Re: Firewall Client Installation Problem
- From: "Jay" <jschwarzkopf@xxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 25 Oct 2002 10:40:34 -0400
If you want to control proxy settings, you can use group policies: User
Config/Windows Settings/Internet Explorer Maintenance.
----- Original Message -----
From: "Bill Mayo" <bemayo@xxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Friday, October 25, 2002 7:46 AM
Subject: [isalist] Re: Firewall Client Installation Problem
> http://www.ISAserver.org
>
>
> Jim, thanks for this information, it was enlightening. This led me to
> explore further, and what I see is that the difference is that the one's
> that work have proxy settings enabled in the browser and the other's do
> not. It also led me to the obviously related mgmt item under Client
> Configuration, Web Browser.
>
> What has thrown me here is that I want to use all internet access as a
> "Firewall Client", not as a "Web Proxy Client". With Proxy Server, we had
> no proxy settings in the web browser, and everything works fine. That is
> the way that I would like to continue to do it. However, since the lack
> of (or removing) the proxy settings from the web browser results in an
> inability to connect to rule-restricted sites, leads me to wonder if this
> fundamental behavior is changed in ISA Server (I did not see anything in
> the docs that indicated this, although I may have missed something).
>
> So, my new question is how do I make this work so that everything is done
> through WinSock calls, negating the need for any web proxy settings? If
> this is no longer possible (say it isn't so!), then is there any way to
> set the server-side configuration so that each user gets the needed proxy
> config (or am I going to have to set the last registry key you mentioned
> in some other fashion)?
>
> Thanks for your help!
> Bill Mayo
> Pitt County MIS
>
> > This is going to be a long one, so...
> > IE settings are "per user" by default, so the FW client only makes the
> > changes to IE on a per-user basis.
> >
> > Here're the registry settings "per-user":
> > [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
> > ...
> >
> > To place these settings at the machine level, you simply duplicate them
to:
> > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
> > Settings
> >
> > To keep the per-user settings from having any effect, add this entry:
> >
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Intern
> > et Settings "ProxySettingsPerUser", DWORD=0x0
> >
> > ..hope that feeds the imagination...
> >
> > Jim Harrison
> > MCP(NT4, W2K), A+, Network+, PCG
> > http://isaserver.org/pages/author_index.asp?aut=3
> > http://isatools.org
> > Read the help / books / articles!
> >
> > ----- Original Message -----
> > From: "Mayo, Bill" <bemayo@xxxxxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Thursday, October 24, 2002 2:27 PM
> > Subject: [isalist] Firewall Client Installation Problem
> >
> >
> > http://www.ISAserver.org
> >
> >
> > I am attempting to deploy the Firewall Client to my staff to replace the
> > Proxy Client. I am having no problem with
> > the actual deployment of the software, it installs fine through group
> > policy.
> >
> > However, while the software is installed and seems to be functioning
> > properly, any rule that has security applied
> > to it results in a "403 forbidden" error (regardless of whether it is
> > allowed or prohibited).
> >
> > What I have found is that if the software is installed (or repaired
using
> > add/remove software) with the user logged
> > on, everything works fine FOR THAT USER. Anybody else logging on will
have
> > the same problem, until the software is installed under the context. (I
> > have also installed the software manually with the same
result--deploying
> > through group policy does not seem to make a difference.)
> >
> > This is causing me a big problem. It would be bad enough if it had to
be
> > installed under the user context, but it's an absolute show stopper that
> > everyone that uses the computer has to have it done.
> >
> > I have been unable to pinpoint what changes when it is re-run under the
> > user's logon; everything looks the same. The client machines are
running
> > Windows 2000 SP2, and the ISA Server has SP1.
> >
> > Thanks in advance for any help you can provide,
> > Bill Mayo
> > Pitt County MIS
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
jschwarzkopf@xxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
