Firewall Wizards mailing list archives
RE: ISA and Authentication Question...
From: "Wes Noonan" <mailinglists () wjnconsulting com>
Date: Wed, 21 Jul 2004 15:42:28 -0500
In lab testing it looks like the firewall client does it. Of course, the customer can't install the firewall client everywhere so... ;-) Thanks!! Wes Noonan mailinglists () wjnconsulting com http://www.wjnconsulting.com Hardening Network Infrastructure - A concise how to guide Available Now!! Order at http://tinyurl.com/5852c
-----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards- admin () honor icsalabs com] On Behalf Of Mark Sent: Wednesday, July 21, 2004 05:56 To: wnoonan () colltech com Cc: Firewall Wizards Mailing List Subject: Re: [fw-wiz] ISA and Authentication Question... I'm not sure how that would/could be done, a lot may depend on the client (firewall client, secure NAT client, web proxy or all 3) but if the noble members of this list don't know I would post the question on www.isaserver.org. I literally cut my ISA Teeth on that site and was never disappointed.(oh, and for those wondering why you would want to do this... I dunno... customers... what can you do? :-))I can think of a reason. There are a few folks on my network that like to use a local admin account all day and bypass login scripts and such when they use domain accounts (which make them only users on their machines). They inherited, by bad policy, local admin rights before I started working there and you know how hard it is to take away something they have always had. This would make it a real pain for them and probably force them to log into the domain like everyone else. Mark On Tue, 2004-07-20 at 22:00, Wes Noonan wrote:Got a strange question on ISA and authentication of users browsing the Internet. Is it possible to prevent ISA from prompting for a username when a userlogsonto the workstation using a local user account? By default ISA promptsforauthentication if integrated authentication fails. In this case, we wantISAto simply not permit the connection at all without prompting. I'm open to third party tools as well (I think Websense, etc. can dothisbased on testing with other firewalls). TIA. (oh, and for those wondering why you would want to do this... I dunno... customers... what can you do? :-)) Wes Noonan Senior Network Consultant 832-563-3698 "Hardening Network Infrastructure" A concise guide to securing your network Available now at http://tinyurl.com/5852c _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- ISA and Authentication Question... Wes Noonan (Jul 21)
- Re: ISA and Authentication Question... Mark (Jul 21)
- RE: ISA and Authentication Question... Wes Noonan (Jul 21)
- Re: ISA and Authentication Question... Mark (Jul 21)