RE: Client computer has defeated Microsoft ISA

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

I work at a site that has a Windows 2003 SBS running Microsoft ISA (maybe
2004 or 2005 -sorry not at the site now)

Must be ISA 2004.

Here's my problem. One user refuses to accept limits and has found a way to
circumvent the restrictions. His computer, even though his IP address is
one of the restricted numbers, has total and completely unrestricted
Internet Access.

Check your rules. Is ther any user based rules? He might be having password
for a user account that is allowed access.
Is he able to change his IP? You should prevent that from group policy
because if he figures out the unrestricted IP range, he can use it on his PC.

My recommendation is to use user-based rules rather than IP-based rules for
internet access.


Whatever he has done has also been propagated to
a Windows 98 computer.

There's no way this "propagation" can happen by itself. Check your rules.

--
Shijaz Abdulla
MCSE:Security, CCNA
www.shijaz.com/isaserver


"Homer L. Hazel" wrote:

Greetings,

I work at a site that has a Windows 2003 SBS running Microsoft ISA (maybe
2004 or 2005 -sorry not at the site now) on which I have set up restricted
and unrestricted users. These are a list of IP addresses of client
computers that either will have unlimited access to the Internet or else
have limited access using a whitelist of destinations that were entered.

The 2003 SBS server has 2 network cards, 1 to the Internet via DSL and the
other to a local switch so that ALL Internet traffic has to pass through the
server.

This setup has worked well for a couple of years and has limited the
appropriate users to only the whitelist.

Here's my problem. One user refuses to accept limits and has found a way to
circumvent the restrictions. His computer, even though his IP address is
one of the restricted numbers, has total and completely unrestricted
Internet Access.

I've looked at his computer and I have not had any success in figuring out
how he is able to do this. Whatever he has done has also been propagated to
a Windows 98 computer. By the way, he's running Windows XP SP-2.

Any suggestions?

I don't know if I have access to this site from the client's office, so if
you could please forward your comments to

homerNO-SPAM-PLEASE@xxxxxxxxxxxx


Thank you



.

Relevant Pages

  • Re: Client computer has defeated Microsoft ISA
    ... I don't have any sort of ISA toolbox choice. ... Add --> Windows User group and select the group you created. ... Users: Full Access User set ... Internet Access. ...
    (microsoft.public.isa.clients)
  • RE: Client computer has defeated Microsoft ISA
    ... Okay - Shijaz, ... Must be ISA 2004. ... Internet Access. ... I work at a site that has a Windows 2003 SBS running Microsoft ISA (maybe ...
    (microsoft.public.isa.clients)
  • RE: Client computer has defeated Microsoft ISA
    ... Must be ISA 2004. ... circumvent the restrictions. ... Internet Access. ... I work at a site that has a Windows 2003 SBS running Microsoft ISA (maybe ...
    (microsoft.public.isa.clients)
  • VPN on ISA 2000 on MS 2000 Server?
    ... I currently have 1 ISA Server 2000 installed on a MS ... Windows 2000 server. ... It is used for internet access and ...
    (microsoft.public.isa.vpn)
  • RE: Group Policy - Restrict Internet Access by OU?
    ... you could not find ISA on SBS 2003, you can use SBS premium technology disk ... to install ISA server. ... restrict internet access on special user group. ...
    (microsoft.public.windows.server.sbs)