If you want to control proxy settings, you can use group policies: User Config/Windows Settings/Internet Explorer Maintenance. ----- Original Message ----- From: "Bill Mayo" <bemayo@xxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Friday, October 25, 2002 7:46 AM Subject: [isalist] Re: Firewall Client Installation Problem > http://www.ISAserver.org > > > Jim, thanks for this information, it was enlightening. This led me to > explore further, and what I see is that the difference is that the one's > that work have proxy settings enabled in the browser and the other's do > not. It also led me to the obviously related mgmt item under Client > Configuration, Web Browser. > > What has thrown me here is that I want to use all internet access as a > "Firewall Client", not as a "Web Proxy Client". With Proxy Server, we had > no proxy settings in the web browser, and everything works fine. That is > the way that I would like to continue to do it. However, since the lack > of (or removing) the proxy settings from the web browser results in an > inability to connect to rule-restricted sites, leads me to wonder if this > fundamental behavior is changed in ISA Server (I did not see anything in > the docs that indicated this, although I may have missed something). > > So, my new question is how do I make this work so that everything is done > through WinSock calls, negating the need for any web proxy settings? If > this is no longer possible (say it isn't so!), then is there any way to > set the server-side configuration so that each user gets the needed proxy > config (or am I going to have to set the last registry key you mentioned > in some other fashion)? > > Thanks for your help! > Bill Mayo > Pitt County MIS > > > This is going to be a long one, so... > > IE settings are "per user" by default, so the FW client only makes the > > changes to IE on a per-user basis. > > > > Here're the registry settings "per-user": > > [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet > > ... > > > > To place these settings at the machine level, you simply duplicate them to: > > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet > > Settings > > > > To keep the per-user settings from having any effect, add this entry: > > HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Intern > > et Settings "ProxySettingsPerUser", DWORD=0x0 > > > > ..hope that feeds the imagination... > > > > Jim Harrison > > MCP(NT4, W2K), A+, Network+, PCG > > http://isaserver.org/pages/author_index.asp?aut=3 > > http://isatools.org > > Read the help / books / articles! > > > > ----- Original Message ----- > > From: "Mayo, Bill" <bemayo@xxxxxxxxxxxxx> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > Sent: Thursday, October 24, 2002 2:27 PM > > Subject: [isalist] Firewall Client Installation Problem > > > > > > http://www.ISAserver.org > > > > > > I am attempting to deploy the Firewall Client to my staff to replace the > > Proxy Client. I am having no problem with > > the actual deployment of the software, it installs fine through group > > policy. > > > > However, while the software is installed and seems to be functioning > > properly, any rule that has security applied > > to it results in a "403 forbidden" error (regardless of whether it is > > allowed or prohibited). > > > > What I have found is that if the software is installed (or repaired using > > add/remove software) with the user logged > > on, everything works fine FOR THAT USER. Anybody else logging on will have > > the same problem, until the software is installed under the context. (I > > have also installed the software manually with the same result--deploying > > through group policy does not seem to make a difference.) > > > > This is causing me a big problem. It would be bad enough if it had to be > > installed under the user context, but it's an absolute show stopper that > > everyone that uses the computer has to have it done. > > > > I have been unable to pinpoint what changes when it is re-run under the > > user's logon; everything looks the same. The client machines are running > > Windows 2000 SP2, and the ISA Server has SP1. > > > > Thanks in advance for any help you can provide, > > Bill Mayo > > Pitt County MIS > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Exchange Server Resource Site: http://www.msexchange.org/ > Windows Security Resource Site: http://www.windowsecurity.com/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: jschwarzkopf@xxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub')