RE: access policies--

• From: "Quillman Shawn (RBNA/CIT1.1)" <Shawn.Quillman@xxxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 24 Jan 2003 16:30:40 -0500

Yeah, I worded that poorly.  Better way of saying it is you have easier
control.  Someone gets access, they get assigned to the group.  No access,
not in the group.  Easy.  If you deny everyone first you have to go and add
them to the exception list when you start opening things up.  Then you have
2 lists to maintain, the allowed and the exceptions.  When you deny by
default and then allow by user/group you only have one list to maintain.

-Shawn

-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CIT1.1
38000 Hills Tech Drive
Farmington Hills, MI  48331
(248) 553-1164 (P)     (248) 848-2855 (F)
shawn.quillman@xxxxxxxxxxxx


-----Original Message-----
From: Jill Ray [mailto:jill@xxxxxxxxxxxxxxx]
Sent: Friday, January 24, 2003 4:39 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: access policies--


http://www.ISAserver.org


Why wouldn't I have complete control over who gets access if I denied
first?  
I'm still learning here...

~Jill

-----Original Message-----
From: Quillman Shawn (RBNA/CIT1.1) [mailto:Shawn.Quillman@xxxxxxxxxxxx] 
Sent: Friday, January 24, 2003 12:12 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: access policies--

http://www.ISAserver.org



Best thing is to allow by user\group.  That way you have complete
control
over who gets access.  (That on top of the fact that you do have to
specifically allow something with policy in order to grant access.)

-Shawn

-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CIT1.1
38000 Hills Tech Drive
Farmington Hills, MI  48331
(248) 553-1164 (P)     (248) 848-2855 (F)
shawn.quillman@xxxxxxxxxxxx


-----Original Message-----
From: Jill Ray [mailto:jill@xxxxxxxxxxxxxxx]
Sent: Friday, January 24, 2003 12:57 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] access policies--


http://www.ISAserver.org


When authenticating by user, it is better to assign policies by 
1.  denying all first, then allowing by user/group
2.  allowing all first, then denying by user/group

Is one trickier than the other?

Thanks in advance for your help,
Jill

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jill@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » access policies--
• » RE: access policies--
• » RE: access policies--
• » RE: access policies--
• » RE: access policies--

1. Home
2. isalist
3. Archive
4. 01-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---