Thanks to this group, we have our new server (not the test pc we have been testing with) up and running with Squid/Samba/DG. Proof to anyone that after 100 times of building it, it can be done in an hour! We even have groups working with the dansguardianfX.conf files! What a great thing to hand someone a winterm and say, "Here.. oh and by the way, you can get to these 7 sites and that is it." I have read this list the whole time and all of the advice is fantastic! Our next goal is to use our firewall to block all outbound port 80 traffic except for our servers (and a couple other things). This works great in our test except for a couple of sites... Yahoo mail (as well as Hot mail) being the biggest one. I have sniffed the attempts, and it seems that someone going through the squid to yahoo email goes through, get authenticated to AD, but then they go out to the internet without going through the squid/dg box? It is pretty obvious while capturing traffic on the laptop that after it goes through squid, it goes straight out to the internet... and the laptop I am testing on works just fine when we remove the block on the firewall. To get around this, I have tried to put in the squid acl's that the if a user is going to the yahoo domain, they don't need to be authenticated.. but that doesn't seem to help. I was going to use rules on the firewall to allow anyone going to yahoo or hotmail, but yahoo alone has most of the 68.142.x.x/22 and I haven't even started getting the hotmail stuff together. I am going to post a similar question on the dg list, but I figured dg and squid go hand in hand for most people. Thanks again to everyone for help in getting us this far! ____________________________________________________________________________________ Want to start your own business? Learn how on Yahoo! Small Business. http://smallbusiness.yahoo.com/r-index