I am running BM38SP3 on a NW6SP5 server, with SurfControl 6. I want to
set it up so that the occasional visitor can use the web without needing
Client32 installed, but yet needs to authenticate with a NDS "guest"
login. (This is because we are a school, and if the kids got wind of an
unautheticated connection ... <g>)

I have a number of rules blocking specific URLs or setting time
contraints, and 3 SurfControl rules blocking catgories for staff, upper
school students and middle school students.

This all works quite well except:

1. If the option "Authenticate only when accessing a restricted page" is
not checked, all TP users get "403 Forbidden" accessing any page.

2. If I check the option, TP users can access the Net just fine, but the
SC rules applied to groups no longer fire.

But I really need the SC rules working, so it seems that I must somehow
make #1 above go away ... or do I?

In any case, can somebody tell me how to set this up so that my regular
user-base can continue to be serviced by all rules and my guests can
easily get access without the client and CLNTRUST?

Ken McLeod
The Delphian School