Don't need any other firewall than the ISA firewall. What you're concenred about is authentication, not the Firewall client. So, if you don't create anonymous access rules, they will have to be Web proxy and/or Firewall client. Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Michael Ross Sent: Thursday, September 14, 2006 3:06 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Firewall client change the 'big' FW.. pix, etc.. to only allow the ISA box to go out via port 80.. then if they turn off the firewall client, they cant go anywhere on the web. .thus they will not turn that off anymore if they want to go to the internet ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR Sent: Thursday, September 14, 2006 2:54 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Firewall client Hi there, anybody knows how to prevent that a user disables the firewall client? Regards Diego R. Pietruszka