That way everyone can see when I hose it up totally... ;-) Jim Harrison MCP(2K), A+, Network+, PCG ----- Original Message ----- From: "Thomas W. Shinder" <tshinder@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Sunday, September 16, 2001 1:29 PM Subject: [isalist] Re: ISA and NT Grups http://www.ISAserver.org Hi Jim, Why are you trying to keep it in the list? Thanks! Tom Thomas W Shinder, M.D., MCSE, MCT -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Sunday, September 16, 2001 2:23 PM To: [ISAserver.org Discussion List] Cc: isa@xxxxxxxxxxxxxx Subject: [isalist] Re: ISA and NT Grups http://www.ISAserver.org (Still trying to keep it in the list) No, you can't depend on the NT security "ticket" the user carries with him. If you want user authentication, then you must use the FW client or web client settings. Jim Harrison MCP(2K), A+, Network+, PCG ----- Original Message ----- From: "Babak" <isa@xxxxxxxxxxxxxx> To: "'Jim Harrison'" <jim@xxxxxxxxxxxx> Sent: Sunday, September 16, 2001 3:48 AM Subject: RE: ISA and NT Grups Dear Sir, thanks so much for your help. I just wanted to make clear that what I want to do is not possible as you say. just confirm it or tell me if I am wrong! Because I am using NAT client I can not set protocol rule based on a person or group. and if I want to use web proxy so I know who my user is I have to tell the user to set the browser proxy setting. you see my users are remote users. is there any way that when he authenticate to NT, then there will be no need to authenticate in ISA. Beacuse my users are remote I prefer not to tell them to set the proxy setting.but I want to filter the protocols by user groups. is there a way? with so much thanks for your pationte. Best Regards Babak Dashti -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Saturday, September 15, 2001 8:35 PM To: [ISAserver.org Discussion List] Cc: isa@xxxxxxxxxxxxxx Subject: Re: ISA and NT Grups (Keeping it in the list) That configuration works because of the setting you chose in the HTTP redirector. The disadvantage to that is that your client browser won't be able to authenticate because the HTTP redirector does not pass the authentication through to the web proxy service. If you want user authentication, you have to set the proxy information in the browser. Jim Harrison MCP(2K), A+, Network+, PCG ----- Original Message ----- From: "Babak" <isa@xxxxxxxxxxxxxx> To: <jim@xxxxxxxxxxxx> Sent: Saturday, September 15, 2001 2:23 AM Subject: ISA and NT Grups Dear Mr. Harrison As you know, you help me and sent a response about Internet Access. I read other your response to one of ISA Group that it is same to my trouble too. You explained 4 items, therfore I configure my ISA same to your commands but I have to setup my proxy in IE5 too, if I interested to active my Firewall. In previouse configure in Extention - Http Filter properties I selected first Item not 3th item "SecureNat Clients ..." (that you explain in item 3 in your mail) and my clients in LAN could access to Internet w/o any new configure of IE5 or Proxy on IE5. Now, please let me know that we are wrong in configuration or we need to more new setup of ISA Server for Access to Internet throgh IE5 Browser w/o putting any proxy setting. Best Regards Babak Dashti ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')