Ok, this setting as noted by Jay and Jim solved my problem. I also wanted to address the questions below. I read up on the documentation Microsoft provided for switching from Proxy Server to ISA Server, and thought I had a pretty good understanding of the configuration options. It is pretty apparent that are some things at work here of which I was not aware from my reading. As far as what kind of access controls and accounting we need, we need to be able to control and log HTTP access according to user and group (which is why I was trying to use the Firewall Client). There have been no discussions about controlling access based on content, but it is something that could possibly be needed in the future. I can now see the reason/benefits of having the mixed access (Web Proxy/Firewall) and probably need to be set up that way. My original problem was, in retrospect, that the user profiles were not getting the Web Proxy settings. It appears that I can set this through group policy at: User Configuration/Windows Settings/Internet Explorer Maintenance/Connection/Proxy Settings and entering the name of my proxy server at port 8080 there. Does this sound correct? If so, I think I have gotten all my questions answered and have a solution. (In my testing everything seems to work this way.) I thank you all very much for your patient assistance, and I apologize if this should have been painfully obvious. Bill Mayo Pitt County MIS -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Friday, October 25, 2002 11:25 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Firewall Client Installation Problem http://www.ISAserver.org There seems to be a bit of confusion (and unasked questions) here. First, you have to decide what kind of access controls and accounting you need. a. if you want to control and log HTTP access according to user or group, then you need to have user authentication. This is only available via the Web Proxy or Firewall service b. if you want to control and log web access based on content as well, then the Web Proxy service is your only option, as the Firewall service doesn't delve into "content". Note that this may also apply when using some third-party content filters, such as SurfControl. Options (a) and (b) requires that the user access the ISA via the Web Proxy service; this means that FW and SecureNAT clients aren't supported for authenticated web access, since the HTTP Redirector drops credentials. If you don't care about controlling and/or logging based on user credentials, then drop the proxy settings and set the HTTP Redirector to "forward to requested web server" and it'll work "just like Proxy 2". Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/pages/author_index.asp?aut=3 http://isatools.org Read the help / books / articles! ----- Original Message ----- From: "Mayo, Bill" <bemayo@xxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Friday, October 25, 2002 7:47 AM Subject: [isalist] Re: Firewall Client Installation Problem http://www.ISAserver.org As an additional note, I have been looking at different settings to try and find a workaround. I setup the ISA server in Integrated Mode. It looks like this may be the reason that I have "mixed" settings (web proxy for web activity even with the Firewall Client). To be able to have everything work through WinSock, should I change this to Firewall mode instead? Bill Mayo Pitt County MIS