Re: How to disable all applications by default

Tech-Archive recommends: Fix windows errors by optimizing your registry

Thanks for answering my question Jim.
I've got say that I'm pretty disappointed in Microsoft if this is the case.

Any like minded IT security people know that security products "deny by
default" and only authorised connections/applications are permitted.

The firewall client (which is a great enabler) is now worthless to us, as
undesirable applications will be able to access the Internet unless we know
the name of all of them so we can disable all of them . This equals a massive
administration overhead for us.

What do you do in your organisation ??
"Jim Harrison (MSFT)" wrote:

Sorry - this isn't possible.
The Firewall client is designed to be an "enabler".

--
--
Jim Harrison [ISA SE]
Read the help, books and articles!

This posting is provided "AS IS" with no warranties, and confers no rights.

"KT" <KT@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:416A97B4-2C42-4157-AFFE-09BCA56FE1D5@xxxxxxxxxxxxxxxx
Yes by default ISA's firewall policy will deny all by default.
Sorry I should have made myself clearer.

We have a rule in the firewall policy that allows our Internal network to be
able to access the Internet (External) via HTTP.

Now when using the firewall client this rule allows any application to
access the Internet via HTTP even if it is not listed in the application
settings under the Firewall Client on the ISA server.

I want to be able to disable all applications by default and then only
enable specific ones that we want to access the Internet i.e. iexplore.exe
acrord32.exe realplayer etc.

Is this Possible ?? The ISA documentation from Microsoft is very limited
(unless I'm looking in the wrong place)
BTW - We are running Win 2003 Sp1 with ISA2004 SP2.

"Asher_N" wrote:

ISA is set to Deny All by default.

=?Utf-8?B?S1Q=?= <KT@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
news:91477FB8-9B71-43D9-A0A2-B2B0487901AF@xxxxxxxxxxxxx:

Hi - Is it possible to deny all applications access to the Internet by
default when using the Firewall client and ISA 2004 SP2 ??

I know you can disable individual applications but I want to be able
to deny all applications and only allow a handful of specific ones.

Thanks for your help.
Kurt.






.

Relevant Pages

  • RE: ISA 2004 - Internet Access without using Firewall Client
    ... you can not install ISA firewall client on mobile laptops but meanwhile ... make the laptops to access Internet through ISA server. ... we can make the laptops to access Internet without ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS Internet access Rule Question
    ... and Firewall Clients do not use the "default gateway" to access the ISA. ... Microsoft Internet Security & Acceleration Server: ... Install the Firewall Client and it will probalby work fine. ... access and when UserA is logged on to her workstation, ...
    (microsoft.public.isa)
  • Re: How to disable all applications by default
    ... It was never intended to be an "extension" of ISA policy. ... The Firewall client is designed to be an "enabler". ... able to access the Internet via HTTP. ... I want to be able to disable all applications by default and then only ...
    (microsoft.public.isa.clients)
  • Re: Firewall Client cannot connect to ISA
    ... Jim Harrison (ISA SE) ... Connecting internal ... Firewall Client from the wireless perimeter does not. ... Other connections e.g. surfing on the internet works ...
    (microsoft.public.isa.clients)
  • RE: GPO that forces users to use a proxy server.
    ... ISA 2004 doesn't add anything that will make this problem any easier to solve. ... If the browser is configured to use a specific proxy, it'll stick with that idea, come what may. ... Another thing to keep in mind; if you use a firewall client on the laptops, this can adversely affect your client's ability to "switch modes" when they go home. ... proxy sever for there internet access in the company, ...
    (Focus-Microsoft)