I have an ISA Server setup. Firewall clients on all the PCs on my network. I have the ISA Server setup to deny internet access to any client who cannot provide Active Directory authentication. However, this presents the problem that system services on network member computers (Windows Update, for example) cannot access the internet since they can't authenticate via AD.
Help?
 |
 |
 |
 |
|
|||||||
| General Software - ISA 06 AD Authentication Question posted in the Software forums; I have an ISA Server setup. Firewall clients on all the PCs on my network. I have the ISA Server setup to deny internet access to any client who cannot ... |
|
06-23-2009
|
#1 |
|
Bronze Member
 Join Date: Jan 2009
Posts: 39 PC Experience: PC Guru
|
ISA 06 AD Authentication Question
|
|
|
| Advertisement - Register to Remove | |
|
|
06-23-2009
|
#2 |
|
Mod Team Leader
 
Join Date: Dec 2005
Location: Skynet HQ (kinda near PCHF bunker)
Posts: 2,091 PC Experience: Learning more every day!
|
Re: ISA 06 AD Authentication Question
Hello Spike15, welcome back to the forum!
I will mark your thread as open so one of our great techs will be able to help you as soon as possible  Thanks for your patience! Regards, Smokeycheech 
|
|
|
|
|
06-24-2009
|
#3 |
|
Bronze Member
Join Date: Jan 2009
Posts: 39 PC Experience: PC Guru
|
Re: ISA 06 AD Authentication Question
I can confirm that other processes are affected by this.
Outlook 2007, for example, will never connect to mail servers outside the firewall so long as I have internet access denied to all non-authenticated users. Windows Update also fails. The bizarre thing is that some, decidedly non-standard traffic, succeeds to authenticate itself. World of Warcraft, for example, works over this method. |
|
|
|
|
06-24-2009
|
#4 |
|
Bronze Member
Join Date: Jan 2009
Posts: 39 PC Experience: PC Guru
|
Re: ISA 06 AD Authentication Question
Here are some pictures detailing the problem:
  Any help would be appreciated, although given my history with this site I'm not remaining hopeful and am still searching for solutions manically... EDIT: The following are not solutions: Allowing access on a per-computer basis. I want to filter access based on the users who are logged into computers, not the computers themselves. I also have wireless et cetera and don't want uninvited/-authorized people accessing my internet connection by spoofing IP addresses. Allowing blanket access to the internet. Not only does this run into problems as detailed above, but I also want to be able to apply access restrictions to certain users, users who, due to the nature of their computer use, have administrative rights on their PCs. If I allow blanket access to the internet, and then restrict access per user, these particular users can totally circumvent the scheme by just uninstalling the firewall client. Last edited by Spike15; 06-24-2009 at 10:33 AM. |
|
|
|
|
06-24-2009
|
#5 |
|
Bronze Member
Join Date: Jan 2009
Posts: 39 PC Experience: PC Guru
|
Re: ISA 06 AD Authentication Question
Unsurprisingly, I solved this myself.
|
|
|
|
|
06-24-2009
|
#6 |
|
Mod Team Leader
Join Date: Dec 2005
Location: Skynet HQ (kinda near PCHF bunker)
Posts: 2,091 PC Experience: Learning more every day!
|
Re: ISA 06 AD Authentication Question
Excellent Spike! i will mark this as resolved for you!
I am sorry we couldn't add any input for you, you were too quick for us this time! Regards, Smokeycheech 
|
|
|
|
|
| Bookmarks |
| Tags |
| 06, ad, authentication, isa, Open:, question, Resolved: |
Similar discussions...
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Pending: Question on MBR | toyuser | Windows Vista & 7 | 6 | 01-29-2009 11:05 AM |
| <News> Imprivata Updates Authentication | Newsie | IT News | 0 | 08-21-2007 08:38 AM |
| <News> Secure Computing Releases Mobile Access Authentication | Newsie | IT News | 0 | 07-12-2007 08:35 AM |
| USB question. | GC27 | Peripherals | 5 | 08-04-2006 11:39 PM |
| A question | Ryan | Windows XP/2000 | 1 | 07-27-2006 03:54 AM |
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
