Re: ISA > ISA Client > Configuring laptops

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Chad A. Gross [SBS MVP] (chad.gross_at_laytonflower.nospam.com)
Date: 06/30/04

• Next message: Daniel Peterson: "Re: Can't find add license wizard / server management console"
• Previous message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Mutilple domain names on SBS"
• In reply to: Les Connor [SBS MVP]: "Re: ISA > ISA Client > Configuring laptops"
• Next in thread: Javier Gomez [SBS MVP]: "Re: ISA > ISA Client > Configuring laptops"
• Reply: Javier Gomez [SBS MVP]: "Re: ISA > ISA Client > Configuring laptops"
• Reply: Chad A. Gross [SBS MVP]: "Re: ISA > ISA Client > Configuring laptops"
• Messages sorted by: [ date ] [ thread ]

---

Date: Tue, 29 Jun 2004 22:48:52 -0500

Ok Guys -

Here's a few scripts I used with VPNs on SBS2k. With SBS2k, I used the CMAK
to create my own custom VPN connectoids - and included these scripts in the
connectoid. As a result, the connectoid would enable the firewall client
once the VPN was connected, and disable it once the VPN was disconnected -
so it was completely invisible and transparent to the end user.

Change the .txt extensions to .vbs and you're good to go . . .

-- 
Chad A. Gross - SBS MVP
SBS ROCKS!
www.msmvps.com/cgross
www.gosbs.org
Les Connor [SBS MVP] wrote:
> I'm pretty sure Jeff will have this on the YCST SBS Powertools list,
> but please send it to him just in case ;-).
>
>
> "Javier Gomez [SBS MVP]" <javier_gomez@remove.this.engineer.com>
> wrote in message news:e2mK%230kXEHA.2664@TK2MSFTNGP09.phx.gbl...
>> I like Chad's idea better... but, anyway:
>>
>> I researched this a while ago and I guess if you know how to make
>> scripts, ect. you can do this easily (actually, I would like to try
>> it with GPOs and a logoff script, so it would be completely
>> transparent to the user).
>>
>> For disabling the firewall client->
>> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Firewall Client\Disable
>> Set the vaule to 1 for disable and 0 for enabling it.
>>
>> For disabling the proxy client->
>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
>> Settings\ProxyEnable
>> Set the vaule to 0 for disable and 1 for enabling it.
>>
>> When I tested this I just had an ugly reg file which was loaded "on
>> demand" :-)
>>
>> If you do something nicer... please post it.
>>
>> --
>> Javier [SBS MVP]
>>
>> << SBS ROCKS !!! >>
>>
>> "Jeff L" <newsgroupsremoveandunderscore_jeff@availabletech.net>
>> wrote in message news:eT22o8iXEHA.2408@tk2msftngp13.phx.gbl...
>>> Excellent post... the options are so many... I guess you could
>>> create a logon script that would conditionally turn on proxy
>>> clients.
>>>
>>> Have you created any scripts I might look at?
>>>
>>> "Chad A. Gross [SBS MVP]" <chad.gross@laytonflower.nospam.com>
>>> wrote in message news:u7PggKhXEHA.376@TK2MSFTNGP10.phx.gbl...
>>>> Hi Jeff -
>>>>
>>>> Anymore, I don't configure laptops as firewall clients if they're
>>>> out of the office all the time.  What I do is to create a DHCP
>>>> reservation for each laptop, then create a Client Address Set in
>>>> ISA which contains the IPs of the laptops.  I then create a
>>>> Protocol Rule that allows the necessary protocols for the Client
>>>> Address Set I created.  You still get activity logging - but you
>>>> only get the laptop IP, not the username.  If you want to go one
>>>> step further, you can edit the HTTP Redirector Filter to forward
>>>> web requests from SecureNAT clients directly to the web instead of
>>>> the proxy service.  This will allow your laptops to browse the web
>>>> without configuring proxy settings as well . . .
>>>>
>>>> Or - you could have two scripts, one that enables the firewall
>>>> client and configures proxy settings, and one that disables the
>>>> firewall client and clears the proxy settings.  Put shortcuts on
>>>> the desktop, and have the user run the first script when they need
>>>> internet access at the office, and the second when they need
>>>> internet access outside the office . . .
>>>>
>>>> --
>>>>
>>>> Chad A. Gross - SBS MVP
>>>> SBS ROCKS!
>>>>
>>>> www.msmvps.com/cgross
>>>> www.gosbs.org
>>>>
>>>>
>>>> Jeff L wrote:
>>>>> Hello,
>>>>>
>>>>> Want to use ISA internally but the ISA client interferes with the
>>>>> mobile nature of the organization. Is it possible to use ISA
>>>>> client on Laptops that not always connected to the LAN.
>>>>>
>>>>> The use of VPN is often blocked.
>>>>>
>>>>> Thanks for any help,
>>>>>
>>>>> Jeff Loucks
>>>>>       Available Technology ®
>>>>>            Solutions For Professionals ®
>>>>>                  www.availabletechnology.com 
begin 666 enable_fwc.txt
M)RHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ
M*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*@T*)PT*)R @(" @("!%
M;F%B;&4@25-!($9I<F5W86QL($-L:65N=" F($%D9"!0<F]X>2!3971T:6YG
M<PT*)PT*)RHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ
M*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*@T*#0I/<'1I
M;VX@17AP;&EC:70-"D]N($5R<F]R(%)E<W5M92!.97AT#0H-"D1I;2!%;F%B
M;&5D+"!3:&5L;"P@2V5Y#0H-"D-O;G-T($-L:65N=" ](")(2T597TQ/0T%,
M7TU!0TA)3D5<4T]&5%=!4D5<36EC<F]S;V9T7$9I<F5W86QL($-L:65N=%Q$
M:7-A8FQE(@T*0V]N<W0@4&]L:6-I97,@/2 B2$M%65],3T-!3%]-04-(24Y%
M7%-/1E1705)%7%!O;&EC:65S7$UI8W)O<V]F=%Q7:6YD;W=S7$-U<G)E;G16
M97)S:6]N7$EN=&5R;F5T(%-E='1I;F=S7%!R;WAY4V5T=&EN9W-097)5<V5R
M(@T*0V]N<W0@4')O>'D@/2 B2$M%65],3T-!3%]-04-(24Y%7%-/1E1705)%
M7$UI8W)O<V]F=%Q7:6YD;W=S7$-U<G)E;G1697)S:6]N7$EN=&5R;F5T(%-E
M='1I;F=S(@T*0V]N<W0@4V5R=F5R/2)<4')O>'E397)V97(B#0I#;VYS="!/
M=F5R4FED92 ](")<4')O>'E/=F5R<FED92(-"D-O;G-T($5N86)L92 ](")<
M4')O>'E$:7-A8FQE(@T*0V]N<W0@25-!4V5R=F5R(#T@(C$Y,BXQ-C@N,38N
M,B(-"D-O;G-T($E305!O<G0@/2 B.# X,"(-"@T*4V5T(%-H96QL(#T@5W-C
M<FEP="Y#<F5A=&5/8FIE8W0H(E=S8W)I<'0N4VAE;&PB*0T*#0HG($5N86)L
M92!&:7)E=V%L;"!#;&EE;G0-"DME>2 ]($-L:65N= T*4VAE;&PN4F5G5W)I
M=&4@2V5Y+" P+" B4D5'7T173U)$(@T*#0HG(%-E="!0<F]X>0T*2V5Y(#T@
M4&]L:6-I97,-"E-H96QL+E)E9W=R:71E($ME>2P@,2P@(E)%1U]$5T]21"(-
M"DME>2 ](%!R;WAY("8@4V5R=F5R#0I3:&5L;"Y296=7<FET92!+97DL($E3
M05-E<G9E<B F("(Z(B F($E305!O<G0L(")214=?4UHB#0I+97D@/2!0<F]X
M>2 F($]V97)2:61E#0I3:&5L;"Y296=7<FET92!+97DL("(\;&]C86P^(BP@
M(E)%1U]36B(-"DME>2 ](%!R;WAY("8@16YA8FQE#0I3:&5L;"Y296=7<FET
M92!+97DL(#$L(")214=?1%=/4D0B#0H-"E-E="!3:&5L;" ]($YO=&AI;F<-
#"@T*
`
end
begin 666 disable_fwc.txt
M)RHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ
M*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*@T*)PT*)R @(" @("!$
M:7-A8FQE($E302!&:7)E=V%L;"!#;&EE;G0@)B!296UO=F4@4')O>'D@4V5T
M=&EN9W,-"B<-"B<J*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ
M*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BH-"@T*
M3W!T:6]N($5X<&QI8VET#0I/;B!%<G)O<B!297-U;64@3F5X= T*#0I$:6T@
M16YA8FQE9"P@4VAE;&PL($ME>0T*#0I#;VYS="!#;&EE;G0@/2 B2$M%65],
M3T-!3%]-04-(24Y%7%-/1E1705)%7$UI8W)O<V]F=%Q&:7)E=V%L;"!#;&EE
M;G1<1&ES86)L92(-"D-O;G-T(%!O;&EC:65S(#T@(DA+15E?3$]#04Q?34%#
M2$E.15Q33T945T%215Q0;VQI8VEE<UQ-:6-R;W-O9G1<5VEN9&]W<UQ#=7)R
M96YT5F5R<VEO;EQ);G1E<FYE="!3971T:6YG<UQ0<F]X>5-E='1I;F=S4&5R
M57-E<B(-"D-O;G-T(%!R;WAY(#T@(DA+15E?3$]#04Q?34%#2$E.15Q33T94
M5T%215Q-:6-R;W-O9G1<5VEN9&]W<UQ#=7)R96YT5F5R<VEO;EQ);G1E<FYE
M="!3971T:6YG<R(-"D-O;G-T(%-E<G9E<CTB7%!R;WAY4V5R=F5R(@T*0V]N
M<W0@3W9E<E)I9&4@/2 B7%!R;WAY3W9E<G)I9&4B#0I#;VYS="!%;F%B;&4@
M/2 B7%!R;WAY1&ES86)L92(-"D-O;G-T($E305-E<G9E<B ]("(Q.3(N,38X
M+C$V+C(B#0I#;VYS="!)4T%0;W)T(#T@(C@P.# B#0H-"E-E="!3:&5L;" ]
M(%=S8W)I<'0N0W)E871E3V)J96-T*")7<V-R:7!T+E-H96QL(BD-"@T*)R!$
M:7-A8FQE($9I<F5W86QL($-L:65N= T*2V5Y(#T@0VQI96YT#0I3:&5L;"Y2
M96=7<FET92!+97DL(#$L(")214=?1%=/4D0B#0H-"B<@4F5M;W9E(%!R;WAY
M#0I+97D@/2!0;VQI8VEE<PT*4VAE;&PN4F5G5W)I=&4@2V5Y+" P+" B4D5'
M7T173U)$(@T*2V5Y(#T@4')O>'D@)B!397)V97(-"E-H96QL+E)E9U=R:71E
M($ME>2P@25-!4V5R=F5R("8@(CHB("8@25-!4&]R="P@(E)%1U]36B(-"DME
M>2 ](%!R;WAY("8@3W9E<E)I9&4-"E-H96QL+E)E9U=R:71E($ME>2P@(CQL
M;V-A;#XB+" B4D5'7U-:(@T*2V5Y(#T@4')O>'D@)B!%;F%B;&4-"E-H96QL
M+E)E9U=R:71E($ME>2P@,"P@(E)%1U]$5T]21"(-"@T*4V5T(%-H96QL(#T@
+3F]T:&EN9PT*#0H`
`
end

---

• Next message: Daniel Peterson: "Re: Can't find add license wizard / server management console"
• Previous message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Mutilple domain names on SBS"
• In reply to: Les Connor [SBS MVP]: "Re: ISA > ISA Client > Configuring laptops"
• Next in thread: Javier Gomez [SBS MVP]: "Re: ISA > ISA Client > Configuring laptops"
• Reply: Javier Gomez [SBS MVP]: "Re: ISA > ISA Client > Configuring laptops"
• Reply: Chad A. Gross [SBS MVP]: "Re: ISA > ISA Client > Configuring laptops"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: VPN and DNS Resolution ... I did modify the connectoid for the VPN and that worked. ... My solution is to create a VPN client using CMAK that already has this ... > suffix to the clients or not. ... (microsoft.public.windows.server.dns) RE: question about Microsoft vpn or alternatives ... Be sure to verify that within the properties of the VPN connectoid that ... the client for microsoft networks is there. ... question about microsoft vpn or alternatives ... (Security-Basics) Re: Same domain login, change password on multiple remote computers ... I am not using the W2K VPN ... client so I don't have the option to enter the domain name ... in the connectoid. ... Regards, ... (microsoft.public.win2000.security) Re: Undocumented Feature? ... See if the credentials are cached on the VPN connectoid which you use for ... Also check the logs on the VPN Server to see if the subsequent users are ... logging with their own credentials or the admin credentails. ... > But there is no client side credential manager in Windows 2000 (my ... (microsoft.public.isa.vpn) SUMMARY: Solaris 7 Trim for a diskless SS1 client to boot as X Terminal ... a remote login on the client. ... fine immediately now on Solaris 7. ... Some years ago I got a reply that most of if not all of the rc scripts, ... >> except that for the network, really were unnecessary, and that booting ... (SunManagers)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.sbs  > 2004-06