Re: Domain groups
- From: Horslev <Horslev@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 23 Oct 2006 00:32:02 -0700
Hi. Yes - I made the server a domain member before installing ISA2006.
Best Regards - Michael Horslev
"Phillip Windell" wrote:
Was the ISA box already a Domain Member before the ISA software was.
installed or was it made a Domain Member afterwards?
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
The views expressed are my own (as annoying as they are), and not those of
my employer or anyone else associated with me.
"Horslev" <Horslev@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DA26C2C5-50AC-4B82-A292-D7CE024DF9FB@xxxxxxxxxxxxxxxx
Hi.
tahnks for the answer.
But it doesnt work. when I user all users in my policy i get access. When
i
use my AD user or a group I get access denied.
Can You help me futher?
/Horslev
"Phillip Windell" wrote:
You create a User Set in ISA,...then add domain users or domain groups to
the User Set. The User Set is what you use in the Access Rule.
The User Sets are more-or-less Groups but are unique to ISA. They exist
this way because not all ISA deployments are domain members and cannot
use
AD Users and Group without a RADIUS server, so the User Sets provide a
means
to group them together. This also helps you keep AD more simpler and not
have to create a bunch of special groups in AD for ISA's use, so you just
add whatever combination of AD Users and existing AD Groups to the User
Set
to get the results you want.
You may find the links that I usually leave in my signature useful.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
The views expressed are my own (as annoying as they are), and not those
of
my employer or anyone else associated with me.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------
"Horslev" <Horslev@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BD7D383F-4671-4341-AE55-D42AF4F4518C@xxxxxxxxxxxxxxxx
Hi.
Have a Windows2003 server (incl sp) and ISA 2006.
I would like to use windows domain groups to control access to certain
ports
(outgoing). But i dont seem to work.
fx:
allow: internal->external, protocols, IF member of "domain group".
I keep getting access denied i log.
HELP!
- References:
- Re: Domain groups
- From: Horslev
- Re: Domain groups
- Prev by Date: Disable Errorlog
- Next by Date: how to ask for login in ISA
- Previous by thread: Re: Domain groups
- Next by thread: Re: IBM Host on demand behind ISA Server 2004
- Index(es):
Relevant Pages
|
