Hi Tom, Zye, I think I'm talking apps, not sites. For example, when I look at ISA's log for MS Update client I see requests from the machine the client runs on, even with a logged on user, without authentication information. So in an ISA setup with authentication enabled this would bounce off ISA and be rejected. However, if I add the extra rule allowing unauthenticated traffic to the MS sites in question MS Update works fine. The request is still the same, only now ISA accepts it, I don't see the site being involved in this at all. I have no clue about hotmail or OE though, I'm not using either except for my passport account :-) I think that Zye is looking for something similar, be it http or ftp, essentially the solution seems to be something like this, allow unauthenticated traffic for certain locations using specified protocols originating from a few select hosts only. I think :-) Mit freundlichen Grüßen, kind regards, Milan Göllner Computer Services & Informationssysteme CAE Elektronik GmbH Military Simulation & Training 52220 Stolberg, Germany -- Tel: +49 (2402) 106 691 eMail: milan.goellner@xxxxxxxxxxx -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Thursday, October 13, 2005 12:52 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Authentication http://www.ISAserver.org Hi Milan, Oh! OK, you're talking about about sites, not apps. Some sites don't support authenticating Web proxies, like the Windows Update site and the Hotmail site when working with Outlook Express (actually, this might be an Outlook Express issue, not a site issue). Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: "Milan Göllner" [mailto:milan.goellner@xxxxxxxxxxx] > Sent: Thursday, October 13, 2005 5:48 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: ISA Authentication > > http://www.ISAserver.org > > Hi, > > I'm doing this as well, I simply have an extra rule with > precedence over the default http rule which allows all users > (which includes unauthenticated ones) to pass through without > authentication to specific sites only using specified protocols. > There is some crummy software around which seems to generate > nothing but errors without something like this, Windows > Update client comes to mind immediately and MS has this > documented in their KB as well. > > > Mit freundlichen Grüßen, > kind regards, > > Milan Göllner > Computer Services & Informationssysteme > CAE Elektronik GmbH > Military Simulation & Training > 52220 Stolberg, Germany > -- > Tel: +49 (2402) 106 691 > eMail: milan.goellner@xxxxxxxxxxx > > -----Original Message----- > From: Zye [mailto:zyeuk@xxxxxxxxxxx] > Sent: Thursday, October 13, 2005 12:31 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: ISA Authentication > > http://www.ISAserver.org > > Sorry, you'll have to bear with me as Im a newbie to ISA. ISA is > performing the authentication. > > Providing users are logged onto the domain and have the > necessary profile > for internet access they are allowed access, however If we > want to turn > off authentication for a device that needs to download on a scheduled > basis, can we do this so that the device can download without being > prompted for username and password? Is there another way of > configuring > without turning off the auth for this device? > > Running isa2004. > > Hope this is clear. > > Thanks > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: milan.goellner@xxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: milan.goellner@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx