RE: anonymous access rule and authetication rule

From: Kent Nordström <KentNordstrm@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Sun, 2 Mar 2008 23:09:03 -0800

Consider this...

Imaging you work as a doorkeeper at a restaurant and the manager tells you
to let anyone in except if they are named John or Jill.
In order to fullfil that request you need to check the ID on everyone.

The same thing with ISA, you have to decide on what kind of traffic you
require authentication to fullfill your needs.

Usually the problem is that you enforce implicit authentication demands when
making a rule based on groups and puts it in front of a rule with "All Users".

ISA first looks at SourceIP, DestIP and Protocol. If that matches the rule
it starts to evaluate it. If that rule then says "Users=Sales" it will
require authentication in order to fully evaluate that rule. And will not
move to the next rule until a users authenticate.

--
Kent Nordström
MCT, MCSE etc...

XP Services AB
http://www.xpservices.se

"TimMc" wrote:

Greetings all,

I am trying to setup rules that will allow all users access to the internet
and a rule that will certain file extensions for users in specific groups.

I have a rule with specific protocols that allows all users to to access the
internet ( HTTP, HTTPS, FTP, video, and some custom protocols users need) I
am trying to create another "access rule" that will allow specific users
internet access, but block specific file extensions for this group. I have
created the rule added the groups, but when I enable the rule anonymous users
cannot access the internet.

Is it possible to have rules setup to apply to all users unless you belong
to a specific group?

ISA 2004 SP2
Windwos 2003 sp2
ISA member of the domain
3 legged network setup (External, internal, permeter)

Follow-Ups:
- RE: anonymous access rule and authetication rule
  - From: TimMc

Prev by Date: Re: Questions: pros and cons about ISA server in Existing infrastu
Next by Date: RE: anonymous access rule and authetication rule
Previous by thread: Re: Questions: pros and cons about ISA server in Existing infrastu
Next by thread: RE: anonymous access rule and authetication rule
Index(es):
- Date
- Thread

Relevant Pages

Re: Proxy Authentication
... still learning ISA and how to fully leverage it...the setting that you ... I do have a rule for internet access, where by certain groups and users are ... where I was mentioning the "admin" thing. ... > confusing the "per proxy listener" authentication (the option I am talking ...
(microsoft.public.isa)
RE: anonymous access rule and authetication rule
... the group access since it would evalute the "all users" rule first? ... Sorry, I love the ISA server, but still failry new with it. ... require authentication to fullfill your needs. ... I am trying to setup rules that will allow all users access to the internet ...
(microsoft.public.isaserver)
Re: Secure Server & Services
... You can setup a proxy and configure it to allow only ... authenticated users (Integrated authentication) to have access to the ... In this case if users are loged on to their computers as members ... of domain they will not be allowed access to the internet... ...
(microsoft.public.windows.server.security)
Re: ISA 2004 & IE Authentication
... Your ISA has some rules filtering by content-type? ... disabling it for a while.. ... > is asking for authentication every time they open the IE. Advice please ... Internet users are members in AD group. ...
(microsoft.public.isa.clients)
Re: Cannot connect to RWW from home PC
... When we setup this new SBS2003 setup we installed without ISA as it does ... seeing any problems anywhere regards internet or email - we also run ... You have to run the CEICW after each un install re ...
(microsoft.public.windows.server.sbs)