RE: ISA Rules


Guess i was too eager to answer the question!

- What happens when you remove this user from the Exceptions list?

- Remove the user from the Exception list and disable any rule you've made
to block this computer. Make a COMPUTER object for this user's computer and
create rules as follows:

DENY
ALL OUTBOUND TRAFFIC
FROM <COMPUTER>
TO <EXTERNAL>
FOR ALL USERS

DENY
ALL OUTBOUND TRAFFIC
FROM <EXTERNAL>
TO <COMPUTER>
FOR ALL USERS

- You will need to prevent user from changing IP address on his workstation
(make him a regular user, not a local admin?), otherwise he can just put in
another IP and have full access using the allow rule ;)

Shijaz Abdulla

"Bitbob" wrote:

> Shijaz: The user never logs in because the client decided to enter the
> workstation as a USER so all we can do is deny access to the USER-Workstation.
>
> "Shijaz" wrote:
>
> > Why don't you just put a single rule as follows:
> >
> > DENY
> > ALL OUTBOUND TRAFFIC
> > FROM INTERNAL
> > TO EXTERNAL
> > FOR USER <username>
> >
> > Shijaz
> >
> > "Bitbob" wrote:
> >
> > > A client is trying to keep an employee off the Web. He has SBS premium and
> > > ISA 2004 installed. He has added a rule that denies all protocols from the
> > > workstation that the user uses for all users from that station to external
> > > networks. There is also a similar rule denying all inbound traffic from
> > > external networks to the worstation for all protocols for all users. Just for
> > > good measure the individual has been added as an exception to the SBS
> > > internet allow rule. However the individual in questuion is still getting on
> > > the web and the access log shows it as allowed by the SBS internet access
> > > rule(to which he was added as an exception). The only other unusual setting
> > > on this system is that the workstation is in the system as a user rather than
> > > a computer so that anyone can log on easily. Ive moved the deny rules up to 1
> > > and 2 on the rules list but this has no effect. Any ideas?
.

Relevant Pages

  • Re: sbs 2003 Clients do not have internet access
    ... As I referred in first reply, we do recommend to list any additional DNS on ... the NIC of SBS 2003 and workstation. ... |>able to access the internet. ...
    (microsoft.public.windows.server.sbs)
  • Re: New ISA 2004 Rule Not Working
    ... Looks like you removed the default SBS ... Internet Acces Rule and created your won. ... Your "Deny" rule should look identical with the exception of Action to be ... networks / To External / SBS Internet Users (AD security group where my ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2003 no client internet access
    ... What error message are you getting when a workstation fails to access the ... You said the SBS is only used as a File and Printer server. ... Did you have any internet access before you installed the second NIC? ... At a command prompt on a workstation, run "ipconfig /flushdns" and then try ...
    (microsoft.public.windows.server.sbs)
  • RE: Added a new client - it cant see the internet
    ... Thank you for posting to the SBS Newsgroup. ... you mentioned the client can access SBS ... Also, on the problematic client workstation, ... Ask this client go to a good workstation, can he/she access the Internet ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 03, (1) XP user cannot browse internet, GPO issue?
    ... ONLY to the internal nic of the SBS server for DNS, ... run the gpresult tool from any workstation you have issues with. ... One XP user cannot browse the internet ...
    (microsoft.public.windows.server.sbs)