RE: anonymous access rule and authetication rule

Kent,
Thanks for the response.
If I place an "All user" rule before the "group rule" won't the ISA allow
the group access since it would evalute the "all users" rule first? Can I
create an exception to the "all user" rule and then add the group rule below
it??

Sorry, I love the ISA server, but still failry new with it.

"Kent Nordström" wrote:

Consider this...

Imaging you work as a doorkeeper at a restaurant and the manager tells you
to let anyone in except if they are named John or Jill.
In order to fullfil that request you need to check the ID on everyone.

The same thing with ISA, you have to decide on what kind of traffic you
require authentication to fullfill your needs.

Usually the problem is that you enforce implicit authentication demands when
making a rule based on groups and puts it in front of a rule with "All Users".

ISA first looks at SourceIP, DestIP and Protocol. If that matches the rule
it starts to evaluate it. If that rule then says "Users=Sales" it will
require authentication in order to fully evaluate that rule. And will not
move to the next rule until a users authenticate.

--
Kent Nordström
MCT, MCSE etc...

XP Services AB
http://www.xpservices.se


"TimMc" wrote:

Greetings all,

I am trying to setup rules that will allow all users access to the internet
and a rule that will certain file extensions for users in specific groups.

I have a rule with specific protocols that allows all users to to access the
internet ( HTTP, HTTPS, FTP, video, and some custom protocols users need) I
am trying to create another "access rule" that will allow specific users
internet access, but block specific file extensions for this group. I have
created the rule added the groups, but when I enable the rule anonymous users
cannot access the internet.

Is it possible to have rules setup to apply to all users unless you belong
to a specific group?

ISA 2004 SP2
Windwos 2003 sp2
ISA member of the domain
3 legged network setup (External, internal, permeter)

.

Relevant Pages

  • Re: Proxy Authentication
    ... still learning ISA and how to fully leverage it...the setting that you ... I do have a rule for internet access, where by certain groups and users are ... where I was mentioning the "admin" thing. ... > confusing the "per proxy listener" authentication (the option I am talking ...
    (microsoft.public.isa)
  • RE: anonymous access rule and authetication rule
    ... Sorry, I love the ISA server, but still failry new with it. ... require authentication to fullfill your needs. ... I am trying to setup rules that will allow all users access to the internet ...
    (microsoft.public.isaserver)
  • RE: anonymous access rule and authetication rule
    ... Sorry, I love the ISA server, but still failry new with it. ... require authentication to fullfill your needs. ... I am trying to setup rules that will allow all users access to the internet ...
    (microsoft.public.isaserver)
  • Re: ISA 2004 & IE Authentication
    ... Your ISA has some rules filtering by content-type? ... disabling it for a while.. ... > is asking for authentication every time they open the IE. Advice please ... Internet users are members in AD group. ...
    (microsoft.public.isa.clients)
  • Re: RWW - Cant login
    ... Premium and ISA. ... In the Microsoft Internet Security and Acceleration Server 2004 ... In the center pane, find a policy named SBS Internet Access Rule, ...
    (microsoft.public.windows.server.sbs)