Hi Chris, Don't use that option. Just remove all anonymous access site and content rules. Then configure the clients as Web Proxy and Firewall clients. Make sure all users log into the domain that the ISA Server belongs to. HTH, Tom -----Original Message----- From: Chris rollison [mailto:crollison@xxxxxxxxxxxxxxxxxxx] Sent: Friday, December 06, 2002 9:17 AM To: [ISAserver.org Discussion List] Subject: [isalist] Internet Authentication http://www.ISAserver.org I am working in a mixed environment with a good mixture of 98,2000,xp, and Macs. I am trying to move to one group of people to authenticate to a win2k domain, and would like ISA to base rules on users and groups. My problem is if I try to get ISA to look at group membership by selecting the force authentication button, all internet connections have to authenticate. I want anyone who is not authenticating to remain working the same without having to type in usernames. Any help? ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')