I'm using ISA in Proxy only mode inside my LAN. I've been experimenting with S&C and protocol rules, regarding anonymous access. I have changed both my site&content and protocol rule from allow all requests to allow Domain Users (these two are the only ones I have)... Am I wrong, or that effectively removed all anonymous access to the Internet?
If that is the case, why should I bother about that config in the outbound web requests named "ask unauthenticated users for authentication"? I've changed it, and noticed two differences so far: one is that for most of the time, inside "sessions" in the management console, I get to see one anonymous session + one user session for each computer (ip); and the other, in the web proxy log, it seemed to me that these anonymous requests were getting 407 errors before I cleared the aforementioned checkbox in the outbound web requests tab, and now different codes appear in the sc-status field. Are there any more implications to this configuration?
I've read the article and made the necessary changes in ISA's configuration. So it seems the fact that anonymous users still appear in ISA's "sessions" pane is sort of a bug, because these connections are getting nowhere (at least in the logs no data is transferred for them), probably they appear only to send the user's credentials to the Proxy Service.