Re: ISA 2004 and AOL 9 won't work right...

On Mar 4, 1:37 pm, "Cris Hanna [SBS-MVP]"
<crisnospamha...@xxxxxxxxxxxxxxxxxxxxx> wrote:
I understand this is your client, but at some point they need to understand that they either want a business network or a home peer to peer network (thats all AOL is really...a huge peer to peer network)

They can get their mail via aol.com   They don't need the AOL client.   Simply tell them that the AOL client software is not compatible with network security requirements.

But they have to make a choice...its not your choice.

Do they want secure?  Or do they want AOL?

--
Cris Hanna [SBS - MVP]
-----------------------------------------------------------
MVPs Do Not Work for Microsoft
Please do not contact me directly regarding issues
  "Andrew Meador" <amead...@xxxxxxxxxxx> wrote in messagenews:43e19dcb-b748-4dc5-b9e1-e304e9f3b4ba@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
     I have a client that has ISA Server 2004 on SBS 2003 Premium. ISA
  was configured with the SBS Internet Access Rule to allow All Users to
  get to the internet. This was to avoid having to setup the ISA
  Firewall Client. Well, they have a wireless access point running that
  somehow was reset to factory default. I had it set to allow only
  certain comupters to connect and get IPs from the server.
  However,since it was reset, about 60 people from the immediate
  vacinity starting connecting and using the internet through this
  access point. So, as a precaution, I pushed the ISA Firewall Client
  down to the client computers and reconfigured ISA Internet Access Rule
  to allow only SBS Internet Users. This will stop users from outside
  the network from accessing the internet throught the T1, even in the
  event the the wireless access point goes to factory defaults again.
     Now, the new problem is that this company has always been AOL
  junkies. They have a few AOL e-mail accounts that they are determined
  to keep using and they are all very used to using AOL. I have tried my
  best to get them to switch off and use their own e-mail system with
  Outlook and OWA, but to no avail. As you have probably seen, AOL and
  ISA don't get along. I have found and read the following:
 http://www.microsoft.com/technet/isa/2004/plan/aol.mspxbut to get it
  to work, I would have to remove/deactivate the ISA Firewall client,
  which is a backwards security step and will put us back in the same
  possition as before with wide access to the internet there again.
     Does anyone have another solution, that will not compromise
  security, to make AOL work fully? BTW, AOL does work as far as pulling
  down e-mail in this state, but they cannot browse web pages and I'm
  not sure about their IM features yet, or any other AOL crap I don't
  know about. They want full AOL 9 use, without network compromise. What
  to do?
     I have even tried setting them up to have the AOL mail pulled into
  their Outlook boxes, but they don't like that either - something about
  some kind of folders they use in AOL that doesn't pull in right.
     There has got to be some kind of fix to this stuff. I ran into
  another application (McAfee virus scanner - home type version) that
  can't update correcly and MS (or maybe McAfee) recommends in that case
  to allow All users and such. It's a freakin firewall - why is
  everyones solution to these thing to break it's functionality, can't
  it be made to work correctly with these apps?
     Please help frustrated me!!!

     Thanks!
        Andrew

True - I get it, I hate AOL - its a huge piece of crap and I have
always thought so. But, it comes down to the fact the ISA is doing
something to make it not work and I would think there would be some
way to keep it from blocking whatever it is that it's blocking so that
this could work. Plus, like I said, I do have another instance right
now where a client has a home based McAfee product on his computers
and it works great for what they want (filters viruses, spam, spyware,
etc...) but ISA is breaking it's automatic updating abilities. Again,
the suggested solution so far is "open up the firewall" instead of
setting some kind of rule to allow the traffic properly. I'll admit
that I'm not a guru at how to setup ISA which is why I'm posting, but
it seems inherently logical to me the if you have a highly
configurable firewall like this that configurations could be made to
solve the problem instead of opening it up like a tin can. What's the
point in having it if its going to be poped open like this?
My clients are small enough that they want SBS for the fact that is
full of features at a great overall price, but if you have to keep
opening things up to get it to play nice, it gets to be a liablilty.
The other option is to buy everything 'commercial version' which is
always more expensive and harder to configure (at least in my
experience). That may not be the case when you're dealing with large
deployments as the time put in is worth the time saved, but it's
hardly worth the time to learn to use the large commercial products to
deploy to 10 or 15 clients. In one case they have 5 clients - you
can't ever buy most commercial stuff for 5 users without having to go
with a minimum of 10 - then your cost per computer effectively doubles
on top of the config issues. Why not make ISA play nice so it doesn't
break stuff?
My thinking is that it can, but someone out there just hasn't
figured out the correct workaround yet. I wish it could be me, but I'm
not there yet.
Anyway, hopefully someone out there will find the solution, but I'm
concerned they won't. Most everyone has the "is AOL, don't fix it, ban
it" attitude. Believe me I would have taken them off AOL from day 1,
they are just too comfortable with it to change. I think they should,
and so does everyone else, but can you do? Maybe this will be the
issue that breaks them down. My concern is that they will go with
reducing security to keep their precious AOL alive and well. Whether
we like it or not, I think we should be able to config ISA to let it
work without reducing security.

Andrew
.

Relevant Pages

  • Re: Exchange server setting
    ... AND be sent to his AOL account. ...   Is there a setting on the Exchange server that allows a person so set ... John Smith is in the GAL. ...
    (microsoft.public.windows.server.sbs)
  • Re: The Scottie Meltdown
    ... Fuckin' AOL. ...   Oh yeah...there an idiot. ... with lots of cut and snip and splice experience). ... I consistently crush you into the ground like a bug. ...
    (rec.audio.opinion)
  • Re: How to Get Rid of Bret Ludwig
    ...     You're the only one riled up, gnashing your teeth and wringing your ...     If it was not posted THROUGH AOL, you're either making it up or you ... The difference is when it comes to my posts ... tard is pretty rich. ...
    (rec.audio.opinion)
  • Re: Google please assign this group a moderator
    ... FidoNet, Genie, The Source, Delphi, Prodigy, AOL, etc. ...    nonsense and that kind of crap persists today because so many ...    untutored in physics find such behavior entertaining. ... is positioning himself  in a position of a JUDGE!! ...
    (sci.physics)
  • Re: ISA 2004 and AOL 9 wont work right...
    ... trying to get a client working, and the only help I got from AOL was to ... Proxy 2.0 (and now ISA) plays quite nicely with pretty much every other app ... sane thing of telling your clients you will not support AOL in a business ... down to the client computers and reconfigured ISA Internet Access Rule ...
    (microsoft.public.windows.server.sbs)
Loading