Hi Bill, Check out http://www.isaserver.org/articles/ISA2004_AccessRules.html. HTH, Stefaan -----Original Message----- From: William T. Holmes [mailto:wtholmes@xxxxxxxxxxxxxx] Sent: zondag 30 oktober 2005 22:13 To: [ISAserver.org Discussion List] Subject: [isalist] Firewall Client Machines and URL Restriction. http://www.ISAserver.org Hello, To begin with I have never really looked much at the firewall client. I have a couple of machines that I have configured for my children and I would like to create a restricted list of websites that they can go to when the log on. I want a "mixed" network in which I have Secure NAT clients (already have these) and some hosts with Firewall clients. When someone logs onto a Firewall Client machine I should be able to apply Firewall rules based on that person's identity correct? What I would like to do is have the firewall clients restricted to a specific set of Protocols and Sites (based on a URL set). However when I create such a rule and include a user set it blocks all systems regardless of who is logged on. Unless I am mistaken a Secure NAT Client is always anonymous to the firewall correct? I have also noted in my firewall logs that when one of the Firewall Client Machines browses the network that no usernames are displayed in the log entries. I though this would be a "side effect" of having a firewall client machine. The client username is always being set to anonymous. Again what I would like to achieve is: Have Secure NAT clients remain unaffected. Have Firewall Clients gain internet access based on their active directory group membership. Thanks for any insight Bill ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: stefaan.pouseele@xxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx