ISA Server 2000 Rule Issue
#1
ISA Server 2000 Rule Issue
Hi,
I am new to the whole ISA server lark and have inherited a SBS 2000 server with ISA Server 2000 on it. I have been tasked with removing internet access for a number of users which works fine although there are a number of Internet sites which theses users will require access to.
I have created a site and content rule
> Destinations - this rule appies to : All external Destinations
> Schedule - default - all times
> Action - denied ( HTTP requests go to a denied page on intranet)
> Applies to - users (list of users)
> HTTP Content - all content
This works fine for no access and for access to the intranet but like I say they will need access to some websites. Any ideas any one ..........
Cheers
Crewy
I am new to the whole ISA server lark and have inherited a SBS 2000 server with ISA Server 2000 on it. I have been tasked with removing internet access for a number of users which works fine although there are a number of Internet sites which theses users will require access to.
I have created a site and content rule
> Destinations - this rule appies to : All external Destinations
> Schedule - default - all times
> Action - denied ( HTTP requests go to a denied page on intranet)
> Applies to - users (list of users)
> HTTP Content - all content
This works fine for no access and for access to the intranet but like I say they will need access to some websites. Any ideas any one ..........
Cheers
Crewy
#2
Scooby Regular
Join Date: Jul 2000
Location: cloud cuckoo land
Posts: 536
Likes: 0
Received 0 Likes
on
0 Posts
ISA works by using the most specific rules first.
It seems you need to have 3 rules for access set up.
1. Allow some users full access to the internet
2. Allow remaining users access to some sites
3. Deny access to all other sites for all other users.
So...
In windows create 2 user groups. One for people with full access and one for those who get "regulated" access.
Then create a destination set in ISA which contails all the websites you wish those regulated users to have access to. Use *.website.com rather than www.website.com just incase they use multiple hosts.
Now define rule number one
> Destinations - this rule appies to : All external Destinations
> Schedule - default - all times
> Action - allowed
> Applies to - Permitted user group
> HTTP Content - all content
Now define rule number two
> Destinations - this rule appies to : Regulated destination set
> Schedule - default - all times
> Action - allowed
> Applies to - regulated user group
> HTTP Content - all content
Lastly define rule number three
> Destinations - this rule appies to :All external Destinations
> Schedule - default - all times
> Action - denied
> Applies to - everyone
> HTTP Content - all content
<disclaimer>It's been a year or so since I touched ISA server</disclaimer>
It seems you need to have 3 rules for access set up.
1. Allow some users full access to the internet
2. Allow remaining users access to some sites
3. Deny access to all other sites for all other users.
So...
In windows create 2 user groups. One for people with full access and one for those who get "regulated" access.
Then create a destination set in ISA which contails all the websites you wish those regulated users to have access to. Use *.website.com rather than www.website.com just incase they use multiple hosts.
Now define rule number one
> Destinations - this rule appies to : All external Destinations
> Schedule - default - all times
> Action - allowed
> Applies to - Permitted user group
> HTTP Content - all content
Now define rule number two
> Destinations - this rule appies to : Regulated destination set
> Schedule - default - all times
> Action - allowed
> Applies to - regulated user group
> HTTP Content - all content
Lastly define rule number three
> Destinations - this rule appies to :All external Destinations
> Schedule - default - all times
> Action - denied
> Applies to - everyone
> HTTP Content - all content
<disclaimer>It's been a year or so since I touched ISA server</disclaimer>
Thread
Thread Starter
Forum
Replies
Last Post
Phil3822
General Technical
0
30 September 2015 06:29 PM