I really doubt that that's the case (although it's been proven once or twice before that I have been wrong :-). Check your logs. Do you have any rules that allow access based on client address? Are you sure he's using his own account? Maybe he's gotten someone else's password. -Shawn ----- Shawn R. Quillman Robert Bosch Corporation RBNA/CIT1.1 38000 Hills Tech Drive Farmington Hills, MI 48331 (248) 553-1164 (P) (248) 848-2855 (F) shawn.quillman@xxxxxxxxxxxx -----Original Message----- From: Bruno ROUY [mailto:bruno.rouy@xxxxxxxx] Sent: Monday, December 09, 2002 8:31 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: strange http://www.ISAserver.org Hum, if i connect with his login password on another workstation i don't pass.... . i tkinking he use (maybe) a software who can bypass my rules -----Message d'origine----- De : Faizal Khan [mailto:mis@xxxxxxxxxxxxxx] Envoyé : lundi 9 décembre 2002 14:27 À : [ISAserver.org Discussion List] Objet : [isalist] RE: strange http://www.ISAserver.org Bruno, Shawn's right, you may have this user in one particular group. If it continues, just deny user from internet access. Strong approach, but as a medium until problem is solved. With Kind Regards, Khan ____________________________ Faizal Khan MIS Manager Guyana Forestry Commission 1 Water Street, Kingston, Georgetown, GUYANA. Tel : + (592) 226-7272 Fax : + (592) 226-8956 Email: <mailto:forestry.mis@xxxxxxxxxxxxxxxxx> forestry.mis@xxxxxxxxxxxxxxxxx Website: <http://www.forestry> http://www.forestry.gov.gy <http://www.forestry.gov.gy> -----Original Message----- From: Quillman Shawn (RBNA/CIT1.1) [mailto:Shawn.Quillman@xxxxxxxxxxxx] Sent: Monday, December 09, 2002 9:00 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: strange More than likely there's a misconfiguration in one of your ISA rules. Look at the logs to see which rules are allowing the connection. Rule #1 is the protocol rule that is allowing the connection and Rule #2 is the site and content rule that allows it. If you don't have those log fields turned on then enable it and see if that gives you some insight. If that's not it, make sure the user is not buried in a group somewhere that is allowed access. -Shawn ----- Shawn R. Quillman Robert Bosch Corporation RBNA/CIT1.1 38000 Hills Tech Drive Farmington Hills, MI 48331 (248) 553-1164 (P) (248) 848-2855 (F) shawn.quillman@xxxxxxxxxxxx -----Original Message----- From: Bruno ROUY [mailto:bruno.rouy@xxxxxxxx] Sent: Monday, December 09, 2002 7:53 AM To: [ISAserver.org Discussion List] Subject: [isalist] strange http://www.ISAserver.org Hello, do you know if exist a prg who permit to some users to bypass my proxy/firewall ? i see a user in the log who don't have acces to the net ! .i had searched but find nothing... Bruno ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bruno.rouy@xxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')