Solved

More detailed schedule in ISA 2004

Posted on 2006-10-23
12
856 Views
Last Modified: 2011-11-22
I have a customer who needs to limit their employes internetaccess during worktime but during breaks there shall be no limits at all.
They have a ISA 2004 which provide a solution for the access part but seems missing the function of a detailed schedule.
According to Microsoft:
"Schedules can be set only on an hourly basis, at the start of every hour."

Is there any possible way to create a more detailed schedule?
For example they want "the no limit time" to start 14:15 and end 14:45.

Regards
Mattias
0
Comment
Question by:BraData295
12 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 250 total points
ID: 17794896
No, hourly is the minimum schedule. As I recall, ISA2006 has the same limitation.

Regards

Keith

0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17798521
Just checked and ISA2006 is exactly the same. Doesn't happen often to us but sometimes the correct answer is "Nope, 'fraid not".

0
 
LVL 5

Assisted Solution

by:MarkusKolbeck
MarkusKolbeck earned 250 total points
ID: 17810046
Try the following:
- Create a new (additional) access rule with unlimited access
- create two scheduled tasks (you can define to be launched on a per-minute-basis):
     1. disable the roule during the work hours (via script)
     2. enable the roule during breaks (via script)

The Script to enable / disable an access rule can be downloaded here:
http://www.isascripts.org/

Example Script Code (from Jason Fossen - www.ISAscripts.org):

'*************************************************************************************
' Script Name: ISA_Enable-Disable_Rule.vbs
'     Version: 1.0
'      Author: Jason Fossen ( www.ISAscripts.org )
'Last Updated: 16.Oct.2005
'     Purpose: Enables or disables a rule in the Firewall Policy of an ISA Server array,
'              Standard or Enterprise edition.  But cannot manage System Policy rules or
'              Enterprise Policy rules, array or single-server rules only.
'       Legal: Public Domain.  Modify and redistribute freely.  No rights reserved.
'              SCRIPT PROVIDED "AS IS" WITHOUT WARRANTIES OR GUARANTEES OF ANY KIND.
'              USE AT YOUR OWN RISK.  Test on non-production servers first.
'*************************************************************************************


If WScript.Arguments.Count <> 2 Then Call ShowHelpAndQuit()
sRuleName = WScript.Arguments.Item(0)
sAction   = WScript.Arguments.Item(1)
If (LCase(sRuleName) = "/?") Or (LCase(sRuleName) = "/h") Or (LCase(sRuleName) = "-h") Then Call ShowHelpAndQuit()


If EnableOrDisableRule(sRuleName, sAction) Then
    WScript.Echo vbCrLf & "Success! " & UCase(sRuleName) & " = " & UCase(sAction) & "D"
Else
    WScript.Echo vbCrLf & "ERROR: " & Err.Number & " " & Err.Description
End If


'*************************************************************************************
' Functions() & Procedures()
'*************************************************************************************


'
' sRuleName is the name of the rule, in doublequotes if it contains spaces.
' sAction is either "enable" or "disable" (or just "e" and "d").
'
' Function returns true if either it is successful or if sRuleName Is
' already set to sAction specified.
'
Function EnableOrDisableRule(sRuleName, sAction)
    On Error Resume Next
    If Not IsObject(oFPC) Then Set oFPC = CreateObject("FPC.Root")
    Set oPolicyRule = oFPC.GetContainingArray.ArrayPolicy.PolicyRules.Item(sRuleName)
    'If Err.Number = -2147024894 Then WScript.Echo "Cannot find the rule named " & sRuleName
    If Err.Number <> 0 Then EnableOrDisableRule = False : Exit Function
    If Left(LCase(sAction),1) = "e" Then bState = True Else bState = False
    If oPolicyRule.Enabled = bState Then EnableOrDisableRule = True : Exit Function
    oPolicyRule.Enabled = bState
    oPolicyRule.Save
    If Err.Number = 0 Then EnableOrDisableRule = True Else EnableOrDisableRule = False
    'If Err.Number <> 0 Then WScript.Echo "Problem changing rule state."
    On Error Goto 0
End Function



Sub ShowHelpAndQuit()
    Dim sUsage : sUsage = vbCrLf
    sUsage = sUsage & vbCrLf
    sUsage = sUsage & "ISA_Enable-Disable_Rule.vbs rulename action" & vbCrLf
    sUsage = sUsage & vbCrLf
    sUsage = sUsage & "Purpose: Enables or disables a rule, not including System Policy rules." & vbCrLf
    sUsage = sUsage & vbCrLf
    sUsage = sUsage & "   Args: rulename = Name of the rule, placed in doublequotes if necessary." & vbCrLf
    sUsage = sUsage & "         action   = The word ""Enable"" or ""Disable"" (not case sensitive)." & vbCrLf
    sUsage = sUsage & vbCrLf
    sUsage = sUsage & "  Legal: SCRIPT PROVIDED ""AS IS"" WITHOUT WARRANTIES OR GUARANTEES OF ANY" & vbCrLf
    sUsage = sUsage & "         KIND. USE AT YOUR OWN RISK. Public domain, no rights reserved." & vbCrLf
    sUsage = sUsage & "         ( www.ISAscripts.org )" & vbCrLf
    sUsage = sUsage & vbCrLf
    WScript.Echo sUsage
    WScript.Quit
End Sub


'EOF*******************************************************************************



The script is really easy to use and can be integrated into the scheduled tasks pretty simple.

If you have any further questions please let me know.

ATB
Markus
0
 
LVL 5

Expert Comment

by:MarkusKolbeck
ID: 17864694
Hi Mattias,

you're still there? ;-)

Did you test my solution? Any feedback?

ATB
Markus
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 5

Expert Comment

by:MarkusKolbeck
ID: 17913845
blubb
0
 
LVL 5

Expert Comment

by:MarkusKolbeck
ID: 18091815
Hi Computer101,

I cannot understand your decision (that I only assisted the answer) as I provided a solution for the question.
Please comment.

Markus
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 18096310
Markus.

Computer101 will have made the decision based upon my recommendation. The accept is automatically assigned to the first expert in the list of recipients that I have recommended.

I have given the asker 4 days to respond to my recommendation but as you can see, no response has been seen. ISA server cannot have a schedule set of less than one hoyr so I have given myself an equal split also. This is not up for debate as it is fact.

I appreciate your workaround will work which is why I gave given you an equal share of the points.

Keith

0
 

Expert Comment

by:paterpan
ID: 23333926
MarkusKolbeck's solution worked for me.

Thanks.
0
 

Expert Comment

by:oomran
ID: 37181166
guys did any one test this scrips
i have a rule name test and i want to change the state to disable
i have changed the names accourdingly but no result
what im doing wrong.
is it the path of the script
please give me more details.
 ISA-Enable-Disable-Rule.vbs
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now