Only thing I can think of is to assign address ranges to the different types of machines and allow the address ranges of windows machines through. I believe ISA gets its OS info from the user-agent header (for reporting) and there's no way to set up rules based on user-agent. There's no way to set rules based on machine accounts, just users and groups. -Shawn ----- Shawn R. Quillman Robert Bosch Corporation RBNA/CIT7 38000 Hills Tech Drive Farmington Hills, MI 48331 (248) 553-1164 (P) (248) 848-2855 (F) shawn.quillman@xxxxxxxxxxxx -----Original Message----- From: Brewer, Lewis [mailto:lewis.brewer@xxxxxx] Sent: Wednesday, October 09, 2002 4:29 PM To: [ISAserver.org Discussion List] Subject: [isalist] Blocking OS's from getting through http://www.ISAserver.org Ok here is the question I have for you all. I want to setup ISA to only let Windows 2000 Pro and XP Pro through the firewall, everything else is blocked, even if you know the proper proxy settings it won't let you out if you are not running the correct OS. Now if this can be done by blocking machines that don't have computer accounts in the domain that is just as good to me. Any suggestions? Lewis Brewer ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')