RE: Blocking OS's from getting through

  • From: "Quillman Shawn (RBNA/CIT7)" <Shawn.Quillman@xxxxxxxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 10 Oct 2002 08:42:20 -0500

There are a lot of misc. clients that use HTTP as their transport like
RealOne, Gator, NAV, and all those other extraneous things that show up in
the SysTray.  They don't send OS info in their user-agent headers.
 
Of course that's assuming that I'm correct in thinking the reports pull the
OS from the user-agent field :)  That's the only place I can think of that
the info would show up.
 
Sound right Jim?
 
-Shawn

----- 
Shawn R. Quillman 
Robert Bosch Corporation RBNA/CIT7 
38000 Hills Tech Drive 
Farmington Hills, MI  48331 
(248) 553-1164 (P)     (248) 848-2855 (F) 
shawn.quillman@xxxxxxxxxxxx 

-----Original Message-----
From: Jay [mailto:jschwarzkopf@xxxxxxxxxx]
Sent: Wednesday, October 09, 2002 11:55 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Blocking OS's from getting through


http://www.ISAserver.org


On that note, can someone explain why ISA reports showing OS's used show
Win2k and UNKNOWN for an environment consisting of only Win2k?  
 
 

----- Original Message ----- 
From: Quillman Shawn (RBNA/CIT7) <mailto:Shawn.Quillman@xxxxxxxxxxxx>  
To: [ISAserver.org Discussion List] <mailto:isalist@xxxxxxxxxxxxx>  
Sent: Wednesday, October 09, 2002 4:37 PM
Subject: [isalist] RE: Blocking OS's from getting through

http://www.ISAserver.org <http://www.ISAserver.org> 



This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.




  _____  




Only thing I can think of is to assign address ranges to the different types
of machines and allow the address ranges of windows machines through.  I
believe ISA gets its OS info from the user-agent header (for reporting) and
there's no way to set up rules based on user-agent.  There's no way to set
rules based on machine accounts, just users and groups.
 
-Shawn

----- 
Shawn R. Quillman 
Robert Bosch Corporation RBNA/CIT7 
38000 Hills Tech Drive 
Farmington Hills, MI  48331 
(248) 553-1164 (P)     (248) 848-2855 (F) 
shawn.quillman@xxxxxxxxxxxx 

-----Original Message-----
From: Brewer, Lewis [mailto:lewis.brewer@xxxxxx]
Sent: Wednesday, October 09, 2002 4:29 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Blocking OS's from getting through


http://www.ISAserver.org



Ok here is the question I have for you all.  I want to setup ISA to only let
Windows 2000 Pro and XP Pro through the firewall, everything else is
blocked, even if you know the proper proxy settings it won't let you out if
you are not running the correct OS.  Now if this can be done by blocking
machines that don't have computer accounts in the domain that is just as
good to me.  Any suggestions?

 

Lewis Brewer 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 



  _____  




------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jschwarzkopf@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 10-2002