RE: GPO that forces users to use a proxy server.

From: Jim Harrison (ISA) (jmharr_at_microsoft.com)
Date: 10/30/04

  • Next message: Martin Mewes: "Re: Remove "Shutdown" command from w2k PCs but enable restart"
    Date: Fri, 29 Oct 2004 15:17:59 -0700
    To: "Philip Wagenaar" <pb.wagenaar@chello.nl>, <focus-ms@securityfocus.com>
    
    

    Sorry; ISA 2004 doesn't add anything that will make this problem any easier to solve.
    If the browser is configured to use a specific proxy, it'll stick with that idea, come what may.

    "Automatic configuration" is the only way to allow "self-adjustment" for IE.

    Another thing to keep in mind; if you use a firewall client on the laptops, this can adversely affect your client's ability to "switch modes" when they go home.
    As with IE, the best setting for the ISA firewall client is "automatically detect". This allows it to "self-disable" when it can't find an ISA server.
    This firewall client setting requires that you configure wpad support in your networks.
    It's all discussed in the ISA help and at www.isaserver.org...

    Jim Harrison
    MCP(NT4/2K), A+, Network+
    Security Business Unit (ISA SE)

    "The last 10 years of Internet usage has disproven
    the theory that a million monkeys typing on a million
    typewriters would eventually produce the complete
    works of Shakespeare. ..or maybe it only works for
    typewriters..."
    (unclaimed)

    -----Original Message-----
    From: Philip Wagenaar [mailto:pb.wagenaar@chello.nl]
    Sent: Friday, October 29, 2004 1:41 AM
    To: focus-ms@securityfocus.com
    Subject: RE: GPO that forces users to use a proxy server.

    I believe ISA Server 2004 can tackle this problem. It set's two different
    rules for clients connected to the domain and another if the client is not
    connected to the domain. The idea here is that clients outside your network
    can be restricted more. I am not sure, but I guess you could also set rules
    about using proxies.

    Philip Wagenaar

    -----Oorspronkelijk bericht-----
    Van: Ryan Parrish [mailto:RyanP@foxracing.com]
    Verzonden: donderdag 28 oktober 2004 21:28
    Aan: focus-ms@securityfocus.com
    Onderwerp: GPO that forces users to use a proxy server.

    We are trying to implement a GPO that forces all users/computers to use a
    proxy sever for there internet access in the company, but have hit a snag.
    We have lots of laptop users that we found during testing when they take
    there laptops home they can access the internet using there own ISP since we
    set the policy to use a proxy server that is not available to the outside
    internet, thus they get no internet access.
    Has anybody dealt with this kind of situation before? Is there a way to set
    a GPO to only be active during business hours?

    _-`-_-`-_-`-_-`-_-`-_-`-_-`-_-`-_-`-_

    Ryan Parrish
    ryanp@foxracing.com
    IT Dept.
    408-776-8633 extension 1229
    Please direct all support questions to -
    (`..-> itsupport@foxracing.com

    _-`-_-`-_-`-_-`-_-`-_-`-_-`-_-`-_-`-_

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

    ----------------------------------------
    My Inbox is protected by SPAMfighter
    1501 spam mails have been blocked so far.
    Download free www.spamfighter.com today!

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Martin Mewes: "Re: Remove "Shutdown" command from w2k PCs but enable restart"

    Relevant Pages

    • Re: Site2Site VPN - Web page requests returns FWX_E_TERMINATING
      ... have?Firewall client or Web proxy clients?If you are using FWC is normal ... to use proxy locally and create an exception for your web site. ... in them,...this causes them to be interpreted by Internet ... Understanding the ISA 2004 Access Rule Processing ...
      (microsoft.public.isa.vpn)
    • Re: Exception list problem in internet explorer in the Local Netwo
      ... But I don't want that the requests to the internal web sites in the local ... network go to the ISA proxy. ... However I never use GPO for proxy settings it is too rigid and does seem to have ... We use the ISA proxy server to go to internet in the local network. ...
      (microsoft.public.isa.clients)
    • RE: ISA 2004 - Internet Access without using Firewall Client
      ... you can not install ISA firewall client on mobile laptops but meanwhile ... make the laptops to access Internet through ISA server. ... we can make the laptops to access Internet without ...
      (microsoft.public.windows.server.sbs)
    • RE: 504 Proxy timeout only with SSL traffic
      ... Hi I setup an access rule as you requested and tried it with web proxy off on ... the DMZ network is considered External to the ... And can access all other HTTPS sites on the internet? ... that there may be something wrong with the proxy engine on the ISA, ...
      (microsoft.public.isa)
    • Re: Site2Site VPN - Web page requests returns FWX_E_TERMINATING
      ... The browser has a proxy deny rule to point allow all mab.intra traffic to go ... bypass the proxy within the ISA server. ... them,...this causes them to be interpreted by Internet ... Troubleshooting Client Authentication on Access Rules in ISA Server 2004 ...
      (microsoft.public.isa.vpn)