[isalist] Re: "Top Users" report
- From: "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Mon, 17 Apr 2006 19:37:01 -0400
It's SBS. IIS is running on the ISA server.
Amy
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Thomas W Shinder
Sent: Monday, April 17, 2006 7:14 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: "Top Users" report
I think you guys are making this WAY harder than it should be.
1. Enable autodiscovery publishing on the ISA firewall
2. Make sure IIS is NOT running on the ISA firewa
3. Configure the wpad alias in the domain that the machines belong to
4. Configure the firewall clients for wpad autodiscovery (the default)
5. Configure Web browsers to use autodiscovery (the default)
That's it. Make sure the ISA firewall is a domain member, the client
machines are domain members, and that the users are logged in as domain
members.
That's it. All. no mo.
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jonathon J. Howey
Sent: Monday, April 17, 2006 5:47 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: "Top Users" report
I think I've skimmed that document before, but I was able to
download wpad.dat manually by going to the ISA url, so i assumed
everything was working, but today when I try http://wpad/wpdat.dat it's
no worky, so I dunno what happened.
For my own knowledge / reference, how would I achieve the
solution to my original problem (User shows as IP instead of Username)
without touching the WPAD stuff?
Jonathon J. Howey
MENSE Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxxx
Defining the Future of Transportation
www.MENSE.ca <http://www.mense.ca/>
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak
Sent: April 17, 2006 4:12 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: "Top Users" report
Installing WPAD will do it. http://isatools.org/sbs_wpad_2.zip
Also do a search on my blog for silently installing the firewall client.
I know I did an entry on that a while back. Might want to read about
WPAD while you're there too.
http://isainsbs.blogspot.com <http://isainsbs.blogspot.com/>
Amy
Technology Consultant,
President and ISA MVP
Harbor Computer Services
Small Business Computer Specialists
Client Blog: http://smalltechnotes.blogspot.com/
Tech Blog: http://isainsbs.blogspot.com/
Website: http://www.harborcomputerservices.net/
<http://www.smallbizserver.net/Portals/0/NTForums_Avatars/Avatar_5160.gi
f>
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jonathon J. Howey
Sent: Monday, April 17, 2006 6:02 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: "Top Users" report
I'm not seeing it in the list Amy.
Anyways to backup, let's pretend I didn't want to go around to
each station and change each FWC to autodiscover; what do I need to do
for the other solution (with the proxy)?
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak
Sent: April 17, 2006 3:44 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: "Top Users" report
To have your workstations use WPAD you'll have to first install
it. Look to isatools.org for the SBS WPAD implementation.
Amy
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jonathon J. Howey
Sent: Monday, April 17, 2006 5:15 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: "Top Users" report
So to simplify what I need to do, i think either need to enable
the Web Proxy for my Network Properties by hitting that check box that's
currently unchecked [if i want no WPAD], or in that same window, enable
Auto Discovery in it's tab [if i want WPAD]?
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
Sent: April 17, 2006 3:02 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: "Top Users" report
Hi Jonathan,
You need the Web proxy and/or Firewall client configuration to
get user names. If you're using WPAD, you must enable autodiscovery
information publishing, or host that information on another Web server.
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jonathon J. Howey
Sent: Monday, April 17, 2006 3:23 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: "Top Users" report
Trying to track down what's causing IP's to be published
in report instead of Username
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
Sent: April 17, 2006 1:53 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: "Top Users" report
Why is autodiscovery information publishing unchecked?
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jonathon J. Howey
Sent: Monday, April 17, 2006 2:34 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: "Top Users" report
OK found it for the Internal Network.
*On the Auto Discovery tab, "Publish automatic
discovery information" was unchecked
*On Firewall Client tab, "Enable FWC support" is
checked, my Server name is typed in, then "Automatically detect
settings" and "Use automatic config. script" (default URL) is checked.
"Use a Web proxy server" is NOT. (these would all be default as I do
not remember changing any of this).
Now knowing this, should I check 'Use a web
proxy server', or uncheck the auto. detect settings?
Furthermore, I've never changed ISA Console >
General > Define Firewall Client Setting, so everything there should
still be the same.
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat
Sent: April 17, 2006 1:12 PM
To: ISA Mailing List
Subject: [isalist] Re: "Top Users" report
From within the ISA console, in the the
properties of your protected network, on the firewall client tab.
That should be selected if you want to
autocinfigure the FWC.
S
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jonathon J. Howey
Sent: Monday, April 17, 2006 3:55 PM
To: ISA Mailing List
Subject: [isalist] Re: "Top Users" report
Could you further explain? I remember during
ISA 2004 setup whether I'm connecting a console to an existing ISA
server, or make a new ISA server, but I doubt that's it.
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat
Sent: April 17, 2006 12:17 PM
To: ISA Mailing List
Subject: [isalist] Re: "Top Users" report
Have you disabled auto detect in the ISA
console, because that's where the instruction comes from.
S
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jonathon J. Howey
Sent: Monday, April 17, 2006 2:52 PM
To: ISA Mailing List
Subject: [isalist] Re: "Top Users" report
Yes, but like I said, I believe most of my FWC
installs have a hard-coded server address typed in, so it shouldn't be
used the WPAD entry?
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat
Sent: April 17, 2006 11:44 AM
To: ISA Mailing List
Subject: [isalist] Re: "Top Users" report
Take it out the dhcp scope, (it don't work as it
should), and just use a DNS A record for wpad.
S
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jonathon J. Howey
Sent: Monday, April 17, 2006 12:46 PM
To: ISA Mailing List
Subject: [isalist] Re: "Top Users" report
Each client does have FWC installed (hard-coded
to the ISA WINS name (instead of DNS i've now realized); but i also have
configured the WPAD o252 in my domain.local DHCP scope .. ), and then
after I installed it, I proceeded to the 'Web Browser' tab and hit
'Configure Now', which changed the old ISASERVER:8080 config in the
client's Internet Options to the configuration script.
After reading the 'Client Overview' in the Help
section, I'm pretty sure that I just have FWC users which would also be
Web Proxy users, so therefore the report should be working... yes?
Jonathon J. Howey
MENSE Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxxx
Defining the Future of Transportation
www.MENSE.ca <http://www.mense.ca/>
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak
Sent: April 17, 2006 9:33 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: "Top Users" report
Read up on client types. The help file has
excellent information on this. If it's authentication you'd like and
tracking by username rather than IP address, then you'll need the
firewall client.
As far as what the #7 entry represents you'll
have to consult your logs to see what t Client Typesdd
\ hat user was doing.
Amy
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jonathon J. Howey
Sent: Monday, April 17, 2006 11:13 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] "Top Users" report
Anyone have any idea on why the IP of the
machine is showing up instead of the user? Has it anything to do with
using a config. script in IE/Mozilla instead of proxy and port? Reason
I ask is, the report is misleading if you use DHCP, as it looks like the
User (IP) is being stored as the PK, and hence if that IP get's
re-assigned to a diff. user (as it has in my case), it doesn't reset the
totals.
As well, anyone have any ideas of where I can
find out where the IP in #7 is coming from? Is it possible that it's a
spammer server and the ISA report is considering traffic on port 25 as
well? (this is an SBS box).
No
User
Requests
% of Total Requests
Bytes In
% of Total Bytes In
Bytes Out
% of Total Bytes Out
Total Bytes
% of Total Bytes
1
192.168.100.119
20096
2.90 %
22.69 GB
30.60 %
2.30 GB
4.80 %
24.99 GB
20.50 %
2
192.168.100.117
3626
0.50 %
19.37 GB
26.10 %
1.33 GB
2.80 %
20.70 GB
17.00 %
3
192.168.100.126
15047
2.20 %
3.29 GB
4.40 %
10.74 GB
22.40 %
14.03 GB
11.50 %
4
192.168.100.127
13424
2.00 %
1.88 GB
2.50 %
8.44 GB
17.60 %
10.32 GB
8.50 %
5
192.168.100.139
17883
2.60 %
5.90 GB
8.00 %
3.80 GB
7.90 %
9.70 GB
7.90 %
6
192.168.100.100
13107
1.90 %
1.29 GB
1.70 %
3.16 GB
6.60 %
4.45 GB
3.60 %
7
198.53.112.177
76
0.00 %
3.38 GB
4.60 %
219.57 MB
0.40 %
3.60 GB
2.90 %
8
192.168.100.104
746
0.10 %
611.11 MB
0.80 %
2.73 GB
5.70 %
3.33 GB
2.70 %
9
192.168.100.122
5902
0.90 %
1.38 GB
1.90 %
1.27 GB
2.70 %
2.66 GB
2.20 %
10
192.168.100.85
110655
16.10 %
725.06 MB
1.00 %
1.94 GB
4.00 %
2.65 GB
2.20 %
11
192.168.100.124
14410
2.10 %
1.15 GB
1.60 %
1.11 GB
2.30 %
2.26 GB
1.90 %
12
192.168.100.134
12922
1.90 %
1.28 GB
1.70 %
920.23 MB
1.90 %
2.18 GB
1.80 %
13
192.168.100.114
20273
3.10 %
1.60 GB
2.20 %
548.31 MB
1.10 %
2.13 GB
1.80 %
14
192.168.100.132
14908
2.30 %
216.83 MB
0.30 %
1.83 GB
3.80 %
2.04 GB
1.70 %
15
192.168.100.113
14029
2.20 %
1.09 GB
1.50 %
451.77 MB
0.90 %
1.53 GB
1.30 %
All Others
374959
59.30 %
6.29 GB
11.10 %
7.06 GB
15.10 %
13.36 GB
12.60 %
Total
652063
100.00 %
72.12 GB
100.00 %
47.81 GB
100.00 %
119.93 GB
100.00 %
Thanks.
Jonathon J. Howey
MENSE Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxxx
Defining the Future of Transportation
www.MENSE.ca <http://www.mense.ca/>
Other related posts:
