[isapros] Re: SCCM and ISA - Worth a shot!
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isapros@xxxxxxxxxxxxx>
- Date: Mon, 18 Feb 2008 09:20:38 -0600
Hi Jason,
The problem with other product teams creating ISA related docs is they
end up making a disaster out of the situation. Look at the Exchange team
and their continued insistence on the "hork mode sandwich". The same can
be said for the other teams who try to put together ISA guidance. So,
we're probably better off letting the ISA docs team put this stuff
together.
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones
> Sent: Monday, February 18, 2008 8:53 AM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: SCCM and ISA - Worth a shot!
>
> Happy with that label if it gets things moving :-)
>
> Yeah, I know you're right, but kinda frustrating when the
> product teams recommend SSL bridging, but there is no actual
> guidance on how to achieve it. I know they are trying to be
> firewall agnostic, but there should still be a 'how to' for
> those that are lucky enough to have ISA (and want to use it properly).
>
> In an ideal world, I think MS should have both ISA and SCW
> guidance for every new (>2006) product that launches to
> provide a robust security model for those who are willing to
> use the tools properly. Hey, maybe this is me being nieve,
> but it sounds like a pretty reasonable task and the ISA docs
> should be driven by the other product teams to make sure they
> are doing it correctly.
>
> Anyhow, back to the real world where partners have to "guess
> the best practice" until something official appears :-P
>
> Thanks again to all for the pointers...
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: 18 February 2008 14:38
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: SCCM and ISA - Worth a shot!
>
> The ISADocs team (isadocs@xxxxxxxxxxxxx; <duh> :-p) noted
> this discussion & blog. Since you started it, you're the
> troublemaker; so there - thpthpthpthp.
>
> Riiiiight...
> ..so the ISA team will start reviewing every document
> produced by every product team at Microsoft (yes; including
> XBox) to determine its suitability and accuracy for ISA Server..?
> ..or... the ISA team will test every Microsoft product prior
> to its release to determine its suitability to exist on a
> corporate network and the traffic profile created by said device..?
>
> How many people do you think we have? We have a hard enough
> time just keeping up with the Exchange team...
> There _are_ teams that steadfastly refuse to take our advice
> on proper application publishing methodology, which makes the
> job all that much harder.
>
> BTW, the UPN idea happened right here, not 5 minutes before I
> typed it. You witnessed the birth of a near-original
> thought. Don't get used to it... :-)
>
> Jim
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones
> Sent: Monday, February 18, 2008 1:20 AM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: SCCM and ISA - Worth a shot!
>
> Why??? :-)
>
> It might be nice if the ISA team documented how to configure
> ISA for new MS products BEFORE the product teams make it up! :-P
>
> Yeah, I think the UPN idea is much slicker...
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: 17 February 2008 18:25
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: SCCM and ISA - Worth a shot!
>
> Troublemaker.
> Now I have the ISA doc team going nuts.
> Adam really took the hard way about it, didn't he?
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones
> Sent: Friday, February 15, 2008 12:51 AM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: SCCM and ISA - Worth a shot!
>
> At last, some feedback from MS...
>
> http://blogs.msdn.com/ameltzer/archive/2008/02/14/firewalls-an
> d-internet-based-client-management-part-2-isa-bridging.aspx
>
> It seems I was pretty much spot on in my final config!
>
> Personally, I like the idea of creating machine based subject
> names (UPN format) and then creating fake computer accounts -
> this seems more logical as SCCM is based around machine
> management and not user management.
>
> Jim => Will try to test the KCD stuff later...
>
> Cheers
>
> JJ
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: 14 February 2008 21:23
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: SCCM and ISA - Worth a shot!
>
> Of course...
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones
> Sent: Thursday, February 14, 2008 9:38 AM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: SCCM and ISA - Worth a shot!
>
> Ok, will give it a try...you keen to know the result?
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: 14 February 2008 17:03
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: SCCM and ISA - Worth a shot!
>
> If you ditch the client certs requirement, you can test KCD.
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones
> Sent: Thursday, February 14, 2008 12:57 AM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: SCCM and ISA - Worth a shot!
>
> Nope, SCCM web instance at default and "require client certs" enabled.
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: 13 February 2008 18:08
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: SCCM and ISA - Worth a shot!
>
> Actually, I'd be surprised to learn that KCD works for
> non-user accounts.
> Did you remove "require client certificates" from the SCCM
> web instance?
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones
> Sent: Wednesday, February 13, 2008 8:51 AM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: SCCM and ISA - Worth a shot!
>
> P.S. I also had to make sure the certificate on the SCCM
> management point had the external FQDN as the CN and first
> SAN to avoid the current issue with ISA and SAN certs ;-)
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones
> Sent: 13 February 2008 16:35
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: SCCM and ISA - Worth a shot!
>
> Well.....................it does work!!! :-) mucho :-)
>
> I had to use the online CA, and use a new template that
> allows the subject name to be defined in the request and the
> cert private key to be exported. I then used
> homepc$@domain.com in the cert requests subject line and
> exported the cert onto the client. I then added a fake
> computer object to the domain called homepc$. Once these were
> both done, ISA was then able to authenticate the client cert,
> and I got one step closer...hurrah!
>
> However, I can't get KCD to work, but think this is more an
> issue with SCCM than ISA, as everything looks right and I
> don't get and KCD alerts (which you normally get when it is
> wrong!). If I use the bridging option to specify ISAs own
> client cert I have a fully working setup. I think this
> actually now makes sense based upon how SCCM works.
>
> To tie this down even more, I have then created a group
> called 'SCCM Internet clients' and added homepc$, then
> configured the web pubs rule to use this group.
>
> So, unless I am mistaken we now have the following scenario:
>
> * ISA pre-auth'ing all clients based upon their client
> certificates, no cert, no dice! (I like preauth)
> * ISA is in reverse web proxy and can HTTP inspect all
> traffic (will tie down allowed verbs as next step)
> * ISA SSL bridges to SCCM management point and provides it's
> own client auth cert to satisfy the MP
> * SCCM client specifies a special GUID in the packets (as I
> have now found out) so the cert provided by ISA is not
> actually used to identify the client, just to setup the
> mutual TLS session.
>
> This looks sooooo MUCH better than server publishing to me ;-)
>
> Thanks to Jim (again) for the crucial "next step" link!
>
> Cheers
>
> JJ
>
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: 13 February 2008 15:19
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: SCCM and ISA - Worth a shot!
>
> Actually, in re-examining the idea, there is no UPN for a
> computer account (and no place I can see to add one).
> It'll take some playing to find out if it can work and if so, how.
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones
> Sent: Wednesday, February 13, 2008 3:19 AM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: SCCM and ISA - Worth a shot!
>
> Ok, this seems to make sense - need to have a look at see how
> achievable it is. The best practice for issuing client
> certificates for Internet SCCM clients is to use a standalone
> CA (as they are not part of AD), so I guessing this options
> is not workable - correct?
>
> If I **can** just get ISA to validate the certs, I should
> then just be able to KCD them to the IIS server - yes?
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: 09 February 2008 02:27
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: SCCM and ISA - Worth a shot!
>
> Here's one for Tim to shoot down:
>
> Since machine auth certificates are built by default using
> DNS names (subj = "CN=host.domain.tld", SAN = "DNS
> Name=host.domain.tld") and not UPN ("account@xxxxxxxxxx"),
> it's impossible for Windows to resolve the cert to an
> account. You could try using certreq (supp tools) to build a
> machine cert that uses UPN format (machine$@domain.tld) in
> the subject and/or SAN (you'll probably have to play a bit)
> and include "domain\domain computers" in an ISA "Windows user
> group". ..all speculation, of course...
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones
> Sent: Friday, February 08, 2008 6:23 AM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: SCCM and ISA - Worth a shot!
>
> Right, done a little more testing (playing) with this and
> here are my findings, I think I got the skinny on this, but a
> sanity check would be good :)
>
> Option 1: Use Server Publishing
>
> Results - SCCM client can authenticate to IIS on the SCCM
> management point using it's own personal client certificate
> and be fully managed, deployed with software/patches etc.
>
> Pros - Everything works
> Cons - Not ideal and ISA isn't adding a lot of value here as
> having to use Server publishing.
>
> Option 2: Use Web Publishing without KCD
>
> Results - I can only get this to work by configuring the ISA
> listener for no auth and then use the "use a client cert to
> authenticate to the SSL web server" option on the bridging
> tab. If enable the "SSL client auth" option on the web
> listener, ISA attempts to validate the certificate with AD,
> HOWEVER the client certs are issued to Internet clients who
> are not members of AD and hence have no validity with AD.
> Hence ISA gives a 401 error, kinda as expected.
>
> Pros - Everything works and ISA **can** inspect the HTTP requests
> Cons - We have no way of authenticating external clients and
> they all appear to "hide" behind the ISA Server client
> certificate. This means any SCCM client, even without a
> client cert, can connect as ISA will perform the actual
> client auth request by the internal IIS server on the
> management point. This seems unworkable from what I can tell
> as SCCM will only ever see one client...
>
> Option 3: Use Web Publishing with KCD
>
> Results - As ISA cannot validate the client certificate with
> AD, we don't even get a chance to perform delegation to the
> IIS server on the SCCM management point. Hence this option is
> a non-starter.
>
> Cons - Fundamentally flawed :-) (I think)
>
> Does all of this look correct or have I missed some options
> or misunderstood something?
>
> From my understanding FOR THIS PARTICULUAR SCENARIO, I have
> no choice but to accept defeat and go for server publishing???
>
> As ever, thanks for any input/comments...
>
> Cheers
>
> JJ
>
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: 02 February 2008 15:17
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: SCCM and ISA - Worth a shot!
>
> Yes; that makes sense.
> It's a shame that there is no good way to do this but that's
> the benefit of client-cert auth; MITM is very difficult to perform.
>
> Something to note about this process; any "SSL inspection"
> methodology is going to break client cert auth. This is
> equally true of the BlueCoat & ClearTunnel offerings. Once
> you crack the SSL channel, the certs have to be "mimicked" to
> each side. This is how they both work - by "reissuing" the
> server certificate and terminating the SSL session at the
> proxy so that the internal traffic can be inspected.
> While it's relatively simple to use your proxy as an
> intermediate CA because you can define a trust for it to your
> users, doing so for the Internet folks is much more difficult
> (and expensive!). They have to trust your proxy as an
> intermediate CA if your "reissued" client cert is to be
> worthwhile. Odds are, this just ain't happening.
>
> I can't speak to any future plans here (obviously), but I'm
> not a personal fan of Cardspace. Perhaps some more research
> will ease my concerns...
>
> Jim
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Stefaan Pouseele
> Sent: Saturday, February 02, 2008 2:19 AM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: SCCM and ISA - Worth a shot!
>
> Hi Jim,
>
> maybe I should rephrase my statement in order to clarify
> better what I mean.
>
>
> Whenever the application insist on the client cert itself
> then nothing much
> you can do but using server publishing. A classic example I
> encounter every
> day is the use of the Belgium e-ID to authenticate to a web
> application. In
> this scenario you can't use delegation or user mapping at all
> because the
> users aren't known beforehand. Moreover, in many cases the
> application must
> be able to read some stuff out of the e-ID. In short, a
> number of reasons
> why pre-authentication isn't possible and therefore SSL bridging.
>
> I wonder how 'Windows Cardspace' or in more general terms 'Information
> Cards' and 'WS-*' can/will cooperate in a pre-authentication
> scenario with
> ISA server?
>
> Kindly,
> Stefaan
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On
> Behalf Of Jim Harrison
> Sent: vrijdag 1 februari 2008 19:58
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: SCCM and ISA - Worth a shot!
>
> I'm actually very surprised you take this position.
> If ISA can terminate the SSL session (required for ISA to
> handle client
> certs), then you can apply the HTTP smarts ISA brings for the table.
> Server publishing SSL can't accomplish this.
>
> Jim
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On
> Behalf Of Stefaan Pouseele
> Sent: Friday, February 01, 2008 8:41 AM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: SCCM and ISA - Worth a shot!
>
> Hi Jason,
>
>
>
> my reasoning, whenever client certs are involved, use server
> publishing.
> Nothing ISA can do to enhance the security.
>
>
>
> HTH,
>
> Stefaan
>
>
>
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On
> Behalf Of Jason Jones
> Sent: vrijdag 1 februari 2008 16:49
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: SCCM and ISA - Worth a shot!
>
>
>
> Hi All,
>
>
>
> Any more thoughts on this?
>
>
>
> From what I now understand, the SCCM client is using a client
> auth cert to
> authenticate to the IIS instance running on the SCCM management point
> (mutual cert auth).
>
>
>
> We are getting close to SCCM deployments where customers
> want IBCM, but the
> only ISA Server solution I can get working is to use SSL
> tunnelling (server
> publishing). I have tried various web publishing
> configurations and none of
> them seem to work - I have tried the following:
>
>
>
> * Simple web publishing , ISA listener with no
> authentication and
> "allow client to authenticate" defined in the delegation tab
> - assumed this
> would just use pass-through auth to the IIS website to allow
> for this to do
> the client auth.
>
> * Pre-auth web publishing, ISA listener using client
> cert auth and
> then KCD to delegate to IIS.
>
>
>
> Do we think that one of these should work, or is web
> publishing for SCCM
> IBCM fundamentally flawed?
>
>
>
> Anyone actually got it working??? I know SCCM is quite new,
> but are we just
> too ahead of the curve here?
>
>
>
> Cheers
>
>
>
> JJ
>
>
>
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On
> Behalf Of Jason Jones
> Sent: 19 October 2007 08:50
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: SCCM and ISA - Worth a shot!
>
>
>
> Hi t,
>
>
>
> I was hoping to do the former and then use KCD, but from what
> I gather SCCM
> is using computer based certs - I believe this makes things
> harder?. Not
> really comes across this scenario before...I currently have
> it working in
> the lab using server publishing, but I cannot bear the
> thought of doing this
> for customers...
>
>
>
>
>
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On
> Behalf Of Thor (Hammer of God)
> Sent: 18 October 2007 22:15
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: SCCM and ISA - Worth a shot!
>
>
>
> While I've not used SCCM, I've done a good bit of work with different
> certificate-based authentication models. Are you considering using a
> web-listener configured for SSL Client Certificate
> Authentication, or just
> web-publishing to a back-end web server where it will do its own
> certificate-to-user mapping?
>
>
>
> t
>
>
>
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On
> Behalf Of Jason Jones
> Sent: Thursday, October 18, 2007 1:11 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: SCCM and ISA - Worth a shot!
>
>
>
> Did this Q get hidden within Amy's posts or is it a big fat
> "don't know"? J
>
>
>
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On
> Behalf Of Jason Jones
> Sent: 17 October 2007 00:49
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] SCCM and ISA - Worth a shot!
>
>
>
> Hi,
>
>
>
> Has anyone used ISA with System Centre Configuration Manager
> (SCCM) yet?
> Specifically when using Native mode (e.g. full-on PKI mode).
>
>
>
> The initial documentation is a little patchy and seems to
> contradict itself
> between using Web Publishing and Server Publishing when using
> Internet based
> clients that cannot back into the CM server. The SCCM
> documentation talks
> about lots of perimeter and internet-facing scenarios, but I
> want to try and
> use an ISA based model in a similar way to protecting Exchange or
> SharePoint. A quote from Jim comes to mind "..we don't need
> no stinking
> DMZs"
>
>
>
> Ideally I want to use Web Publishing, but all communications
> in SCCM utilise
> client certificate based authentication.
>
>
>
> Am I right in thinking I can use ISA Web publishing combined
> with KCD to
> secure access from CM clients to the CM server?
>
>
>
> Answers that tell me that I have to use Server Publishing
> will make me cry,
> so please be sensitive
>
>
>
> Thanks in advance...
>
>
>
> Cheers
>
>
>
> JJ
>
>
>
>
>
> ________________________________
>
> This email and any files transmitted with it are confidential
> and intended
> solely for the use of the individual to whom it is addressed.
> If you have
> received this email in error, or if you believe this email is
> unsolicited
> and wish to be removed from any future mailings, please
> contact our Support
> Desk immediately on 01202 360360 or email helpdesk@xxxxxxxxxxxxxxxxx
>
> If this email contains a quotation then unless otherwise
> stated it is valid
> for 7 days and offered subject to Silversands Professional
> Services Terms
> and Conditions, a copy of which is available on request. Any pricing
> information, design information or information concerning specific
> Silversands' staff contained in this email is considered
> confidential or of
> commercial interest and exempt from the Freedom of
> Information Act 2000.
>
> Any view or opinions presented are solely those of the author
> and do not
> necessarily represent those of Silversands
>
> Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX.
> Company Registration Number : 2141393.
>
>
>
>
>
>
> This email and any files transmitted with it are confidential
> and intended solely for the use of the individual to whom it
> is addressed. If you have received this email in error, or
> if you believe this email is unsolicited and wish to be
> removed from any future mailings, please contact our Support
> Desk immediately on 01202 360360 or email helpdesk@xxxxxxxxxxxxxxxxx
>
> If this email contains a quotation then unless otherwise
> stated it is valid for 7 days and offered subject to
> Silversands Professional Services Terms and Conditions, a
> copy of which is available on request. Any pricing
> information, design information or information concerning
> specific Silversands' staff contained in this email is
> considered confidential or of commercial interest and exempt
> from the Freedom of Information Act 2000.
>
> Any view or opinions presented are solely those of the author
> and do not necessarily represent those of Silversands
>
> Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX.
> Company Registration Number : 2141393.
>
>
>
>
>
> This email and any files transmitted with it are confidential
> and intended solely for the use of the individual to whom it
> is addressed. If you have received this email in error, or
> if you believe this email is unsolicited and wish to be
> removed from any future mailings, please contact our Support
> Desk immediately on 01202 360360 or email helpdesk@xxxxxxxxxxxxxxxxx
>
> If this email contains a quotation then unless otherwise
> stated it is valid for 7 days and offered subject to
> Silversands Professional Services Terms and Conditions, a
> copy of which is available on request. Any pricing
> information, design information or information concerning
> specific Silversands' staff contained in this email is
> considered confidential or of commercial interest and exempt
> from the Freedom of Information Act 2000.
>
> Any view or opinions presented are solely those of the author
> and do not necessarily represent those of Silversands
>
> Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX.
> Company Registration Number : 2141393.
>
>
>
>
>
> This email and any files transmitted with it are confidential
> and intended solely for the use of the individual to whom it
> is addressed. If you have received this email in error, or
> if you believe this email is unsolicited and wish to be
> removed from any future mailings, please contact our Support
> Desk immediately on 01202 360360 or email helpdesk@xxxxxxxxxxxxxxxxx
>
> If this email contains a quotation then unless otherwise
> stated it is valid for 7 days and offered subject to
> Silversands Professional Services Terms and Conditions, a
> copy of which is available on request. Any pricing
> information, design information or information concerning
> specific Silversands' staff contained in this email is
> considered confidential or of commercial interest and exempt
> from the Freedom of Information Act 2000.
>
> Any view or opinions presented are solely those of the author
> and do not necessarily represent those of Silversands
>
> Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX.
> Company Registration Number : 2141393.
>
>
>
> This email and any files transmitted with it are confidential
> and intended solely for the use of the individual to whom it
> is addressed. If you have received this email in error, or
> if you believe this email is unsolicited and wish to be
> removed from any future mailings, please contact our Support
> Desk immediately on 01202 360360 or email helpdesk@xxxxxxxxxxxxxxxxx
>
> If this email contains a quotation then unless otherwise
> stated it is valid for 7 days and offered subject to
> Silversands Professional Services Terms and Conditions, a
> copy of which is available on request. Any pricing
> information, design information or information concerning
> specific Silversands' staff contained in this email is
> considered confidential or of commercial interest and exempt
> from the Freedom of Information Act 2000.
>
> Any view or opinions presented are solely those of the author
> and do not necessarily represent those of Silversands
>
> Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX.
> Company Registration Number : 2141393.
>
>
>
>
>
> This email and any files transmitted with it are confidential
> and intended solely for the use of the individual to whom it
> is addressed. If you have received this email in error, or
> if you believe this email is unsolicited and wish to be
> removed from any future mailings, please contact our Support
> Desk immediately on 01202 360360 or email helpdesk@xxxxxxxxxxxxxxxxx
>
> If this email contains a quotation then unless otherwise
> stated it is valid for 7 days and offered subject to
> Silversands Professional Services Terms and Conditions, a
> copy of which is available on request. Any pricing
> information, design information or information concerning
> specific Silversands' staff contained in this email is
> considered confidential or of commercial interest and exempt
> from the Freedom of Information Act 2000.
>
> Any view or opinions presented are solely those of the author
> and do not necessarily represent those of Silversands
>
> Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX.
> Company Registration Number : 2141393.
>
>
>
>
>
> This email and any files transmitted with it are confidential
> and intended solely for the use of the individual to whom it
> is addressed. If you have received this email in error, or
> if you believe this email is unsolicited and wish to be
> removed from any future mailings, please contact our Support
> Desk immediately on 01202 360360 or email helpdesk@xxxxxxxxxxxxxxxxx
>
> If this email contains a quotation then unless otherwise
> stated it is valid for 7 days and offered subject to
> Silversands Professional Services Terms and Conditions, a
> copy of which is available on request. Any pricing
> information, design information or information concerning
> specific Silversands' staff contained in this email is
> considered confidential or of commercial interest and exempt
> from the Freedom of Information Act 2000.
>
> Any view or opinions presented are solely those of the author
> and do not necessarily represent those of Silversands
>
> Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX.
> Company Registration Number : 2141393.
>
>
>
>
>
> This email and any files transmitted with it are confidential
> and intended solely for the use of the individual to whom it
> is addressed. If you have received this email in error, or
> if you believe this email is unsolicited and wish to be
> removed from any future mailings, please contact our Support
> Desk immediately on 01202 360360 or email helpdesk@xxxxxxxxxxxxxxxxx
>
> If this email contains a quotation then unless otherwise
> stated it is valid for 7 days and offered subject to
> Silversands Professional Services Terms and Conditions, a
> copy of which is available on request. Any pricing
> information, design information or information concerning
> specific Silversands' staff contained in this email is
> considered confidential or of commercial interest and exempt
> from the Freedom of Information Act 2000.
>
> Any view or opinions presented are solely those of the author
> and do not necessarily represent those of Silversands
>
> Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX.
> Company Registration Number : 2141393.
>
>
>
>
>
> This email and any files transmitted with it are confidential
> and intended solely for the use of the individual to whom it
> is addressed. If you have received this email in error, or
> if you believe this email is unsolicited and wish to be
> removed from any future mailings, please contact our Support
> Desk immediately on 01202 360360 or email helpdesk@xxxxxxxxxxxxxxxxx
>
> If this email contains a quotation then unless otherwise
> stated it is valid for 7 days and offered subject to
> Silversands Professional Services Terms and Conditions, a
> copy of which is available on request. Any pricing
> information, design information or information concerning
> specific Silversands' staff contained in this email is
> considered confidential or of commercial interest and exempt
> from the Freedom of Information Act 2000.
>
> Any view or opinions presented are solely those of the author
> and do not necessarily represent those of Silversands
>
> Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX.
> Company Registration Number : 2141393.
>
>
>
>
>
> This email and any files transmitted with it are confidential
> and intended solely for the use of the individual to whom it
> is addressed. If you have received this email in error, or
> if you believe this email is unsolicited and wish to be
> removed from any future mailings, please contact our Support
> Desk immediately on 01202 360360 or email helpdesk@xxxxxxxxxxxxxxxxx
>
> If this email contains a quotation then unless otherwise
> stated it is valid for 7 days and offered subject to
> Silversands Professional Services Terms and Conditions, a
> copy of which is available on request. Any pricing
> information, design information or information concerning
> specific Silversands' staff contained in this email is
> considered confidential or of commercial interest and exempt
> from the Freedom of Information Act 2000.
>
> Any view or opinions presented are solely those of the author
> and do not necessarily represent those of Silversands
>
> Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX.
> Company Registration Number : 2141393.
>
>
>
>
Other related posts:
