Hi Daniel, My wife is a genius. I'm an average guy who just sits at his desk twice a long :-) Give those users access to the subdirectories they need access too using a Destination Set. The Destination Set includes the subdirectories, but not the root. Sort of like: /exchange* /exchweb* /public* This vererable Exchange Destination Set does not allow the client access to the Root of the Web, as you've probably noticed already when trying to get to the root of the OWA site. Just do the same for your Web. HTH, Tom Thomas W Shinder www.isaserver.org/shinder <http://www.isaserver.org/shinder> ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp <http://tinyurl.com/1llp> -----Original Message----- From: Daniel Chaveco [mailto:danielchaveco@xxxxxxxxx] Sent: Wednesday, May 28, 2003 12:15 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Deny Intranet Root but allow Sub-Pages. http://www.ISAserver.org Tom, You're a genious. Thank You. But that works but only if the user types in the full path http://home.mycompany.com/default.asp. Typically, the user selects the home page from his Favorites section which defaults him to http://home.mycompany.com. Since there is no default.asp in that link, the deny does not occurr. To your other point, I see what you're saying but how do I give access to the sub-pages, without giving a deny to the root. Everyone has access to the Intranet site but I need to deny one department from seeing it, while still getting that same department to the pages underneath. Thomas W Shinder <tshinder@xxxxxxxxxxxxxxxxxx> wrote: http://www.ISAserver.org Hi Daniel, Just create the deny rule for the index.html or whatever the name of the page is. Also, remember one of the top ten mistakes ISA Server admins make is using deny rules when giving access only to what's required is the best way to go. HTH, Tom Thomas W Shinder www.isaserver.org/shinder <http://www.isaserver.org/shinder> ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp <http://tinyurl.com/1llp> -----Original Message----- From: Daniel Chaveco [mailto:danielchaveco@xxxxxxxxx] Sent: Wednesday, May 28, 2003 11:29 AM To: [ISAserver.org Discussion List] Subject: [isalist] Deny Intranet Root but allow Sub-Pages. http://www.ISAserver.org I am trying to deny access to the root of my INTRANET home page (http://home.mycompnay.com <http://home.mycompnay.com/> ), using a deny rule. However I want certain users to be able to see underneath the root for other things like holiday schedules lets say, (i.e. http://home.mycompany.com/HR). I have set this and other pages up with an allow rule. However, when any of my users tries to get to any page in the site, they are denied. I know the deny rule applies first, but how can I make this work? Thank You -DC