• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Unexpected rule apply to other user

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Unexpected rule apply to other user Page: [1]
Login
Message << Older Topic   Newer Topic >>
Unexpected rule apply to other user - 1.Mar.2010 11:16:20 PM   
Mekong River

 

Posts: 78
Joined: 9.Aug.2009
Status: offline
Hi, I have configure the rule on my ISA server 2004 to block the user that already leave from my organization. I have configure the following rule:

General ab:
   Rule Name: Block Access to Internet
   Enable: Yes
Action tab: Deny
Protocol tab: Selected Protocol (HTTP, HTTPS)
From tab: Internal
To tab: External
Content type tab: All content type
Schedule tab: Always
User tab: (Group of user whose already leave my organization)

The problem is one of my user which is not join to domain (anonymous user) with an IP address: 192.168.1.226 could not access to an internet to update his Kaspersky anti-virus program.

When I check with ISA log file, I found that this user faced with the above rule. I really wonder why it met with the above rule? Because I have configure only for the user that already leave my office. Not All users group.

If anyone know what is the cause of the problem and the solution please let me know.

Thank,
Kanel
Post #: 1
RE: Unexpected rule apply to other user - 2.Mar.2010 10:51:05 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
That is silly,...sorry, but it is.  You don't create firewall rule to block people that don't work there anymore.

When someone leaves you do one of the following:

1. Delete their account

OR

2. Disable the account.  Create a Group called Disabled Users.  Add the account to that group and make that group their Default Group.  Remove them from all other groups (including Domain Users).  Remove the Dialin Right from their account if it was set.

That is all.  There is no monkeying around with the Firewall.

_____________________________

Phillip Windell

(in reply to Mekong River)
Post #: 2
RE: Unexpected rule apply to other user - 2.Mar.2010 9:18:52 PM   
Mekong River

 

Posts: 78
Joined: 9.Aug.2009
Status: offline
The situation in here could not allow me to do that. Whether the staff, leave from work the management require the computer to automatic logon with the former staff credential when they need to check their working document. That is the reason that I can't delete or disable his account.

On the other hand, the former staff also visit his computer during working hour if his former team leader need him to show some file. That is why management just ask me to restrict them from access the internet only.

So, with the above situation could you please let me know which rule configuration that suitable to this requirement?

Thank,
Kanel

(in reply to pwindell)
Post #: 3
RE: Unexpected rule apply to other user - 3.Mar.2010 12:12:33 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
General ab:
   Rule Name: Block Access to Internet
   Enable: Yes
Action tab: Deny
Protocol tab: Selected Protocol (HTTP, HTTPS)
From tab: Internal
To tab: External
Content type tab: All content type
Schedule tab: Always
User tab: (Group of user whose already leave my organization)


The Rule is correct for what it needs to do. There is nothing wrong with it.

The problem is one of my user which is not join to domain (anonymous user) with an IP address: 192.168.1.226 could not access to an internet to update his Kaspersky anti-virus program.

One has nothing to do with the other.  Your "Deny Old Users" rule only effects specific users (the ones in the Group).   It has nothing to do with anonymous users.

You have to create a separate Rule for anonymous users.


_____________________________

Phillip Windell

(in reply to Mekong River)
Post #: 4
RE: Unexpected rule apply to other user - 3.Mar.2010 8:29:50 PM   
Mekong River

 

Posts: 78
Joined: 9.Aug.2009
Status: offline
Thank you for your reply. Now I have the solution. I just add an exception to the computer that is not join to the domain and now they could use it as before.

Thank for your help!!!

(in reply to pwindell)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Unexpected rule apply to other user Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts