I had the same problem. My solution works good enough as long as you do not have specific users who should be allowed to specific sites, for example, allowing the shipping department access to only www.ups.com. This can work depending on what OS your clients use. It is no good for Windows 95 clients. To get around the issue of users having to supply credentials for the denied ad sites, I had to do the following: First, don't assign Internet Access rights based on person. 2nd, in Active Directory, divide your users into two groups: "Allowed Internet Access" and "Not Allowed Internet Access" 3rd, create a group policy for the "Allowed" group that forces the proxy address to be the address of the ISA server. 4th, create a group policy for the "Not Allowed" group that forces the proxy address to 127.0.0.1 or some other address. 5th, for both groups, you may want to make it so that your users cannot change these settings This way, you are assigning which users can access the Internet through AD and not ISA. Thanks, Brian K. Scheele Systems Administrator Clark Filter 3649 Hempland Road Lancaster, PA 17601-1393 Ph. 717-285-5941 x176 Fx. 717-285-3039 -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Wednesday, August 07, 2002 8:24 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Blocking ads http://www.ISAserver.org It sounds like you're using a user or group association with that rule. What happens if it applies to all requests? Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison http://jalojash.org/isatools Read the books! ----- Original Message ----- From: "KJ Demott" <prjit@xxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Wednesday, August 07, 2002 3:12 PM Subject: [isalist] Blocking ads http://www.ISAserver.org I have created a site and content rule and destination set to block a couple of the larger ad sites (for all requests). It seems to be working all right, except a window pops up asking for user ID and password for every ad that is blocked. This can get annoying after a while. Is there any way to block these ads that is transparent to clients? TIA K Demott _________________________________________________________________ Join the world's largest e-mail service with MSN Hotmail. http://www.hotmail.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bscheele@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')