I'm looking at migrating from MS Proxy 2.0 to ISA. Have a question. I currently use Web proxy to allow users access to the internet. I've setup NT 4.0 user groups giving various access, FTP, HTTPS or just plain HTTP. Also setup a couple of Winsock clients for 'special' access. This works great. I read thru the Documentation for ISA Server and it seems to me that I must setup access based on IP address(Client address sets) now instead of login id for the web proxy clients. Is this true? I'm using DHCP so this is going to be a problem. Am I better off using the firewall client on every machine? Thanks, Adam