Re: Need assistance with enforcing internet ACL (when users can install firefox)
- From: Jack Doyle <Jack.Doyle@xxxxxxxxxxxxxxx>
- Date: Fri, 19 Oct 2007 08:33:23 -0400
pez wrote:
We control access to the internet though an ISA server (which works
fine). To get to the internet users use a proxy (which is the ISA
server). But some have figured out that if they install firefox by
default it connects them directly to the gateway (bypassing the ISA
box). Because of other applications users need to have local admin
rights so even if I remove firefox, they can just reinstall. Anyone
have any suggestions?
Absolutely. There are a couple of ways that you could handle this.
The first would be to find where the proxy settings for Firefox are stored and make changes to those pro grammatically (registry, etc.)
That's not an ideal solution, though, because as soon as you do that they'll install Opera, then Safari, then something else.
The best way to handle this would be to create Access Control Lists on your gateway itself that only allow the ISA server to access the internet. You could also add entries for servers, etc. Hopefully you have them on a different LAN segment so this would be easy to do.
This way, you are able to prevent the users from accessing the internet unless they go through the proxy, regardless of which application they are using.
--
Jack Doyle, Systems Engineer
ScriptLogic Corporation
http://www.scriptlogic.com
.
- References:
- Prev by Date: Re: What kind of rights are needed to run regedit /s import?
- Next by Date: Re: NTbackup reliability
- Previous by thread: Re: Need assistance with enforcing internet ACL (when users can install firefox)
- Next by thread: Local Cert Server
- Index(es):
Relevant Pages
|
