Manage MSN access with ISA 2006

Posted on 2007-08-01
Medium Priority
Last Modified: 2008-11-17

I'm having trouble configuring my ISA 2006 standard to only allow MSN usage outside work-hours to a specific group, while allowing full MSN access to a second group.

What I need is the following: "Non MSN users" should only have access to MSN on hours that are not Work Hours, they can have HTTP and HTTPS access all the time.

The remaining users should have access to MSN, HTTP and HTTPS all the time.

I have two groups: All users and Non MSN users.

I tried creating a rule that would allow HTTP and HTTPS access to the Non MSN users, while blocking the messenger signatures, and with the condition of "work hours", but for some reason they never have access to the Internet when this rule is enabled...

I have a second rule that applies to all users after this one, that allows access to HTTP,HTTPS and no signature blocking, my idea was that the users that are not explicitly referred in the previous rule would have full access, but for some reason the "non msn users" are completely blocked with the previous rule.

I'm not sure I'm making some logical error with these rules or if this yet again, some bug from ISA server.

Do you see anything wrong with these rules, or would you do this differently?
Question by:Menshen
  • 2
LVL 51

Accepted Solution

Keith Alabaster earned 2000 total points
ID: 19612185
Don't see i as a bug but....

I've tried writing this in a logical form (works for me)

1. Allow all users to the internet at any time
2. Allow selected group to MSN all of the time
3. Block a selected group from MSN during a particular time.

1. allow http/https to any site including MSN at any time if member of group Allow - schedule always
That should cover the OK grouptherefore the only people left are the block_msn group.
2. allow http/https to any site including msn during non-work hours if member of group non_work_hours - schedule non-work-hours
3. Deny http/https access to msn via signatures - all users - schedule always
LVL 51

Expert Comment

by:Keith Alabaster
ID: 19612194
just having my dnner so if a problem still I'll try it myself

Expert Comment

ID: 20106453
Forced accept.

EE Admin

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question