative Center if available).

Step 2: Create a New Security Group

1. Right-click the Users container or the OU where you want to store the group.
2. Select New → Group.
3. Enter the Group Name.
4. This must match a SecureSchool filter set name exactly.
5. Example: If your SecureSchool filter set is called Teachers, create an AD group called Teachers.
6. Choose Global as the Group Scope.
7. Choose Security as the Group Type.
8. Click OK.

Step 3: Add Members

1. Right-click the group and choose Properties.
2. On the Members tab, click Add.
3. Select the users (or nested groups) you want to include.
4. Click OK to save.

Matching Filter Sets in SecureSchool #

1. Log in to your SecureSchool admin console.
2. Navigate to Filter Sets.
3. Confirm that a filter set exists with the same name as your AD group.
4. If needed, create or edit filter sets to match.

Example:

• AD group: Students
• SecureSchool filter set: Students
• All users in that AD group automatically get the “Students” filter rules when browsing.

Common Use Cases #

Here are a few ways schools typically organize groups and filter sets:

• Students vs. Teachers
  • AD Groups: Students, Teachers
  • Filter Sets: Students (stricter restrictions), Teachers (broader access for instruction)
• Staff vs. Guests
  • AD Groups: Staff, Guests
  • Filter Sets: Staff (full access for employees), Guests (limited access for visitors or temporary accounts)
• Elementary vs. High School Students
  • AD Groups: Elementary, HighSchool
  • Filter Sets: Elementary (age-appropriate filters), HighSchool (more flexible filtering for older students)
• Special Groups
  • AD Groups: ITAdmins, Library, AfterSchool
  • Filter Sets: custom sets matching each group’s needs (e.g., IT admins may need unrestricted access).

By mapping AD groups to SecureSchool filter sets, you ensure that browsing rules are consistently applied based on a user’s role.