ISA Server 2006, I'm doing it wrong!

Andy100

Andy100

Andy100

Associate
Joined
3 Feb 2003
Posts
1,771
Location
Sydney, Australia
Hey guys,

We've been using ISA 2006 for a while now as our web proxy and a fine job it has been doing too.

Recently I have noticed someone looking at questionable websites in the logs. This is against our usage policy and I would like to take them aside and let them know quietly that they need to stop it.

The problem is I can't work out which user it is.

If I turn on requiring authentication then windows update stops working. If I leave it turned off then all I get is an IP address and this person keeps on switching computers.

Is there any way to turn on authentication for web proxy without it blocking wsus and windows update?
 
Create a rule for windows updates that allows all users (use windows update servers as a destination)
On your web access rule, allow it for the "all authenticated users" set only. Make sure force authentication is OFF for the network.
Place the windows update rule above the web access rule
 
Any reason why not using a WSUS server.

That way you can configure a user on the WSUS server that goes through the Proxy, and the users get there updates from the WSUS server.

That way then can make people use authentication through the ISA Server.
 
Agreed, a WSUS server would be a good idea, but the config suggested above would force authentication for access attempts to anything other then the windows update services
 
Thanks guys.

We run wsus but it seems that one of our regional sites aren't picking their updates up from it (something else I need to look into).

Do you know of any other services that may be effected by forcing authentication on the network?

Maybe I'll just switch on authentication today and see what else breaks ;)
 
Andy100 said:
Thanks guys.

We run wsus but it seems that one of our regional sites aren't picking their updates up from it (something else I need to look into).

Do you know of any other services that may be effected by forcing authentication on the network?

Maybe I'll just switch on authentication today and see what else breaks ;)
Click to expand...

Depends what youre running that needs to access the internet - AV updates would be a prime suspect though
 
You must log in or register to reply here.
Back
Top Bottom