Re: Passthrough for ISA Proxy - passthrough

From: "Noob" <jmacdonald@xxxxxxxxxxxxxxx>
Date: 10 Jan 2007 10:01:27 -0800

Phillip Windell wrote:

1. Make sure that the machine is a Domain Member so ISA can authenticate
the users against Active Directory

1. This server is in the domain

We have to be specific here. There really isn't a such thing as "in" a
Domain,...it has to specifically be a Member of the Domain,...it needed to
be that way preferably before the ISA software was installed on the machine.

1. The server is a member of the domain. The OS is 2k3 standard.

>> 2. Make sure the Rules use specific user objects. Do not use "All
Users" in any of the Rules.

2. Do I have to manualy add them in? Can I use All Authentacated Users?

Yes, you could,...but you are much much better off to either create a Group
in AD for this or add users individualy to the User Object. In either case
you still have to create the User Object first, then add either a Group or
the Users individually. The "All Authenticated Users" is simply a User
Object that already existes in ISA by default,...but it is too broad.

2. Ok,
A. Added the Group of the users that I would like to monitor in the AD.

B. I have changed all users in the firewall policy to just the group
that I created on the domain.
C. I have "To" set to internal/local host, and "From" set to Internal
D. On Networks > Internal > Web Proxy > Authentication I have
integrated and require all users to authenticate checked.

This seems to be working now with out the users being prompted. This
should give me the information that I wanted right? <user name and
where they went>

Thank you for the links btw. they REALLY helped get a base of
information.
~Noob

.

References:
- Passthrough for ISA Proxy - passthrough
  - From: Noob
- Re: Passthrough for ISA Proxy - passthrough
  - From: Noob

Prev by Date: Re: ISA 2004 - policy applied to user but not to security group user is a member of....
Next by Date: Re: ISA 2004 - policy applied to user but not to security group user is a member of....
Previous by thread: Re: Passthrough for ISA Proxy - passthrough
Next by thread: Re: Passthrough for ISA Proxy - passthrough
Index(es):
- Date
- Thread

Relevant Pages

Re: Script to remove list of users from groups...
... Directory groups. ... output of a list of user DNs that I want to remove from all groups. ... I don't like modifying the member and memberOf attributes directly, ... ' Bind to the user object. ...
(microsoft.public.scripting.vbscript)
Re: Script to remove list of users from groups...
... I do have the DNs so I guess I just miss out that section. ... I don't like modifying the member and memberOf attributes directly, ... ' Bind to the user object. ... NameTranslate object to convert the NT names to Distinguished Names. ...
(microsoft.public.scripting.vbscript)
Re: Domain Users into Local Admins
... checked the DNS is correct and made sure both ... > 3) User or machine is not in the container to which the GPO is linked. ... > 6) The user is a member of a group which is being filtered from the effect ... Kerberos authentication may not work. ...
(microsoft.public.windows.server.security)
Re: Cross-Domain question (Parent - Child)
... LDAP binding for authentication. ... groups that a user is a member to figure out the assigned roles for a user. ... that our product will only support the universal groups in cross-domain case. ... query in a multidomain forest you may or may not see the value populated ...
(microsoft.public.win2000.active_directory)
Re: Printer Permission Issue
... user's domain X account is a member of the local administrator's group? ... The user cannont print to a certain printer on domain Y w/o a username and ... Users computer cached the authentication of that printer ...
(microsoft.public.win2000.networking)