User authentication through Microsoft ISA Sever for OWA

["Barros, Jacob" <jkbarros () GRACE EDU>]

We have web filtering software in place on MS ISA server.  Our Student
Development department has been asking for a while for a way to tie
usernames to unauthorized sites (filtered or unfiltered) for
accountability.  Because of our limited man hours we need a quick and
easy way for them to look through the logs.  The most cost-effective
(free) solution for us would be to turn on authentication on the ISA
server.  It would require anyone not logged on to the domain to enter a
username and password before using internet resources.
 
Leaving all politics out of the equation, our tests have been
outstanding with one exception. Users are pummeled with authentication
prompts when checking email via Outlook Web Access. Any fixes we find
seem to all be pointed in the same direction..  using SSL (which we
aren't right now though it is on my list for the fall semester). 

We've tried using forms based authentication mentioned in the Exchange
server documentation.  We've also tried the 'bypass proxy for local
addresses' option on clients with no change.  There are much more
details about this scenario but I didn't want a super long post.

So, is anyone using this sort of scenario and have any opinions on how
to make this work? Is our only option to use SSL?  Is there a way in ISA
(or clients) to tell it to 'ignore' our OWA site that we don't know
about?  

We have only two weeks from tomorrow to make this happen so any advice
would be appreciated.


Jake Barros
Grace College

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.