Preventing users from disabling ISA Firewall Client (Full Version)

All Forums >> [ISA 2006 General] >> General


RobinINL -> Preventing users from disabling ISA Firewall Client (11.Jul.2013 6:10:40 AM)


I am using ISA Server 2006, Standard Edition.

Some users in my company are disabling Firewall Client from their computer( By unchecking "ENABLE MICROSOFT FIREWALL CLIENT FOR ISA SERVER") and surfing internet in blocked hours.

Someone please provide me a solution for this

pwindell -> RE: Preventing users from disabling ISA Firewall Client (11.Oct.2013 8:45:11 AM)

The Clients need to be Web Proxy, Firewall [Winsock Proxy] clients and SecureNAT Clients at the same time.

Enforce the proxy settings with WPAD

The only way to bypass the hours is to be surfing out via a different Rule that does not have restrictions, most likely anonymously which lets them use the SecureNAT Service after they disable the Firewall Client, although I think the same would be possible via the Web Proxy Service if there was a non-restricted rule allowing that.

Bottom line, I think you have a design flaw in the rules you created and the way/order they are listed in. You need to inventory and inspect you rules.

In the end disabling the Firewall Client should never "gain" the user anything, a properly configured setup disabling the Firewall Client would simply take away the benefits they had from it, they "lose" rather than "gain".

Page: [1]