Pass through authentication
Hi all A problem I have with my ISA server is this; We have some users that have a database and it asks a web sight for updates there are about 20 or so users using this, the other 180 users don't need to access this site at all, I set up authentication for all users and the logging was spot on bringing up all usernames, except that is for the people that have to use this database, they now can't get to their web site, I called the company that supplied the software we are using, and they said that the fact that it goes out anonymously is hard coded into their program and cannot be changed.
At the moment no usernames are shown but the powers that be want this changed, for now I have taken off All users to authenticate from the properties sheet in the internal networks dialog box, if that makes sense
So my question is can I make a group and allow the users of this said software to go out anonymously whilst everyone else gets authenticated and their names back into the username logging field?
I hope someone can point me to a way to get this done
On our network we have 3 Tablets running Windows CE, CE's can not be joined to a Windows domain, they allow non-employess to access the Internet. We had the same problem, when we implemented integrated Windows authentication, the rest of the computers on the domain (computer members), were able to access the internet w/o the authentication prompt, however the 3 tablets were requiring authentication with the proxy when accessing IE. I believe your problem is the proxy authetication as well. The solution we implemented: 1. Create a computer set. We added the three tablet IP addresses to this computer set. For example: 192.168.100.10 to 192.168.100.14, This is done from Firewall Policies\Toolbox\Computer sets 2. We created a rule for the Tablets computer set to allow internet access 3. We modify the rule, we disable http/https proxy for this rule 4. On the tablets we modified the IE settings, From Internet Options\Connections\LAN settings, we enabled: Automatic Detect settings and unchecked the box that specifies the proxy server.
As a result they have internet acceess w/o being authenticated by the proxy
One more thing, this rule should be on top of the general allow Internet Access from Internal to External If your users are assigned one computer, you can create a computer sets for this specific group.
Of course you won't see the domain_name /user_name from the Monitoring Tabs for these connections because they are bypassing the proxy
When you made the comment down below I did not respond to the forum with a "Huh?".
My knowledge on ISA 2000 sucks, but ISTR that binding multiple IPs to the external NIC is only available on ISA 2K4. < Message edited by LLigetfa -- 14.Jan.2006 3:52:26 PM >
I really believe we are here to interchange knowledge, help and learn from others. Trying to help, I did post a procedure, may be is no the best approach, but it was a procedure for a solution. It is so easy to post one sentence, If you are really trying to help you should go deeper than that. I am not trying to make a confrontation, but I believe I need to make that remark
From: fort frances.on.ca
I am not trying to make a confrontation
I don't know... kind of a strong reaction to "Huh?".
I confessed my lack of knowledge of ISA 2000 so I don't know why you insist on rubbing my nose in it. Why? Because I dared disagree with your advice? If you disagree with my advice, state your objections, don't dredge up irrelevent quotes.
You seem to like writing long dissertations and to each his own. I think I conveyed the necessary information on one sentence. Are we to have a contest of word counts?
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.