Hey Folks, I was wondering if someone could help me? We used to have ISA Server 2000 in a separate win2k domain in front of out NT4 domain and all worked well. There was a one way trust between them, so that an NT4 internet users user group was allowed access. While the group was allowed all HTTP access, there was a specific deny rule that blocked things like hotmail, e-bay and the more prolific ad-vendors. This worked fine and without a hitch. Back end of last year, we upgraded our NT4 domain to a win2k3 domain. All the trusts and everything were migrated and still everything worked fine. We decided to do away with the separate domain and rebuild the ISA server into our 2k3 domain. I installed Win2k3 on the box, did all the appropriate patching and installed and patched ISA server. This all seemed to go fine. When the users started using the server, some complained that they were being prompted for authentication. Being a frequent reader of the ISAServer.org forums and an ISA Server MCP, I set about trying to find the problem. After a seriously long time, I tracked the problem down, but I can't find a cure. When the user hits a site that has a blocked item in it (usually an advert), the server prompts for authentication if the user presses cancel three of four times the prompt goes away and the page displays as normal. Force authentication is off, and support never get prompted which I think is because we have FW Client on, but I don't want to roll out FW client to the organization unless I really have to. There are Content and Protocol rules that allow Internet Users out, and a Content rule that blocks specific URL's. This is identical to our old config, yet I can't get it to stop prompting for authentication when it hits a blocked site. Have I missed something blatantly obvious? When I contacted out third line support provider after a few days of try this and try that, they asked us to tick the box saying "If HTTP request, Redirect to this URL", which seems to have stopped it requesting the users for a logon, but it displays the redirected "Access Denied" page in the place of the blocked image. This seems to really confuse the users as they get a legitimate web page with half a dozen blocked pictures replaced by Access Denied messages. Please put me out of my misery and help me fix this annoying 'feature'. Regards, Steve Steve Lunn - PC & Network Support Microsoft MCP DDI: 01423 855101 Fax: 01423 855181 Homeowners Group consists of Homeowners Friendly Society Limited (HFSL), Registered and Incorporated under the Friendly Societies Act 1992, Reg. No. 964F, Homeowners Investment Fund Managers Limited (HIFML), Reg. No. 3224780, Homeowners Financial Administration Limited (HFAL), Reg. No. 4301736, Homeowners Membership Services Limited (HMSL), Reg. No. 3091667 and UK Friendly Insurance Services Limited (UKFISL), Reg. No. 3088162, all registered at Hornbeam Park Avenue, Harrogate. HG2 8XE. Tel: 01423 855000 Web: http://www.homeowners.co.uk HFSL and HIFML are both authorised and regulated by the Financial Services Authority (FSA). HFSL's FSA Register no. is 110072, HIFML's FSA Register no. is 181487. You can check this on the FSA's Register by visiting the FSA's website http://www.fsa.gov.uk/register or by contacting the FSA on 0845 606 1234 HFAL, HMSL and UKFISL are non-regulated limited companies. United Kingdom Civil Service Benefit Society (UKCSBS) and United Kingdom Armed Forces Benefit Society (UKAFBS) are trading styles of Homeowners Friendly Society Limited This e-mail is intended only for the person named as recipient. The contents are confidential. If you are not the intended recipient of this e-mail, please notify us as soon as possible and delete it. If you are not the intended recipient of the e-mail, any use by you is prohibited.