Restrict user to certain websites using ISA 2000

I am getting fed up with a user accessing inappropriate websites.  I have looked at trying to stop this using ISA but it is a continuing process, I have to add each identified website to my rule.  I have decided it would be far easier to just allow only the few websites he should be accessing.  How do I set up in ISA an allow rule for only him and only the few websites I wish him to access?
LVL 4
fuzzyfreakAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

fuzzyfreakAuthor Commented:
Oops, my mistake, I actually need to do this in ISA 2000, not ISA 2004.  Your first link answered my original question but it is not transferable to ISA 2000.  I am going to try and change the question title.
0
Shreedhar EtteCommented:
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

fuzzyfreakAuthor Commented:
I am going to need some help here.  That article tells you how to create a destination set and an exception rule.  So now I have allowed certain websites for a security group, but presumably I have to now use an opposing rule to disallow all websites because by default all users have access to all websites.

Also, as part of trying to resolve this, have you any idea where I might find the "SBS Internet Users" group?
0
Shreedhar EtteCommented:
The group should be there in your Active Directory.
0
fuzzyfreakAuthor Commented:
I found it, it is actually called Internet Users.

I still cannot get the article to work for me, it seems incomplete.
0
pwindellCommented:
Back to the original question.

This is ISA2000 we are talking about here,...what you want to do is almost a waste of time.  ISA 2000 is too inflexible in its rule design to get that "picky" about it.  That is why it only lasted for one version before the threw out the rule design and started over with ISA2004.

Use www.opendns.com 
Create an accout with them (its free)
Select the "catagories" of web sites you want blocked.
You can also tweek your selections with the White List and Black List
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
fuzzyfreakAuthor Commented:
Before I look at opendns, I am considering just upgrading ISA.  I have SBS2003, my two questions are -

Should I upgrade to ISA 2004 or 2006
Would it be a straight upgrade, carrying my custom policy elements and access policies over?

Thanks
0
pwindellCommented:
With SBS2003 it has to be ISA2004 and the only way to do that is get the SBS SP1 Update from MS.  You cannot install ISA2006 and you cannot install ISA2004 from a stand-alone copy of the CD,...it must come from the SBS Premium Installation CD and be installed through the SBS Wizards.  I do not know it you can install over the top of the old ISA,..but I would not,...I would uninstall ISA200 first,...then install ISA2004.

ISA 2004 is a big improvement over ISA2000 but it is not going to help that much with what you want to do.  Resticting user's Web Destiantion is way more difficult to do depenably and correctly then people realize.   I run ISA2006 here and have been using ISA since back when it used to be called Microsoft Proxy Server v.2,, and was an ISA MVP for 3 years..and yet I still use OpenDNS for handling this.  Handling it at the DNS Level is much more dependable and reliable then doing it at the Firewall Level.  Doing it at the DNS level takes care of the problem long before the Firewall has to worry about it and the user has no way to bypass it or sneek around it somehow,...particularly if they are not local admins on their machine,...and even that won't help them if youo do your LAN's DNS Scheme properly.

If you want to have multiple level of restrictions you can't do it all with OpenDNS because OpenDNS will always be global.  So you would set the global restriction with OpenDNS and then do the "additional" restrictions with ISA.
0
fuzzyfreakAuthor Commented:
OK, so in reference to my original question, it cannot be done.
Using OpenDNS and an upgrade ISA2004 will give me my solution.
0
pwindellCommented:
OK, so in reference to my original question, it cannot be done.

No, I didn't say that.  I said doing it with ISA2000 was a waste of time (not impossible).  I am saying that it (ISA2000) is so inflexible and unpredictable in this particular regard,... that I presented you with a more workable and better solution that looks more at the "big picture" and will serve your purposes better.  Combining the two,...ISA2004 (via within the SBS product),... with a service like OpenDNS will give the best solution.
0
fuzzyfreakAuthor Commented:
OK, thanks.  I think opendns is all that is necessary as a solution to my issue.  The ISA upgrade is currently an unnecessary expense.  Thank you very much.
0
fuzzyfreakAuthor Commented:
I appreciate the input of both contributers, it helped me make a valid decision.  I am currently using the free version of OpenDNS which appears to be all I need to resolve my issue.
0
pwindellCommented:
The ISA upgrade is currently an unnecessary expense.  Thank you very  much.

There is no expense.  Moving up to 2004 from 2000 is part of updating the SBS2003 Premium to SP1.  It is just that you cannot download the SBS SP1 for Premium.   You can download it for SBS Standard,...but not Premium.  ISA is only included with Premium.  So you have to contact MS to get the Media to update your SBS Premium to SP1 which will include ISA 2004.  You need to do this no matter what else you are doing or not doing.
0
fuzzyfreakAuthor Commented:
OK, how confusing as my SBS is now on SP2 and my ISA is still 2000.
0
pwindellCommented:
You probably installed the "regular" SP2 for the "regular" Server 2003 that was downloaded.

ISA only legally comes with SBS Premium.
ISA2000 came with SBS Premium, no SP
ISA2004 came with SPS Premium SP1

The SP1 for SBS Premium was not downloadable (SBS Regular was).  You have to contact your retailer or MS directly to get it.

Since you have already "skipped" past it I do not know if you can go back because you would have to uninstall SP2 first,...I don't know what kind of mess that would make.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.