RE: Allowing MSN Messenger thru ISA
- From: "Jason Merrique" <j.merrique@xxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 8 Jul 2004 11:16:45 +0100
Hi Tom,
Wpad is in place, and the FWC automatically finds the ISA firewall. It's
just set to "Manually select ISA server" rather than "Automatically
Detect ISA Server". I'm not trying to set the "Internet Network
Properties" I was referring to the properties of the "Internal Network"
as defined in ISA 2004. My point was that once the FWC is deployed, you
don't have any control over its configuration. If that configuration for
some reason is incorrect (as in my case) you just cannot change it. It
would be brilliant if there was a GPO to admin MSFWC.
From my experience, keeping as much hidden from the user as possible is
the best way to avoid unnecessary call outs. Why would you allow them to
change the settings?
Cheers,
Jason
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: 07 July 2004 15:46
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Allowing MSN Messenger thru ISA
>
> http://www.ISAserver.org
>
> Hi Jason,
>
> I'm testing it right now, and the autodetect option is
> selected by default. With the wpad entry in place, the
> firewall client automatically finds the ISA firewall. You
> don't need to set the Internet network properties to force
> this option, its just the default coded into the installer
> for the Firewall client.
>
> Believe me, you DO NOT want to disable the users' ability to
> control the firewall client behavior. You can remove the icon
> from the tray, but you'll be in a world of hurt if you
> disable their ability to enable or disable it when required.
>
> HTH,
>
> Tom
> www.isaserver.org/shinder
> Get the book!
> Tom and Deb Shinder's Configuring ISA Server 2004
> http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
>
>
>
> -----Original Message-----
> From: Jason Merrique [mailto:j.merrique@xxxxxxxxxxxxxxx]
> Sent: Wednesday, July 07, 2004 9:45 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Allowing MSN Messenger thru ISA
>
>
> http://www.ISAserver.org
>
> Hi Tom,
>
> I'm trying to enforce the "Automatically Detect ISA Server" settings.
> The default appears to be "Manually select ISA server". This
> is selected
> despite the fact that the correct server is displayed in the "Detected
> ISA Server" text box! WSPAD is functioning correctly, and all clients
> can detect the server without any problems.
>
> The "Internal Properties" don't seem to have a setting that
> enforces the
> automatic detection. I'm running ISA 2004 Beta 2.
>
> Also, while I'm on the subject - how would one prevent the
> user changing
> the settings themselves?
>
> It all seems a little messy at the moment!
>
> Regards,
>
> Jason
>
> > -----Original Message-----
> > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > Sent: 07 July 2004 15:28
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Allowing MSN Messenger thru ISA
> >
> > http://www.ISAserver.org
> >
> > Hi Jason,
> >
> > What kind of Registry hacks are required? You can change them
> > at the ISA firewall. What settings are you trying to control?
> >
> > Tom
> > www.isaserver.org/shinder
> > Get the book!
> > Tom and Deb Shinder's Configuring ISA Server 2004
> > http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> >
> >
> >
> > -----Original Message-----
> > From: Jason Merrique [mailto:j.merrique@xxxxxxxxxxxxxxx]
> > Sent: Wednesday, July 07, 2004 9:15 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Allowing MSN Messenger thru ISA
> >
> >
> > http://www.ISAserver.org
> >
> > The problem then occurs after it has been installed - there's
> > no way to
> > control the FWC settings other than through Registry hacks
> as far as I
> > can see.
> >
> > > -----Original Message-----
> > > From: josephk [mailto:josephk@xxxxxxxxx]
> > > Sent: 07 July 2004 12:45
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Allowing MSN Messenger thru ISA
> > >
> > > http://www.ISAserver.org
> > >
> > > Hi Thomas,
> > > That's what I was saying the other day!
> > > Why not install the firewall client in an administrative
> share mode.
> > > And then if using AD you could assign it to the groups that
> > > need to download it and provide that feature in that way. Or
> > > by having the install done in the start up script on a one
> > > time basis would also work.
> > > Easier on the admins that way.
> > >
> > > Thank you,
> > >
> > > Joseph
> > >
> > >
> > > -----Original Message-----
> > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > > Sent: Wednesday, July 07, 2004 4:36 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Allowing MSN Messenger thru ISA
> > >
> > >
> > > http://www.ISAserver.org
> > >
> > > Hi Atif,
> > >
> > > Yes, there is a workaround. Create an application filter
> > (or have your
> > > C++ programmers create it) to support the IM protocols
> for SecureNAT
> > > clients. Then make some money by selling that filter to
> > everyone else
> > > who doesn't want to install the firewall client.
> > >
> > > Did you know that you can automate firewall client installation?
> > >
> > > Tom
> > > www.isaserver.org/shinder <http://www.isaserver.org/shinder>
> > > Get the book!
> > > Tom and Deb Shinder's Configuring ISA Server 2004
> > > http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
> > > MVP -- ISA Firewalls
> > >
> > > -----Original Message-----
> > > From: mathif@xxxxxxxxxxxxxxx [mailto:mathif@xxxxxxxxxxxxxxx]
> > > Sent: Wednesday, July 07, 2004 12:39 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Allowing MSN Messenger thru ISA
> > >
> > >
> > > http://www.ISAserver.org
> > >
> > >
> > > Actually, I have tried that script on 2 ISA SERVER's, one on
> > > Integerated Mode and other on Cached Mode and eventually, it
> > > didn't work
> > > on Cached Mode.
> > >
> > > Since, we don't use the Firewall Client, IM's are not working
> > > either and the point is clear now, if I got to use IM then I
> > > have to use
> > > Firewall Client, thanks for the information, but again I feel
> > > like there
> > > should be some workaround.
> > >
> > > Thanks for all the suggestions.
> > > Cheers,
> > > Athif
> > >
> > > -----Original Message-----
> > > From: Jim Harrison [mailto:jim@xxxxxxxxxxxx
> > > <mailto:jim@xxxxxxxxxxxx> ]
> > > Sent: Tuesday, July 06, 2004 9:37 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Allowing MSN Messenger thru ISA
> > >
> > >
> > > http://www.ISAserver.org <http://www.ISAserver.org>
> > >
> > > The script REQUIRES the firewall client on the LAT host.
> > > Web Proxy clients are NOT affected by these policy changes,
> > > since the web proxy only handles HTTP(s), FTP and Gopher
> > > (note that NO
> > >
> > > IM protocols are listed here).
> > > You login problems are likely related to some other failure.
> > > In one mail, you tried to run the script on a Cache mode ISA; is
> > > this a separate ISA or did you reinstall in Integrated mode with
> > >
> > > the same network model in place?
> > >
> > >
> > > Jim Harrison
> > > MCP(NT4, W2K), A+, Network+, PCG
> > > http://www.microsoft.com/isaserver
> > > <http://www.microsoft.com/isaserver>
> > >
> > > http://isaserver.org/Jim_Harrison
> > > <http://isaserver.org/Jim_Harrison>
> > > http://isatools.org <http://isatools.org>
> > >
> > > Read the help, books and articles!
> > > ----- Original Message -----
> > > From: <mathif@xxxxxxxxxxxxxxx>
> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > Sent: Tuesday, July 06, 2004 11:07
> > > Subject: [isalist] RE: Allowing MSN Messenger thru ISA
> > >
> > >
> > > http://www.ISAserver.org <http://www.ISAserver.org>
> > >
> > > Jim, Thanks a lot for the answer.So this script wont work
> > > without the Firewall Client. Actually, we don't have
> Firewall Client
> > > installed at our network.
> > >
> > > I have tried to run MSNIM.zip successfully in ISA Integerated
> > > mode, but still I am unable to log in MSN Messneger. Jim do
> > > you have any
> > > work around for this, because, even if the script creates all
> > > the rules
> > > then why cant web proxy client access MSN Messenger??
> > >
> > > Will this script work only if we have Firewall client
> > > installed??
> > >
> > > Thanks for your time,
> > > AThif
> > >
> > > -----Original Message-----
> > > From: Jim Harrison [mailto:jim@xxxxxxxxxxxx
> > > <mailto:jim@xxxxxxxxxxxx> <mailto:jim@xxxxxxxxxxxx
> > > <mailto:jim@xxxxxxxxxxxx> > ]
> > > Sent: Tuesday, July 06, 2004 7:58 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Allowing MSN Messenger thru ISA
> > >
> > >
> > > http://www.ISAserver.org <http://www.ISAserver.org>
> > > <http://www.ISAserver.org <http://www.ISAserver.org> >
> > >
> > > Cache mode doesn't support IM complex features like voice, app
> > > sharing, etc. The script can't run in that environment
> > because all the
> > > changes it makes depend on Firewall features.
> > >
> > > Jim Harrison
> > > MCP(NT4, W2K), A+, Network+, PCG
> > > http://www.microsoft.com/isaserver
> > > <http://www.microsoft.com/isaserver>
> > >
> > > <http://www.microsoft.com/isaserver
> > > <http://www.microsoft.com/isaserver> >
> > > http://isaserver.org/Jim_Harrison
> > > <http://isaserver.org/Jim_Harrison>
> > > <http://isaserver.org/Jim_Harrison
> > > <http://isaserver.org/Jim_Harrison> >
> > > http://isatools.org <http://isatools.org> <http://isatools.org
> > > <http://isatools.org> >
> > >
> > > Read the help, books and articles!
> > > ----- Original Message -----
> > > From: <mathif@xxxxxxxxxxxxxxx>
> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > Sent: Tuesday, July 06, 2004 09:18
> > > Subject: [isalist] RE: Allowing MSN Messenger thru ISA
> > >
> > >
> > > http://www.ISAserver.org <http://www.ISAserver.org>
> > > <http://www.ISAserver.org <http://www.ISAserver.org> >
> > >
> > > We have a large network and we have to install that on each
> > > machine, instead we prefer direct web proxy...and so we
> have avoided
> > > firewall cleint.. one more question, i am tyring to run
> > > MSNIM.zip on ISA
> > > cached mode, but it fails?
> > >
> > > Thanks,
> > > Athif
> > >
> > > -----Original Message-----
> > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx
> > > <mailto:tshinder@xxxxxxxxxxx> <mailto:tshinder@xxxxxxxxxxx
> > > <mailto:tshinder@xxxxxxxxxxx> > ]
> > > Sent: Monday, July 05, 2004 6:36 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Allowing MSN Messenger thru ISA
> > >
> > >
> > > http://www.ISAserver.org <http://www.ISAserver.org>
> > > <http://www.ISAserver.org <http://www.ISAserver.org> >
> > >
> > > Why are you not using the Firewall client?
> > > Tom
> > > <http://www.isaserver.org/shinder
> > > <http://www.isaserver.org/shinder>
> > <http://www.isaserver.org/shinder
> > > <http://www.isaserver.org/shinder> > > www.isaserver.org/shinder
> > > <www.isaserver.org/shinder> Get the book! Tom and Deb Shinder's
> > > Configuring ISA Server 2004 <http://tinyurl.com/3xqb7
> > > <http://tinyurl.com/3xqb7> <http://tinyurl.com/3xqb7
> > > <http://tinyurl.com/3xqb7> > > http://tinyurl.com/3xqb7
> > > <http://tinyurl.com/3xqb7> <http://tinyurl.com/3xqb7
> > > <http://tinyurl.com/3xqb7> > MVP -- ISA Firewalls
> > >
> > > -----Original Message-----
> > > From: mathif@xxxxxxxxxxxxxxx [mailto:mathif@xxxxxxxxxxxxxxx
> > > <mailto:mathif@xxxxxxxxxxxxxxx> <mailto:mathif@xxxxxxxxxxxxxxx
> > > <mailto:mathif@xxxxxxxxxxxxxxx> > ]
> > > Sent: Monday, July 05, 2004 6:18 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Allowing MSN Messenger thru ISA
> > >
> > >
> > > http://www.ISAserver.org <http://www.ISAserver.org>
> > > <http://www.ISAserver.org <http://www.ISAserver.org> >
> > >
> > >
> > > We don't use Firewall Client, its rather direct Web Proxy
> > > Client.. Any thougts?? Cheers, Athif
> > >
> > >
> > > -----------------------------------------------------
> > > This email and any files transmitted with it are confidential
> > > and intended solely for the use of the individual or entity to
> > > whom/which they are addressed. If you have received this
> > > email in error
> > > please notify the system manager at the following email address:
> > > sadmin@xxxxxxxxxxxxxxx <mailto:sadmin@xxxxxxxxxxxxxxx>.
> > > Please note that
> > > any views or opinions presented in this email are solely
> > those of the
> > > author and do not necessarily represent those of Al
> Faisaliah Group.
> > > Internet communications cannot be guaranteed to be secure or
> > > error-free
> > > as information could be intercepted, corrupted, lost,
> arrive late or
> > > contain viruses. The sender therefore does not accept
> > > liability for any
> > > errors or omissions in the context of this message, which
> arise as a
> > > result of Internet transmission. Finally, the recipient
> > should check
> > > this email and any attachments for the presence of viruses.
> > > Al Faisaliah
> > > Group accepts no liability for any damage caused by any virus
> > > transmitted by this email.
> > >
> > > -----------------------------------------------------
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives:
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> > > http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> > > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Other Internet Software Marketing Sites:
> > > World of Windows Networking: http://www.windowsnetworking.com
> > > Leading Network Software Directory: http://www.serverfiles.com
> > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > Network Security Library: http://www.secinf.net/
> > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion
> > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Other Internet Software Marketing Sites:
> > > World of Windows Networking:
> > http://www.windowsnetworking.com Leading
> > > Network Software Directory: http://www.serverfiles.com
> No.1 Exchange
> > > Server Resource Site: http://www.msexchange.org Windows Security
> > > Resource Site: http://www.windowsecurity.com/ Network
> > > Security Library:
> > > http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> > > http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as:
> > > josephk@xxxxxxxxxxxxxxxxx To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Other Internet Software Marketing Sites:
> > > World of Windows Networking: http://www.windowsnetworking.com
> > > Leading Network Software Directory: http://www.serverfiles.com
> > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > Network Security Library: http://www.secinf.net/
> > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion
> > > List as: j.merrique@xxxxxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking: http://www.windowsnetworking.com
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Network Security Library: http://www.secinf.net/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking: http://www.windowsnetworking.com
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Network Security Library: http://www.secinf.net/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: j.merrique@xxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: j.merrique@xxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
>
Other related posts:
