Like most users here, I am in need of help with ISA.

I have the following scenario:
* Windows 2000 Domain, primary DC on 10.0.0.2 running DNS
* ISA installed on different server that is not part of the W2K 2000 DOMAIN, pointing to primary DNS 10.0.0.2 and secondary to ISP DNS
* use dial-up connection from ISA server
* W2K Pro clients, part of the W2K domain, running auto-discovery on IE 5.5.
I need to restrict access to various web sites according to W2K domain group membership. I have created default rules that allow all traffic for all destination sets for all client PCs. Everything is fine. I create a destination set with 1 domain in the address list i.e. *.microsoft.com and create a Site & Conetnt Rule for a W2K Domain Global group to access that site only. It does not work, prompting with a Web Site Not Found error. I enable back in This Rule Applies To: All destinations and it is fine again.
I would appreciate and suggestions.

Kind Regards and TIA,

Romy Stevensen

Join the ISA Server to the domain and then you'll be able to take advantage of the user account database in your access controls.

HTH,
Tom

------------------
Tom Shinder
http://www.isaserver.org/shinder/

Get It Here

First of all, thanks for replying.
Secondly, your solution sounds clean enough, however wouldn't that present a security risk ? Isnt't the Site & Content supposed to allow me what I want to do in my current config ?

Kind Regards and once again TIA,

Romy Stevensen

quote:

---

Originally posted by tshinder:
Hi Romy,

Join the ISA Server to the domain and then you'll be able to take advantage of the user account database in your access controls.

HTH,
Tom

---

Yes, but you have to have access to the user database, and that's why you need to join the computer to the domain. Then the Site and Content rule can do its job.

HTH,
Tom

------------------
Tom Shinder
http://www.isaserver.org/shinder/

Get It Here