RE: Blocking Downloads - ISA 2004

Hello Luiz,

Thank you very much for kind update.

I'm glad to hear that the info I provided is help for you. Please do not
hesitate to post in this great newsgroup if you need any assistance in the
future. I look forward to working with you again.

Thank you and have a nice day,

Best regards,

Terence Liu(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Thread-Topic: Blocking Downloads - ISA 2004
| thread-index: Ace44Vt48FPWAAXXRxWUB3wUSjkyQw==
| X-WBNR-Posting-Host: 207.46.192.207
| From: =?Utf-8?B?THVpeg==?= <Luiz@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <E82A2C10-CBFB-4076-ADF1-6846158F39F1@xxxxxxxxxxxxx>
<OZyvKIHuHHA.2148@xxxxxxxxxxxxxxxxxxxxxx>
| Subject: RE: Blocking Downloads - ISA 2004
| Date: Wed, 27 Jun 2007 10:34:04 -0700
| Lines: 148
| Message-ID: <80C2BF22-1178-4085-842C-4A58D7F07056@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:46673
| NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi Terence,
|
| thank you.
|
| Best Regards.
|
| Luiz
|
| "Terence Liu [MSFT]" wrote:
|
| > Hello Luiz,
| >
| > Thank you for posting here.
| >
| > According to your description, I understand that you want to block
internal
| > clients download files from Internet thru ISA 2004. If I have
misunderstood
| > the problem, please don't hesitate to let me know.
| >
| > Based on my experience, you can create a access rule in ISA to achieve
this
| > goal.
| >
| > Please open the ISA management console, navigate to Firewall Policy,
right
| > click "Firewall Policy" and click New->Access Rule, then create a new
| > access rule as following:
| >
| > Rule name: Block internal user download files from Internet
| > Rule Action: Allow
| > Protocols: HTTP/HTTPS
| > Sources: Internal
| > Destination: External
| > User Sets: SBS Internet Users
| >
| > Then move this new access rule to make it above the SBS Internet Access
| > Rule and click Apply to save all the settings.
| >
| > Right click the new rule and choose "Configure HTTP", you will find the
| > following options:
| >
| > The Block responses containing Windows executable content option allows
you
| > to prevent users from downloading files that are Windows executable
files
| > (such as .exe files, but any file extension can be used on a Windows
| > executable). The HTTP Security filter is able to determine if the file
is a
| > Windows executable because the response will begin with an MZ. This can
be
| > very helpful when you need to prevent your users from downloading
| > executables through the ISA firewall.
| >
| > You can control what file extensions are allowed to be requested
through
| > the ISA firewall. This is extremely useful when you want to block users
| > from requesting certain file types through the ISA firewall. For
example,
| > you can block users from accessing .exe, .com, .zip, and any other file
| > extension through the ISA firewall.
| >
| > The Allow all extensions option allows you to configure the Access Rule
to
| > allow users access to any type of file based on file extension through
the
| > ISA firewall. The Allow only specified extensions option allows you to
| > specify the precise file extensions that users can access through the
ISA
| > firewall. The Block specified extensions (allow all others) option
allows
| > you to block specified file extensions that you deem dangerous.
| >
| > If you select the Allow only specified extensions or Block specified
| > extensions (allow all others) option, you need to click the Add button
and
| > add the extensions you want to allow or block.
| >
| > The Extension dialog box appears after you click the Add button. Enter
the
| > name of the extension in the Extension text box. For example, if you
want
| > to block access to .exe files, enter .exe . Enter a description if you
like
| > in the Description (optional) text box. Click OK to save the new
extension.
| > And click Apply to save all the settings.
| >
| > You can also consider using third party filter to achieve this goal:
| >
| > Partner Application Filters
| > http://www.microsoft.com/isaserver/partners/applicationfilters.mspx
| >
| > Hope the above info helps. Please feel free to let me know if anything
is
| > unclear.
| >
| > Have a nice day!
| >
| > Best regards,
| >
| > Terence Liu(MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| > --------------------
| > | Thread-Topic: Blocking Downloads - ISA 2004
| > | thread-index: Ace4SRTImqLG30ZsRCaZqzbPsFclvQ==
| > | X-WBNR-Posting-Host: 207.46.19.168
| > | From: =?Utf-8?B?THVpeg==?= <Luiz@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | Subject: Blocking Downloads - ISA 2004
| > | Date: Tue, 26 Jun 2007 16:24:02 -0700
| > | Lines: 8
| > | Message-ID: <E82A2C10-CBFB-4076-ADF1-6846158F39F1@xxxxxxxxxxxxx>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | Path: TK2MSFTNGHUB02.phx.gbl
| > | Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:46488
| > | NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | Hi,
| > |
| > | I have a SBS 2003 R2 Premium with ISA 2004 installed in it.
| > | How can I block downloads through?
| > |
| > | Thanks.
| > |
| > | Luiz
| > |
| >
| >
|

.