+ Post New Thread
Results 1 to 9 of 9
Windows Thread, ISA 2006 + blocking internet for AD group in Technical; Hi, I might be missing a trick here but all the students go through one ISA. installed is ISA 2006, ...
  1. #1
    Paid_Peanuts's Avatar
    Join Date
    Jun 2007
    Location
    South Yorkshire
    Posts
    232
    Thank Post
    11
    Thanked 13 Times in 12 Posts
    Rep Power
    17

    ISA 2006 + blocking internet for AD group

    Hi,
    I might be missing a trick here but all the students go through one ISA.
    installed is ISA 2006, it has the normal outbound rules etc.

    What i have created in AD is a security group where i can add students, so for example the group is: No-Internet.
    A student tester account (y8tester) is added to the above group.

    Then i have created an access rule in ISA to deny and redirect traffic for the AD group. The rule is as follows:
    deny http, https, from internal to external for No-Internet.

    I apply the settings however this doesnt block the internet for this y8tester account - am i missing somehting there becasue all the websites i visit say it is this easy to setup.

    Any help greatly appriated.

  2. #2
    mullet_man's Avatar
    Join Date
    Oct 2005
    Location
    Oldham
    Posts
    726
    Thank Post
    34
    Thanked 46 Times in 45 Posts
    Rep Power
    26

    Re: ISA 2006 + blocking internet for AD group

    Is the block rule above the allow rule?

  3. #3
    Paid_Peanuts's Avatar
    Join Date
    Jun 2007
    Location
    South Yorkshire
    Posts
    232
    Thank Post
    11
    Thanked 13 Times in 12 Posts
    Rep Power
    17

    Re: ISA 2006 + blocking internet for AD group

    The rules are as follows:
    1) Outbound allow all outbound from internal and local host to external for all users
    2) Ping allow ping from internal to all networks including local host for all users
    3) Inbound RDP allow RDP from external and internal to xxx.xxx.xxx.xxx for all users
    4) No-Internet deny http and https from internal to external for no-Internet

  4. #4
    mullet_man's Avatar
    Join Date
    Oct 2005
    Location
    Oldham
    Posts
    726
    Thank Post
    34
    Thanked 46 Times in 45 Posts
    Rep Power
    26

    Re: ISA 2006 + blocking internet for AD group

    Your no internet rule is after your allow rule so its not gonna stop them am guessing.

    Our ISA box was setup by someone else, but we have it setup

    Banned Sites (deny)
    Banned Users (deny)
    Pupil Internet (allow)

    Try creating new rules in that kind of order, it should work. You just need to make sure you add the right pupil groups to the allow, and create a new group called Banned Internet something along those lines.

  5. #5
    Paid_Peanuts's Avatar
    Join Date
    Jun 2007
    Location
    South Yorkshire
    Posts
    232
    Thank Post
    11
    Thanked 13 Times in 12 Posts
    Rep Power
    17

    Re: ISA 2006 + blocking internet for AD group

    I have moved the no-Internet(Deny) rule to number 1 and its made no difference.
    Just applying the settings in ISA should be enought right - i dont have to restart a service or anything in order for the changes to the rules to apply?

  6. #6
    Paid_Peanuts's Avatar
    Join Date
    Jun 2007
    Location
    South Yorkshire
    Posts
    232
    Thank Post
    11
    Thanked 13 Times in 12 Posts
    Rep Power
    17

    Re: ISA 2006 + blocking internet for AD group

    We have another ISA 2006 box which is for admin use - this wouldn't be interfering would it?

  7. #7
    sahmeepee's Avatar
    Join Date
    Oct 2005
    Location
    Greater Manchester
    Posts
    795
    Thank Post
    20
    Thanked 70 Times in 42 Posts
    Rep Power
    33

    Re: ISA 2006 + blocking internet for AD group

    As a starting point I would go into the monitoring section of ISA, tell it only to monitor stuff from the IP addy of the computer your test user is logged on to, then make some page requests and see which rule is being applied.

  8. #8
    Paid_Peanuts's Avatar
    Join Date
    Jun 2007
    Location
    South Yorkshire
    Posts
    232
    Thank Post
    11
    Thanked 13 Times in 12 Posts
    Rep Power
    17

    Re: ISA 2006 + blocking internet for AD group

    ah right - after further digging it appears as though the students are not getting their ISA settings.

    When the admin isa is rebooted none of the students get the internet so they must be going through the wrong ISA. I have checked AD and the students get their own policy which sets the proxy settings. However the only other place proxy settings are enabled is at the default domain policy level which points to the admin isa - so could they be picking the settings up from there? if i remove the proxy settings from the default domain policy not even staff get the internet even though they have their own policy pointing them at the admin isa!?!?!

    i have tested with a staff acount and the proxy settings are in IE7 but the tick box isnt enabled so IE doenst use the proxy.

    Can any one shed any light on why these proxy settings are not being enabled? i can bl**dy find it!

  9. #9

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    737
    Thank Post
    17
    Thanked 105 Times in 65 Posts
    Rep Power
    36

    Re: ISA 2006 + blocking internet for AD group

    Hi,

    The best thing to do is to install the Microsoft Firwall client that comes with isa and then confirm the proxy for automatic script setting (sorry don't know what exactly its called). The firewall client will automatically setup IE proxy to automatic script URL.

    You should find that then this will allow you to do authentication for not just web proxy and FTP but for other protocols as well.

    Ash.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 2
    Last Post: 27th January 2011, 12:06 PM
  2. Blocking Internet Access
    By jcollings in forum How do you do....it?
    Replies: 29
    Last Post: 24th January 2008, 09:24 AM
  3. K9 free parental internet blocking software for home use
    By beeswax in forum Comments and Suggestions
    Replies: 1
    Last Post: 29th June 2006, 08:03 PM
  4. Internet Blocking Service
    By ajbritton in forum Learning Network Manager
    Replies: 4
    Last Post: 26th January 2006, 08:31 PM
  5. Blocking Batch Files using Group Policy in Server 2003
    By markwilliamson2001 in forum Windows
    Replies: 13
    Last Post: 4th October 2005, 05:28 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •