Re: Firewall Client Installation Problem
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 24 Oct 2002 19:22:04 -0700
This is going to be a long one, so...
IE settings are "per user" by default, so the FW client only makes the
changes to IE on a per-user basis.
Here're the registry settings "per-user":
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings]
"User Agent"="Mozilla/4.0 (compatible; MSIE 6.0; Win32)"
"IE5_UA_Backup_Flag"="5.0"
"NoNetAutodial"=dword:00000000
"MigrateProxy"=dword:00000001
"EnableNegotiate"=dword:00000001
"ProxyEnable"=dword:00000000
"EmailName"="IEUser@"
"AutoConfigProxy"="wininet.dll"
"MimeExclusionListForCache"="multipart/mixed multipart/x-mixed-replace
multipart/x-byteranges "
"WarnOnPost"=hex:01,00,00,00
"UseSchannelDirectly"=hex:01,00,00,00
"EnableHttp1_1"=dword:00000001
"PrivacyAdvanced"=dword:00000000
"EnableAutodial"=dword:00000000
"UrlEncoding"=dword:00000000
"ProxyHttp1.1"=dword:00000001
"CertificateRevocation"=dword:00000000
"DisableCachingOfSSLPages"=dword:00000000
"SecureProtocols"=dword:00000028
"WarnonBadCertRecving"=dword:00000001
"WarnonZoneCrossing"=dword:00000000
"WarnOnPostRedirect"=dword:00000001
"SyncMode5"=dword:00000003
"GlobalUserOffline"=dword:00000000
"ProxyServer"="isaserver:80"
"PrivDiscUiShown"=dword:00000001
"AutoConfigURL"="http://wpad/wpad.dat";
To place these settings at the machine level, you simply duplicate them to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings
To keep the per-user settings from having any effect, add this entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Intern
et Settings "ProxySettingsPerUser", DWORD=0x0
..hope that feeds the imagination...
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/pages/author_index.asp?aut=3
http://isatools.org
Read the help / books / articles!
----- Original Message -----
From: "Mayo, Bill" <bemayo@xxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, October 24, 2002 2:27 PM
Subject: [isalist] Firewall Client Installation Problem
http://www.ISAserver.org
I am attempting to deploy the Firewall Client to my staff to replace the
Proxy Client. I am having no problem with
the actual deployment of the software, it installs fine through group
policy.
However, while the software is installed and seems to be functioning
properly, any rule that has security applied
to it results in a "403 forbidden" error (regardless of whether it is
allowed or prohibited).
What I have found is that if the software is installed (or repaired using
add/remove software) with the user logged
on, everything works fine FOR THAT USER. Anybody else logging on will have
the same problem, until the software is installed under the context. (I
have also installed the software manually with the same result--deploying
through group policy does not seem to make a difference.)
This is causing me a big problem. It would be bad enough if it had to be
installed under the user context, but it's an absolute show stopper that
everyone that uses the computer has to have it done.
I have been unable to pinpoint what changes when it is re-run under the
user's logon; everything looks the same. The client machines are running
Windows 2000 SP2, and the ISA Server has SP1.
Thanks in advance for any help you can provide,
Bill Mayo
Pitt County MIS
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
