I'm using windows server 2003 SP2 and ISA Server 2004.. I want to give specific users in my organization full authorization for downloading and accessing website, and other people deny this authorization for others.. how can I do that by IPs?
Hi, First create domain name sets that contain the websites that you want the selected users to have full access (you can call it DENY SITES). Then Do this: Right click Firewall policy, navigate to new > Access rule; give the access rule a name, click next, rule action must be DENY > all outbound traffic > source will be INTERNAL > destination will be DENY SITES > then user set will be ALL USERS. After that double click the new access rule go to the FRON / DESTINATION tab and create exceptions, add a new computer set which contains the IP addresses of the computer that you want to give full access, add the computer set to the exceptions tab. and that should do the trick..... Please note that when this is done, nobody except those in the exceptions tab can go to those sites but they can all browse the internet except those sites..... Now if you want nobody to browse you can use the same process but this time it will be from INTERNAL > EXTERNAL, with the computers you want to browse in the exceptions tab....
Thank you noddles for your reply. I already have the rule access for internet, and I created a rule for deny websites, but this rule deny for all users, but I want to allow this websites for specific users.. So I think I have to create some sets for exceptions first to can do what u asked me.. maybe by creating domain name sets, but I don’t know how to do it. And my other question is how to deny some users to download some extensions of files like mp3, exe,flv… etc.., and I know how to deny this command for everyone but I want specific users to can download this extensions of files and others not. So what can I do to make this rule? Notes: I want to make this by users IP`s. Please if you can explain more to can get it.. Thanks again and best regards
3- Allow Download Rule Allow > Protocols > From Computer List 3 > To External > ALL Users
and regarding the computer list :
On the Access Rule Sources page, we need to create a Computer Object/Set to include the IP(s) of our Apple Macintosh machine(s), click on the Add button, click on Computer Set so that we can include in it multiple IPs for different machines
Enter a name for the new Computer Set, click on the Add button, then click on Computer, enter the name of the Mac machine, the IP Address and then click on OK, repeat these steps for every machine you want to add.
Once you finish adding all the machines inside the Computer Set, click on OK, and from the Add Network Entities page, expand Computer Sets folder, and you will see the new computer set that we created, click on it and then click Add. The MACINTOSH MACHINES computer set will be added in the Access Rule Sources page, Click Close to close the Add Network Entities page then click Next
First of all i would like to thank you for your reply and explaining..
I already did everything you wrote except the important thing i would like to know which is how to stop some users in my organization for downloading .. i know how to stop everyone trhough the network to download any extension i add and that for sure will stop me also to make download, but what i want that how to stop some of users ( By IP Address ) to download the extensions i add like vedio and audio. I want only me and some users to have this access to download all the extensions, and other users only can download doc. extensions.
The Rules I have ... Internet Access Rule , Deny Website Rules