Solved

More detailed schedule in ISA 2004

Posted on 2006-10-23
12
857 Views
Last Modified: 2011-11-22
I have a customer who needs to limit their employes internetaccess during worktime but during breaks there shall be no limits at all.
They have a ISA 2004 which provide a solution for the access part but seems missing the function of a detailed schedule.
According to Microsoft:
"Schedules can be set only on an hourly basis, at the start of every hour."

Is there any possible way to create a more detailed schedule?
For example they want "the no limit time" to start 14:15 and end 14:45.

Regards
Mattias
0
Comment
Question by:BraData295
12 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 250 total points
ID: 17794896
No, hourly is the minimum schedule. As I recall, ISA2006 has the same limitation.

Regards

Keith

0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17798521
Just checked and ISA2006 is exactly the same. Doesn't happen often to us but sometimes the correct answer is "Nope, 'fraid not".

0
 
LVL 5

Assisted Solution

by:MarkusKolbeck
MarkusKolbeck earned 250 total points
ID: 17810046
Try the following:
- Create a new (additional) access rule with unlimited access
- create two scheduled tasks (you can define to be launched on a per-minute-basis):
     1. disable the roule during the work hours (via script)
     2. enable the roule during breaks (via script)

The Script to enable / disable an access rule can be downloaded here:
http://www.isascripts.org/

Example Script Code (from Jason Fossen - www.ISAscripts.org):

'*************************************************************************************
' Script Name: ISA_Enable-Disable_Rule.vbs
'     Version: 1.0
'      Author: Jason Fossen ( www.ISAscripts.org )
'Last Updated: 16.Oct.2005
'     Purpose: Enables or disables a rule in the Firewall Policy of an ISA Server array,
'              Standard or Enterprise edition.  But cannot manage System Policy rules or
'              Enterprise Policy rules, array or single-server rules only.
'       Legal: Public Domain.  Modify and redistribute freely.  No rights reserved.
'              SCRIPT PROVIDED "AS IS" WITHOUT WARRANTIES OR GUARANTEES OF ANY KIND.
'              USE AT YOUR OWN RISK.  Test on non-production servers first.
'*************************************************************************************


If WScript.Arguments.Count <> 2 Then Call ShowHelpAndQuit()
sRuleName = WScript.Arguments.Item(0)
sAction   = WScript.Arguments.Item(1)
If (LCase(sRuleName) = "/?") Or (LCase(sRuleName) = "/h") Or (LCase(sRuleName) = "-h") Then Call ShowHelpAndQuit()


If EnableOrDisableRule(sRuleName, sAction) Then
    WScript.Echo vbCrLf & "Success! " & UCase(sRuleName) & " = " & UCase(sAction) & "D"
Else
    WScript.Echo vbCrLf & "ERROR: " & Err.Number & " " & Err.Description
End If


'*************************************************************************************
' Functions() & Procedures()
'*************************************************************************************


'
' sRuleName is the name of the rule, in doublequotes if it contains spaces.
' sAction is either "enable" or "disable" (or just "e" and "d").
'
' Function returns true if either it is successful or if sRuleName Is
' already set to sAction specified.
'
Function EnableOrDisableRule(sRuleName, sAction)
    On Error Resume Next
    If Not IsObject(oFPC) Then Set oFPC = CreateObject("FPC.Root")
    Set oPolicyRule = oFPC.GetContainingArray.ArrayPolicy.PolicyRules.Item(sRuleName)
    'If Err.Number = -2147024894 Then WScript.Echo "Cannot find the rule named " & sRuleName
    If Err.Number <> 0 Then EnableOrDisableRule = False : Exit Function
    If Left(LCase(sAction),1) = "e" Then bState = True Else bState = False
    If oPolicyRule.Enabled = bState Then EnableOrDisableRule = True : Exit Function
    oPolicyRule.Enabled = bState
    oPolicyRule.Save
    If Err.Number = 0 Then EnableOrDisableRule = True Else EnableOrDisableRule = False
    'If Err.Number <> 0 Then WScript.Echo "Problem changing rule state."
    On Error Goto 0
End Function



Sub ShowHelpAndQuit()
    Dim sUsage : sUsage = vbCrLf
    sUsage = sUsage & vbCrLf
    sUsage = sUsage & "ISA_Enable-Disable_Rule.vbs rulename action" & vbCrLf
    sUsage = sUsage & vbCrLf
    sUsage = sUsage & "Purpose: Enables or disables a rule, not including System Policy rules." & vbCrLf
    sUsage = sUsage & vbCrLf
    sUsage = sUsage & "   Args: rulename = Name of the rule, placed in doublequotes if necessary." & vbCrLf
    sUsage = sUsage & "         action   = The word ""Enable"" or ""Disable"" (not case sensitive)." & vbCrLf
    sUsage = sUsage & vbCrLf
    sUsage = sUsage & "  Legal: SCRIPT PROVIDED ""AS IS"" WITHOUT WARRANTIES OR GUARANTEES OF ANY" & vbCrLf
    sUsage = sUsage & "         KIND. USE AT YOUR OWN RISK. Public domain, no rights reserved." & vbCrLf
    sUsage = sUsage & "         ( www.ISAscripts.org )" & vbCrLf
    sUsage = sUsage & vbCrLf
    WScript.Echo sUsage
    WScript.Quit
End Sub


'EOF*******************************************************************************



The script is really easy to use and can be integrated into the scheduled tasks pretty simple.

If you have any further questions please let me know.

ATB
Markus
0
 
LVL 5

Expert Comment

by:MarkusKolbeck
ID: 17864694
Hi Mattias,

you're still there? ;-)

Did you test my solution? Any feedback?

ATB
Markus
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 5

Expert Comment

by:MarkusKolbeck
ID: 17913845
blubb
0
 
LVL 5

Expert Comment

by:MarkusKolbeck
ID: 18091815
Hi Computer101,

I cannot understand your decision (that I only assisted the answer) as I provided a solution for the question.
Please comment.

Markus
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 18096310
Markus.

Computer101 will have made the decision based upon my recommendation. The accept is automatically assigned to the first expert in the list of recipients that I have recommended.

I have given the asker 4 days to respond to my recommendation but as you can see, no response has been seen. ISA server cannot have a schedule set of less than one hoyr so I have given myself an equal split also. This is not up for debate as it is fact.

I appreciate your workaround will work which is why I gave given you an equal share of the points.

Keith

0
 

Expert Comment

by:paterpan
ID: 23333926
MarkusKolbeck's solution worked for me.

Thanks.
0
 

Expert Comment

by:oomran
ID: 37181166
guys did any one test this scrips
i have a rule name test and i want to change the state to disable
i have changed the names accourdingly but no result
what im doing wrong.
is it the path of the script
please give me more details.
 ISA-Enable-Disable-Rule.vbs
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Block unwanted websites & monitor visited 8 79
firewall rule terminology 3 42
Rule Iptables 1 60
cannot send E-mails to one company 15 64
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now