I know I have ask this question before but I have not got an answer that work. I am trying to put more details in everytime (as I learn them)to see if anyone else has had this problem. Thanks in advanve for any help. We are running NT 4 with a windows 2000 server for ISA. Okay this is what is happening. I have created groups for the domain under user manager for domain FIA (full Internet Access), LIA (Limited Internet access), NIA (No Internet Access). I have authentication in ISA set to intergrade. Then in ISA I set up my Protocol rules for HTTP;HTTPS, and I set it to allow everyone to use. Then I created a destination set that block web sites like hotmail.com, but I did not use an * because I wanted to be used for one group. Then I created 4 S&C Rules 1) Allow (this is the default that allows everyone to hit any web site.) 2) FIA (Full Internet access, this will eventually have curtain restrictions to it) 3) LIA (Limited Internet access, this a very limited access to only approved sites.) 4) NIA (No Internet access, this has no access.) Then I set the LIA to deny and redirect to our local intranet and I set it to specified destination set. Under all the S&C, I set to apply to specific users and I set each S&C to the group on the domain LIA Then I disable the Allow S&C. Then whenever anyone tries to access the internet, it asks for a user name and password and never lets anyone surf the net. Do you have any idea why it doesn?t allow anyone to get out to the internet when I shut the allow S&C off?