RE: Internet Explorer not working for SBS user

Hello James,

Thank you for posting here.

According to your description, I understand that you want to make one user
cannot access certain web sites. If I have misunderstood the problem,
please don't hesitate to let me know.

Based on my research, we cannot achieve this goal except we have SBS with
ISA server 2004.

If you have SBS with ISA server 2004, I suggest we try the following steps
to achieve your goal:

1. Create Domain name sites

a. Please open the ISA management console, locate on Firewall Policy node

b. In right pane, navigate to Toolbox->Network Objects->Domain Name Sets

c. Right click Domain Name Sets, select New Domain Name Set

d. Input name (like: Blocked web sites), click Add button, then input the
certain web site name,

e. Add the certain web sites one by one in the list, then, click OK

2. Create deny access rule
Please open the ISA management console, navigate to Firewall Policy, right
click "Firewall Policy" and click New->Access Rule, then create a new
access rule as following:

Rule name: Block certain web site for one user

Rule Action: Deny

Protocols: HTTP, HTTPS

Sources: IP address of the certain user's computer

Destination: the Domain Name Sets created in step 1#

User Sets: the domain user account of the certain user

Then move this rule to the top and click Apply to save all the settings.

If we cannot resolve the issue after we perform the above steps, please
kindly help me collect some information for further investigation:

1. Please help to gather the ISA Info:

1) Download the file from the following URL:

http://www.isatools.org/tools/isainfo.zip

2) Extract all files to a folder on ISA server.

3) Double click Isainfo.js. This will generate 2 files
ISAInfo2004-<computer-name>.log and ISAInfo2004-<computer-name>.xml in the
current folder.

4) Please send these files to me at v-terliu@xxxxxxxxxxxxx

2. Please also help to gather the ISA logs:

1) Schedule a down time.

2) Open ISA 2004 management console.

3) Expand the server node and highlight 'Monitoring'.

4) In the right pane, switch to the 'Logging' tab, make sure the 'Task
Pane' is showed there.

5) In the 'Task Pane', click 'Configure Firewall Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.

6) Switch to the 'Fields' tab, click 'Select All', and then click OK.

7) In the 'Task Pane', click 'Configure Web Proxy Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.

8) Switch to the 'Fields' tab, click 'Select All', and then click OK.

9) Click 'Apply' to save changes and update the configuration.

10) Temporarily disable the Firewall service. To do that, please click
Monitoring | Services tab, and then right click 'Microsoft Firewall' to
choose 'Stop'.

11) Clear the current existing W3C logs. To do that, go to the log saving
directory and clean any existing .W3C logs. By default, the logs will be
saved to 'C:\Program Files\Microsoft ISA Server\ISALogs'. (Some MDF may not
be able to deleted, that's normal.) You may backup them first and then
delete them.

12) Go back to the ISA 2004 management console, and then Start the stopped
'Microsoft Firewall' service.

13) Reproduce the problem, stop the service, and then gather the resulting
W3C files to me for analysis.

14) Please also let me know the IP address of the testing clients so that I
can filter the data.

I hope these steps will give you some help.

Thanks and have a nice day!

Best regards,

Terence Liu(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Thread-Topic: Internet Explorer not working for SBS user
| thread-index: AcfZ2NCTa1scXk/WRKGG7iEYAvB7kg==
| X-WBNR-Posting-Host: 207.46.19.197
| From: =?Utf-8?B?SmFtZXM=?= <James@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: Internet Explorer not working for SBS user
| Date: Wed, 8 Aug 2007 09:26:03 -0700
| Lines: 14
| Message-ID: <5FCB6BD5-E6B4-40A8-8306-BEDA69C47CFC@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:55260
| NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| I have a user that has a computer that won't allow access to certain web
| sites; most of them are secured websites.
|
| When I log on the computer as the Administrator for the domain, I am able
to
| access, but this user is not allowed. I don't want to give this user
Domain
| Admin privledges and I have no GPOs limiting Internet Explorer settings.
|
| The user is a member of the Domain Users, Remoke Web Workplace Users and
the
| builtin Users security groups. The user is also setup as a local
| administrator on the computer as well.
|
| Any suggestions would be great.
| --
| Thanks, James
|

.