RE: Web Client Requests
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sun, 29 Jan 2006 12:20:47 -0600
Hi Jim,
Well then, that *does* explain a lot. Am I correct to assume that IE and
Outlook 2XXX are not using the same interface. That is to say, one is
using WinHTTP and the other WinInet?
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**
> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: Sunday, January 29, 2006 11:08 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Web Client Requests
>
> http://www.ISAserver.org
>
> Tom,
>
> That's only true *if* the app knows how to:
> - request it
> - interpret it
>
> For instance, WinHTTP knows how to ask for it, but it only uses the
> server list; not the code that accompanies it.
>
> You can *never* assume that all proxy-aware apps actually
> know anything
> about using a .pac file (what WPAD really is).
>
> --------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> --------------------------------------------
>
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Sunday, January 29, 2006 8:08 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Web Client Requests
>
> http://www.ISAserver.org
>
> But if the app is proxy aware, it should follow the directives of the
> autoconfiguration script that includes the Direct Access entries.
>
> Oh wait, let me guess -- some of these apps don't take their proxy
> settings from IE and they don't support the autoconfig script?
>
> Tom
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> **Who is John Galt?**
>
>
>
> > -----Original Message-----
> > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> > Sent: Saturday, January 28, 2006 2:54 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Web Client Requests
> >
> > http://www.ISAserver.org
> >
> > ..except if the app is proxy-aware, then you get into the
> > "worm ate the
> > bird" problem again...
> >
> > I will stipulate that the SBS community seems to hit this particular
> > wall more often than most; probably due to the
> > cheaposkinflintmothposcketicity of their customers.
> >
> > --------------------------------------------
> > Jim Harrison
> > MCP(NT4, W2K), A+, Network+, PCG
> > http://isaserver.org/Jim_Harrison/
> > http://isatools.org
> > Read the help / books / articles!
> > --------------------------------------------
> >
> > -----Original Message-----
> > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > Sent: Saturday, January 28, 2006 12:34 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Web Client Requests
> >
> > http://www.ISAserver.org
> >
> > Hey Jim,
> >
> > That's what the Firewall client is for, so that you don't have to
> > disable auth.
> >
> > So, I'll have to update my maxim:
> >
> > SecureNAT and Anonymous Access rules are for Losers and Servers.
> >
> > How's that?
> >
> > Tom
> >
> > > -----Original Message-----
> > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> > > Sent: Saturday, January 28, 2006 1:13 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Web Client Requests
> > >
> > > http://www.ISAserver.org
> > >
> > > You're right - I responded in reverse.
> > > If you:
> > > 1. disable the web proxy filter
> > > 2. remove authentication
> > >
> > > ..then no one is forced to authenticate and you are limited
> > > to IP-based access controls.
> > > Bad juju, IMHO...
> > >
> > > --------------------------------------------
> > > Jim Harrison
> > > MCP(NT4, W2K), A+, Network+, PCG
> > > http://isaserver.org/Jim_Harrison/
> > > http://isatools.org
> > > Read the help / books / articles!
> > > --------------------------------------------
> > > -----Original Message-----
> > > From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
> > > Sent: Saturday, January 28, 2006 11:02 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Web Client Requests
> > >
> > > http://www.ISAserver.org
> > >
> > > Yes unfortunately? Wouldn't it be no, unfortunately?
> > >
> > > Yes to me would mean that everything would authenticate
> > > except for what you specify.
> > >
> > > No would mean that everything would then go through without
> > > authentication.
> > >
> > > Amy
> > >
> > >
> > > -----Original Message-----
> > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> > > Sent: Saturday, January 28, 2006 10:36 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Web Client Requests
> > >
> > > http://www.ISAserver.org
> > >
> > > Yes, unfortunately.
> > > This is exactly why I list this step among the "last line of
> > > defense".
> > >
> > > --------------------------------------------
> > > Jim Harrison
> > > MCP(NT4, W2K), A+, Network+, PCG
> > > http://isaserver.org/Jim_Harrison/
> > > http://isatools.org
> > > Read the help / books / articles!
> > > --------------------------------------------
> > > -----Original Message-----
> > > From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
> > > Sent: Saturday, January 28, 2006 7:12 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Web Client Requests
> > >
> > > http://www.ISAserver.org
> > >
> > > Yes, I am. So once you do that does any traffic bother to
> > > authenticate anymore?
> > >
> > > Amy
> > >
> > >
> > > -----Original Message-----
> > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> > > Sent: Saturday, January 28, 2006 10:05 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Web Client Requests
> > >
> > > http://www.ISAserver.org
> > >
> > > Contrary to tribal knowledge, there's nothing special about
> > > the SBS installation of ISA other than some rules that make
> > > me nauseous and wizards that remove the burden of
> > > understanding. The SBS version of ISA is ISA Std Edition.
> > >
> > > I think you're referring to disassociating the Web Proxy
> > > filter from the HTTP protocol as is offered for some apps
> > > that can't authenticate at all?
> > >
> > > ..which brings up my next point - while it's true that there
> > > are some apps that think they have a direct link to their
> > > desired destination, this technique should be the *last* line
> > > of defense; not the first.
> > >
> > > --------------------------------------------
> > > Jim Harrison
> > > MCP(NT4, W2K), A+, Network+, PCG
> > > http://isaserver.org/Jim_Harrison/
> > > http://isatools.org
> > > Read the help / books / articles!
> > > --------------------------------------------
> > > -----Original Message-----
> > > From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
> > > Sent: Saturday, January 28, 2006 5:59 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Web Client Requests
> > >
> > > http://www.ISAserver.org
> > >
> > > So then in the SBS world once we check the box that allows
> > > apps to bi-pass the web proxy filter won't everything then
> > > bi-pass it? In the first ISA, she says, she would allow
> > > unauthenticated access and everything would then go through?
> > >
> > > Amy
> > >
> > > -----Original Message-----
> > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> > > Sent: Saturday, January 28, 2006 1:58 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Web Client Requests
> > >
> > > http://www.ISAserver.org
> > >
> > > I'm not clear on "basic and authenticated", since basic is an
> > > authentication mechanism? If you mean "basic and <anything else
> > > offered>", it's up to the client to choose the strongest method it
> > > supports (RFC 2617).
> > >
> > > In the first "ISA, she say:", ISA advises the client what
> > > auth methods it will accept )Negotiate, NTLM, Kerberos in
> > my example).
> > > In the second "Client, he say:", the client responds with the
> > > auth method it wants to use. In this response, the specified
> > > auth method
> > > *must* be one of the options ISA previously presented, or ISA
> > > will reject the auth attempt.
> > >
> > > --------------------------------------------
> > > Jim Harrison
> > > MCP(NT4, W2K), A+, Network+, PCG
> > > http://isaserver.org/Jim_Harrison/
> > > http://isatools.org
> > > Read the help / books / articles!
> > > --------------------------------------------
> > > -----Original Message-----
> > > From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
> > > Sent: Friday, January 27, 2006 5:31 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Web Client Requests
> > >
> > > http://www.ISAserver.org
> > >
> > > I'll probably get your post a day or two from now. They tend
> > > to come in blobs. 20 messages today, 300 tomorrow. I find it
> > > difficult to keep track of a thread. I don't even ask yahoo
> > > to send it out of their own system. It gets delivered to my
> > > yahoo account! Maybe I should sign up under a non-yahoo
> > > address and see if I have any better success.
> > >
> > > I understand that the authentication process starts all over
> > > again. What I'm asking is, if I enable basic and
> > > authenticated access for the listener, what determines
> > > whether ISA will accept basic or authenticated for a
> > > particular packet?
> > >
> > > Amy
> > >
> > > -----Original Message-----
> > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> > > Sent: Friday, January 27, 2006 5:24 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Web Client Requests
> > >
> > > http://www.ISAserver.org
> > >
> > > sbs2k@xxxxxxxxxxxxxxx
> > >
> > > The point is that:
> > > 1. the clients know diddly (and maybe even squat) about the
> > > way the proxy is configured 2. unless the client is using
> > > proxy:keepalive in the client-to-proxy connection, each
> > > request is an introduction between the client and the proxy
> > >
> > > Thus, each new connection between the client and proxy incurs
> > > a new authentication requirement and the ball starts bouncing
> > > all over again.
> > >
> > > -------------------------------------------------------
> > > Jim Harrison
> > > MCP(NT4, W2K), A+, Network+, PCG
> > > http://isaserver.org/Jim_Harrison/
> > > http://isatools.org
> > > Read the help / books / articles!
> > > -------------------------------------------------------
> > >
> > >
> > > -----Original Message-----
> > > From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
> > > Sent: Friday, January 27, 2006 14:11
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Web Client Requests
> > >
> > > Which forum?
> > >
> > >
> > >
> > > So here is where I get confused. If my web listener allows
> > > both non-authenticated and authenticated requests, then why
> > > after I allow non-authenticated access does ISA ever require
> > > authentication? Won't everything then be accepted with
> > authentication?
> > >
> > >
> > >
> > > Amy
> > >
> > >
> > >
> > > ________________________________
> > >
> > > From: Greg Mulholland [mailto:greg@xxxxxxxxxxxxxx]
> > > Sent: Friday, January 27, 2006 3:38 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] Web Client Requests
> > >
> > >
> > >
> > > Hey guys, im forwarding this message on behalf of Jim. He
> > > posted it to another list and true to form it was too good an
> > > explanation not to impart on the masses (or the cheesemakers).
> > >
> > >
> > >
> > > This traces the path of your IE (or other) http requests and
> > > explains why you will always see anonymous requests in your
> > > web logs. Thanks Jim
> > >
> > >
> > >
> > > Greg Mulholland
> > >
> > >
> > > >>>>>>>>>>>>>>
> > >
> > > Correct - all web clients do exactly that.
> > > This is also why the logs will forever contain anonymous
> > > requests even if all you allow are authenticated connections,
> > > because ISA will log those denied anonymous requests.
> > >
> > > What you can't tell from the logs is what happens after that
> > > in detail.
> > > This requires a bit of Netmon (or Ethereal, if you swing that
> > > way) sleuthing.
> > >
> > > Here's the bouncing ball:
> > >
> > > ** Client, he say:
> > > GET http://www.isaserver.org/ HTTP/1.1
> > > Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
> > > application/x-shockwave-flash, application/vnd.ms-excel,
> > > application/vnd.ms-powerpoint, application/msword, */*
> > > Accept-Language: en-us
> > > Accept-Encoding: gzip, deflate
> > > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
> > > 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1)
> > > Host: www.isaserver.org
> > > Proxy-Connection: Keep-Alive
> > >
> > > ** ISA, she say:
> > > HTTP/1.1 407 Proxy Authentication Required ( The ISA Server
> > > requires authorization to fulfill the request. Access to the
> > > Web Proxy service is denied. )
> > > Via: 1.1 HEARTOFGOLD
> > > Proxy-Authenticate: Negotiate
> > > Proxy-Authenticate: Kerberos
> > > Proxy-Authenticate: NTLM
> > > Connection: Keep-Alive
> > > Proxy-Connection: Keep-Alive
> > > Pragma: no-cache
> > > Cache-Control: no-cache
> > > Content-Type: text/html
> > > Content-Length: 4113
> > >
> > > ..note - the ISA in this case (as in yours, probably) logged
> > > this request as anonymous and responded saying that it
> > > allowed three authentication methods: Negotiate, Kerberos and
> > > NTLM. These are the default auth methods for any ISA
> > > installation (including SBS).
> > >
> > > ** Client, he say:
> > > GET http://www.isaserver.org/ HTTP/1.1
> > > Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
> > > application/x-shockwave-flash, application/vnd.ms-excel,
> > > application/vnd.ms-powerpoint, application/msword, */*
> > > Accept-Language: en-us
> > > Accept-Encoding: gzip, deflate
> > > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
> > > 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1)
> > > Host: www.isaserver.org
> > > Proxy-Connection: Keep-Alive
> > > Proxy-Authorization: NTLM
> > > TlRMTVNTUAABAAAAB7IIogQABAAzAAAACwALACgAAAAFASgKAAAAD0ZPUkRQUk
> > > VGRUNUSE9N
> > > RQ==
> > >
> > > Note that the client chose NTLM auth and passed the first
> > > part of the handshake in Base-64 encoding. Not to worry,
> > > this isn't like Basic, which is base-64 encoded plain text;
> > > this is base-64 encoded encrypted information. ISA also logs
> > > this request as anonymous.
> > >
> > > ** ISA, she say:
> > > HTTP/1.1 407 Proxy Authentication Required ( Access is denied. )
> > > Via: 1.1 HEARTOFGOLD
> > > Proxy-Authenticate: NTLM
> > > TlRMTVNTUAACAAAACAAIADgAAAAFgomiWWcfZe6QNCsAAAAAAAAAALQAtABAAA
> > > AABQLODgAA
> > > AA9IAE8ATQBFAAIACABIAE8ATQBFAAEAFgBIAEUAQQBSAFQATwBGAEcATwBMAE
> > > QABAAiAGgA
> > > bwBtAGUALgBqAGEAbABvAGoAYQBzAGgALgBvAHIAZwADADoAaABlAGEAcgB0AG
> > > 8AZgBnAG8A
> > > bABkAC4AaABvAG0AZQAuAGoAYQBsAG8AagBhAHMAaAAuAG8AcgBnAAUAIgBoAG
> > > 8AbQBlAC4A
> > > agBhAGwAbwBqAGEAcwBoAC4AbwByAGcAAAAAAA==
> > > Connection: Keep-Alive
> > > Proxy-Connection: Keep-Alive
> > > Pragma: no-cache
> > > Cache-Control: no-cache
> > > Content-Type: text/html
> > > Content-Length: 0
> > >
> > > Note that ISA also passed some NTLM data back to the client -
> > > this is part and parcel to NTLM authentication even
> outside of HTTP
> > >
> > > ** Client, he say:
> > > GET http://www.isaserver.org/ HTTP/1.1
> > > Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
> > > application/x-shockwave-flash, application/vnd.ms-excel,
> > > application/vnd.ms-powerpoint, application/msword, */*
> > > Accept-Language: en-us
> > > Accept-Encoding: gzip, deflate
> > > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
> > > 5.1; SV1;.NET CLR 1.1.4322; InfoPath.1)
> > > Host: www.isaserver.org
> > > Proxy-Connection: Keep-Alive
> > > Proxy-Authorization: NTLM
> > > TlRMTVNTUAADAAAAGAAYAG4AAAAYABgAhgAAAAgACABIAAAACAAIAFAAAAAWAB
> > > YAWAAAAAAA
> > > AACeAAAABYKIogUBKAoAAAAPSABPAE0ARQBKAGkAbQBIAEYATwBSAEQAUABSAE
> > > UARgBFAEMA
> > >
> VABunrbKxTfLxwAAAAAAAAAAAAAAAAAAAABNhP8BkKK3ZR1MXfC2h14+Q4IQaVlWRH8=
> > >
> > >
> > > Note that the client passes the remaining part of the NTLM
> > > handshake - if ISA can resolve the credentials passed by the
> > > client during this process, all will be FD&H.
> > >
> > > ** ISA, she say:
> > > HTTP/1.1 200 OK
> > > Proxy-Connection: Keep-Alive
> > > Connection: Keep-Alive
> > > Content-Length: 40936
> > > Via: 1.1 HEARTOFGOLD
> > > Date: Fri, 27 Jan 2006 05:49:15 GMT
> > > Content-Type: text/html
> > > Server: Microsoft-IIS/6.0
> > > X-Powered-By: ASP.NET
> > > Set-Cookie: ASPSESSIONIDCCRRSRBC=EIBLFICAIMCPFBFCEKFFKBEA; path=/
> > > Cache-control: private
> > >
> > > This is where access is allowed (200 response).
> > >
> > > You should note that I haven't included anything that may
> > > have been passed in the HTTP body - it's not important to
> > > this discussion and only makes for an unweildy thread.
> > >
> > > --------------------------------------------
> > > Jim Harrison
> > > MCP(NT4, W2K), A+, Network+, PCG
> > > http://isaserver.org/Jim_Harrison/
> > > http://isatools.org
> > > Read the help / books / articles!
> > >
> > >
> > > All mail to and from this domain is GFI-scanned.
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as:
> > > amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as:
> > > jim@xxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > > All mail to and from this domain is GFI-scanned.
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as:
> > > amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as:
> > > jim@xxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > > All mail to and from this domain is GFI-scanned.
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as:
> > > amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as:
> > > jim@xxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > > All mail to and from this domain is GFI-scanned.
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as:
> > > amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as:
> > > jim@xxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > > All mail to and from this domain is GFI-scanned.
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion
> > > List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> > > --
> > > No virus found in this incoming message.
> > > Checked by AVG Free Edition.
> > > Version: 7.1.375 / Virus Database: 267.14.23/243 - Release
> > > Date: 1/27/2006
> > >
> > >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > jim@xxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> > All mail to and from this domain is GFI-scanned.
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> > --
> > No virus found in this incoming message.
> > Checked by AVG Free Edition.
> > Version: 7.1.375 / Virus Database: 267.14.23/243 - Release
> > Date: 1/27/2006
> >
> >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
Other related posts: