SafeSearch enforcement in Forefront TMG 2010 is a simple and effective way to prevent users on your network from accessing explicit adult content via popular search engines. Enabling SafeSearch enforcement is accomplished by opening the Forefront TMG 2010 management console, highlighting the Web Access Policy node in the navigation tree, clicking the Configure SafeSearch link in the Tasks pane and selecting the option to Enable SafeSearch.
When SafeSearch is enabled a rule is created that grants access to all users from the Internal network to all sites in the Search Engines category.
Effectively this grants unauthenticated access to many search engines including Bing, Google, and Yahoo. This level of access is quite broad and enables anonymous users to access quite a bit of content, which might not be desirable in some environments. It is not possible to change the users in the GUI either, unfortunately. However, it can be changed programmatically using COM and VBscript. For example, the following code will change the users from All Users to All Authenticated Users.
Dim Root, Array, Rule Set Root = CreateObject("FPC.Root") Set Array = Root.GetContainingArray() Set Rule = Array.ArrayPolicy.PolicyRules("SafeSearch") Rule.AccessProperties.UserSets.Add "All Authenticated Users", fpcInclude Rule.AccessProperties.UserSets.RemoveSpecified "All Users" Array.Save Array.WaitForReload
Important Note: This change is not officially supported by Microsoft. If you make this change it may potentially cause other issues, so please proceed with caution.
Once the script has completed the SafeSearch rule will now apply to All Authenticated Users and prevent unwanted anonymous access to web sites categorized as Search Engines.
Service Pack 3 for Microsoft Forefront UAG 2010 is now available for download. SP3 for Forefront UAG 2010 includes several important new features and enhanced functionality, including:
Support for Internet Explorer 10 on Windows 8 – Full support is provided only for Internet Explorer 10 in desktop mode. The modern UI version of Internet Explorer 10 does not provide support for browser add-ons. If a user accesses the Forefront UAG 2010 portal and the trunk is configured to install and launch the UAG client components, the user will receive a message indicating that the site requires add-ons which will require the desktop version of Internet Explorer 10.
Support for the Native Windows 8 Mail App – Windows 8 users can now connect to published Exchange servers using the built-in Windows 8 modern UI mail app
Remote Desktop Connection (RDC) 8.0 client support – Windows 8 users and Windows 7 users who have upgraded to the RDC client v8.0 can now access remote desktop resources published by Forefront UAG 2010 SP3
Exchange Server 2013 – Application publishing wizards in Forefront UAG 2010 SP3 now include native support for Exchange Server 2013
SharePoint Server 2013 – Application publishing wizards in Forefront UAG 2010 SP3 now include native support for SharePoint Server 2013
Support for Office 2013 applications – Publishing Office 2013 applications such as Outlook, PowerPoint, Word, and Excel is now natively supported in Forefront UAG 2010 SP3
You can download SP3 for Forefront UAG 2010 here.