RE: Another ISA newbie question

Hi Dieter,

Thank you for posting in SBS newsgroup.

The GroupB received the user credential box is because it is denied. For
detailed information, please refer to the following KB article:

297324 Multiple Authentication Dialog Boxes Are Displayed When You Use
Access
http://support.microsoft.com/?id=297324

Regarding how to allow the GroupB to access only the allowed sites and
GroupA can access all external sites. We may try the following steps:

1. Do not create any deny rule in Site and Content rule.
2. Create a Site and Content Rule, configure to allow accessing to the
specific Destination Set, and then apply to GroupB.
3. Make sure no Site and Content Rule is applying to Any Request as
following:

1) Open the Site and Content rule.
2) On the "Applies To" tab, make sure "Any Request" does not be selected.

4. On other Site and Content Rule, add GroupB in Exceptions under Apply To
tab as following:

1) In ISA Management, expand Servers and Arrays and Server name.
2) Expand Access Policy and then click Site and Content Rules.
3) Click all of Site and Content Rule respectively, and then in Applies To
tab, add the GroupB to Exceptions column.

If the problem still exists, please help me to gather the IPCONFIG/ALL
result, ISA Info and ISA logs.

Gather the ISA info as following:

1) Gather the ISA info as following:

a. Download the file from the following URL:

http://isatools.org/ISAInfo.vbe

b. Copy the file ISAInfo.vbe into ISA server, and then double click it.
This will generate a file <computer-name>_ISAInfo.txt file in C:\Program
Files\Microsoft ISA Server.
c. Please post this file to newsgroup.

2) Gather the ISA logs as following:

a. Open ISA Management, and then point to Monitoring Configuration | Logs
b. Double click ISA Server Firewall Service in the right pane, click to
select Enable Logging for this service, click Fields tab, click Select All,
and then click OK.
c. Please repeat Step 2) to enable logging IP Packet Filter and Web Proxy
Services.
d. Run command "net stop isactrl" (without the quotation marks) to stop all
ISA Services.
e. Backup all files in the folder C:\Program Files\Microsoft ISA
Server\ISALogs, and then delete them.
f. In ISA Management | <server name> | Monitoring | Services, start all ISA
services.
g. Reproduce the issue.
h. Wait for about 3 minutes, and then post that day's firewall, web proxy
and IP Packet filter log in C:\Program Files\Microsoft ISA Server\ISALogs.
You can compress logs into .zip file.
i. Please also let me know the IP address of the testing client so that I
can filter the data.

In addition, I provide the following articles for your reference:

http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/controllingsecure
internetaccess.mspx

297922 How To Provide Internet Access Through a Firewall in Internet
Security
http://support.microsoft.com/?id=297922

Hope the information help and I look forward to your reply.


Best regards,

Crina Li (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Dieter Visser" <bsd@xxxxxxxxx>
| Subject: Another ISA newbie question
| Date: Tue, 7 Jun 2005 14:24:13 +0200
|| Newsgroups: microsoft.public.windows.server.sbs
||
| Hello,
|
| We have a SBS 2003 premium server with ISA server installed. The CD did
not
| arrive yet so I have to go without SP 1 installed.
| We have two groups of users, one group (A) is allowed to surf the
internet.
| The other group (B) is allowed to go to a few selected websites.
|
| I created a destination set with the selected sites for group B
| I created a site content rule for group B
| I removed the group B users from SBS Internet Users
| I created a group B users for using Internet
| I created a site and content rule to deny group B users access to all but
| the selected sites
| I made an exception for group B under the Internet Acces protocol rule
|
|
| Now a group B user wants to look at a selected site and is asked for a
| username and a password because: the ISA server requires authentication to
| fulfill the request.
|
| What did I forget or mess up?
|
| Please help
| Dieter
|
|
|
|
|
|
|

.

Relevant Pages

  • Re: RWW - Cant login
    ... MVPs do not work for Microsoft ... Must be a difference between Standard and Premium and ISA. ... In the Microsoft Internet Security and Acceleration Server 2004 console, ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • RE: No Incoming email, RWW or OWA after Install of ISA 2004 SP1 (S
    ... Thanks for your comments on SQL and ISA updates during Premium SBS 2003 SP1 ... Error Code: 500 Internal Server Error. ... Get error "Cannot find server or DNS Error Internet Explorer " ... > Thanks for using SBS newsgroup. ...
    (microsoft.public.windows.server.sbs)
  • RE: Internet slow
    ... please help me collect ISA log files for further ... This newsgroup only focuses on SBS technical issues. ... you may want to contact Microsoft CSS directly. ... I understand the issue to be: internet access ...
    (microsoft.public.windows.server.sbs)
  • RE: Cannot access website from Internet after installing ISA 2004
    ... Thanks for using the SBS newsgroup! ... the web site from internet after upgraded to ISA 2004. ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: Internet access with local PPP links
    ... Extract all files to a folder on ISA server ... This newsgroup only focuses on SBS technical issues. ... if I disable the ISA client but leave IE setup to use the ... | server at port 8080 then the user can still surf the Internet fine. ...
    (microsoft.public.windows.server.sbs)
Loading