ISA 2006 + Firewall client + Exceptions!
This is being a pain in the rear.
We're using ISA Server 2006, every PC on the network has the Forefront TMG Client (it works with ISA2006 and i seen fit to update it when i remade our base image, but we had the same problem with isa client 2006 too). When someone logs on, the group policy settings take affect, then the firewall client overwrites the policies settings with its own configuration which blanks the exceptions box.
I've tried setting up exceptions within the ISA server under the Internal network > Web browser > Directly access these servers for domains section, that didn't work. I've tried unticking the box for "Use a web proxy server" under "Web browser configuration on the firewall client computer" which is in the "firewall client" tab of the internal network configuration. When i did that some PCs started getting issues connecting to the internet, I couldn't find out exactly but it sounded like unticking this box meant the firewall client was also unticking that box on client PCs (thus no proxy connection). The only thing I haven't tried is unticking "Enable firewall client support for this network" but i don't really know what effect that will have either....
I think what i need to know is the exact effect these settings within the ISA server have on the client. Do they clear the setting or do they just stop the client from forcing the setting? and does anyone have any suggestions for getting my exceptions working properly?
Also lastly, this might sound pretty stupid but what does the firewall client actually bring to the table? I get the impression i need it in order to get a more in depth look on the monitoring but does it benefit us in any other way? (Half tempted just to globally disable the firewall client service!)