I am not sure if this info will be too helpful to you. I did not install proxy client to any of my users. They are all SecureNAT clients. On ISA Server, I have also had bad luck with specifying which users were allowed Internet Access because I would get pop up windows when a user tried to get to a restricted site. Hopefully someone will find this useful: Below is a previous response that I posted: http://www.ISAserver.org I had the same problem. My solution works good enough as long as you do not have specific users who should be allowed to specific sites, for example, allowing the shipping department access to only www.ups.com. This can work depending on what OS your clients use. It is no good for Windows 95 clients. To get around the issue of users having to supply credentials for the denied ad sites, I had to do the following: First, don't assign Internet Access rights based on person. 2nd, in Active Directory, divide your users into two groups: "Allowed Internet Access" and "Not Allowed Internet Access" 3rd, create a group policy for the "Allowed" group that forces the proxy address to be the address of the ISA server. 4th, create a group policy for the "Not Allowed" group that forces the proxy address to 127.0.0.1 or some other address. 5th, for both groups, you may want to make it so that your users cannot change these settings This way, you are assigning which users can access the Internet through AD and not ISA. Thanks, Brian K. Scheele Systems Administrator Clark Filter 3649 Hempland Road Lancaster, PA 17601-1393 Ph. 717-285-5941 x176 Fx. 717-285-3039 -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Wednesday, August 07, 2002 8:24 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Blocking ads http://www.ISAserver.org It sounds like you're using a user or group association with that rule. What happens if it applies to all requests? Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison http://jalojash.org/isatools Read the books! ----- Original Message ----- From: "KJ Demott" <prjit@xxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Wednesday, August 07, 2002 3:12 PM Subject: [isalist] Blocking ads http://www.ISAserver.org I have created a site and content rule and destination set to block a couple of the larger ad sites (for all requests). It seems to be working all right, except a window pops up asking for user ID and password for every ad that is blocked. This can get annoying after a while. Is there any way to block these ads that is transparent to clients? TIA K Demott _________________________________________________________________ Join the world's largest e-mail service with MSN Hotmail. http://www.hotmail.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bscheele@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bscheele@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') Thanks, Brian K. Scheele Systems Administrator Clark Filter 3649 Hempland Road Lancaster, PA 17601-1393 Ph. 717-285-5941 x176 Fx. 717-285-3039 -----Original Message----- From: Vanvelthoven, Danny [mailto:D.Vanvelthoven@xxxxxxxxxxxxx] Sent: Tuesday, September 10, 2002 5:32 AM To: [ISAserver.org Discussion List] Subject: [isalist] Proxy client authentication. http://www.ISAserver.org Hi, All our clients are Proxy clients. We have rules that deny access to certain sites. Now, when one of the users tries to connect to one of the domains that are blocked, he gets a popup window, asking him for user authentication. After entering the information, he get's an HTTP 407 error. How can I prevent this ? , I just want that the user gets the HTTP 502, access denied page. Danny View our available profiles on http://competences.CentricKsi.be <http://competences.CentricKsi.be> ------------------------------------------------------------------------ LEGAL DISCLAIMER: The information included in this message is personal and/or confidential and intended exclusively for the addressees as stated. This message and/or the accompanying documents may contain confidential information and should be handled accordingly. If you are not the intended reader of this message, we urgently request that you notify Centric KSI immediately and that you delete this e-mail and any copies of it from your system and destroy any printouts immediately. It is forbidden to distribute, reproduce, use or disclose the information in this e-mail to third parties without obtaining prior permission from Centric KSI. We expressly point out that there are risks associated with the use of e-mail like data corruption, interception, unauthorised amendment, viruses and unforeseen delays. Centric KSI and the companies within the group shall not accept any liability whatsoever for damage resulting from the use of e-mail. Legally binding obligations can only arise for Centric KSI by means of a written instrument, signed by an authorized representative of Centric KSI. ------------------------------------------------------------------------ ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bscheele@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')