Yes, we saw that the first time. Basically, ISA needs to authenticate the user before user-based rules can take effect. http://isaserver.org/tutorials/ISA_Clients__Part_1__General_ISA_Server_C onfiguration.html http://isaserver.org/tutorials/ISA_Clients__Part_2_SecureNAT_and_Web_Pro xy_Client.html http://isaserver.org/tutorials/ISA_Clients__Part_3_The_Firewall_Client.h tml -----Original Message----- From: alan land [mailto:alan_land@xxxxxxxxxxxxxxxx] Sent: Tuesday, June 28, 2005 1:56 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: All Users Group http://www.ISAserver.org Thanks for the comment, but could you please point in the right direction of an article that will help. I may of done the set-up wrong put to me it seems logical on what I have done. I have created a new Organization unit of the network AD, and added the support teams user accounts to this group. I then created an access rule allowing all outbound from the internal network to VPN clients (only the IT team will be using this) I then created a new ISA group and added the AD group to this rule. This seems to only work in I have the all users group in the users as well Any help would be appreciated ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.