Logging without authentication? - got 2 work but nasty (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> Logging and Reporting


GSandGN -> Logging without authentication? - got 2 work but nasty (16.Mar.2005 5:29:00 PM)

Isa2004 Standard - Public School environment

Our local vendor did the initial config and setup a Web access firewall policy that has an "All Users" condition. Makes for easier web access for students but puts anonymous user entries in the Monitoring/Logging window.

What I wanted was a way to see who_went_where without authentication. Not quite ready to take that step with the student body! My assumption is that authentication would populate the logs. Authentication will probably happen someday just so students dont use some of the generic logins.

Anyway, to get around this what I did was create another Web access rule that instead of "All Users" it has user groups that I created from our AD users. I excluded the Elem school as they dont have individual accounts anyway.

Worked! I could then get live data or historical data that showed the username and the site they went to (often just the IP but thats another issue). I did this by "Client Username" filter with our domain as the keyword. Nice, I could sort by individual if needed.

Problems: Its not clean. I think this somewhat redundant rule might have a negative impact but Im not sure yet. Further and the immediate issue - state assessment software that sends data via internet will not allow students to login unless I disable the new rule I made.

Questions: Is there a better way? Hopefully something simple? Can I exclude an app? I was on leave for 6weeks and came back to ISA2004! <grin> No suprise really but moving from Proxy2.0 has its challenges.



tshinder -> RE: Logging without authentication? - got 2 work but nasty (17.Mar.2005 2:39:00 PM)

Hi S,

In order to get Web site names and user information, you need to configure the clients as Web proxy clients. The ISA in education kit has everything you need to know for automating the Web proxy client configuration.


GSandGN -> RE: Logging without authentication? - got 2 work but nasty (17.Mar.2005 11:00:00 PM)

Had a nice reply/qestion all typed up but MS popup blocking erased it. Now you get the blunt version.

I think our clients are in proxy mode, they get the proxy info in their browsers.

I dont see a proxy vs firewall "mode" for clients to verify config. I gather if you have proxy config entries on isa server, the clients are in proxy mode.

I DO get the information I want but had to create a new ruleset that had the AD users listed in user groups created on the isa server. This is a redundant rule! Things dont always break immediately and its a live environment. Ask first, test later!

Everything would be fine but my new rule, when enabled, prevents access to online assessment testing. I *think* I found how to exclude this but havent tested yet.

Am I stuck? Do I only have the options of:
1: custom rule made up of nearly our entire user base? Rules including domain users by group didnt work. This adds more maintenance.
2: require authentication so logs are populated with user information?

Page: [1]