Hi Bob, I think ISA server don't authenticate locally, Domain Controller athenticate for ISA server. It is my opinion. May be I am wrong. Regards. -----Mensaje original----- De: Bob Garrison [mailto:bgarrison@xxxxxxxxxxxxxxxxxxxxxxx] Enviado el: viernes, 06 de septiembre de 2002 17:54 Para: [ISAserver.org Discussion List] Asunto: [isalist] RE: Block Users http://www.ISAserver.org Miguel, if you extend the time limit on DCHP to say 30 days the server will renegotiate the lease at about 15 days and should give out the same IP (just renews the lease) its worth a test....you should not have to change the destination sets for the clients unless the specific users moves around from PC to PC then you could try to limit them by user/group name. A question for you, what do you know about authentication? does ISA authenticate locally? through the domain controller? when I request authentication I keep getting failures. Any help here would be appreciated. Thanks Bob Garrison Jefferson County Library Central Services 3021 High Ridge Blvd. High Ridge, MO 63049 636-677-8689 email: bgarrison@xxxxxxxxxxxxxxxxxxxxxxx "It all comes down to a check box" -----Original Message----- From: Miguel Angel Perez [mailto:mperez@xxxxxxxxxxxxxxx] Sent: Friday, September 06, 2002 9:51 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Block Users http://www.ISAserver.org Hi Rob, It is very difficult, because we have DHCP, and the user has the IP address for 4 days, I will have to change the rule each 4 days. Isn't it?. -----Mensaje original----- De: Bob Garrison [mailto:bgarrison@xxxxxxxxxxxxxxxxxxxxxxx] Enviado el: viernes, 06 de septiembre de 2002 16:46 Para: [ISAserver.org Discussion List] Asunto: [isalist] RE: Block Users http://www.ISAserver.org Miguel, did you apply this to client sets by IP? make sure that the user you want to deny internet access to is not within the client set that has access. Just a thought... Bob Garrison Jefferson County Library Central Services 3021 High Ridge Blvd. High Ridge, MO 63049 636-677-8689 email: bgarrison@xxxxxxxxxxxxxxxxxxxxxxx "It all comes down to a check box" -----Original Message----- From: Miguel Angel Perez [mailto:mperez@xxxxxxxxxxxxxxx] Sent: Friday, September 06, 2002 9:34 AM To: [ISAserver.org Discussion List] Subject: [isalist] Block Users http://www.ISAserver.org Hi all, I want that certain users do not surf in Internet. I have done it, with Access Policy, in Protocol Rules, have denied all the IP Traffic, schedule is Always, and I have applied to the specific user. When I make logon with this user I can surf, What I am doing wrong?. All users have Firewall Client installed in their computers. Please Help!!!! Thanks in Advance ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bgarrison@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mperez@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bgarrison@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mperez@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')