[isalist] Re: SurfControl and User Authentication
- From: "Roy Tsao" <caohuiming@xxxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Mon, 22 Jan 2007 12:57:40 +0800
Hi Dan,
I think you shall have been facing pop windows FOR YEARS if depoly IE setting
by autodetect
or autoconfiguration...
Actually I followed that in the beginning then resolved it by either modify
registry or
put authentication on rule.
----- Original Message -----
From: Ball, Dan
To: isalist@xxxxxxxxxxxxx
Sent: Monday, January 22, 2007 12:30 PM
Subject: [isalist] Re: SurfControl and User Authentication
That is the way I've had it running for years, but I ran across that help
documentation and was curious about the ramifications of actually following
their documentation.
------------------------------------------------------------------------------
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Roy Tsao
Sent: Saturday, January 20, 2007 6:36 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: SurfControl and User Authentication
Dan,
You don't need to request authenticaiton to webproxy listener because you can
put
access rule by request authentication.
If authentication to webproxy listener is required, please check the great
article done
by Mr. Stefaan Pouseele :
http://www.isaserver.org/articles/ISA2004_ClientAutoConfig.html
You shall modify registry at ISA so that autoconfig or autodetect can work
well without
user authentication window popup.
----- Original Message -----
From: Eric Poole, CISSP
To: isalist@xxxxxxxxxxxxx
Sent: Saturday, January 20, 2007 3:40 AM
Subject: [isalist] Re: SurfControl and User Authentication
Dan,
The ramifications, at least here at Community Medical, are that all users
will always get a prompt when attempting to access the internet. When I say
always, I mean constantly. We do not have this selected, we have SurfControl
5.0 and are able to capture all user information. If you select the option of
"require all users to authenticate", it will more or less cause headaches. I
know this probably isn't the technical answer you were looking for, but
hopefully Tom will fill in the blanks.
_______________________________________________
Eric Poole, CISSP
Senior Information Security Analyst
Community Medical Centers
1140 "T" Street, Fresno, California 93721
559-459-6784 (phone) 559-459-2045 (fax)
----------------------------------------------------------------------------
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Ball, Dan
Sent: Friday, January 19, 2007 11:09 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] SurfControl and User Authentication
Looking through the SurfControl help, I ran across this tidbit:
Monitoring Users with Microsoft ISA Server
----------------------------------------------------------------------------
With ISA Server you can either use NetBIOS, EUM or use ISA Server
authentication.
ISA Server Authentication is the preferred method if monitoring traffic
from firewall clients. This prevents having to install EUM on all your domain
controllers.
To configure your ISA Server for user authentication:
1.Open the ISA Management Console from the Start > Programs menu.
2.Find your machine name within the ISA tree. This will be listed within
Internet Security and Acceleration Server\Servers and Arrays.
3.Right-click on your machine name and choose Properties from the pop-up
menu.
4.Select the Outgoing Web Requests tab.
5.Select the Ask unauthenticated users for identification check-box.
6.In the same dialog double-click your machine name in the Server column of
the identification pane. This can be found in the Identification Section. The
Add/Edit Listeners dialog appears.
7.Select the Integrated authentication check box.
8.Select the Basic with this domain check-box and click Yes on the ISA
Server Configuration pop-up.
9.Click the Select Domain dialog. Alternatively, use the Browse button to
navigate to your domain.
10.Click OK and close all of the open dialogs until you are back at the
Properties dialog for your ISA Server.
11.Click OK on this dialog and select the Save Changes and restart the
service(s) radio button on the ISA Server Warning pop-up. Click OK again.
For ISA Server 2004 and above
1. Open the ISA Management Console from the Start > Programs >
Microsoft ISA Server menu.
2. Find your machine name within the ISA tree. This will be listed
within Internet Security and Acceleration Server 2004 (or 2006).
3. Expand the Configuration option.
4. Select Networks.
5. Select the network you want to monitor and select Edit Selected
Network from the Tasks pane.
6. From the network properties dialog box, select the Web Proxy tab.
7. Click Authentication.
8. From the Authentication dialog box, select Require all users to
authenticate.
9. Click OK to close the Authentication dialog box.
10. Click OK to close the network properties dialog box.
What are the ramifications of enabling the "Require all users to
authenticate" option? I remember people talking about that on this list before
and it didn't seem to be a good idea in most cases, but I don't recall why.
Also, SurfControl does appear to be working as a user-group level now, so
why "would" I need to use that option?
-------------------------------------------------------
WARNING/CONFIDENTIAL:
-------------------------------------------------------
This email, including attachments, may contain information that is
privileged, confidential, and/or exempt from disclosure under applicable law
(including, but not limited to, protected health information). It is not
intended for transmission to, or receipt by, any unauthorized persons. If the
reader of this message is not the intended recipient you are hereby notified
that any dissemination, distribution or copying of this communication is
strictly prohibited. If you believe this email was sent to you in error, do not
read it. Reply to the sender informing them of the error and then destroy all
copies and attachments of the message from your system. Thank you.
Other related posts:
