Hello All, We have an Enterprise ISA SP3, Integrated, in an array, on a W2K SP3. We have set up rules to allow users out only if they are part of an authorized NT global group and have "ask unauthenticated users for identification" enabled on the Outgoing Web Requests. We have configured all of the browsers to point to the ISA proxy. Authorized users go out transparantly while unauthorized users are prompted for credentials. We now have a situation where "guest" terminals (no one signs on to the domain) need access to the Internet. I have created a Client Address Set to allow the IP address out but I am still prompted for credentials. I logged into the domain with an ID that is not part of an authorized global group and I was able to access the Internet (The situation we have is that no one will be signing on to that computer). I disabled the "ask unauthenticated..." and I could access the Internet no matter what which is not good because we now lost control of who can access the Internet. Anyone have a solution for this? Thanks, Brian