RE: Proxy client authentication.
- From: "Scheele, Brian" <bscheele@xxxxxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 10 Sep 2002 09:36:08 -0400
I am not sure if this info will be too helpful to you. I did not install
proxy client to any of my users. They are all SecureNAT clients. On ISA
Server, I have also had bad luck with specifying which users were allowed
Internet Access because I would get pop up windows when a user tried to get
to a restricted site. Hopefully someone will find this useful:
Below is a previous response that I posted:
http://www.ISAserver.org
I had the same problem. My solution works good enough as long as you do not
have specific users who should be allowed to specific sites, for example,
allowing the shipping department access to only www.ups.com. This can work
depending on what OS your clients use. It is no good for Windows 95
clients.
To get around the issue of users having to supply credentials for the denied
ad sites, I had to do the following:
First, don't assign Internet Access rights based on person.
2nd, in Active Directory, divide your users into two groups: "Allowed
Internet Access" and "Not Allowed Internet Access"
3rd, create a group policy for the "Allowed" group that forces the proxy
address to be the address of the ISA server.
4th, create a group policy for the "Not Allowed" group that forces the proxy
address to 127.0.0.1 or some other address.
5th, for both groups, you may want to make it so that your users cannot
change these settings
This way, you are assigning which users can access the Internet through AD
and not ISA.
Thanks,
Brian K. Scheele
Systems Administrator
Clark Filter
3649 Hempland Road
Lancaster, PA 17601-1393
Ph. 717-285-5941 x176
Fx. 717-285-3039
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Wednesday, August 07, 2002 8:24 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Blocking ads
http://www.ISAserver.org
It sounds like you're using a user or group association with that rule.
What happens if it applies to all requests?
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison
http://jalojash.org/isatools
Read the books!
----- Original Message -----
From: "KJ Demott" <prjit@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, August 07, 2002 3:12 PM
Subject: [isalist] Blocking ads
http://www.ISAserver.org
I have created a site and content rule and destination set to block a couple
of the larger ad sites (for all requests). It seems to be working all right,
except a window pops up asking for user ID and password for every ad that is
blocked. This can get annoying after a while. Is there any way to block
these ads that is transparent to clients?
TIA
K Demott
_________________________________________________________________
Join the world's largest e-mail service with MSN Hotmail.
http://www.hotmail.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bscheele@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bscheele@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Thanks,
Brian K. Scheele
Systems Administrator
Clark Filter
3649 Hempland Road
Lancaster, PA 17601-1393
Ph. 717-285-5941 x176
Fx. 717-285-3039
-----Original Message-----
From: Vanvelthoven, Danny [mailto:D.Vanvelthoven@xxxxxxxxxxxxx]
Sent: Tuesday, September 10, 2002 5:32 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Proxy client authentication.
http://www.ISAserver.org
Hi,
All our clients are Proxy clients. We have rules that deny access to
certain sites.
Now, when one of the users tries to connect to one of the domains that are
blocked, he gets a popup window, asking him for user authentication. After
entering the information, he get's an HTTP 407 error. How can I prevent
this ? , I just want that the user gets the HTTP 502, access denied page.
Danny
View our available profiles on http://competences.CentricKsi.be
<http://competences.CentricKsi.be>
------------------------------------------------------------------------
LEGAL DISCLAIMER: The information included in this message is personal
and/or confidential and intended exclusively for the addressees as stated.
This message and/or the accompanying documents may contain confidential
information and should be handled accordingly. If you are not the intended
reader of this message, we urgently request that you notify Centric KSI
immediately and that you delete this e-mail and any copies of it from your
system and destroy any printouts immediately. It is forbidden to distribute,
reproduce, use or disclose the information in this e-mail to third parties
without obtaining prior permission from Centric KSI. We expressly point out
that there are risks associated with the use of e-mail like data corruption,
interception, unauthorised amendment, viruses and unforeseen delays.
Centric KSI and the companies within the group shall not accept any
liability whatsoever for damage resulting from the use of e-mail. Legally
binding obligations can only arise for Centric KSI by means of a written
instrument, signed by an authorized representative of Centric KSI.
------------------------------------------------------------------------
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bscheele@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
