RE: Create exception in ISA server 2000.

Hi Fernando,

Thank you for posting here.

If you want to use the ISA Server as a proxy for the MAC client, you must make sure that no rules are applied to user groups (such as the "Small
Business Internet Access Protocol Rule") and also the "Ask unauthenticated users for identification" check box is not checked on the Outgoing
Web Requests page (right click your servername in ISA Management and click Properties, then click the "Outgoing Web Request" tab).

For the second question about the Windows Firewall GP:

1. Make sure that you've applied the following fixes:

872769 You cannot configure Windows Firewall settings or Security Center
http://support.microsoft.com/?kbid=872769

842933 "The following entry in the [strings] section is too long and has been truncated" error message when you try to modify or to view GPOs in
Windows Server 2003, Windows XP Professional, or Windows 2000
http://support.microsoft.com/?kbid=842933

2. Open GPMC.
3. Go to Forest/Domains/Domain.ext.
4. Right click the "Small Business Server Windows Firewall" GPO link and click Delete. Then, the system will prompt "Do you want to delete this link?
This will not delete the GPO itself". Click OK.
5. Go to Forest/Domains/Domain.ext/Group Policy Objects/Small Business Server Windows Firewall.
6. Drag "Small Business Server Windows Firewall" and drop it to "Forest/Domains/Domain.ext/MyBusiness/Computers/SBSComputers". Then, the
system will prompt "Do you want to link the GPOs that you have selected to this organizational unit?". Click OK.
7. Open Active Directory Users and Computers.
8. Go to "Domain.ext/MyBusiness/Computers/SBSComputers" and move the computer that you do not want to apply the GP to
"Domain.ext/Computers" container.
9. Run "gpupdate" on all domain controllers and client computers.

I hope the above info helps.

If you have any update, please feel free to post back.

Bill Peng
MCSE 2000, MCDBA
Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
>Date: Wed, 06 Apr 2005 19:00:16 +0100
>From: Fernando Morais <fernando.morais@xxxxxxx>
>User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
>X-Accept-Language: en-us, en
>MIME-Version: 1.0
>Subject: Create exception in ISA server 2000.
>Content-Type: text/plain; charset=ISO-8859-15; format=flowed
>Content-Transfer-Encoding: 7bit
>Message-ID: <OOVEIKtOFHA.2748@xxxxxxxxxxxxxxxxxxxx>
>Newsgroups: microsoft.public.windows.server.sbs
>NNTP-Posting-Host: 195-23-23-130.net.novis.pt 195.23.23.130
>Lines: 1
>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:109001
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>
>Hi,
>
>i have a SBS 2003 Premium with Isa Server 2000.
>And i wanted to do an exception in the ISA server for a host to have
>full access to the internet, even withount having to do any kind of
>authentication. It's for a macintosh machine. Is this possible?
>And second is it possible, for only a machine connected to the domain,
>to have enabled to change the properties of the firewall that comes with
>XP sp2. Because in all clients they are disabled, and refer to a domain
>firewall policy.
>
>Thank you.
>


.

Relevant Pages

  • Re: Basic Help Required
    ... Set the browser proxy settings to "localhost:". ... This posting is provided "AS IS" with no warranties, ... How do you make the ISA server itself a web proxy client? ...
    (microsoft.public.isaserver)
  • Re: Create exception in ISA server 2000.
    ... Well is it not possible to create a rule to allow this unauthorized access from an single IP address or ethernet MAC address? ... If you do not want everyone to connect to the internet, you must use the authentication on the ISA ... Regarding the ISA server issue, when you say that i must disable any rule applied and disable the "Ask unauthenticated users for identification" won't this give permissions and full access to other computers than the one i want? ... Right click the "Small Business Server Windows Firewall" GPO link and click Delete. ...
    (microsoft.public.windows.server.sbs)
  • Re: Create exception in ISA server 2000.
    ... Regarding the second question, i follow the steps you gave and it's fixed now. ... Regarding the ISA server issue, when you say that i must disable any rule applied and disable the "Ask unauthenticated users for identification" won't this give permissions and full access to other computers than the one i want? ... 872769 You cannot configure Windows Firewall settings or Security Center ... Right click the "Small Business Server Windows Firewall" GPO link and click Delete. ...
    (microsoft.public.windows.server.sbs)
  • RE: ISA2004 client firewall slow webpage loading
    ... have you configured this new client as web proxy client? ... configure ISA server as your Proxy ... stop the Microsoft Firewall service. ...
    (microsoft.public.windows.server.sbs)
  • Re: Cisco Client Cannot Connect Outbound
    ... ISA Server 2004 supports a more secure way of communication ... between the Firewall client and ISA Server. ... the protocol definition for the third party VPN access. ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)