Solved

Restrict Internet Access for specific users in ISA 2004 without restricting internet access to PC that does not have firewall client installed

Posted on 2010-09-08
7
716 Views
Last Modified: 2012-05-10
Well the title says it all...

I need to restrict Internet access for a specific user (not a machine because that user moves from PC to PC).

I am able to do that in ISA 2004 by doing a simple rule that denies access for protocol HTTP/HTTPS from the internal to the external. In the apply to field, I created a No Internet group and I included that user in it.

The rules works well but when it is enabled if I have a PC that does not have the Microsoft Firewall Client for ISA Server 2004 installed, the Internet is restricted for any user loggued on that PC as well... This is a problem because we have Linux/MAC boxes and I cannot restrict them Internet access...

Is there a way I can create a rule that will restrict that specific user while letting the non-firewall client machines accessing the Internet?

Thank you
0
Comment
Question by:Vision_Globale
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 23

Accepted Solution

by:
Suliman Abu Kharroub earned 500 total points
ID: 33632858
No, you cant do so in ISA 2004 nor ISA 2006 . because Secure NAT clients dont support authentication.

As work around, you can use DHCP reservation to assign ips to these clients and create rules on isa based on computers not users ( for all users groups).
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 33632868
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 33632878
also you can use web proxy because it support authentication.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 2

Expert Comment

by:aimcitp
ID: 33635827
Sulimanw is correct. Set up a rule to deny access for a computer set (include that computer in it) . May get real crazy after assigning a static IP address to that computer and make a group policy for that one machine and assign the ISA as its web proxy... Depends on how much you want to do...
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 33636964
Web proxy will make the trick, just you need to configure ISA clients as only web proxy clients .
0
 

Author Comment

by:Vision_Globale
ID: 33640163
Ok thank you!

That's what I though but I wanted a confirmation.
0
 

Author Closing Comment

by:Vision_Globale
ID: 33640171
Good
0

Featured Post

Is Your DevOps Pipeline Leaking?

Is your CI/CD pipeline a hodge-podge of randomly connected tools? You’ve likely got a tool to fix one problem & then a different tool to fix another, resulting in a cluster of tools with overlapping functionality. Learn how to optimize your pipeline with Gartner's recommendations

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question