Hello for Everybody! My name is Marcelo, and I trying to deny internet access from some computers on my internal Lan. I created a Address Range with the IP range of computers (10.10.254.1~10.10.254.254), and I created a Deny Rule that is the first rule on ISA 2004. A user that have internet access by login basis is still able to surf on internet. Looking at monitoring screen, I see that ISA is granting access to that user using her or his username and password. This user is member of Windows group called "Internet_Access". The idea is block these computers to surf on internet, no matter membership that users belongs to. The Deny rule is before Allow Rule. Anyone knows what is wrong? Any help would be GREAT welcome. And sorry for my english... Marcelo Santos. --------------------------------- Yahoo! Acesso Grátis - Internet rápida e grátis. Instale o discador do Yahoo! agora.