Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsWindows Server 2003Windows 2000Windows NTSmall Business ServerVirtual ServerExchange ServerIISHost Integration ServerISA ServerSMSWSUSMOMWindows Media ServerSecurityCertification
Related Topics
SQL ServerMS WindowsMS OfficePC HardwareMore Topics ...
Windows Server Forum / Small Business Server / SBS 4.0 & 4.5 / April 2005

Tip: Looking for answers? Try searching our database.

One for Steve Foster

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Gary D - 29 Apr 2005 08:55 GMT
Hi Steve. You replied to my earlier post about restricting web sites using
destination sets and s/c rules in ISA.

I had a default set of SBS2003 rules. I am able to ALLOW  a user access to
all websites except for hotmail.com (for example). BUT I am unable to DENY
the user access to all websites except for hotmail.com

When the 2nd scenario is in place all websites seemed to be barred, as
though the specific allow (for hotmail.com) is being ignored.
Reply to this Message
Steve Foster [SBS MVP] - 29 Apr 2005 15:01 GMT
> Hi Steve. You replied to my earlier post about restricting web sites using
> destination sets and s/c rules in ISA.
[quoted text clipped - 5 lines]
> When the 2nd scenario is in place all websites seemed to be barred, as
> though the specific allow (for hotmail.com) is being ignored.

As I undoubtedly explained, Deny always beats Allow.

So, any Rule that Denies All effectively kills all access (this is handy
to know if you've got a trojan/spyware/whatever spewing crud to the net).

You need two Rules:

* one to Allow access to specific sites (or a blanket Allow All)
* one to Deny access to "All except Selected Destinations" using the
allowed sites set

Signature

Steve Foster [SBS MVP]
---------------------------------------
MVPs do not work for Microsoft. Please reply only to the newsgroups.

Reply to this Message
Gary D - 29 Apr 2005 16:13 GMT
Thanks for the reply again steve.
I have the ALLOW ALL rule as you explained. I also have a rule which Denies
access to "All except Selected Destinations" for the user in question. When
trying to access ANY destination from the users client PC I am prompted for
username and password to connect to ISA. I have installed ISA SP2 if that
has any bearing.

Confused !
and thanks again,
Gary

>> Hi Steve. You replied to my earlier post about restricting web sites
> using
[quoted text clipped - 19 lines]
> * one to Deny access to "All except Selected Destinations" using the
> allowed sites set
Reply to this Message
Gary D - 29 Apr 2005 16:51 GMT
Steve, sorted it. Looks like a corrupt "test user". Used a different live
user, all worked OK. Thanks again

Gary

>> Hi Steve. You replied to my earlier post about restricting web sites
> using
[quoted text clipped - 19 lines]
> * one to Deny access to "All except Selected Destinations" using the
> allowed sites set
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.