Manage MSN access with ISA 2006

Posted on 2007-08-01
Last Modified: 2008-11-17

I'm having trouble configuring my ISA 2006 standard to only allow MSN usage outside work-hours to a specific group, while allowing full MSN access to a second group.

What I need is the following: "Non MSN users" should only have access to MSN on hours that are not Work Hours, they can have HTTP and HTTPS access all the time.

The remaining users should have access to MSN, HTTP and HTTPS all the time.

I have two groups: All users and Non MSN users.

I tried creating a rule that would allow HTTP and HTTPS access to the Non MSN users, while blocking the messenger signatures, and with the condition of "work hours", but for some reason they never have access to the Internet when this rule is enabled...

I have a second rule that applies to all users after this one, that allows access to HTTP,HTTPS and no signature blocking, my idea was that the users that are not explicitly referred in the previous rule would have full access, but for some reason the "non msn users" are completely blocked with the previous rule.

I'm not sure I'm making some logical error with these rules or if this yet again, some bug from ISA server.

Do you see anything wrong with these rules, or would you do this differently?
Question by:Menshen
    LVL 51

    Accepted Solution

    Don't see i as a bug but....

    I've tried writing this in a logical form (works for me)

    1. Allow all users to the internet at any time
    2. Allow selected group to MSN all of the time
    3. Block a selected group from MSN during a particular time.

    1. allow http/https to any site including MSN at any time if member of group Allow - schedule always
    That should cover the OK grouptherefore the only people left are the block_msn group.
    2. allow http/https to any site including msn during non-work hours if member of group non_work_hours - schedule non-work-hours
    3. Deny http/https access to msn via signatures - all users - schedule always
    LVL 51

    Expert Comment

    by:Keith Alabaster
    just having my dnner so if a problem still I'll try it myself
    LVL 1

    Expert Comment

    Forced accept.

    EE Admin

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
    Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now