Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
2000 Admin with 2006 question about features
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
2000 Admin with 2006 question about features - 14.May2007 11:27:15 AM
|
|
|
JohnnyF
Posts: 10
Joined: 2.Jun.2003
From: Flint, Michigan
Status: offline
|
I am running ISA 2000 and need to move on soon. We are looking at ISA 2006 but I have one big question.
In ISA 2000 we have limited user access to the Internet. Users are limited to the web sites in a Destination Set I created.
ISSUE: *.mapquest.com is allowed, however, when a user goes there they get 6 or 8 login windows in a row and they have to cancel each one. They finally get the web site but all the advertisements are suppressed.
QUESTION: In ISA 2006 will they still get those 6 login screens again? Does 2006 some how allow those advertisements through since the requested site is approved? Or is there a feature I can turn on so they do not see the prompt, so they would get the page without the advertisements?
This is my biggest user complaint and I need to find the answer before I approve the move to 2006. If it is still an issue we may need to look at some other options.
Any insite would be greatly appreciated.
John
|
|
|
|
|
RE: 2000 Admin with 2006 question about features - 14.May2007 11:55:37 AM
|
|
|
tshinder
Posts: 47644
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi John,
this is easy to fix in both 2000 and 2006. For the denied Web sites, you just redirect to a page on the internal network that is maybe a graphic and some warning text. Then they never see the multiple log on prompts.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: 2000 Admin with 2006 question about features - 14.May2007 1:30:29 PM
|
|
|
JohnnyF
Posts: 10
Joined: 2.Jun.2003
From: Flint, Michigan
Status: offline
|
Hi Tom:
Let me make sure I understand, I could create a graphic on an internal IIS box that said something like "Information Restricted" and have that appear in place of the Advertising that would normally be on that page?
Could you explain how I do that in ISA or point me to a reference source?
I want them to be able to use MapQuest but I can't add every advertisement URL to my allow destination set. I get user complaints about that login every week.
Thanks,
John
|
|
|
|
|
RE: 2000 Admin with 2006 question about features - 15.May2007 11:56:26 AM
|
|
|
tshinder
Posts: 47644
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi John,
In your deny rule for the advertising sites, configure the rule to redirect users to an internal Web site with the graphic or the text. Place that rule above the allow rule. Then in the area where the advertisements appear, they'll see the picture and won't be asked to authenticate.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: 2000 Admin with 2006 question about features - 22.May2007 5:10:43 PM
|
|
|
JohnnyF
Posts: 10
Joined: 2.Jun.2003
From: Flint, Michigan
Status: offline
|
Hi Tom:
Now I understand. I had never seen the Deny, redirect, settings. My installation is actually opposite of your description. I am not denying specific sites, I am allowing specific sites via a destination set. So I never use the Deny or get a chance to redirect.
Full access is limited to specific AD groups. Domain Users are only allowed access to those web sites in the Destination set. I have disabled the HTTP Redirector so if a site is not in the Destination set, users get the user name and password prompt. Is there a Master setting where you can set a redirect for denied sites, since I ma not using a deny rule?
Thanks again for your time Tom. I did get approval for an ISA 2006 machine so hopefully I will be addressing the same issue on that in about a month.
John
|
|
|
|
|
RE: 2000 Admin with 2006 question about features - 23.May2007 11:13:50 AM
|
|
|
tshinder
Posts: 47644
Joined: 10.Jan.2001
From: Texas
Status: offline
|
There is a registry setting that you can make in ISA 2006 that will prevent those auth prompts from coming up even when you don't have a deny rule.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: 2000 Admin with 2006 question about features - 23.May2007 5:02:19 PM
|
|
|
JohnnyF
Posts: 10
Joined: 2.Jun.2003
From: Flint, Michigan
Status: offline
|
Thanks Tom. When I get the new system I will look into it.
John
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
