When I check my reports, TOp users I saw a lot of unknown users, as we know this kind of users are (SecureNAT clients and unauthenticated Web Proxy clients). So, the question is, there is any option in order to identify this users? you know.
You have to disable Anonymous users or All Users for web traffic, or any traffic that you want to collect user information on.
Goto your http/https outbound rule and remove all users and set it to authenticated users only. This will force the fwclient to send the credentials to ISA.
If you only want web traffic create a seperate rule for http/https outbound and 'other' traffic outbound. Since your servers usually require things like sntp/dns/smtp etc you want to seperate usage so you dont squash your servers ability to do its work.