I have multiple-domain environment where ISA Server is in its own domain. I have Web Proxy clients authenticating using integrated windows method on Intenal Network object. I have 2 rules. The first one allows only one group of forest users to access internet. The second one allows the other group. There is no rule to allow anonymus access.
I want to accomplish the following: When I login as administrator (user that is not allowed access by either rule) to computer and try to access internet as a Web Proxy client, I want to be prompted with authentication login box from ISA server, so I can provide credentials for one of the users that are allowed access.
OK, this works when I have non-domain environment and integrated authentication fails. ISA server will prompt user for credentials. But for me, this doesn't work in a domain environment. It seams to me that ISA will get domain credentials from a loged-in user (administrator) and deny him access according to the rule.
Did I understand you well: I should configure my Internal Network object listener for web proxy clients - not to use any kind of authentication?
Because, I want all users that are loged in with domain credentials that are allowed by rules, to be automatically allowed to browse internet. And only users such as Admin that is not allowed by any rule to be prompted.