Also, why not assign it to each user, instead of to the computer? Wouldn't it then be installed for each user at logon? John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Thursday, October 24, 2002 7:22 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Firewall Client Installation Problem http://www.ISAserver.org This is going to be a long one, so... IE settings are "per user" by default, so the FW client only makes the changes to IE on a per-user basis. Here're the registry settings "per-user": [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "User Agent"="Mozilla/4.0 (compatible; MSIE 6.0; Win32)" "IE5_UA_Backup_Flag"="5.0" "NoNetAutodial"=dword:00000000 "MigrateProxy"=dword:00000001 "EnableNegotiate"=dword:00000001 "ProxyEnable"=dword:00000000 "EmailName"="IEUser@" "AutoConfigProxy"="wininet.dll" "MimeExclusionListForCache"="multipart/mixed multipart/x-mixed-replace multipart/x-byteranges " "WarnOnPost"=hex:01,00,00,00 "UseSchannelDirectly"=hex:01,00,00,00 "EnableHttp1_1"=dword:00000001 "PrivacyAdvanced"=dword:00000000 "EnableAutodial"=dword:00000000 "UrlEncoding"=dword:00000000 "ProxyHttp1.1"=dword:00000001 "CertificateRevocation"=dword:00000000 "DisableCachingOfSSLPages"=dword:00000000 "SecureProtocols"=dword:00000028 "WarnonBadCertRecving"=dword:00000001 "WarnonZoneCrossing"=dword:00000000 "WarnOnPostRedirect"=dword:00000001 "SyncMode5"=dword:00000003 "GlobalUserOffline"=dword:00000000 "ProxyServer"="isaserver:80" "PrivDiscUiShown"=dword:00000001 "AutoConfigURL"="http://wpad/wpad.dat"; To place these settings at the machine level, you simply duplicate them to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings To keep the per-user settings from having any effect, add this entry: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Intern et Settings "ProxySettingsPerUser", DWORD=0x0 ..hope that feeds the imagination... Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/pages/author_index.asp?aut=3 http://isatools.org Read the help / books / articles! ----- Original Message ----- From: "Mayo, Bill" <bemayo@xxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, October 24, 2002 2:27 PM Subject: [isalist] Firewall Client Installation Problem http://www.ISAserver.org I am attempting to deploy the Firewall Client to my staff to replace the Proxy Client. I am having no problem with the actual deployment of the software, it installs fine through group policy. However, while the software is installed and seems to be functioning properly, any rule that has security applied to it results in a "403 forbidden" error (regardless of whether it is allowed or prohibited). What I have found is that if the software is installed (or repaired using add/remove software) with the user logged on, everything works fine FOR THAT USER. Anybody else logging on will have the same problem, until the software is installed under the context. (I have also installed the software manually with the same result--deploying through group policy does not seem to make a difference.) This is causing me a big problem. It would be bad enough if it had to be installed under the user context, but it's an absolute show stopper that everyone that uses the computer has to have it done. I have been unable to pinpoint what changes when it is re-run under the user's logon; everything looks the same. The client machines are running Windows 2000 SP2, and the ISA Server has SP1. Thanks in advance for any help you can provide, Bill Mayo Pitt County MIS ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')