[isalist] Re: Infor - Help - Authentication

• From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
• To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 9 Oct 2009 17:13:12 -0700

Good for you – that’s the way it SHOULD be done.

(And John, you didn’t tell the class what happened to those people in the “Deny 
All” group as you call it.  And you KNOW it wasn’t called that. :)

t

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Ball, Dan
Sent: Friday, October 09, 2009 12:53 PM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: Infor - Help - Authentication

Ahhhh, but all of our computers ARE on the domain, they all have reserved IPs, 
they all have the Firewall Client installed, AND they are allowed through the 
ISA server only if they are a member of the proper AD group.  In addition, I 
bring it down to the protocol level, where they have to be in the proper AD 
group to use certain protocols and anyone who brings in a home computer and 
tries to plug it into our network will get an IP address in a range that is 
disallowed pretty much everything.

So…. They act up, they get taken out of the Web Access group, and no Internet 
for them.


From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of John Wilson
Sent: Friday, October 09, 2009 2:45 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Infor - Help - Authentication

Seriously, who do YOU know that dresses monkeys in clothes?

All aside, student PC's may be tough be cause they aren't joined to the domain 
necessarily, so GPO cant be applied if that is the case.

But you could give that computer a DHCP reservation so it gets the same IP 
everytime, and block it's IP address in ISA. Where I used to work, we had had a 
group called "deny all". Just drop the user in the group (if it's Active 
Directory) and they get blocked. If you don't have Active Directory, Just drop 
the computer by IP in the group. Done!

John W.

________________________________
From: Thor (Hammer of God) <thor@xxxxxxxxxxxxxxx>
To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
Sent: Friday, October 9, 2009 12:19:19 PM
Subject: [isalist] Re: Infor - Help - Authentication
Yeah, but you can also steal their Facebook account data and post pictures of 
naked monkeys.

t

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Ball, Dan
Sent: Friday, October 09, 2009 4:12 AM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: Infor - Help - Authentication

Sounds like my daily battle with student Internet access…  Do you block or do 
you convince them to behave?  I’m lazy, so I block (but they also have an AUP).


From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Thor (Hammer of God)
Sent: Friday, October 09, 2009 1:03 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Infor - Help - Authentication

Prevent them from making changes to the proxy configuration via group policy.   
Or require authentication for outbound HTTP(s) at the rule or at the web proxy 
network config.  Better yet, write out a corporate policy outlining acceptable 
use and Internet usage restrictions and have employees sign it -- If anyone 
violates policy, terminate their employment with extreme prejudice.

t

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of LEANDRO DOS S. FERREIRA - TI
Sent: Thursday, October 08, 2009 1:30 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Infor - Help - Authentication

Hi All,

I have a one user and this user does not have permisson in ISA to access the 
internet. If I login in a computer with webproxy and firewall client checked 
this user can not access internet web. But if I un-check the webproxy , he gets 
access to the internet.

I do know what happened !! A few days ago is OK. I do not know how can I block 
this. I would like to prevent users to access the internet even they 
un-checking the webproxy.

Only the users that have permisson can access the internet.

Can you help me ?!?!?

Regards

_______________________
Leandro dos Santos Ferreira
IT Team - Segurança da Informação
mailto:leandro@xxxxxxxxxxx
CBMM - Companhia Brasileira de Metalúrgia e Mineração
Inovar - Respeitar - Competir

• Follow-Ups:
  • [isalist] Re: Infor - Help - Authentication
    • From: Ball, Dan

• References:
  • [isalist] Infor - Help - Authentication
    • From: LEANDRO DOS S. FERREIRA - TI
  • [isalist] Re: Infor - Help - Authentication
    • From: Thor (Hammer of God)
  • [isalist] Re: Infor - Help - Authentication
    • From: Ball, Dan
  • [isalist] Re: Infor - Help - Authentication
    • From: Thor (Hammer of God)
  • [isalist] Re: Infor - Help - Authentication
    • From: John Wilson
  • [isalist] Re: Infor - Help - Authentication
    • From: Ball, Dan

Other related posts:

• » [isalist] Infor - Help - Authentication- LEANDRO DOS S. FERREIRA - TI
• » [isalist] Re: Infor - Help - Authentication- Jim Harrison
• » [isalist] Re: Infor - Help - Authentication- Thor (Hammer of God)
• » [isalist] Re: Infor - Help - Authentication- Rafa Serena
• » [isalist] Re: Infor - Help - Authentication- Ball, Dan
• » [isalist] Re: Infor - Help - Authentication- Thor (Hammer of God)
• » [isalist] Re: Infor - Help - Authentication- John Wilson
• » [isalist] Re: Infor - Help - Authentication- Ball, Dan
• » [isalist] Re: Infor - Help - Authentication- Thor (Hammer of God)
• » [isalist] Re: Infor - Help - Authentication - Thor (Hammer of God)
• » [isalist] Re: Infor - Help - Authentication- Ball, Dan
• » [isalist] Re: Infor - Help - Authentication- John Wilson
• » [isalist] Re: Infor - Help - Authentication- Steve Moffat
• » [isalist] Re: Infor - Help - Authentication- Ball, Dan
• » [isalist] Re: Infor - Help - Authentication- Jim Harrison
• » [isalist] Re: Infor - Help - Authentication- John Wilson
• » [isalist] Re: Infor - Help - Authentication- Thor (Hammer of God)

1. Home
2. isalist
3. Archive
4. 10-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---