Re: Microsoft Update
- From: "Jim Harrison \(ISA SE\)" <jmharr@xxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 2 Jun 2008 11:31:23 -0700
That's correct.
You'll use "all users" so the BITS process can work while you're not logged
on.
--
Jim Harrison (ISA SE)
This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html
"John" <a> wrote in message news:%23nHb10NxIHA.1440@xxxxxxxxxxxxxxxxxxxxxxx
I've checked to be sure that I can't access any sites thru HTTP or HTTPS.
Yes you're right, I can't access the internet other than Microsoft/Windows
update sites. Although scanning for updates gives me an error message, I can
access WU/MU sites just fine. There must be a (default) predefined set of
rules that let me access the site.
Anyway, my new access rule looks as follows:
Name: Microsoft/Windows Updates
Action: Allow
Traffic: HTTP,HTTPS
Source: Local Host
Destination: Microsoft Update Domain Name Set
Accepted user sets: All Users
Is this rule too loose or too restrictive? Feel free to correct the rule if
you think it is not correct.
Thanks again for your help.
"Jim Harrison (ISA SE)" <jmharr@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:804FC557-9028-4763-AFF1-B39DE7BEA0EE@xxxxxxxxxxxxxxxx
The default configuration allows what the system policies allow; nothing
more.
This does not include HTTP from ISA to external.
All you need to do is create an allow rule from local host to Windows
Update
for all users.
This will allow the ISA to reach WU/MU.
--
Jim Harrison (ISA SE)
This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html
"John" <a> wrote in message news:eKinH0pwIHA.2208@xxxxxxxxxxxxxxxxxxxxxxx
I thought the default configuration allows traffic between ISA box and
other
networks BUT does not allow traffic to pass through ISA box from one
network
to another. I was lead to believe that because I can get to the internet
from my ISA2006 box. I just can't get Windows (or Microsoft) Update to
scan
for updates.
If that isn't true, could you give me an example of the rule?
Thank you.
"Jim Harrison (ISA SE)" <jmharr@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:B3D3ACF9-41D5-4B0E-A5C8-2F2605A4FC5B@xxxxxxxxxxxxxxxx
You have to configure rules to allow traffic to, from and across ISA.
By default, "none shall pass" (apologies to John Cleese).
--
Jim Harrison (ISA SE)
This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html
"John" <a> wrote in message news:ubPkU2bwIHA.4912@xxxxxxxxxxxxxxxxxxxxxxx
I've just finished installing ISA2006 on Windows Server 2003. ISA
configuration is now at default (I haven't changed anything). It's got 2
NICs (internal/external). I can access the internet from ISA box.
Trying to get updates from Microsoft Update
http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us
After a few seconds, I see:
[Error number: 0x80072EFD]
The website has encountered a problem and cannot display the page you are
trying to view. The options provided below might help you solve the
problem.
For self-help options:
Frequently Asked Questions
Find Solutions
Windows Update Newsgroup
For assisted support options:
Microsoft Online Assisted Support (no-cost for Windows Update issues)
Read more about steps you can take to resolve this problem (error number
0x80072EFD) yourself.
How exactly do I get updates for my ISA2006 box?
.
- References:
- Re: Microsoft Update
- From: Jim Harrison \(ISA SE\)
- Re: Microsoft Update
- From: John
- Re: Microsoft Update
- Prev by Date: Re: Microsoft Update
- Next by Date: Re: Microsoft Update
- Previous by thread: Re: Microsoft Update
- Next by thread: Re: Microsoft Update
- Index(es):
Relevant Pages
|
