[isapros] Re: SCCM and ISA - Worth a shot!

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: <isapros@xxxxxxxxxxxxx>
• Date: Sat, 16 Feb 2008 13:06:18 -0600

A "client certificate" template :)

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)

 

> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx 
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor 
> (Hammer of God)
> Sent: Saturday, February 16, 2008 12:32 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: SCCM and ISA - Worth a shot!
> 
> I hate coming in on the back end of things like this!  I've got what?
> And if Debbie gave you one, do I even want to know?  I feel 
> so exposed!!
> 
> t
> 
> > -----Original Message-----
> > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-
> > bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
> > Sent: Saturday, February 16, 2008 10:04 AM
> > To: isapros@xxxxxxxxxxxxx
> > Subject: [isapros] Re: SCCM and ISA - Worth a shot!
> > 
> > Debi gave me one for Valentine's day :)
> > 
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://blogs.isaserver.org/shinder/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- Microsoft Firewalls (ISA)
> > 
> > 
> > 
> > > -----Original Message-----
> > > From: isapros-bounce@xxxxxxxxxxxxx
> > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat
> > > Sent: Friday, February 15, 2008 5:27 PM
> > > To: ISAPros Mailing List
> > > Subject: [isapros] Re: SCCM and ISA - Worth a shot!
> > >
> > > Tim's got it....
> > >
> > > -----Original Message-----
> > > From: isapros-bounce@xxxxxxxxxxxxx
> > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas 
> W Shinder
> > > Sent: Friday, February 15, 2008 11:31 AM
> > > To: ISAPros Mailing List
> > > Subject: [isapros] Re: SCCM and ISA - Worth a shot!
> > >
> > > Do I need to use a User Certificate or Machine Certificate?
> > >
> > > I can't find the "Client Certificate" template
> > >
> > > :-p
> > >
> > > Thomas W Shinder, M.D.
> > > Site: www.isaserver.org
> > > Blog: http://blogs.isaserver.org/shinder/
> > > Book: http://tinyurl.com/3xqb7
> > > MVP -- Microsoft Firewalls (ISA)
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones
> > > > Sent: Friday, February 15, 2008 2:51 AM
> > > > To: isapros@xxxxxxxxxxxxx
> > > > Subject: [isapros] Re: SCCM and ISA - Worth a shot!
> > > >
> > > > At last, some feedback from MS...
> > > >
> > > > http://blogs.msdn.com/ameltzer/archive/2008/02/14/firewalls-an
> > > > d-internet-based-client-management-part-2-isa-bridging.aspx
> > > >
> > > > It seems I was pretty much spot on in my final config!
> > > >
> > > > Personally, I like the idea of creating machine based subject
> > > > names (UPN format) and then creating fake computer accounts -
> > > > this seems more logical as SCCM is based around machine
> > > > management and not user management.
> > > >
> > > > Jim => Will try to test the KCD stuff later...
> > > >
> > > > Cheers
> > > >
> > > > JJ
> > > >
> > > > -----Original Message-----
> > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> > > > Sent: 14 February 2008 21:23
> > > > To: isapros@xxxxxxxxxxxxx
> > > > Subject: [isapros] Re: SCCM and ISA - Worth a shot!
> > > >
> > > > Of course...
> > > >
> > > > -----Original Message-----
> > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones
> > > > Sent: Thursday, February 14, 2008 9:38 AM
> > > > To: isapros@xxxxxxxxxxxxx
> > > > Subject: [isapros] Re: SCCM and ISA - Worth a shot!
> > > >
> > > > Ok, will give it a try...you keen to know the result?
> > > >
> > > > -----Original Message-----
> > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> > > > Sent: 14 February 2008 17:03
> > > > To: isapros@xxxxxxxxxxxxx
> > > > Subject: [isapros] Re: SCCM and ISA - Worth a shot!
> > > >
> > > > If you ditch the client certs requirement, you can test KCD.
> > > >
> > > > -----Original Message-----
> > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones
> > > > Sent: Thursday, February 14, 2008 12:57 AM
> > > > To: isapros@xxxxxxxxxxxxx
> > > > Subject: [isapros] Re: SCCM and ISA - Worth a shot!
> > > >
> > > > Nope, SCCM web instance at default and "require client
> > > certs" enabled.
> > > >
> > > > -----Original Message-----
> > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> > > > Sent: 13 February 2008 18:08
> > > > To: isapros@xxxxxxxxxxxxx
> > > > Subject: [isapros] Re: SCCM and ISA - Worth a shot!
> > > >
> > > > Actually, I'd be surprised to learn that KCD works for
> > > > non-user accounts.
> > > > Did you remove "require client certificates" from the SCCM
> > > > web instance?
> > > >
> > > > -----Original Message-----
> > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones
> > > > Sent: Wednesday, February 13, 2008 8:51 AM
> > > > To: isapros@xxxxxxxxxxxxx
> > > > Subject: [isapros] Re: SCCM and ISA - Worth a shot!
> > > >
> > > > P.S. I also had to make sure the certificate on the SCCM
> > > > management point had the external FQDN as the CN and first
> > > > SAN to avoid the current issue with ISA and SAN certs ;-)
> > > >
> > > > -----Original Message-----
> > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones
> > > > Sent: 13 February 2008 16:35
> > > > To: isapros@xxxxxxxxxxxxx
> > > > Subject: [isapros] Re: SCCM and ISA - Worth a shot!
> > > >
> > > > Well.....................it does work!!! :-) mucho :-)
> > > >
> > > > I had to use the online CA, and use a new template that
> > > > allows the subject name to be defined in the request and the
> > > > cert private key to be exported. I then used
> > > > homepc$@domain.com in the cert requests subject line and
> > > > exported the cert onto the client. I then added a fake
> > > > computer object to the domain called homepc$. Once these were
> > > > both done, ISA was then able to authenticate the client cert,
> > > > and I got one step closer...hurrah!
> > > >
> > > > However, I can't get KCD to work, but think this is more an
> > > > issue with SCCM than ISA, as everything looks right and I
> > > > don't get and KCD alerts (which you normally get when it is
> > > > wrong!). If I use the bridging option to specify ISAs own
> > > > client cert I have a fully working setup. I think this
> > > > actually now makes sense based upon how SCCM works.
> > > >
> > > > To tie this down even more, I have then created a group
> > > > called 'SCCM Internet clients' and added homepc$, then
> > > > configured the web pubs rule to use this group.
> > > >
> > > > So, unless I am mistaken we now have the following scenario:
> > > >
> > > > * ISA pre-auth'ing all clients based upon their client
> > > > certificates, no cert, no dice! (I like preauth)
> > > > * ISA is in reverse web proxy and can HTTP inspect all
> > > > traffic (will tie down allowed verbs as next step)
> > > > * ISA SSL bridges to SCCM management point and provides it's
> > > > own client auth cert to satisfy the MP
> > > > * SCCM client specifies a special GUID in the packets (as I
> > > > have now found out) so the cert provided by ISA is not
> > > > actually used to identify the client, just to setup the
> > > > mutual TLS session.
> > > >
> > > > This looks sooooo MUCH better than server publishing to me ;-)
> > > >
> > > > Thanks to Jim (again) for the crucial "next step" link!
> > > >
> > > > Cheers
> > > >
> > > > JJ
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> > > > Sent: 13 February 2008 15:19
> > > > To: isapros@xxxxxxxxxxxxx
> > > > Subject: [isapros] Re: SCCM and ISA - Worth a shot!
> > > >
> > > > Actually, in re-examining the idea, there is no UPN for a
> > > > computer account (and no place I can see to add one).
> > > > It'll take some playing to find out if it can work and 
> if so, how.
> > > >
> > > > -----Original Message-----
> > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones
> > > > Sent: Wednesday, February 13, 2008 3:19 AM
> > > > To: isapros@xxxxxxxxxxxxx
> > > > Subject: [isapros] Re: SCCM and ISA - Worth a shot!
> > > >
> > > > Ok, this seems to make sense - need to have a look at see how
> > > > achievable it is. The best practice for issuing client
> > > > certificates for Internet SCCM clients is to use a standalone
> > > > CA (as they are not part of AD), so I guessing this options
> > > > is not workable - correct?
> > > >
> > > > If I **can** just get ISA to validate the certs, I should
> > > > then just be able to KCD them to the IIS server - yes?
> > > >
> > > > -----Original Message-----
> > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> > > > Sent: 09 February 2008 02:27
> > > > To: isapros@xxxxxxxxxxxxx
> > > > Subject: [isapros] Re: SCCM and ISA - Worth a shot!
> > > >
> > > > Here's one for Tim to shoot down:
> > > >
> > > > Since machine auth certificates are built by default using
> > > > DNS names (subj = "CN=host.domain.tld", SAN = "DNS
> > > > Name=host.domain.tld") and not UPN ("account@xxxxxxxxxx"),
> > > > it's impossible for Windows to resolve the cert to an
> > > > account.  You could try using certreq (supp tools) to build a
> > > > machine cert that uses UPN format (machine$@domain.tld) in
> > > > the subject and/or SAN (you'll probably have to play a bit)
> > > > and include "domain\domain computers" in an ISA "Windows user
> > > > group".  ..all speculation, of course...
> > > >
> > > > -----Original Message-----
> > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones
> > > > Sent: Friday, February 08, 2008 6:23 AM
> > > > To: isapros@xxxxxxxxxxxxx
> > > > Subject: [isapros] Re: SCCM and ISA - Worth a shot!
> > > >
> > > > Right, done a little more testing (playing) with this and
> > > > here are my findings, I think I got the skinny on this, but a
> > > > sanity check would be good :)
> > > >
> > > > Option 1: Use Server Publishing
> > > >
> > > > Results - SCCM client can authenticate to IIS on the SCCM
> > > > management point using it's own personal client certificate
> > > > and be fully managed, deployed with software/patches etc.
> > > >
> > > > Pros - Everything works
> > > > Cons - Not ideal and ISA isn't adding a lot of value here as
> > > > having to use Server publishing.
> > > >
> > > > Option 2: Use Web Publishing without KCD
> > > >
> > > > Results - I can only get this to work by configuring the ISA
> > > > listener for no auth and then use the "use a client cert to
> > > > authenticate to the SSL web server" option on the bridging
> > > > tab. If enable the "SSL client auth" option on the web
> > > > listener, ISA attempts to validate the certificate with AD,
> > > > HOWEVER the client certs are issued to Internet clients who
> > > > are not members of AD and hence have no validity with AD.
> > > > Hence ISA gives a 401 error, kinda as expected.
> > > >
> > > > Pros - Everything works and ISA **can** inspect the 
> HTTP requests
> > > > Cons - We have no way of authenticating external clients and
> > > > they all appear to "hide" behind the ISA Server client
> > > > certificate. This means any SCCM client, even without a
> > > > client cert, can connect as ISA will perform the actual
> > > > client auth request by the internal IIS server on the
> > > > management point. This seems unworkable from what I can tell
> > > > as SCCM will only ever see one client...
> > > >
> > > > Option 3: Use Web Publishing with KCD
> > > >
> > > > Results - As ISA cannot validate the client certificate with
> > > > AD, we don't even get a chance to perform delegation to the
> > > > IIS server on the SCCM management point. Hence this option is
> > > > a non-starter.
> > > >
> > > > Cons - Fundamentally flawed :-) (I think)
> > > >
> > > > Does all of this look correct or have I missed some options
> > > > or misunderstood something?
> > > >
> > > > From my understanding FOR THIS PARTICULUAR SCENARIO, I have
> > > > no choice but to accept defeat and go for server publishing???
> > > >
> > > > As ever, thanks for any input/comments...
> > > >
> > > > Cheers
> > > >
> > > > JJ
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> > > > Sent: 02 February 2008 15:17
> > > > To: isapros@xxxxxxxxxxxxx
> > > > Subject: [isapros] Re: SCCM and ISA - Worth a shot!
> > > >
> > > > Yes; that makes sense.
> > > > It's a shame that there is no good way to do this but that's
> > > > the benefit of client-cert auth; MITM is very difficult to
> perform.
> > > >
> > > > Something to note about this process; any "SSL inspection"
> > > > methodology is going to break client cert auth.  This is
> > > > equally true of the BlueCoat & ClearTunnel offerings.  Once
> > > > you crack the SSL channel, the certs have to be "mimicked" to
> > > > each side.  This is how they both work - by "reissuing" the
> > > > server certificate and terminating the SSL session at the
> > > > proxy so that the internal traffic can be inspected.
> > > > While it's relatively simple to use your proxy as an
> > > > intermediate CA because you can define a trust for it to your
> > > > users, doing so for the Internet folks is much more difficult
> > > > (and expensive!).  They have to trust your proxy as an
> > > > intermediate CA if your "reissued" client cert is to be
> > > > worthwhile.  Odds are, this just ain't happening.
> > > >
> > > > I can't speak to any future plans here (obviously), but I'm
> > > > not a personal fan of Cardspace.  Perhaps some more research
> > > > will ease my concerns...
> > > >
> > > > Jim
> > > >
> > > > -----Original Message-----
> > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Stefaan
> Pouseele
> > > > Sent: Saturday, February 02, 2008 2:19 AM
> > > > To: isapros@xxxxxxxxxxxxx
> > > > Subject: [isapros] Re: SCCM and ISA - Worth a shot!
> > > >
> > > > Hi Jim,
> > > >
> > > > maybe I should rephrase my statement in order to clarify
> > > > better what I mean.
> > > >
> > > >
> > > > Whenever the application insist on the client cert itself
> > > > then nothing much
> > > > you can do but using server publishing. A classic example I
> > > > encounter every
> > > > day is the use of the Belgium e-ID to authenticate to a web
> > > > application. In
> > > > this scenario you can't use delegation or user mapping at all
> > > > because the
> > > > users aren't known beforehand. Moreover, in many cases the
> > > > application must
> > > > be able to read some stuff out of the e-ID. In short, a
> > > > number of reasons
> > > > why pre-authentication isn't possible and therefore SSL 
> bridging.
> > > >
> > > > I wonder how 'Windows Cardspace' or in more general terms
> > > 'Information
> > > > Cards' and 'WS-*' can/will cooperate in a pre-authentication
> > > > scenario with
> > > > ISA server?
> > > >
> > > > Kindly,
> > > > Stefaan
> > > >
> > > > -----Original Message-----
> > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On
> > > > Behalf Of Jim Harrison
> > > > Sent: vrijdag 1 februari 2008 19:58
> > > > To: isapros@xxxxxxxxxxxxx
> > > > Subject: [isapros] Re: SCCM and ISA - Worth a shot!
> > > >
> > > > I'm actually very surprised you take this position.
> > > > If ISA can terminate the SSL session (required for ISA to
> > > > handle client
> > > > certs), then you can apply the HTTP smarts ISA brings for the
> > table.
> > > > Server publishing SSL can't accomplish this.
> > > >
> > > > Jim
> > > >
> > > > -----Original Message-----
> > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On
> > > > Behalf Of Stefaan Pouseele
> > > > Sent: Friday, February 01, 2008 8:41 AM
> > > > To: isapros@xxxxxxxxxxxxx
> > > > Subject: [isapros] Re: SCCM and ISA - Worth a shot!
> > > >
> > > > Hi Jason,
> > > >
> > > >
> > > >
> > > > my reasoning, whenever client certs are involved, use server
> > > > publishing.
> > > > Nothing ISA can do to enhance the security.
> > > >
> > > >
> > > >
> > > > HTH,
> > > >
> > > > Stefaan
> > > >
> > > >
> > > >
> > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On
> > > > Behalf Of Jason Jones
> > > > Sent: vrijdag 1 februari 2008 16:49
> > > > To: isapros@xxxxxxxxxxxxx
> > > > Subject: [isapros] Re: SCCM and ISA - Worth a shot!
> > > >
> > > >
> > > >
> > > > Hi All,
> > > >
> > > >
> > > >
> > > > Any more thoughts on this?
> > > >
> > > >
> > > >
> > > > From what I now understand, the SCCM client is using a client
> > > > auth cert to
> > > > authenticate to the IIS instance running on the SCCM
> > > management point
> > > > (mutual cert auth).
> > > >
> > > >
> > > >
> > > > We are getting  close to SCCM deployments where customers
> > > > want IBCM, but the
> > > > only ISA Server solution I can get working is to use SSL
> > > > tunnelling (server
> > > > publishing). I have tried various web publishing
> > > > configurations and none of
> > > > them seem to work - I have tried the following:
> > > >
> > > >
> > > >
> > > > *         Simple web publishing , ISA listener with no
> > > > authentication and
> > > > "allow client to authenticate" defined in the delegation tab
> > > > - assumed this
> > > > would just use pass-through auth to the IIS website to allow
> > > > for this to do
> > > > the client auth.
> > > >
> > > > *         Pre-auth web publishing, ISA listener using client
> > > > cert auth and
> > > > then KCD to delegate to IIS.
> > > >
> > > >
> > > >
> > > > Do we think that one of these should work, or is web
> > > > publishing for SCCM
> > > > IBCM fundamentally flawed?
> > > >
> > > >
> > > >
> > > > Anyone actually got it working??? I know SCCM is quite new,
> > > > but are we just
> > > > too ahead of the curve here?
> > > >
> > > >
> > > >
> > > > Cheers
> > > >
> > > >
> > > >
> > > > JJ
> > > >
> > > >
> > > >
> > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On
> > > > Behalf Of Jason Jones
> > > > Sent: 19 October 2007 08:50
> > > > To: isapros@xxxxxxxxxxxxx
> > > > Subject: [isapros] Re: SCCM and ISA - Worth a shot!
> > > >
> > > >
> > > >
> > > > Hi t,
> > > >
> > > >
> > > >
> > > > I was hoping to do the former and then use KCD, but from what
> > > > I gather SCCM
> > > > is using computer based certs - I believe this makes things
> > > > harder?. Not
> > > > really comes across this scenario before...I currently have
> > > > it working in
> > > > the lab using server publishing, but I cannot bear the
> > > > thought of doing this
> > > > for customers...
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On
> > > > Behalf Of Thor (Hammer of God)
> > > > Sent: 18 October 2007 22:15
> > > > To: isapros@xxxxxxxxxxxxx
> > > > Subject: [isapros] Re: SCCM and ISA - Worth a shot!
> > > >
> > > >
> > > >
> > > > While I've not used SCCM, I've done a good bit of work with
> > > different
> > > > certificate-based authentication models.  Are you
> > > considering using a
> > > > web-listener configured for SSL Client Certificate
> > > > Authentication, or just
> > > > web-publishing to a back-end web server where it will do its own
> > > > certificate-to-user mapping?
> > > >
> > > >
> > > >
> > > > t
> > > >
> > > >
> > > >
> > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On
> > > > Behalf Of Jason Jones
> > > > Sent: Thursday, October 18, 2007 1:11 PM
> > > > To: isapros@xxxxxxxxxxxxx
> > > > Subject: [isapros] Re: SCCM and ISA - Worth a shot!
> > > >
> > > >
> > > >
> > > > Did this Q get hidden within Amy's posts or is it a big fat
> > > > "don't know"? J
> > > >
> > > >
> > > >
> > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On
> > > > Behalf Of Jason Jones
> > > > Sent: 17 October 2007 00:49
> > > > To: isapros@xxxxxxxxxxxxx
> > > > Subject: [isapros] SCCM and ISA - Worth a shot!
> > > >
> > > >
> > > >
> > > > Hi,
> > > >
> > > >
> > > >
> > > > Has anyone used ISA with System Centre Configuration Manager
> > > > (SCCM) yet?
> > > > Specifically when using Native mode (e.g. full-on PKI mode).
> > > >
> > > >
> > > >
> > > > The initial documentation is a little patchy and seems to
> > > > contradict itself
> > > > between using Web Publishing and Server Publishing when using
> > > > Internet based
> > > > clients that cannot back into the CM server. The SCCM
> > > > documentation talks
> > > > about lots of perimeter and internet-facing scenarios, but I
> > > > want to try and
> > > > use an ISA based model in a similar way to protecting 
> Exchange or
> > > > SharePoint. A quote from Jim comes to mind "..we don't need
> > > > no stinking
> > > > DMZs"
> > > >
> > > >
> > > >
> > > > Ideally I want to use Web Publishing, but all communications
> > > > in SCCM utilise
> > > > client certificate based authentication.
> > > >
> > > >
> > > >
> > > > Am I right in thinking I can use ISA Web publishing combined
> > > > with KCD to
> > > > secure access from CM clients to the CM server?
> > > >
> > > >
> > > >
> > > > Answers that tell me that I have to use Server Publishing
> > > > will make me cry,
> > > > so please be sensitive
> > > >
> > > >
> > > >
> > > > Thanks in advance...
> > > >
> > > >
> > > >
> > > > Cheers
> > > >
> > > >
> > > >
> > > > JJ
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > ________________________________
> > > >
> > > > This email and any files transmitted with it are confidential
> > > > and intended
> > > > solely for the use of the individual to whom it is addressed.
> > > > If you have
> > > > received this email in error, or if you believe this email is
> > > > unsolicited
> > > > and wish to be removed from any future mailings, please
> > > > contact our Support
> > > > Desk immediately on 01202 360360 or email
> > helpdesk@xxxxxxxxxxxxxxxxx
> > > >
> > > > If this email contains a quotation then unless otherwise
> > > > stated it is valid
> > > > for 7 days and offered subject to Silversands Professional
> > > > Services Terms
> > > > and Conditions, a copy of which is available on request. Any
> > pricing
> > > > information, design information or information 
> concerning specific
> > > > Silversands' staff contained in this email is considered
> > > > confidential or of
> > > > commercial interest and exempt from the Freedom of
> > > > Information Act 2000.
> > > >
> > > > Any view or opinions presented are solely those of the author
> > > > and do not
> > > > necessarily represent those of Silversands
> > > >
> > > > Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX.
> > > > Company Registration Number : 2141393.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > This email and any files transmitted with it are confidential
> > > > and intended solely for the use of the individual to whom it
> > > > is addressed.  If you have received this email in error, or
> > > > if you believe this email is unsolicited and wish to be
> > > > removed from any future mailings, please contact our Support
> > > > Desk immediately on 01202 360360 or email
> > helpdesk@xxxxxxxxxxxxxxxxx
> > > >
> > > > If this email contains a quotation then unless otherwise
> > > > stated it is valid for 7 days and offered subject to
> > > > Silversands Professional Services Terms and Conditions, a
> > > > copy of which is available on request. Any pricing
> > > > information, design information or information concerning
> > > > specific Silversands' staff contained in this email is
> > > > considered confidential or of commercial interest and exempt
> > > > from the Freedom of Information Act 2000.
> > > >
> > > > Any view or opinions presented are solely those of the author
> > > > and do not necessarily represent those of Silversands
> > > >
> > > > Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX.
> > > > Company Registration Number : 2141393.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > This email and any files transmitted with it are confidential
> > > > and intended solely for the use of the individual to whom it
> > > > is addressed.  If you have received this email in error, or
> > > > if you believe this email is unsolicited and wish to be
> > > > removed from any future mailings, please contact our Support
> > > > Desk immediately on 01202 360360 or email
> > helpdesk@xxxxxxxxxxxxxxxxx
> > > >
> > > > If this email contains a quotation then unless otherwise
> > > > stated it is valid for 7 days and offered subject to
> > > > Silversands Professional Services Terms and Conditions, a
> > > > copy of which is available on request. Any pricing
> > > > information, design information or information concerning
> > > > specific Silversands' staff contained in this email is
> > > > considered confidential or of commercial interest and exempt
> > > > from the Freedom of Information Act 2000.
> > > >
> > > > Any view or opinions presented are solely those of the author
> > > > and do not necessarily represent those of Silversands
> > > >
> > > > Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX.
> > > > Company Registration Number : 2141393.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > This email and any files transmitted with it are confidential
> > > > and intended solely for the use of the individual to whom it
> > > > is addressed.  If you have received this email in error, or
> > > > if you believe this email is unsolicited and wish to be
> > > > removed from any future mailings, please contact our Support
> > > > Desk immediately on 01202 360360 or email
> > helpdesk@xxxxxxxxxxxxxxxxx
> > > >
> > > > If this email contains a quotation then unless otherwise
> > > > stated it is valid for 7 days and offered subject to
> > > > Silversands Professional Services Terms and Conditions, a
> > > > copy of which is available on request. Any pricing
> > > > information, design information or information concerning
> > > > specific Silversands' staff contained in this email is
> > > > considered confidential or of commercial interest and exempt
> > > > from the Freedom of Information Act 2000.
> > > >
> > > > Any view or opinions presented are solely those of the author
> > > > and do not necessarily represent those of Silversands
> > > >
> > > > Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX.
> > > > Company Registration Number : 2141393.
> > > >
> > > >
> > > >
> > > > This email and any files transmitted with it are confidential
> > > > and intended solely for the use of the individual to whom it
> > > > is addressed.  If you have received this email in error, or
> > > > if you believe this email is unsolicited and wish to be
> > > > removed from any future mailings, please contact our Support
> > > > Desk immediately on 01202 360360 or email
> > helpdesk@xxxxxxxxxxxxxxxxx
> > > >
> > > > If this email contains a quotation then unless otherwise
> > > > stated it is valid for 7 days and offered subject to
> > > > Silversands Professional Services Terms and Conditions, a
> > > > copy of which is available on request. Any pricing
> > > > information, design information or information concerning
> > > > specific Silversands' staff contained in this email is
> > > > considered confidential or of commercial interest and exempt
> > > > from the Freedom of Information Act 2000.
> > > >
> > > > Any view or opinions presented are solely those of the author
> > > > and do not necessarily represent those of Silversands
> > > >
> > > > Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX.
> > > > Company Registration Number : 2141393.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > This email and any files transmitted with it are confidential
> > > > and intended solely for the use of the individual to whom it
> > > > is addressed.  If you have received this email in error, or
> > > > if you believe this email is unsolicited and wish to be
> > > > removed from any future mailings, please contact our Support
> > > > Desk immediately on 01202 360360 or email
> > helpdesk@xxxxxxxxxxxxxxxxx
> > > >
> > > > If this email contains a quotation then unless otherwise
> > > > stated it is valid for 7 days and offered subject to
> > > > Silversands Professional Services Terms and Conditions, a
> > > > copy of which is available on request. Any pricing
> > > > information, design information or information concerning
> > > > specific Silversands' staff contained in this email is
> > > > considered confidential or of commercial interest and exempt
> > > > from the Freedom of Information Act 2000.
> > > >
> > > > Any view or opinions presented are solely those of the author
> > > > and do not necessarily represent those of Silversands
> > > >
> > > > Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX.
> > > > Company Registration Number : 2141393.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > This email and any files transmitted with it are confidential
> > > > and intended solely for the use of the individual to whom it
> > > > is addressed.  If you have received this email in error, or
> > > > if you believe this email is unsolicited and wish to be
> > > > removed from any future mailings, please contact our Support
> > > > Desk immediately on 01202 360360 or email
> > helpdesk@xxxxxxxxxxxxxxxxx
> > > >
> > > > If this email contains a quotation then unless otherwise
> > > > stated it is valid for 7 days and offered subject to
> > > > Silversands Professional Services Terms and Conditions, a
> > > > copy of which is available on request. Any pricing
> > > > information, design information or information concerning
> > > > specific Silversands' staff contained in this email is
> > > > considered confidential or of commercial interest and exempt
> > > > from the Freedom of Information Act 2000.
> > > >
> > > > Any view or opinions presented are solely those of the author
> > > > and do not necessarily represent those of Silversands
> > > >
> > > > Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX.
> > > > Company Registration Number : 2141393.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > This email and any files transmitted with it are confidential
> > > > and intended solely for the use of the individual to whom it
> > > > is addressed.  If you have received this email in error, or
> > > > if you believe this email is unsolicited and wish to be
> > > > removed from any future mailings, please contact our Support
> > > > Desk immediately on 01202 360360 or email
> > helpdesk@xxxxxxxxxxxxxxxxx
> > > >
> > > > If this email contains a quotation then unless otherwise
> > > > stated it is valid for 7 days and offered subject to
> > > > Silversands Professional Services Terms and Conditions, a
> > > > copy of which is available on request. Any pricing
> > > > information, design information or information concerning
> > > > specific Silversands' staff contained in this email is
> > > > considered confidential or of commercial interest and exempt
> > > > from the Freedom of Information Act 2000.
> > > >
> > > > Any view or opinions presented are solely those of the author
> > > > and do not necessarily represent those of Silversands
> > > >
> > > > Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX.
> > > > Company Registration Number : 2141393.
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> > >
> > >
> 
> 
> 
> 

• Follow-Ups:
  • [isapros] Re: SCCM and ISA - Worth a shot!
    • From: Thor (Hammer of God)

Other related posts:

• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!
• » [isapros] Re: SCCM and ISA - Worth a shot!

1. Home
2. isapros
3. Archive
4. 02-2008

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---