We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now


using internet

ammadeyy asked
Medium Priority
Last Modified: 2010-04-11
i am NOT in a active directory environment

i am using ISA 2004 to share internet

i am looking for a centralize software to maintain the usage of internet

for example, when a user open internet explorer it will prompt for user name and password

the password prompt should come when open internet explorer only, other applications users can have access freely
anyone knows a software with this function?
Watch Question

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Too bad you're not in an AD environment, this will make large-scale operation difficult. But here goes:

Obviously you can't restrict access to the internet using a firewall, because other applications need access. I think the only way around it is to force Internet Explorer to use your ISA server, which can be configured for authentication. Then you will have to make sure that the settings for the proxy server cannot be changed, by removing the Connections tab from the Internet Explorer settings.

Alternatively, you can save the text below to a .reg file (for example proxysettings.reg), and save it in a central place:

--- cut here ---
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]

--- cut here ---

Then you can apply this registry file at user logon, with "regedit /s \\server\share\proxysettings.reg"
Yes you certainly can.

You need to create a user group on the ISA server and then create a FireWall policy (or edit the existing policy) to apply to that User/Group. After that this is what happens:

1-Internet Explorer contacts the gateway or proxy (ISA Server) and sends the request for the website
2-Proxy sends back the authentication 'failed' header along with the protocols it supports (e.g. Basic ,...)
3-Internet Explorer re-sends the request for the website along with the authentication protocol requested and username/password of the user running
4-ISA fails to authenticate the current user (since you are not in active directory) so Proxy sends back the authentication 'failed' header along with the protocols it supports (e.g. Basic ,...)
5-Internet Explorer Prompts for username/passowrd and user gets chance to input

Note that this is all automated. you don't need to do any configuration on the IE.

Another Note: Make sure you don't have any other firewall policy not requiring username/password with higher priority  in isa.

try and let me know

hello again,

+ for other applications, enable the Firewall Client installation and add the appliation/port in the ISA Server's configuration. Then install firewall client software on the client systems. However, depending on the software (e.g. of the old software,...) they may prompt you for username/password or don't get authenticated. This is a good thing most of the times because you don't want infected systems (e.g. virus, spyware) to contact internet.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.