RE: Web Client Requests

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Sun, 29 Jan 2006 10:11:46 -0600

Hi Jim,

Just to make clear, IE negotiates with the Web proxy device.

In contrast, cr*pware like Realplayer and Java apps don't negotiate.

Right?
Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**

 

> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
> Sent: Saturday, January 28, 2006 3:39 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Web Client Requests
> 
> http://www.ISAserver.org
> 
> Unfortunately, that statement "..IE attempts to use Integrated.." is
> incorrect.
> I've had the distinct pleasure(?) of testing all the popular browsers
> and they *all* choose from the supported auth methods listed by the
> server or proxy.  If the proxy or server does not include NTLM or
> Negotiate, the browser won't try it.
> 
> The only reason NTLM (Windows auth) takes precedence over Basic is
> because the application in question is obeying RFC 2617.
> 
> That KB is illustrating how IIS handles various auth methods; IE is a
> side note at best.
> 
> --------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> --------------------------------------------
> -----Original Message-----
> From: Keith Irby [mailto:irbykh@xxxxxxxxxxx] 
> Sent: Saturday, January 28, 2006 1:35 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Web Client Requests
> 
> http://www.ISAserver.org
> 
> Hi Amy,
> 
> I have had this pain myself.  Instead of Integrated Auth, I 
> had to turn
> on
> Basic Auth on the Web Proxy.  Many Java Apps are proxy aware, just not
> NTLM/Kerb aware.  
> 
> The good thing is IE attempts to use Integrated when ISA or 
> any web app
> requests authentication.  
> http://support.microsoft.com/kb/264921  Please
> scroll down to the Order of Precedence portion of this article; in the
> third
> paragraph it discusses IE Basic and Windows Auth.  Windows Auth takes
> precedence over Basic.  Hopefully, this is a very limited set of users
> sending auth requests in the clear (non-encrypted).
> 
> Regards,
> 
> Keith
> 
> -----Original Message-----
> From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] 
> Sent: Saturday, January 28, 2006 3:15 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Web Client Requests
> 
> http://www.ISAserver.org
> 
> I don't know about that. You must just not be hearing about 
> it from the
> rest. The apps that are causing problems are from banks (401K
> submission), payroll services, stock brokerage services...essentially
> anything firmly in the bean counter realm. Schwab, ADP, Paychex, you
> name it. If it's financial they've got a java app that won't play nice
> with authentication, even with the Firewall Client installed. 
> 
> Note to Tom: And these things aren't running on the server either,
> they're running on client workstations.
> 
> Amy
> 
> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
> Sent: Saturday, January 28, 2006 3:54 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Web Client Requests
> 
> http://www.ISAserver.org
> 
> ..except if the app is proxy-aware, then you get into the 
> "worm ate the
> bird" problem again...
> 
> I will stipulate that the SBS community seems to hit this particular
> wall more often than most; probably due to the
> cheaposkinflintmothposcketicity of their customers.
> 
> --------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> --------------------------------------------
> 
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
> Sent: Saturday, January 28, 2006 12:34 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Web Client Requests
> 
> http://www.ISAserver.org
> 
> Hey Jim,
> 
> That's what the Firewall client is for, so that you don't have to
> disable auth.
> 
> So, I'll have to update my maxim:
> 
> SecureNAT and Anonymous Access rules are for Losers and Servers.
> 
> How's that?
> 
> Tom 
> 
> > -----Original Message-----
> > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
> > Sent: Saturday, January 28, 2006 1:13 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Web Client Requests
> > 
> > http://www.ISAserver.org
> > 
> > You're right - I responded in reverse.
> > If you:
> > 1. disable the web proxy filter
> > 2. remove authentication
> > 
> > ..then no one is forced to authenticate and you are limited 
> > to IP-based access controls.
> > Bad juju, IMHO...
> > 
> > --------------------------------------------
> > Jim Harrison
> > MCP(NT4, W2K), A+, Network+, PCG
> > http://isaserver.org/Jim_Harrison/
> > http://isatools.org
> > Read the help / books / articles!
> > --------------------------------------------
> > -----Original Message-----
> > From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
> > Sent: Saturday, January 28, 2006 11:02 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Web Client Requests
> > 
> > http://www.ISAserver.org
> > 
> > Yes unfortunately? Wouldn't it be no, unfortunately?
> > 
> > Yes to me would mean that everything would authenticate 
> > except for what you specify.
> > 
> > No would mean that everything would then go through without 
> > authentication.
> > 
> > Amy
> > 
> > 
> > -----Original Message-----
> > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> > Sent: Saturday, January 28, 2006 10:36 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Web Client Requests
> > 
> > http://www.ISAserver.org
> > 
> > Yes, unfortunately.
> > This is exactly why I list this step among the "last line  of 
> > defense".
> > 
> > --------------------------------------------
> > Jim Harrison
> > MCP(NT4, W2K), A+, Network+, PCG
> > http://isaserver.org/Jim_Harrison/
> > http://isatools.org
> > Read the help / books / articles!
> > --------------------------------------------
> > -----Original Message-----
> > From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
> > Sent: Saturday, January 28, 2006 7:12 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Web Client Requests
> > 
> > http://www.ISAserver.org
> > 
> > Yes, I am. So once you do that does any traffic bother to 
> > authenticate anymore?
> > 
> > Amy
> > 
> > 
> > -----Original Message-----
> > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> > Sent: Saturday, January 28, 2006 10:05 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Web Client Requests
> > 
> > http://www.ISAserver.org
> > 
> > Contrary to tribal knowledge, there's nothing special about 
> > the SBS installation of ISA other than some rules that make 
> > me nauseous and wizards that remove the burden of 
> > understanding.  The SBS version of ISA is ISA Std Edition.
> > 
> > I think you're referring to disassociating the Web Proxy 
> > filter from the HTTP protocol as is offered for some apps 
> > that can't authenticate at all?
> > 
> > ..which brings up my next point - while it's true that there 
> > are some apps that think they have a direct link to their 
> > desired destination, this technique should be the *last* line 
> > of defense; not the first.
> > 
> > --------------------------------------------
> > Jim Harrison
> > MCP(NT4, W2K), A+, Network+, PCG
> > http://isaserver.org/Jim_Harrison/
> > http://isatools.org
> > Read the help / books / articles!
> > --------------------------------------------
> > -----Original Message-----
> > From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
> > Sent: Saturday, January 28, 2006 5:59 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Web Client Requests
> > 
> > http://www.ISAserver.org
> > 
> > So then in the SBS world once we check the box that allows 
> > apps to bi-pass the web proxy filter won't everything then 
> > bi-pass it? In the first ISA, she says, she would allow 
> > unauthenticated access and everything would then go through?
> > 
> > Amy
> > 
> > -----Original Message-----
> > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> > Sent: Saturday, January 28, 2006 1:58 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Web Client Requests
> > 
> > http://www.ISAserver.org
> > 
> > I'm not clear on "basic and authenticated", since basic is an 
> > authentication mechanism?  If you mean "basic and <anything else
> > offered>", it's up to the client to choose the strongest method it
> > supports (RFC 2617).
> > 
> > In the first "ISA, she say:", ISA advises the client what 
> > auth methods it will accept )Negotiate, NTLM, Kerberos in 
> my example).
> > In the second "Client, he say:", the client responds with the 
> > auth method it wants to use.  In this response, the specified 
> > auth method
> > *must* be one of the options ISA previously presented, or ISA 
> > will reject the auth attempt.
> > 
> > --------------------------------------------
> > Jim Harrison
> > MCP(NT4, W2K), A+, Network+, PCG
> > http://isaserver.org/Jim_Harrison/
> > http://isatools.org
> > Read the help / books / articles!
> > --------------------------------------------
> > -----Original Message-----
> > From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
> > Sent: Friday, January 27, 2006 5:31 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Web Client Requests
> > 
> > http://www.ISAserver.org
> > 
> > I'll probably get your post a day or two from now. They tend 
> > to come in blobs. 20 messages today, 300 tomorrow. I find it 
> > difficult to keep track of a thread. I don't even ask yahoo 
> > to send it out of their own system. It gets delivered to my 
> > yahoo account! Maybe I should sign up under a non-yahoo 
> > address and see if I have any better success.
> > 
> > I understand that the authentication process starts all over 
> > again. What I'm asking is, if I enable basic and 
> > authenticated access for the listener, what determines 
> > whether ISA will accept basic or authenticated for a 
> > particular packet? 
> > 
> > Amy
> >  
> > -----Original Message-----
> > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> > Sent: Friday, January 27, 2006 5:24 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Web Client Requests
> > 
> > http://www.ISAserver.org
> > 
> > sbs2k@xxxxxxxxxxxxxxx
> > 
> > The point is that:
> > 1. the clients know diddly (and maybe even squat) about the 
> > way the proxy is configured 2. unless the client is using 
> > proxy:keepalive in the client-to-proxy connection, each 
> > request is an introduction between the client and the proxy 
> > 
> > Thus, each new connection between the client and proxy incurs 
> > a new authentication requirement and the ball starts bouncing 
> > all over again.
> > 
> > -------------------------------------------------------
> >    Jim Harrison
> >    MCP(NT4, W2K), A+, Network+, PCG
> >    http://isaserver.org/Jim_Harrison/
> >    http://isatools.org
> >    Read the help / books / articles!
> > -------------------------------------------------------
> >  
> > 
> > -----Original Message-----
> > From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
> > Sent: Friday, January 27, 2006 14:11
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Web Client Requests
> > 
> > Which forum? 
> > 
> >  
> > 
> > So here is where I get confused. If my web listener allows 
> > both non-authenticated and authenticated requests, then why 
> > after I allow non-authenticated access does ISA ever require 
> > authentication? Won't everything then be accepted with 
> authentication?
> > 
> >  
> > 
> > Amy
> > 
> >  
> > 
> > ________________________________
> > 
> > From: Greg Mulholland [mailto:greg@xxxxxxxxxxxxxx]
> > Sent: Friday, January 27, 2006 3:38 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] Web Client Requests
> > 
> >  
> > 
> > Hey guys, im forwarding this message on behalf of Jim. He 
> > posted it to another list and true to form it was too good an 
> > explanation not to impart on the masses (or the cheesemakers).
> > 
> >  
> > 
> > This traces the path of your IE (or other) http requests and 
> > explains why you will always see anonymous requests in your 
> > web logs. Thanks Jim
> > 
> >  
> > 
> > Greg Mulholland
> > 
> > 
> > >>>>>>>>>>>>>>
> > 
> > Correct - all web clients do exactly that.
> > This is also why the logs will forever contain anonymous 
> > requests even if all you allow are authenticated connections, 
> > because ISA will log those denied anonymous requests.
> > 
> > What you can't tell from the logs is what happens after that 
> > in detail.
> > This requires a bit of Netmon (or Ethereal, if you swing that 
> > way) sleuthing.
> > 
> > Here's the bouncing ball:
> > 
> > ** Client, he say:
> > GET http://www.isaserver.org/ HTTP/1.1
> > Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, 
> > application/x-shockwave-flash, application/vnd.ms-excel, 
> > application/vnd.ms-powerpoint, application/msword, */*
> > Accept-Language: en-us
> > Accept-Encoding: gzip, deflate
> > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 
> > 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1)
> > Host: www.isaserver.org
> > Proxy-Connection: Keep-Alive
> > 
> > ** ISA, she say:
> > HTTP/1.1 407 Proxy Authentication Required ( The ISA Server 
> > requires authorization to fulfill the request. Access to the 
> > Web Proxy service is denied.  )
> > Via: 1.1 HEARTOFGOLD
> > Proxy-Authenticate: Negotiate
> > Proxy-Authenticate: Kerberos
> > Proxy-Authenticate: NTLM
> > Connection: Keep-Alive
> > Proxy-Connection: Keep-Alive
> > Pragma: no-cache
> > Cache-Control: no-cache
> > Content-Type: text/html
> > Content-Length: 4113 
> > 
> > ..note - the ISA in this case (as in yours, probably) logged 
> > this request as anonymous and responded saying that it 
> > allowed three authentication methods: Negotiate, Kerberos and 
> > NTLM.  These are the default auth methods for any ISA 
> > installation (including SBS).
> > 
> > ** Client, he say:
> > GET http://www.isaserver.org/ HTTP/1.1
> > Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, 
> > application/x-shockwave-flash, application/vnd.ms-excel, 
> > application/vnd.ms-powerpoint, application/msword, */*
> > Accept-Language: en-us
> > Accept-Encoding: gzip, deflate
> > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 
> > 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1)
> > Host: www.isaserver.org
> > Proxy-Connection: Keep-Alive
> > Proxy-Authorization: NTLM
> > TlRMTVNTUAABAAAAB7IIogQABAAzAAAACwALACgAAAAFASgKAAAAD0ZPUkRQUk
> > VGRUNUSE9N
> > RQ==
> > 
> > Note that the client chose NTLM auth and passed the first 
> > part of the handshake in Base-64 encoding.  Not to worry, 
> > this isn't like Basic, which is base-64 encoded plain text; 
> > this is base-64 encoded encrypted information.  ISA also logs 
> > this request as anonymous.
> > 
> > ** ISA, she say:
> > HTTP/1.1 407 Proxy Authentication Required ( Access is denied.  )
> > Via: 1.1 HEARTOFGOLD
> > Proxy-Authenticate: NTLM
> > TlRMTVNTUAACAAAACAAIADgAAAAFgomiWWcfZe6QNCsAAAAAAAAAALQAtABAAA
> > AABQLODgAA
> > AA9IAE8ATQBFAAIACABIAE8ATQBFAAEAFgBIAEUAQQBSAFQATwBGAEcATwBMAE
> > QABAAiAGgA
> > bwBtAGUALgBqAGEAbABvAGoAYQBzAGgALgBvAHIAZwADADoAaABlAGEAcgB0AG
> > 8AZgBnAG8A
> > bABkAC4AaABvAG0AZQAuAGoAYQBsAG8AagBhAHMAaAAuAG8AcgBnAAUAIgBoAG
> > 8AbQBlAC4A
> > agBhAGwAbwBqAGEAcwBoAC4AbwByAGcAAAAAAA==
> > Connection: Keep-Alive
> > Proxy-Connection: Keep-Alive
> > Pragma: no-cache
> > Cache-Control: no-cache
> > Content-Type: text/html
> > Content-Length: 0  
> > 
> > Note that ISA also passed some NTLM data back to the client - 
> > this is part and parcel to NTLM authentication even outside of HTTP
> > 
> > ** Client, he say:
> > GET http://www.isaserver.org/ HTTP/1.1
> > Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, 
> > application/x-shockwave-flash, application/vnd.ms-excel, 
> > application/vnd.ms-powerpoint, application/msword, */*
> > Accept-Language: en-us
> > Accept-Encoding: gzip, deflate
> > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 
> > 5.1; SV1;.NET CLR 1.1.4322; InfoPath.1)
> > Host: www.isaserver.org
> > Proxy-Connection: Keep-Alive
> > Proxy-Authorization: NTLM
> > TlRMTVNTUAADAAAAGAAYAG4AAAAYABgAhgAAAAgACABIAAAACAAIAFAAAAAWAB
> > YAWAAAAAAA
> > AACeAAAABYKIogUBKAoAAAAPSABPAE0ARQBKAGkAbQBIAEYATwBSAEQAUABSAE
> > UARgBFAEMA
> > VABunrbKxTfLxwAAAAAAAAAAAAAAAAAAAABNhP8BkKK3ZR1MXfC2h14+Q4IQaVlWRH8=
> > 
> > 
> > Note that the client passes the remaining part of the NTLM 
> > handshake - if ISA can resolve the credentials passed by the 
> > client during this process, all will be FD&H.
> > 
> > ** ISA, she say:
> > HTTP/1.1 200 OK
> > Proxy-Connection: Keep-Alive
> > Connection: Keep-Alive
> > Content-Length: 40936
> > Via: 1.1 HEARTOFGOLD
> > Date: Fri, 27 Jan 2006 05:49:15 GMT
> > Content-Type: text/html
> > Server: Microsoft-IIS/6.0
> > X-Powered-By: ASP.NET
> > Set-Cookie: ASPSESSIONIDCCRRSRBC=EIBLFICAIMCPFBFCEKFFKBEA; path=/
> > Cache-control: private
> > 
> > This is where access is allowed (200 response).
> > 
> > You should note that I haven't included anything that may 
> > have been passed in the HTTP body - it's not important to 
> > this discussion and only makes for an unweildy thread.
> > 
> > --------------------------------------------
> > Jim Harrison
> > MCP(NT4, W2K), A+, Network+, PCG
> > http://isaserver.org/Jim_Harrison/
> > http://isatools.org
> > Read the help / books / articles!
> > 
> > 
> > All mail to and from this domain is GFI-scanned.
> > 
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org 
> Discussion List as:
> > amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
> > To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org 
> Discussion List as:
> > jim@xxxxxxxxxxxx
> > To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > All mail to and from this domain is GFI-scanned.
> > 
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org 
> Discussion List as:
> > amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
> > To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org 
> Discussion List as:
> > jim@xxxxxxxxxxxx
> > To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > All mail to and from this domain is GFI-scanned.
> > 
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org 
> Discussion List as:
> > amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
> > To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org 
> Discussion List as:
> > jim@xxxxxxxxxxxx
> > To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > All mail to and from this domain is GFI-scanned.
> > 
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org 
> Discussion List as:
> > amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
> > To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org 
> Discussion List as:
> > jim@xxxxxxxxxxxx
> > To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > All mail to and from this domain is GFI-scanned.
> > 
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion 
> > List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > 
> > --
> > No virus found in this incoming message.
> > Checked by AVG Free Edition.
> > Version: 7.1.375 / Virus Database: 267.14.23/243 - Release 
> > Date: 1/27/2006
> >  
> > 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> All mail to and from this domain is GFI-scanned.
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> irbykh@xxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> All mail to and from this domain is GFI-scanned.
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 


Other related posts: