[isalist] SurfControl and User Authentication
- From: "Ball, Dan" <DBall@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Fri, 19 Jan 2007 14:09:11 -0500
Looking through the SurfControl help, I ran across this tidbit:
Monitoring Users with Microsoft ISA Server
________________________________
With ISA Server you can either use NetBIOS, EUM or use ISA Server
authentication.
ISA Server Authentication is the preferred method if monitoring traffic
from firewall clients. This prevents having to install EUM on all your
domain controllers.
To configure your ISA Server for user authentication:
1.Open the ISA Management Console from the Start > Programs menu.
2.Find your machine name within the ISA tree. This will be listed within
Internet Security and Acceleration Server\Servers and Arrays.
3.Right-click on your machine name and choose Properties from the pop-up
menu.
4.Select the Outgoing Web Requests tab.
5.Select the Ask unauthenticated users for identification check-box.
6.In the same dialog double-click your machine name in the Server column
of the identification pane. This can be found in the Identification
Section. The Add/Edit Listeners dialog appears.
7.Select the Integrated authentication check box.
8.Select the Basic with this domain check-box and click Yes on the ISA
Server Configuration pop-up.
9.Click the Select Domain dialog. Alternatively, use the Browse button
to navigate to your domain.
10.Click OK and close all of the open dialogs until you are back at the
Properties dialog for your ISA Server.
11.Click OK on this dialog and select the Save Changes and restart the
service(s) radio button on the ISA Server Warning pop-up. Click OK
again.
For ISA Server 2004 and above <javascript:kadovTextPopup(this)>
1. Open the ISA Management Console from the Start > Programs >
Microsoft ISA Server menu.
2. Find your machine name within the ISA tree. This will be
listed within Internet Security and Acceleration Server 2004 (or 2006).
3. Expand the Configuration option.
4. Select Networks.
5. Select the network you want to monitor and select Edit
Selected Network from the Tasks pane.
6. From the network properties dialog box, select the Web Proxy
tab.
7. Click Authentication.
8. From the Authentication dialog box, select Require all users
to authenticate.
9. Click OK to close the Authentication dialog box.
10. Click OK to close the network properties dialog box.
What are the ramifications of enabling the "Require all users to
authenticate" option? I remember people talking about that on this list
before and it didn't seem to be a good idea in most cases, but I don't
recall why...
Also, SurfControl does appear to be working as a user-group level now,
so why "would" I need to use that option?
Other related posts:
