Hi everyone, I have ISA 2006 Standard Beta on W2K3 server and have a domain. ISA computer is also a domain member server. I want to block traffic for workgroup computers, only the domain members will have access to internet. (don't want people to authenticate by using their domain accounts on a workgroup computer. If the computer is not a member of my domain, it will be blocked) I think I tried many many things with ISA Server but I couldn't achieve this issue. Can anyone help me?Thanx...
< Message edited by timini -- 30.Jan.2008 10:43:42 AM >
Are all your workgroup computers on a predictable IP subnet or address range? If so you can create Computer Set in ISA with the complete list of workgroup IP Address ranges, and then create a rule in ISA that Deny's that computer set access to the external network.
I mean, for example one of our stuff brings his own notebook, then connects his notebook to LAN with his own cable, I have a DHCP server on DC, so he is able to get IP address from DHCP easily, I have only one IP subnet. IP address reservation on DHCP didn't work because he can get reserved IP by using MAC address changer software.I also tried to fix MAC address on switch but he can pass in the same way :(. So I decided to use Active Directory based authentication but this time a logon box appears and he can pass once again by providing his active directory account. Actually I don't want ISA server to show this logon box, i want ISA server to deny this connection attempt immediately. Do I want lots of things :))
< Message edited by timini -- 30.Jan.2008 10:46:20 AM >