Jim - This is a neat tool, but it doesn't set the automatic configuration script, don't I need this? Tx. G. -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Wednesday, July 21, 2004 11:51 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Globally set proxy in IE and 2004 VPN question( s) http://www.ISAserver.org If you want to define the browser proxy settings and prevent the user from having the ability to change it, then DON'T set it at the user level. Instead, make your settings at the machine level and disable per-user settings. http://isatools.org/ie_proxy.vbs is a hacky example of just such a process. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Troy Radtke" <TRadtke@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Wednesday, July 21, 2004 08:46 Subject: [isalist] RE: Globally set proxy in IE and 2004 VPN question( s) http://www.ISAserver.org I really don't have any plans, I have a bunch of servers at home that I have set up, and I have some spare VIA C3 systems that I let my friends use as web/ftp servers for whatever they want to do with the understanding that I'm not responsible if I need more space on my system and "borrow" the boot drive to store mpeg clips from my ReplayTV.... This sounds like an interesting way of letting them just VPN into their server on their own network and keep them off my research/practice/personal domain..... I'm guessing that's chapter 5 in your new 2004 book, which now I'll be forced to buy in addition to all the other ones..... Oh wait, I filled up that book self, I'll have to build another one.... Oh, wait, I put the fish tank there..... I'll have to move the tv then, but I don't have anywhere else in the room with that many plug in's and cat5 drops.... Damn you and your books! I'll have to build a new room onto the house to put them in.... =?) Troy -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, July 21, 2004 10:29 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Globally set proxy in IE and 2004 VPN question( s) http://www.ISAserver.org Hi Troy, I've included some information in chapter 5 of the book and will include even more in the VPN chapter (chapter 8), but I don't think there's anything on the Microsoft site yet. There is also some info on RADIUS configure for VPN clients in the ISA 2004 VPN kit (www.msfirewall.org/isa2004kits.htm) but not specific for the tri-homed setup. What do you have in mind for your RADIUS plan? Thanks! Tom www.isaserver.org/shinder Get the book! Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Troy Radtke [mailto:TRadtke@xxxxxxxxxxxx] Sent: Wednesday, July 21, 2004 8:44 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Globally set proxy in IE and 2004 VPN question( s) http://www.ISAserver.org Is there a write up on this 3+ NIC config with RADIUS somewhere Tom? I've used RADIUS with Cisco stuff before, but not Windows based equipment. TIA Troy -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, July 21, 2004 8:40 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Globally set proxy in IE and 2004 VPN question(s) http://www.ISAserver.org Hi Greg, Yes, the update button will refresh the Web Proxy config for the other users. You definitely can VPN to different segments -- just create the appropriate access rules. Suppose you have 10 NICs install on the ISA firewall. You want VPN users to access networks attached to the other 9 NICs based on their user account and group membership. No problem! That's a no-brainer for the ISA firewall. Each NIC can host another organization and you can configure access policy to allow users to access the networks they need to without allowing them access to other networks. What cool is you can use RADIUS and a list of RADIUS servers to simplify this otherwise complex "federated" scenario. HTH, Tom www.isaserver.org/shinder Get the book! Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Greg Hess [mailto:gmh@xxxxxxxx] Sent: Wednesday, July 21, 2004 8:34 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Globally set proxy in IE and 2004 VPN question(s) http://www.ISAserver.org Tom, Thanks for the quick reply! Are you talking the 'update' button in the firewall client? Also, can I VPN onto two different segments on the ISA 2004 box? I've never tried that but have a need. Greg. -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, July 21, 2004 9:32 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Globally set proxy in IE and 2004 VPN question(s) http://www.ISAserver.org Hi Greg, Subsequent users can use the Firewall client dialog box to set their browsers too. Just doesn't happen automatically (sort of like my 1040s don't get file automatically :-) There are two very good contenders for ISA firewall appliances: www.rimapp.com and www.networkengines.com So far, the Rimapp is more "appliancized" with a complete conversion to Web interface -- you never have to touch the MMC and can use the Web interface for total firewall management. HTH, Tom www.isaserver.org/shinder Get the book! Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Greg Hess [mailto:gmh@xxxxxxxx] Sent: Wednesday, July 21, 2004 8:27 AM To: [ISAserver.org Discussion List] Subject: [isalist] Globally set proxy in IE and 2004 VPN question(s) http://www.ISAserver.org Hey everybody! I noticed that installing the firewall client sets up the IE settings for proxy etc. However, if there is more than one profile on the PC, it does not set these IE settings for the other profiles. Is there any way (non-GPO) to do this? It would help a lot. I've looked at the registry settings, but have yet to find a way to set these settings globally. - Also - I would like to set up an isa 2004 appliance (are those ready yet?) between three networks such that one machine from one network can vpn in and connect to the other two, is this possible, or am I good looking? (I used to say crazy, but that was just asking for trouble) Tx! -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, July 21, 2004 9:25 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: question http://www.ISAserver.org Hi Ricky, http://www.amazon.com/exec/obidos/ASIN/1928994296/ ;-) HTH, Tom www.isaserver.org/shinder Get the book! Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls