block user from accessing Internet

TheMSsForum.com: The Microsoft Software Forum

This is a multi-part message in MIME format.

------=_NextPart_000_0006_01C74E87.E3164EF0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi all,
I had tried to remove a user from the BackOffice Internet Users security =
group to stop him from access Internet but he still could go to the =
Internet. Had I done the wrong way? Are there any other ways to stop =
him?

Thanks,
el
------=_NextPart_000_0006_01C74E87.E3164EF0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.5730.11" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3D"MS Sans Serif" size=3D2>Hi all,</FONT></DIV>
<DIV><FONT face=3D"MS Sans Serif" size=3D2>I had tried to remove a user =
from the=20
BackOffice Internet Users security group to stop him from access =
Internet but he=20
still could go to the Internet.&nbsp; Had I done the wrong way? Are =
there any=20
other ways to stop him?</FONT></DIV>
<DIV><FONT face=3D"MS Sans Serif" size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3D"MS Sans Serif" size=3D2>Thanks,</FONT></DIV>
<DIV><FONT face=3D"MS Sans Serif" size=3D2>el</FONT></DIV></BODY></HTML>

------=_NextPart_000_0006_01C74E87.E3164EF0--
Top

Re: block user from accessing Internet by Merv

Merv
Sun Feb 11 18:45:32 CST 2007

This is a multi-part message in MIME format.

------=_NextPart_000_003C_01C74E15.30ECE620
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Assuming ISA 2000 is installed properly and working correctly, that's =
the correct way to block internet access for your users.

Also, make sure the ISA client is running on the workstations. Also =
makes sure he does not have local administrator permissions on his =
workstation.

--=20
Merv Porter [SBS-MVP]
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D

"el" <drop_msg -@- hotmail -DOT- com> wrote in message =
news:ON4nIuhTHHA.1000@TK2MSFTNGP05.phx.gbl...
Hi all,
I had tried to remove a user from the BackOffice Internet Users =
security group to stop him from access Internet but he still could go to =
the Internet. Had I done the wrong way? Are there any other ways to =
stop him?

Thanks,
el
------=_NextPart_000_003C_01C74E15.30ECE620
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.3020" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Assuming ISA 2000 is installed properly =
and working=20
correctly, that's the correct way to block internet access for your=20
users.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Also, make sure the ISA client is =
running on the=20
workstations.&nbsp; Also makes sure he does not have local administrator =

permissions on his workstation.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2><BR>-- <BR>Merv&nbsp; =
Porter&nbsp;&nbsp;=20
[SBS-MVP]<BR>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D<BR></FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"el" &lt;drop_msg -@- hotmail -DOT- com&gt; wrote in message <A=20
=
href=3D"news:ON4nIuhTHHA.1000@TK2MSFTNGP05.phx.gbl">news:ON4nIuhTHHA.1000=
@TK2MSFTNGP05.phx.gbl</A>...</DIV>
<DIV><FONT face=3D"MS Sans Serif" size=3D2>Hi all,</FONT></DIV>
<DIV><FONT face=3D"MS Sans Serif" size=3D2>I had tried to remove a =
user from the=20
BackOffice Internet Users security group to stop him from access =
Internet but=20
he still could go to the Internet.&nbsp; Had I done the wrong way? Are =
there=20
any other ways to stop him?</FONT></DIV>
<DIV><FONT face=3D"MS Sans Serif" size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3D"MS Sans Serif" size=3D2>Thanks,</FONT></DIV>
<DIV><FONT face=3D"MS Sans Serif"=20
size=3D2>el</FONT></DIV></BLOCKQUOTE></BODY></HTML>

------=_NextPart_000_003C_01C74E15.30ECE620--

Top

Re: block user from accessing Internet by el

el
Sun Feb 11 20:44:18 CST 2007

This is a multi-part message in MIME format.

------=_NextPart_000_006B_01C74EBC.AA266690
Content-Type: text/plain;
charset="big5"
Content-Transfer-Encoding: quoted-printable

Hi Merv,

Is creating a Site and Content Rules in ISA server the correct way to =
block Internet access?

Could you explain to me why the workstation needs to have ISA client =
running and the user could not have local administrator permissions?

TIA,
el
"Merv Porter [SBS-MVP]" <mwport@no_spam_hotmail.com> wrote in message =
news:elZ%23b8jTHHA.920@TK2MSFTNGP05.phx.gbl...
Assuming ISA 2000 is installed properly and working correctly, that's =
the correct way to block internet access for your users.

Also, make sure the ISA client is running on the workstations. Also =
makes sure he does not have local administrator permissions on his =
workstation.

--=20
Merv Porter [SBS-MVP]
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D

"el" <drop_msg -@- hotmail -DOT- com> wrote in message =
news:ON4nIuhTHHA.1000@TK2MSFTNGP05.phx.gbl...
Hi all,
I had tried to remove a user from the BackOffice Internet Users =
security group to stop him from access Internet but he still could go to =
the Internet. Had I done the wrong way? Are there any other ways to =
stop him?

Thanks,
el
------=_NextPart_000_006B_01C74EBC.AA266690
Content-Type: text/html;
charset="big5"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dbig5">
<META content=3D"MSHTML 6.00.5730.11" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3D"MS Sans Serif" size=3D2>Hi Merv,</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3D"MS Sans Serif" size=3D2>Is creating a Site and =
Content Rules in=20
ISA server the correct way to block Internet access?</FONT></DIV>
<DIV><FONT face=3D"MS Sans Serif" size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3D"MS Sans Serif" size=3D2>Could you explain to me why =
the=20
workstation needs to have ISA client running and the user could not have =
local=20
administrator permissions?</FONT></DIV>
<DIV><FONT face=3D"MS Sans Serif" size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3D"MS Sans Serif" size=3D2>TIA,</FONT></DIV>
<DIV><FONT face=3D"MS Sans Serif" size=3D2>el</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Merv Porter [SBS-MVP]" &lt;<A=20
=
href=3D"mailto:mwport@no_spam_hotmail.com">mwport@no_spam_hotmail.com</A>=
&gt;=20
wrote in message <A=20
=
href=3D"news:elZ%23b8jTHHA.920@TK2MSFTNGP05.phx.gbl">news:elZ%23b8jTHHA.9=
20@TK2MSFTNGP05.phx.gbl</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>Assuming ISA 2000 is installed =
properly and=20
working correctly, that's the correct way to block internet access for =
your=20
users.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Also, make sure the ISA client is =
running on the=20
workstations.&nbsp; Also makes sure he does not have local =
administrator=20
permissions on his workstation.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2><BR>-- <BR>Merv&nbsp; =
Porter&nbsp;&nbsp;=20
=
[SBS-MVP]<BR>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D<BR></FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"el" &lt;drop_msg -@- hotmail -DOT- com&gt; wrote in message <A =

=
href=3D"news:ON4nIuhTHHA.1000@TK2MSFTNGP05.phx.gbl">news:ON4nIuhTHHA.1000=
@TK2MSFTNGP05.phx.gbl</A>...</DIV>
<DIV><FONT face=3D"MS Sans Serif" size=3D2>Hi all,</FONT></DIV>
<DIV><FONT face=3D"MS Sans Serif" size=3D2>I had tried to remove a =
user from the=20
BackOffice Internet Users security group to stop him from access =
Internet=20
but he still could go to the Internet.&nbsp; Had I done the wrong =
way? Are=20
there any other ways to stop him?</FONT></DIV>
<DIV><FONT face=3D"MS Sans Serif" size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3D"MS Sans Serif" size=3D2>Thanks,</FONT></DIV>
<DIV><FONT face=3D"MS Sans Serif"=20
size=3D2>el</FONT></DIV></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>

------=_NextPart_000_006B_01C74EBC.AA266690--

Top

Re: block user from accessing Internet by Merv

Merv
Mon Feb 12 07:01:36 CST 2007

The correct way to restrict users is the way you've done: remove them from
the BackOffice Internet Users group.

The ISA firewall client on the workstation is required so that the client
correctly interacts with ISA 2000 on the server. Restricting the user by
not making them a member of the local administrator group on the computer
will also restrict their ability to install/uninstall programs.

--
Merv Porter [SBS-MVP]
============================

"el" <drop_msg -@- hotmail -DOT- com> wrote in message
news:OCrrPBlTHHA.1212@TK2MSFTNGP03.phx.gbl...
Hi Merv,

Is creating a Site and Content Rules in ISA server the correct way to block
Internet access?

Could you explain to me why the workstation needs to have ISA client running
and the user could not have local administrator permissions?

TIA,
el
"Merv Porter [SBS-MVP]" <mwport@no_spam_hotmail.com> wrote in message
news:elZ%23b8jTHHA.920@TK2MSFTNGP05.phx.gbl...
Assuming ISA 2000 is installed properly and working correctly, that's the
correct way to block internet access for your users.

Also, make sure the ISA client is running on the workstations. Also makes
sure he does not have local administrator permissions on his workstation.

--
Merv Porter [SBS-MVP]
============================

"el" <drop_msg -@- hotmail -DOT- com> wrote in message
news:ON4nIuhTHHA.1000@TK2MSFTNGP05.phx.gbl...
Hi all,
I had tried to remove a user from the BackOffice Internet Users security
group to stop him from access Internet but he still could go to the
Internet. Had I done the wrong way? Are there any other ways to stop him?

Thanks,
el


Top

Re: block user from accessing Internet by el

el
Mon Feb 12 18:22:17 CST 2007

Hi Merv,
Thanks for the correction. But the user still can access Internet!!! What
should I check in ISA? Are there anysways for users to work-around the
BackOffice Internet Users permission?

el

"Merv Porter [SBS-MVP]" <mwport@no_spam_hotmail.com> wrote in message
news:e61wvXqTHHA.1000@TK2MSFTNGP05.phx.gbl...
> The correct way to restrict users is the way you've done: remove them
> from the BackOffice Internet Users group.
>
> The ISA firewall client on the workstation is required so that the client
> correctly interacts with ISA 2000 on the server. Restricting the user by
> not making them a member of the local administrator group on the computer
> will also restrict their ability to install/uninstall programs.
>
> --
> Merv Porter [SBS-MVP]
> ============================
>
> "el" <drop_msg -@- hotmail -DOT- com> wrote in message
> news:OCrrPBlTHHA.1212@TK2MSFTNGP03.phx.gbl...
> Hi Merv,
>
> Is creating a Site and Content Rules in ISA server the correct way to
> block Internet access?
>
> Could you explain to me why the workstation needs to have ISA client
> running and the user could not have local administrator permissions?
>
> TIA,
> el
> "Merv Porter [SBS-MVP]" <mwport@no_spam_hotmail.com> wrote in message
> news:elZ%23b8jTHHA.920@TK2MSFTNGP05.phx.gbl...
> Assuming ISA 2000 is installed properly and working correctly, that's the
> correct way to block internet access for your users.
>
> Also, make sure the ISA client is running on the workstations. Also makes
> sure he does not have local administrator permissions on his workstation.
>
> --
> Merv Porter [SBS-MVP]
> ============================
>
> "el" <drop_msg -@- hotmail -DOT- com> wrote in message
> news:ON4nIuhTHHA.1000@TK2MSFTNGP05.phx.gbl...
> Hi all,
> I had tried to remove a user from the BackOffice Internet Users security
> group to stop him from access Internet but he still could go to the
> Internet. Had I done the wrong way? Are there any other ways to stop him?
>
> Thanks,
> el
>

Top

Re: block user from accessing Internet by Merv

Merv
Mon Feb 12 20:04:47 CST 2007

Unless the user is somehow disabling or uninstalling the firewall client,
removing him from the Backoffice Internet Users group should be enough. I'm
assuming that the workstation is joined to the SBS domain and is not in a
workgroup. Also assuming that you have 2 network adapters in the SBS 2000
server so that ISA 2000 can run in firewall mode.

Re-run ICW and see if that makes a difference.

--
Merv Porter [SBS-MVP]
============================

"el" <drop_msg -@- hotmail -DOT- com> wrote in message
news:eXGUiWwTHHA.4260@TK2MSFTNGP06.phx.gbl...
> Hi Merv,
> Thanks for the correction. But the user still can access Internet!!!
> What should I check in ISA? Are there anysways for users to work-around
> the BackOffice Internet Users permission?
>
> el
>
> "Merv Porter [SBS-MVP]" <mwport@no_spam_hotmail.com> wrote in message
> news:e61wvXqTHHA.1000@TK2MSFTNGP05.phx.gbl...
>> The correct way to restrict users is the way you've done: remove them
>> from the BackOffice Internet Users group.
>>
>> The ISA firewall client on the workstation is required so that the client
>> correctly interacts with ISA 2000 on the server. Restricting the user by
>> not making them a member of the local administrator group on the computer
>> will also restrict their ability to install/uninstall programs.
>>
>> --
>> Merv Porter [SBS-MVP]
>> ============================
>>
>> "el" <drop_msg -@- hotmail -DOT- com> wrote in message
>> news:OCrrPBlTHHA.1212@TK2MSFTNGP03.phx.gbl...
>> Hi Merv,
>>
>> Is creating a Site and Content Rules in ISA server the correct way to
>> block Internet access?
>>
>> Could you explain to me why the workstation needs to have ISA client
>> running and the user could not have local administrator permissions?
>>
>> TIA,
>> el
>> "Merv Porter [SBS-MVP]" <mwport@no_spam_hotmail.com> wrote in message
>> news:elZ%23b8jTHHA.920@TK2MSFTNGP05.phx.gbl...
>> Assuming ISA 2000 is installed properly and working correctly, that's the
>> correct way to block internet access for your users.
>>
>> Also, make sure the ISA client is running on the workstations. Also
>> makes sure he does not have local administrator permissions on his
>> workstation.
>>
>> --
>> Merv Porter [SBS-MVP]
>> ============================
>>
>> "el" <drop_msg -@- hotmail -DOT- com> wrote in message
>> news:ON4nIuhTHHA.1000@TK2MSFTNGP05.phx.gbl...
>> Hi all,
>> I had tried to remove a user from the BackOffice Internet Users security
>> group to stop him from access Internet but he still could go to the
>> Internet. Had I done the wrong way? Are there any other ways to stop
>> him?
>>
>> Thanks,
>> el
>>
>


Top

Re: block user from accessing Internet by el

el
Mon Feb 12 20:22:34 CST 2007

In our environment, user is very easy to disable ISA client (right-click on
the ISA client icon in System Tray and select disable). How can I stop the
user from disable it?

"Merv Porter [SBS-MVP]" <mwport@no_spam_hotmail.com> wrote in message
news:O$Z6YNxTHHA.3500@TK2MSFTNGP05.phx.gbl...
> Unless the user is somehow disabling or uninstalling the firewall client,
> removing him from the Backoffice Internet Users group should be enough.
> I'm assuming that the workstation is joined to the SBS domain and is not
> in a workgroup. Also assuming that you have 2 network adapters in the SBS
> 2000 server so that ISA 2000 can run in firewall mode.
>
> Re-run ICW and see if that makes a difference.
>
> --
> Merv Porter [SBS-MVP]
> ============================
>
> "el" <drop_msg -@- hotmail -DOT- com> wrote in message
> news:eXGUiWwTHHA.4260@TK2MSFTNGP06.phx.gbl...
>> Hi Merv,
>> Thanks for the correction. But the user still can access Internet!!!
>> What should I check in ISA? Are there anysways for users to work-around
>> the BackOffice Internet Users permission?
>>
>> el
>>
>> "Merv Porter [SBS-MVP]" <mwport@no_spam_hotmail.com> wrote in message
>> news:e61wvXqTHHA.1000@TK2MSFTNGP05.phx.gbl...
>>> The correct way to restrict users is the way you've done: remove them
>>> from the BackOffice Internet Users group.
>>>
>>> The ISA firewall client on the workstation is required so that the
>>> client correctly interacts with ISA 2000 on the server. Restricting the
>>> user by not making them a member of the local administrator group on the
>>> computer will also restrict their ability to install/uninstall programs.
>>>
>>> --
>>> Merv Porter [SBS-MVP]
>>> ============================
>>>
>>> "el" <drop_msg -@- hotmail -DOT- com> wrote in message
>>> news:OCrrPBlTHHA.1212@TK2MSFTNGP03.phx.gbl...
>>> Hi Merv,
>>>
>>> Is creating a Site and Content Rules in ISA server the correct way to
>>> block Internet access?
>>>
>>> Could you explain to me why the workstation needs to have ISA client
>>> running and the user could not have local administrator permissions?
>>>
>>> TIA,
>>> el
>>> "Merv Porter [SBS-MVP]" <mwport@no_spam_hotmail.com> wrote in message
>>> news:elZ%23b8jTHHA.920@TK2MSFTNGP05.phx.gbl...
>>> Assuming ISA 2000 is installed properly and working correctly, that's
>>> the correct way to block internet access for your users.
>>>
>>> Also, make sure the ISA client is running on the workstations. Also
>>> makes sure he does not have local administrator permissions on his
>>> workstation.
>>>
>>> --
>>> Merv Porter [SBS-MVP]
>>> ============================
>>>
>>> "el" <drop_msg -@- hotmail -DOT- com> wrote in message
>>> news:ON4nIuhTHHA.1000@TK2MSFTNGP05.phx.gbl...
>>> Hi all,
>>> I had tried to remove a user from the BackOffice Internet Users security
>>> group to stop him from access Internet but he still could go to the
>>> Internet. Had I done the wrong way? Are there any other ways to stop
>>> him?
>>>
>>> Thanks,
>>> el
>>>
>>
>
>

Top

Re: block user from accessing Internet by Merv

Merv
Mon Feb 12 20:57:35 CST 2007

I'm thinking that if you remove him from the local administrators group, he
shouldn't be able to disable the firewall clients. Not 100% sure about
this.

--
Merv Porter [SBS-MVP]
============================


"el" <drop_msg -@- hotmail -DOT- com> wrote in message
news:eXM$wZxTHHA.4260@TK2MSFTNGP06.phx.gbl...
> In our environment, user is very easy to disable ISA client (right-click
> on the ISA client icon in System Tray and select disable). How can I stop
> the user from disable it?
>
> "Merv Porter [SBS-MVP]" <mwport@no_spam_hotmail.com> wrote in message
> news:O$Z6YNxTHHA.3500@TK2MSFTNGP05.phx.gbl...
>> Unless the user is somehow disabling or uninstalling the firewall client,
>> removing him from the Backoffice Internet Users group should be enough.
>> I'm assuming that the workstation is joined to the SBS domain and is not
>> in a workgroup. Also assuming that you have 2 network adapters in the
>> SBS 2000 server so that ISA 2000 can run in firewall mode.
>>
>> Re-run ICW and see if that makes a difference.
>>
>> --
>> Merv Porter [SBS-MVP]
>> ============================
>>
>> "el" <drop_msg -@- hotmail -DOT- com> wrote in message
>> news:eXGUiWwTHHA.4260@TK2MSFTNGP06.phx.gbl...
>>> Hi Merv,
>>> Thanks for the correction. But the user still can access Internet!!!
>>> What should I check in ISA? Are there anysways for users to work-around
>>> the BackOffice Internet Users permission?
>>>
>>> el
>>>
>>> "Merv Porter [SBS-MVP]" <mwport@no_spam_hotmail.com> wrote in message
>>> news:e61wvXqTHHA.1000@TK2MSFTNGP05.phx.gbl...
>>>> The correct way to restrict users is the way you've done: remove them
>>>> from the BackOffice Internet Users group.
>>>>
>>>> The ISA firewall client on the workstation is required so that the
>>>> client correctly interacts with ISA 2000 on the server. Restricting
>>>> the user by not making them a member of the local administrator group
>>>> on the computer will also restrict their ability to install/uninstall
>>>> programs.
>>>>
>>>> --
>>>> Merv Porter [SBS-MVP]
>>>> ============================
>>>>
>>>> "el" <drop_msg -@- hotmail -DOT- com> wrote in message
>>>> news:OCrrPBlTHHA.1212@TK2MSFTNGP03.phx.gbl...
>>>> Hi Merv,
>>>>
>>>> Is creating a Site and Content Rules in ISA server the correct way to
>>>> block Internet access?
>>>>
>>>> Could you explain to me why the workstation needs to have ISA client
>>>> running and the user could not have local administrator permissions?
>>>>
>>>> TIA,
>>>> el
>>>> "Merv Porter [SBS-MVP]" <mwport@no_spam_hotmail.com> wrote in message
>>>> news:elZ%23b8jTHHA.920@TK2MSFTNGP05.phx.gbl...
>>>> Assuming ISA 2000 is installed properly and working correctly, that's
>>>> the correct way to block internet access for your users.
>>>>
>>>> Also, make sure the ISA client is running on the workstations. Also
>>>> makes sure he does not have local administrator permissions on his
>>>> workstation.
>>>>
>>>> --
>>>> Merv Porter [SBS-MVP]
>>>> ============================
>>>>
>>>> "el" <drop_msg -@- hotmail -DOT- com> wrote in message
>>>> news:ON4nIuhTHHA.1000@TK2MSFTNGP05.phx.gbl...
>>>> Hi all,
>>>> I had tried to remove a user from the BackOffice Internet Users
>>>> security group to stop him from access Internet but he still could go
>>>> to the Internet. Had I done the wrong way? Are there any other ways to
>>>> stop him?
>>>>
>>>> Thanks,
>>>> el
>>>>
>>>
>>
>>
>


Top

Re: block user from accessing Internet by el

el
Mon Feb 12 22:06:10 CST 2007

no, normal user can do that.

"Merv Porter [SBS-MVP]" <mwport@no_spam_hotmail.com> wrote in message
news:uOGm4qxTHHA.192@TK2MSFTNGP04.phx.gbl...
> I'm thinking that if you remove him from the local administrators group,
> he shouldn't be able to disable the firewall clients. Not 100% sure about
> this.
>
> --
> Merv Porter [SBS-MVP]
> ============================
>
>
> "el" <drop_msg -@- hotmail -DOT- com> wrote in message
> news:eXM$wZxTHHA.4260@TK2MSFTNGP06.phx.gbl...
>> In our environment, user is very easy to disable ISA client (right-click
>> on the ISA client icon in System Tray and select disable). How can I
>> stop the user from disable it?
>>
>> "Merv Porter [SBS-MVP]" <mwport@no_spam_hotmail.com> wrote in message
>> news:O$Z6YNxTHHA.3500@TK2MSFTNGP05.phx.gbl...
>>> Unless the user is somehow disabling or uninstalling the firewall
>>> client, removing him from the Backoffice Internet Users group should be
>>> enough. I'm assuming that the workstation is joined to the SBS domain
>>> and is not in a workgroup. Also assuming that you have 2 network
>>> adapters in the SBS 2000 server so that ISA 2000 can run in firewall
>>> mode.
>>>
>>> Re-run ICW and see if that makes a difference.
>>>
>>> --
>>> Merv Porter [SBS-MVP]
>>> ============================
>>>
>>> "el" <drop_msg -@- hotmail -DOT- com> wrote in message
>>> news:eXGUiWwTHHA.4260@TK2MSFTNGP06.phx.gbl...
>>>> Hi Merv,
>>>> Thanks for the correction. But the user still can access Internet!!!
>>>> What should I check in ISA? Are there anysways for users to
>>>> work-around the BackOffice Internet Users permission?
>>>>
>>>> el
>>>>
>>>> "Merv Porter [SBS-MVP]" <mwport@no_spam_hotmail.com> wrote in message
>>>> news:e61wvXqTHHA.1000@TK2MSFTNGP05.phx.gbl...
>>>>> The correct way to restrict users is the way you've done: remove them
>>>>> from the BackOffice Internet Users group.
>>>>>
>>>>> The ISA firewall client on the workstation is required so that the
>>>>> client correctly interacts with ISA 2000 on the server. Restricting
>>>>> the user by not making them a member of the local administrator group
>>>>> on the computer will also restrict their ability to install/uninstall
>>>>> programs.
>>>>>
>>>>> --
>>>>> Merv Porter [SBS-MVP]
>>>>> ============================
>>>>>
>>>>> "el" <drop_msg -@- hotmail -DOT- com> wrote in message
>>>>> news:OCrrPBlTHHA.1212@TK2MSFTNGP03.phx.gbl...
>>>>> Hi Merv,
>>>>>
>>>>> Is creating a Site and Content Rules in ISA server the correct way to
>>>>> block Internet access?
>>>>>
>>>>> Could you explain to me why the workstation needs to have ISA client
>>>>> running and the user could not have local administrator permissions?
>>>>>
>>>>> TIA,
>>>>> el
>>>>> "Merv Porter [SBS-MVP]" <mwport@no_spam_hotmail.com> wrote in message
>>>>> news:elZ%23b8jTHHA.920@TK2MSFTNGP05.phx.gbl...
>>>>> Assuming ISA 2000 is installed properly and working correctly, that's
>>>>> the correct way to block internet access for your users.
>>>>>
>>>>> Also, make sure the ISA client is running on the workstations. Also
>>>>> makes sure he does not have local administrator permissions on his
>>>>> workstation.
>>>>>
>>>>> --
>>>>> Merv Porter [SBS-MVP]
>>>>> ============================
>>>>>
>>>>> "el" <drop_msg -@- hotmail -DOT- com> wrote in message
>>>>> news:ON4nIuhTHHA.1000@TK2MSFTNGP05.phx.gbl...
>>>>> Hi all,
>>>>> I had tried to remove a user from the BackOffice Internet Users
>>>>> security group to stop him from access Internet but he still could go
>>>>> to the Internet. Had I done the wrong way? Are there any other ways
>>>>> to stop him?
>>>>>
>>>>> Thanks,
>>>>> el
>>>>>
>>>>
>>>
>>>
>>
>
>

Top

Re: block user from accessing Internet by Merv

Merv
Tue Feb 13 07:10:16 CST 2007

These links may help...

users disabling firewall client
http://groups.google.com/group/microsoft.public.isaserver/browse_thread/thread/e971996546993d12/737cbb6957cab894?lnk=st&q=prevent+user+from+disabling+ISA+2000+firewall+client+&rnum=2&hl=en#737cbb6957cab894

Automating the Configuration of the Firewall Client: Part 1
http://www.isaserver.org/tutorials/Automating_the_Configuration_of_the_Firewall_Client_Part_1.html

--
Merv Porter [SBS-MVP]
============================

"el" <drop_msg -@- hotmail -DOT- com> wrote in message
news:uqQdpTyTHHA.4744@TK2MSFTNGP02.phx.gbl...
> no, normal user can do that.
>
> "Merv Porter [SBS-MVP]" <mwport@no_spam_hotmail.com> wrote in message
> news:uOGm4qxTHHA.192@TK2MSFTNGP04.phx.gbl...
>> I'm thinking that if you remove him from the local administrators group,
>> he shouldn't be able to disable the firewall clients. Not 100% sure
>> about this.
>>
>> --
>> Merv Porter [SBS-MVP]
>> ============================
>>
>>
>> "el" <drop_msg -@- hotmail -DOT- com> wrote in message
>> news:eXM$wZxTHHA.4260@TK2MSFTNGP06.phx.gbl...
>>> In our environment, user is very easy to disable ISA client (right-click
>>> on the ISA client icon in System Tray and select disable). How can I
>>> stop the user from disable it?
>>>
>>> "Merv Porter [SBS-MVP]" <mwport@no_spam_hotmail.com> wrote in message
>>> news:O$Z6YNxTHHA.3500@TK2MSFTNGP05.phx.gbl...
>>>> Unless the user is somehow disabling or uninstalling the firewall
>>>> client, removing him from the Backoffice Internet Users group should be
>>>> enough. I'm assuming that the workstation is joined to the SBS domain
>>>> and is not in a workgroup. Also assuming that you have 2 network
>>>> adapters in the SBS 2000 server so that ISA 2000 can run in firewall
>>>> mode.
>>>>
>>>> Re-run ICW and see if that makes a difference.
>>>>
>>>> --
>>>> Merv Porter [SBS-MVP]
>>>> ============================
>>>>
>>>> "el" <drop_msg -@- hotmail -DOT- com> wrote in message
>>>> news:eXGUiWwTHHA.4260@TK2MSFTNGP06.phx.gbl...
>>>>> Hi Merv,
>>>>> Thanks for the correction. But the user still can access Internet!!!
>>>>> What should I check in ISA? Are there anysways for users to
>>>>> work-around the BackOffice Internet Users permission?
>>>>>
>>>>> el
>>>>>
>>>>> "Merv Porter [SBS-MVP]" <mwport@no_spam_hotmail.com> wrote in message
>>>>> news:e61wvXqTHHA.1000@TK2MSFTNGP05.phx.gbl...
>>>>>> The correct way to restrict users is the way you've done: remove
>>>>>> them from the BackOffice Internet Users group.
>>>>>>
>>>>>> The ISA firewall client on the workstation is required so that the
>>>>>> client correctly interacts with ISA 2000 on the server. Restricting
>>>>>> the user by not making them a member of the local administrator group
>>>>>> on the computer will also restrict their ability to install/uninstall
>>>>>> programs.
>>>>>>
>>>>>> --
>>>>>> Merv Porter [SBS-MVP]
>>>>>> ============================
>>>>>>
>>>>>> "el" <drop_msg -@- hotmail -DOT- com> wrote in message
>>>>>> news:OCrrPBlTHHA.1212@TK2MSFTNGP03.phx.gbl...
>>>>>> Hi Merv,
>>>>>>
>>>>>> Is creating a Site and Content Rules in ISA server the correct way to
>>>>>> block Internet access?
>>>>>>
>>>>>> Could you explain to me why the workstation needs to have ISA client
>>>>>> running and the user could not have local administrator permissions?
>>>>>>
>>>>>> TIA,
>>>>>> el
>>>>>> "Merv Porter [SBS-MVP]" <mwport@no_spam_hotmail.com> wrote in message
>>>>>> news:elZ%23b8jTHHA.920@TK2MSFTNGP05.phx.gbl...
>>>>>> Assuming ISA 2000 is installed properly and working correctly, that's
>>>>>> the correct way to block internet access for your users.
>>>>>>
>>>>>> Also, make sure the ISA client is running on the workstations. Also
>>>>>> makes sure he does not have local administrator permissions on his
>>>>>> workstation.
>>>>>>
>>>>>> --
>>>>>> Merv Porter [SBS-MVP]
>>>>>> ============================
>>>>>>
>>>>>> "el" <drop_msg -@- hotmail -DOT- com> wrote in message
>>>>>> news:ON4nIuhTHHA.1000@TK2MSFTNGP05.phx.gbl...
>>>>>> Hi all,
>>>>>> I had tried to remove a user from the BackOffice Internet Users
>>>>>> security group to stop him from access Internet but he still could go
>>>>>> to the Internet. Had I done the wrong way? Are there any other ways
>>>>>> to stop him?
>>>>>>
>>>>>> Thanks,
>>>>>> el
>>>>>>
>>>>>
>>>>
>>>>
>>>
>>
>>
>


Top