Account override

Account override allows users to change the credentials used to apply a policy to a request.

If, for example, users access the Internet from a kiosk machine, or from a machine where they log on using a local account, rather than a network account, administrators can associate account override permissions with the computer or network (IP-address- based) client.

Account override permissions can also be given to directory clients (users, groups, and OUs).

When user requests are blocked by the current policy, and account override permissions are assigned to the client being filtered (whether that is an IP address or a directory client), the block page includes an Enter New Credentials button. The user can then provide a user name and password.

Once the user clicks Switch Credentials, Filtering Service identifies the policy assigned to the new account, then applies that policy to the request.

• If the new policy permits the request, the user can access the site.
• If the new policy blocks the request, the user sees another block page.

In other words, unlike password override, using the account override option does not guarantee access to a blocked site. Instead, it changes the policy used to filter the request.

The new policy is applied to additional requests on that machine for the time period specified on the Settings > General > Filtering page (5 minutes, by default). See Configuring filtering settings.

If, after successfully switching credentials, the user wants to leave the machine before the account override period has ended, the override session can be ended manually by entering the following URL:

http://<Filtering_Service_IP_address>:15871/cgi-bin/cancel_useraccount_overrider.cgi

You may want to configure this URL as a browser bookmark on machines where the account override option is used.