Good for you – that’s the way it SHOULD be done. (And John, you didn’t tell the class what happened to those people in the “Deny All” group as you call it. And you KNOW it wasn’t called that. :) t From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Ball, Dan Sent: Friday, October 09, 2009 12:53 PM To: 'isalist@xxxxxxxxxxxxx' Subject: [isalist] Re: Infor - Help - Authentication Ahhhh, but all of our computers ARE on the domain, they all have reserved IPs, they all have the Firewall Client installed, AND they are allowed through the ISA server only if they are a member of the proper AD group. In addition, I bring it down to the protocol level, where they have to be in the proper AD group to use certain protocols and anyone who brings in a home computer and tries to plug it into our network will get an IP address in a range that is disallowed pretty much everything. So…. They act up, they get taken out of the Web Access group, and no Internet for them. From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of John Wilson Sent: Friday, October 09, 2009 2:45 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Infor - Help - Authentication Seriously, who do YOU know that dresses monkeys in clothes? All aside, student PC's may be tough be cause they aren't joined to the domain necessarily, so GPO cant be applied if that is the case. But you could give that computer a DHCP reservation so it gets the same IP everytime, and block it's IP address in ISA. Where I used to work, we had had a group called "deny all". Just drop the user in the group (if it's Active Directory) and they get blocked. If you don't have Active Directory, Just drop the computer by IP in the group. Done! John W. ________________________________ From: Thor (Hammer of God) <thor@xxxxxxxxxxxxxxx> To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx> Sent: Friday, October 9, 2009 12:19:19 PM Subject: [isalist] Re: Infor - Help - Authentication Yeah, but you can also steal their Facebook account data and post pictures of naked monkeys. t From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Ball, Dan Sent: Friday, October 09, 2009 4:12 AM To: 'isalist@xxxxxxxxxxxxx' Subject: [isalist] Re: Infor - Help - Authentication Sounds like my daily battle with student Internet access… Do you block or do you convince them to behave? I’m lazy, so I block (but they also have an AUP). From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) Sent: Friday, October 09, 2009 1:03 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Infor - Help - Authentication Prevent them from making changes to the proxy configuration via group policy. Or require authentication for outbound HTTP(s) at the rule or at the web proxy network config. Better yet, write out a corporate policy outlining acceptable use and Internet usage restrictions and have employees sign it -- If anyone violates policy, terminate their employment with extreme prejudice. t From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of LEANDRO DOS S. FERREIRA - TI Sent: Thursday, October 08, 2009 1:30 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Infor - Help - Authentication Hi All, I have a one user and this user does not have permisson in ISA to access the internet. If I login in a computer with webproxy and firewall client checked this user can not access internet web. But if I un-check the webproxy , he gets access to the internet. I do know what happened !! A few days ago is OK. I do not know how can I block this. I would like to prevent users to access the internet even they un-checking the webproxy. Only the users that have permisson can access the internet. Can you help me ?!?!? Regards _______________________ Leandro dos Santos Ferreira IT Team - Segurança da Informação mailto:leandro@xxxxxxxxxxx CBMM - Companhia Brasileira de Metalúrgia e Mineração Inovar - Respeitar - Competir