Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 870
  • Last Modified:

More detailed schedule in ISA 2004

I have a customer who needs to limit their employes internetaccess during worktime but during breaks there shall be no limits at all.
They have a ISA 2004 which provide a solution for the access part but seems missing the function of a detailed schedule.
According to Microsoft:
"Schedules can be set only on an hourly basis, at the start of every hour."

Is there any possible way to create a more detailed schedule?
For example they want "the no limit time" to start 14:15 and end 14:45.

Regards
Mattias
0
BraData295
Asked:
BraData295
2 Solutions
 
Keith AlabasterEnterprise ArchitectCommented:
No, hourly is the minimum schedule. As I recall, ISA2006 has the same limitation.

Regards

Keith

0
 
Keith AlabasterEnterprise ArchitectCommented:
Just checked and ISA2006 is exactly the same. Doesn't happen often to us but sometimes the correct answer is "Nope, 'fraid not".

0
 
MarkusKolbeckCommented:
Try the following:
- Create a new (additional) access rule with unlimited access
- create two scheduled tasks (you can define to be launched on a per-minute-basis):
     1. disable the roule during the work hours (via script)
     2. enable the roule during breaks (via script)

The Script to enable / disable an access rule can be downloaded here:
http://www.isascripts.org/

Example Script Code (from Jason Fossen - www.ISAscripts.org):

'*************************************************************************************
' Script Name: ISA_Enable-Disable_Rule.vbs
'     Version: 1.0
'      Author: Jason Fossen ( www.ISAscripts.org )
'Last Updated: 16.Oct.2005
'     Purpose: Enables or disables a rule in the Firewall Policy of an ISA Server array,
'              Standard or Enterprise edition.  But cannot manage System Policy rules or
'              Enterprise Policy rules, array or single-server rules only.
'       Legal: Public Domain.  Modify and redistribute freely.  No rights reserved.
'              SCRIPT PROVIDED "AS IS" WITHOUT WARRANTIES OR GUARANTEES OF ANY KIND.
'              USE AT YOUR OWN RISK.  Test on non-production servers first.
'*************************************************************************************


If WScript.Arguments.Count <> 2 Then Call ShowHelpAndQuit()
sRuleName = WScript.Arguments.Item(0)
sAction   = WScript.Arguments.Item(1)
If (LCase(sRuleName) = "/?") Or (LCase(sRuleName) = "/h") Or (LCase(sRuleName) = "-h") Then Call ShowHelpAndQuit()


If EnableOrDisableRule(sRuleName, sAction) Then
    WScript.Echo vbCrLf & "Success! " & UCase(sRuleName) & " = " & UCase(sAction) & "D"
Else
    WScript.Echo vbCrLf & "ERROR: " & Err.Number & " " & Err.Description
End If


'*************************************************************************************
' Functions() & Procedures()
'*************************************************************************************


'
' sRuleName is the name of the rule, in doublequotes if it contains spaces.
' sAction is either "enable" or "disable" (or just "e" and "d").
'
' Function returns true if either it is successful or if sRuleName Is
' already set to sAction specified.
'
Function EnableOrDisableRule(sRuleName, sAction)
    On Error Resume Next
    If Not IsObject(oFPC) Then Set oFPC = CreateObject("FPC.Root")
    Set oPolicyRule = oFPC.GetContainingArray.ArrayPolicy.PolicyRules.Item(sRuleName)
    'If Err.Number = -2147024894 Then WScript.Echo "Cannot find the rule named " & sRuleName
    If Err.Number <> 0 Then EnableOrDisableRule = False : Exit Function
    If Left(LCase(sAction),1) = "e" Then bState = True Else bState = False
    If oPolicyRule.Enabled = bState Then EnableOrDisableRule = True : Exit Function
    oPolicyRule.Enabled = bState
    oPolicyRule.Save
    If Err.Number = 0 Then EnableOrDisableRule = True Else EnableOrDisableRule = False
    'If Err.Number <> 0 Then WScript.Echo "Problem changing rule state."
    On Error Goto 0
End Function



Sub ShowHelpAndQuit()
    Dim sUsage : sUsage = vbCrLf
    sUsage = sUsage & vbCrLf
    sUsage = sUsage & "ISA_Enable-Disable_Rule.vbs rulename action" & vbCrLf
    sUsage = sUsage & vbCrLf
    sUsage = sUsage & "Purpose: Enables or disables a rule, not including System Policy rules." & vbCrLf
    sUsage = sUsage & vbCrLf
    sUsage = sUsage & "   Args: rulename = Name of the rule, placed in doublequotes if necessary." & vbCrLf
    sUsage = sUsage & "         action   = The word ""Enable"" or ""Disable"" (not case sensitive)." & vbCrLf
    sUsage = sUsage & vbCrLf
    sUsage = sUsage & "  Legal: SCRIPT PROVIDED ""AS IS"" WITHOUT WARRANTIES OR GUARANTEES OF ANY" & vbCrLf
    sUsage = sUsage & "         KIND. USE AT YOUR OWN RISK. Public domain, no rights reserved." & vbCrLf
    sUsage = sUsage & "         ( www.ISAscripts.org )" & vbCrLf
    sUsage = sUsage & vbCrLf
    WScript.Echo sUsage
    WScript.Quit
End Sub


'EOF*******************************************************************************



The script is really easy to use and can be integrated into the scheduled tasks pretty simple.

If you have any further questions please let me know.

ATB
Markus
0
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

 
MarkusKolbeckCommented:
Hi Mattias,

you're still there? ;-)

Did you test my solution? Any feedback?

ATB
Markus
0
 
MarkusKolbeckCommented:
blubb
0
 
MarkusKolbeckCommented:
Hi Computer101,

I cannot understand your decision (that I only assisted the answer) as I provided a solution for the question.
Please comment.

Markus
0
 
Keith AlabasterEnterprise ArchitectCommented:
Markus.

Computer101 will have made the decision based upon my recommendation. The accept is automatically assigned to the first expert in the list of recipients that I have recommended.

I have given the asker 4 days to respond to my recommendation but as you can see, no response has been seen. ISA server cannot have a schedule set of less than one hoyr so I have given myself an equal split also. This is not up for debate as it is fact.

I appreciate your workaround will work which is why I gave given you an equal share of the points.

Keith

0
 
paterpanCommented:
MarkusKolbeck's solution worked for me.

Thanks.
0
 
oomranCommented:
guys did any one test this scrips
i have a rule name test and i want to change the state to disable
i have changed the names accourdingly but no result
what im doing wrong.
is it the path of the script
please give me more details.
 ISA-Enable-Disable-Rule.vbs
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now