Dear all, I am pleased to join this group. I've got a question, I am implementing ISA server at my company (in firewall mode) and I need to restrict access by user or group membership (some users should have fully internet access and some users shouldn't download anything but can surf the net and some users with no internet access at all), but I can't use client address sets (I use DHCP in my network) so I need to do this according to their domain account credentials. I am facing problems implementing this: I've made a site and content rule that deny http downloads (http Content types) by a specific user but it doesn't work properly. (all my clients are firewall clients with ISA firewall client running on their machines and I am using the ISA in the firewall mode) I want the clients to be authorized automatically by their credentials (I don't want an authentication screen to show up to them as with the webproxy clients) Can any one guide me through the right steps to accomplish this. Thanks very much. Best Regards, Mohammed M Moustafa.