I'm starting off tomorrow to play with your stuff , so rest assured. Didn't do it before cause I was playing with WFC and CODY's solution.
If you got this error "TResolver.Execute: TClientServerSocket.Create: Binding to address 0.0.0.0 and port 53 failed. Is there another DNS server/proxy running?" First, click on UninstallAcrylicService.bat Now, open AcrylicConsole.exe, dont close And click InstallAcrylicService.bat Restart PC, and voilá, all working perfectly.
I finally figured out my problems My network administrator set the default DNS 192.168.100.5 If it changed to 127.0.0.1 my connection down Its connected but can't browse anything My network administrator set the default gateaway to 192.168.130.14 While my local PC IP : 192.168.130.4 Checked via cmd ipconfig theres NO such 192.168.1.1 So how I can get it work properly?
Is your PC joined to a LAN controlled by a server? Have you tried PrimaryServerAddress=192.168.130.14? in the AcrylicConfiguration.ini
Yes My workplace has 3 or 4 office building And I don't know how our network administrator configured it together On my office theres 13 PC (IP 1 - 13) and the 14 is for gateaway and IP Phone Yes I already tried that PrimaryServerAddress=192.168.130.14 Acryilic itself run great and the console showing the job (theres activity list scrolling down) But I can't get the internet connection because the DNS changed to 127.0.0.1 While when I put again DNS 192.168.100.5 (deleting the 127.0.0.1) my internet back but Acryic didn't work
I finished my setup late last night, I'm tired... Now need to learn this stuff in depth and testing, thank you lomticksoftoast.
From your IP, Subnet, DNS & Gateway details, your corporate network has been set by your IT team with offices working within their individual predefined IP / Subnet ranges. Within your companies network diagram equation there is a DNS / DHCP server (192.168.100.5) & may be other proxies, firewall or a Unified Threat Management system on the gateway. More than likely if set correctly the DNS server is caching network web requests by default. There is zero benefit to you or your company having Acrylic on your workstation. If you’re IT Admins have done their homework correctly when implementing the network & Endpoints. The end users will not be able to make any drastic changes to their workstations OS settings. Another point to bear in mind is that you do not break any of your companies IT compliance rules.
Thanks! Hey Mike.mt! Thanks for helping RADITZDJ out because, as I fully admit, I've only got Acrylic to work on a basic LAN architecture that was getting DNS from a single router. Could you please supply your wisdom and clarity on a three things that still baffle me? Since RADITZDJ's on a corporate LAN architecture, and assuming that the "IT Admins have done their homework correctly," will his personal information be protected from MS by standard "best practices" or does protecting people form MS telemetry gathering vary from company policy to company policy? What LAN architecture supports the default Acrylic configuration for PrimaryServerAddress=8.8.8.8? And the big ask ... What settings does one use for the AcrylicConfiguration.ini if your workstation is on a network being managed by a home server (like Essentials) that uses a "local DNS server" to resolve names and that overrides the DHCP assigned IP address to 127.0.0.1 (localhost)? The last question is complex for me, but I'm hoping that it's dead easy for you! It's also a question that I expect will soon be asked by some struggling MDL dweller who's trying to get Acrylic to work on a workstation embedded into a home server environment! What I puzzled out from your answer above is that RADITZDJ's corporate LAN has a "DNS server" that caches "network web requests" making Acrylics official purpose redundant. And I know that even little MS Essentials has a built-in DNS server, but for a small business, ... and I guess here is a forth question .... that may supersede question 3 ... 4. For a small business, is it fairly easy (or even possible) to implement an MS telemetry blocking scheme using, say "Windows Server 2012 R2 Essentials" or would it be easier/better for them to use The Acrylic Privacy Approach individually applied to each workstation? And if, and only if, the answer to the question 4 is "use Acrylic" does the answer to question 3 "the how" still apply.
As far as I knew they configured out within the Mikrotik router OS But I never knew what kinda server or system that my company running on the main office building I'm just at branch office And I'm not the administrator I just want to make my Win 10 clean without those craps from MS I already create my own win 10 wim file Remove packages via DISM And the last step is configured it out with this Acrylic to block connection to MS
Hey, looks good! Acrylic ... doing it's job! I just added a link to your post and I'm using your shared images as "teaching tools." Look in the section titled The "hit log" field of the Acrylic DNS Proxy Monitor Let me know if you'd rather I didn't do that! I de-hyped the posted first draft of that 'lesson' which hopefully you didn't see!!
First of all lomticksoftoast I give you 10/10 for enthusiasm & effort. Brings back memories of my earlier days on the IT block. Although I have had a brief play with Acrylic I will not be taking the relationship further on either my private or corporate networks. Acrylic good as it is for an individual pc user that likes its DNS caching feature & easier host file management through wild cards. Does nothing to enhance my IT security layer modules that are already in place & controlled from one location. IMO hosts file entries are ok if one wishes to block URL requests going out from an endpoint but do not block IP’s. For me there are more efficient security management / privacy solutions for a network environment to control Endpoint & internet gateway traffic. For an example solution: An OpenDNS account FREE for home use on the outside of the gateway to assist blocking undesired content, adverts & malware. A Sophos Unified Threat Management (UTM) Next-Gen firewall installed on the network gateway. Blocking all undesirable traffic with full packet inspection analysis. Full transparent DNS Proxy, DHCP, Dual Engine Antivirus Monitoring, Ad Blocking, Content Filters, Web Site filtering where a domain name masks will not only block / allow a URL address + sub domains but the associated IP’s as well.There are many other features built in & all FREE for home users. All that is required is a working dual core PC with 2X GB RAM & 2 X NIC’s. Other members may prefer a SmoothWall or PfSense software, similar but less features & still FREE. These too allow domain blocks with a single entry. A locked down Endpoint firewall controlled by Group Policy. If I was a home user with one PC I would probably opt for an adblock/ script block / Iframe block app, PeerBlock with custom rules & a locked down firewall with hardened rules along with a decent home router / firewall that allows custom IP table rules to be entered. I do not wish to pour water on your fireworks as I wish you the very best on the Acrylic quest. Regarding your question on SBS / Essential servers, each to their own. Last year when I looked at the offerings, they forced packages in one “All or Nothing” install. Then trying to remove the unrequired modules was a PITA. So if I were you I would go the 2012 r2 route where you have the options to install only what is required. Far easier / efficient approach with less event logs. With your last question I would always go if possible for a centrally managed route, where a single entry can update multiple workstations. One tip I will throw in would be to look at the Free Avast Business Security (Cloud) security solution run with Hardened Mode enabled, as that not only offers excellent AV / Malware protection for servers & endpoints, but also makes them a synch to manage through their web portal. Enabling you to easily keep you finger on the pulse of that area. At the end of the day in IT each to their own as there are many paths that lead to similar solutions. Keep posting, good luck & ciao for now. Mike
Hi RADITZDJ I appreciate your efforts in trying to improve the privacy from within your company, I wish that all of our employees were so diligent. In your shoes I would check with your powers to be that you are not breaking any company SECPOL rules & you are not trying to duplicate any rules that are already in force on the MicroTik appliance before you go any further. Although impossible to do through the lock-down policies we have in place. I would go ballistic at any members within our companies trying to install apps or mod any part of a workstations OS. BR MIke
Hi, Mike First of all, I really appreciate your response and I'm not disheartened or discouraged at all by what you have to say. On the contrary, I would rather find and use the right tool for the job then use and, even worse, promote a tool that is only going to foster a false sense of security! There are far too many "pretend-solutions" floating about at the moment and I don't need to be adding another half-assed tool into to an already over-full tool-box of crap!! My walk away lesson from your post is that a major potential hole in the Acrylic Approach is it's lack of ability to block IPs. So I guess I'll do some research to see if MS telemetry servers use domain names as well as raw IP addresses. I suspect they do, which is why you see peerblock solutions being offered on MDL and why you mentioned peerblock as a home solution in your post. I imagine you probably know the answer, but don't feel obligated to reply. Your last post was generously packed with a heap of potential free alternatives tools to explore for their suitability in accomplishing the mission I want to achieve! Thanks again!