It looks like it's working properly now. When to the changes take effect? I had stopped and restarted the services after every change I made. Maybe I didn't wait long enough for the changes to take effect. I will continue to test but my theory is that I had it configured to "Ask unauthenticated..." and allowed my IP address out but didn't signon to the domain which denied my access to the Internet. I then unchecked "Ask unauthenticated..." but left my IP address access and was able to get out to the Internet even if I didn't signon to the domain. I then restricted access to my IP address but was still able to get access to the Internet...If I restart the services a couple of times and wait a couple of minutes, then I don't have access. Thanks for everyones help, Brian > Hi Brian, > > Make sure you're using either the Web Proxy or Firewall client, and keep > in mind that if the HTTP Redirector passes the request to the Web Proxy > service, it will be passed as an anonymous request. > > HTH, > Tom=20 > > Thomas W Shinder > www.isaserver.org/shinder=20 > ISA Server and Beyond: http://tinyurl.com/1jq1 > Configuring ISA Server: http://tinyurl.com/1llp=20 > > > -----Original Message----- > From: Brian Miyata [mailto:bmiyata@xxxxxxxxxxxxxxxxx]=20 > Sent: Tuesday, February 04, 2003 11:02 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Allowing access based on IP address > > > http://www.ISAserver.org > > > This goes back to my original message...The only rules I have say that > you > need to be part of a global group to have access but when I uncheck the > "Ask unauthenticated users for identification" everyone goes out > anonymously whether they authenticate to the domain or not....I'll > continue to explore and test that options....Thanks, Brian > > > Hi Brian, > >=20 > > The user needs an account if you want to force authentication at the > > listener. I don't use that option, because if you configure all site > and > > content rules to require authorization of some kind, then you don't > need > > it. > >=20 > > HTH, > > Tom > >=20 > > Thomas W Shinder > > www.isaserver.org/shinder=3D20 > > ISA Server and Beyond: http://tinyurl.com/1jq1 > > Configuring ISA Server: http://tinyurl.com/1llp=3D20 > >=20 > >=20 > > -----Original Message----- > > From: Brian Miyata [mailto:bmiyata@xxxxxxxxxxxxxxxxx]=3D20 > > Sent: Monday, February 03, 2003 5:03 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: Allowing access based on IP address > >=20 > >=20 > > http://www.ISAserver.org > >=20 > >=20 > > I guess based on the responses I got so far, there is no way for me to > > accomplish what I want to do. Since the ISA server is part of my > domain > > and "Ask unauthenticated users for identification" is enabled, users > > have > > to sign on to the domain to get access to the Internet. That means if > > we > > have an auditor come in who needs access to the Internet (but not our > > network), I cannot just let them out by IP address...I need to create > a > > domain account for them and grant that account access to the > > Internet...Please correct me if I am wrong...Thanks, Brian > >=20 > > > Authentication is determined by the use of users/groups in the > > "applies to" > > > tab. > > >=3D20 > > > Jim Harrison > > > MCP(NT4, W2K), A+, Network+, PCG > > > http://www.microsoft.com/isaserver > > > http://isaserver.org/Jim_Harrison > > > http://isatools.org > > >=3D20 > > > Read the help, books and articles! > > > ----- Original Message ----- > > > From: "Brian Miyata" <bmiyata@xxxxxxxxxxxxxxxxx> > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > > Sent: Monday, February 03, 2003 09:32 > > > Subject: [isalist] RE: Allowing access based on IP address > > >=3D20 > > >=3D20 > > > http://www.ISAserver.org > > >=3D20 > > >=3D20 > > > Where is this option to Require Authentication on Site and Content > > Rules? > > > I know on the Outgoing Web Requests there is an option to require > > > authentication. On the Site and Content rules all I am able to do > is: > > > General =3D3D> Create Name > > > Destinations =3D3D> All Destinations > > > Schedule =3D3D> Always > > > Action =3D3D> Allowed > > > Applies To =3D3D> Client address sets specified below > > > Client Address Set =3D3D> xxx.xxx.xxx.xxx > > > HTTP Content =3D3D> All Content Groups > > >=3D20 > > > Thanks, Brian > > >=3D20 > > > ------------------------------------------------------ > > > List Archives: = > http://www.webelists.com/cgi/lyris.pl?enter=3D3Disalist > > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=3D3DFAQ > > > ------------------------------------------------------ > > > Exchange Server Resource Site: http://www.msexchange.org/ > > > Windows Security Resource Site: http://www.windowsecurity.com/ > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org Discussion List > as: > > > jim@xxxxxxxxxxxx > > > To unsubscribe send a blank email to > > $subst('Email.Unsub') > >=20 > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3D3Disalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: = > http://www.isaserver.org/pages/larticle.asp?type=3D3DFAQ > > ------------------------------------------------------ > > Exchange Server Resource Site: http://www.msexchange.org/ > > Windows Security Resource Site: http://www.windowsecurity.com/ > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List as: > > tshinder@xxxxxxxxxxxxxxxxxx > > To unsubscribe send a blank email to > $subst('Email.Unsub') > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=3DFAQ > ------------------------------------------------------ > Exchange Server Resource Site: http://www.msexchange.org/ > Windows Security Resource Site: http://www.windowsecurity.com/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub')