[isalist] Re: Infor - Help - Authentication

From: "John Wilson" <john@xxxxxxxxxxxxxxxxxxxxxxxx>
To: <isalist@xxxxxxxxxxxxx>
Date: Sat, 10 Oct 2009 19:38:04 -0400

So the customized ISA page with the spinning skull and crossbones  that yelled 
“Access Denied!” was pretty funny. It WAS called something else, but we won’t 
go into that J

 

Dan, sounds like you’ve got stuff locked down. That’s how I’d do it!

 

John W.

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Ball, Dan
Sent: Saturday, October 10, 2009 11:36 AM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: Infor - Help - Authentication

 

*bow*

 

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Thor (Hammer of God)
Sent: Friday, October 09, 2009 8:13 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Infor - Help - Authentication

 

Good for you – that’s the way it SHOULD be done.  

 

(And John, you didn’t tell the class what happened to those people in the “Deny 
All” group as you call it.  And you KNOW it wasn’t called that. :)

 

t

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Ball, Dan
Sent: Friday, October 09, 2009 12:53 PM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: Infor - Help - Authentication

 

Ahhhh, but all of our computers ARE on the domain, they all have reserved IPs, 
they all have the Firewall Client installed, AND they are allowed through the 
ISA server only if they are a member of the proper AD group.  In addition, I 
bring it down to the protocol level, where they have to be in the proper AD 
group to use certain protocols and anyone who brings in a home computer and 
tries to plug it into our network will get an IP address in a range that is 
disallowed pretty much everything.

 

So…. They act up, they get taken out of the Web Access group, and no Internet 
for them.  

 

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of John Wilson
Sent: Friday, October 09, 2009 2:45 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Infor - Help - Authentication

 

Seriously, who do YOU know that dresses monkeys in clothes?

 

All aside, student PC's may be tough be cause they aren't joined to the domain 
necessarily, so GPO cant be applied if that is the case. 

 

But you could give that computer a DHCP reservation so it gets the same IP 
everytime, and block it's IP address in ISA. Where I used to work, we had had a 
group called "deny all". Just drop the user in the group (if it's Active 
Directory) and they get blocked. If you don't have Active Directory, Just drop 
the computer by IP in the group. Done!

 

John W.

 

  _____  

From: Thor (Hammer of God) <thor@xxxxxxxxxxxxxxx>
To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
Sent: Friday, October 9, 2009 12:19:19 PM
Subject: [isalist] Re: Infor - Help - Authentication

Yeah, but you can also steal their Facebook account data and post pictures of 
naked monkeys. 

 

t

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Ball, Dan
Sent: Friday, October 09, 2009 4:12 AM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: Infor - Help - Authentication

 

Sounds like my daily battle with student Internet access…  Do you block or do 
you convince them to behave?  I’m lazy, so I block (but they also have an AUP).

 

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Thor (Hammer of God)
Sent: Friday, October 09, 2009 1:03 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Infor - Help - Authentication

 

Prevent them from making changes to the proxy configuration via group policy.   
Or require authentication for outbound HTTP(s) at the rule or at the web proxy 
network config.  Better yet, write out a corporate policy outlining acceptable 
use and Internet usage restrictions and have employees sign it -- If anyone 
violates policy, terminate their employment with extreme prejudice. 

 

t

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of LEANDRO DOS S. FERREIRA - TI
Sent: Thursday, October 08, 2009 1:30 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Infor - Help - Authentication

 

Hi All,

 

I have a one user and this user does not have permisson in ISA to access the 
internet. If I login in a computer with webproxy and firewall client checked 
this user can not access internet web. But if I un-check the webproxy , he gets 
access to the internet.

 

I do know what happened !! A few days ago is OK. I do not know how can I block 
this. I would like to prevent users to access the internet even they 
un-checking the webproxy. 

 

Only the users that have permisson can access the internet.

 

Can you help me ?!?!?

 

Regards

 

_______________________

Leandro dos Santos Ferreira

IT Team - Segurança da Informação

mailto:leandro@xxxxxxxxxxx

CBMM - Companhia Brasileira de Metalúrgia e Mineração

Inovar - Respeitar - Competir

Follow-Ups:
- [isalist] Re: Infor - Help - Authentication
  - From: Steve Moffat

References:
- [isalist] Infor - Help - Authentication
  - From: LEANDRO DOS S. FERREIRA - TI
- [isalist] Re: Infor - Help - Authentication
  - From: Thor (Hammer of God)
- [isalist] Re: Infor - Help - Authentication
  - From: Ball, Dan
- [isalist] Re: Infor - Help - Authentication
  - From: Thor (Hammer of God)
- [isalist] Re: Infor - Help - Authentication
  - From: John Wilson
- [isalist] Re: Infor - Help - Authentication
  - From: Ball, Dan
- [isalist] Re: Infor - Help - Authentication
  - From: Thor (Hammer of God)
- [isalist] Re: Infor - Help - Authentication
  - From: Ball, Dan

[isalist] Re: Infor - Help - Authentication

Other related posts: