spacer
spacer search

After Hours Information Technology - ahit.com.au
The small IT business for your small business.

Search
spacer
header
Main Menu
Home
News
Links
Web Hosting
Domain Lookup
Speed Test
Search
Contact Us
Privacy Policy
News Feeds
Microsoft ISA Server
Administrator
 
Home arrow Microsoft ISA Server arrow What sites should I give free access to?

What sites should I give free access to? PDF Print E-mail

Microsoft ISA server has some powerful features when it comes to only allowing authenticated access to sites and protocols.

There are however times when there's great advantage to having "free for all" access to certain sites. Here's some of the practices we use when setting up new ISA servers and why...

When we setup an ISA server we almost always have authenticated access.

That is to say we require a user to use their "NT" username/password combination top be able to access the internet. That being said, there are times when there's a great advantage to not having to authenticate for certain sites.

We always setup access to the HTTP & HTTPS protocls for anonymous access.

We then limit access to sites based on their destination.

As part fo the process of allowign certain sites "Free access" we create a destination set, usually called "freebie sites" (makes it pretty self explanatory) and include, amongst others the following sites/domains/url's:

  • windowsupdate.microsoft.com
  • *.windowsupdate.microsoft.com
  • *.windowsupdate.com
  • update.sumantec.com
  • liveupdate.symantec.com
  • codecs.microsoft.com
  • ntservicepack.microsoft.com
  • wustat.windows.com
  • www.microsoft.com /windows/*
  • www.microsoft.com /isapi/*
  • *.gov.au (Any australian Government site)
  • *.edu.au (any australian site using EDUcation TLD)
  • *.whitepages.com.au
  • *.yellpwages.com.au
  • any site/domailthat belongs to the company
  • selected sites of suppliers/key customers
  • various others as need be

Hopefully the sites themselves are fairly self explanatory as to why they're there.

I want anyone inside the network tobe able to get windowsupdates themselves, I want them to be able to get Norton/Syamntec AV updates if the local server is unavailable for some reason (I use and recommend corporate SAV with a local update server) as well as freebie access to government sites, education sites (for their own self education) and the phone directories of white and yellow pages.

By having these setup as sites that do not require authentication you can give access to anyone who uses your network. Most companies have an "internet group" that has "open" access but other staff do not - this list allows access to anyone. The other advantage is that "local service accounts" can also access those destinations such asthe Symantec liveupdate facility if it's not configured to use a local Liveupdate server.

Of course, now that we have our destiantion set, simply create a Site&Content rule allowing access to that group all the time to "everyone" (not a domain group or domain users) and anyone who's configured to use your ISA will have access.

 

Easy!

 
< Prev   Next >
[ Back ]
spacer
Locations of visitors to this page

 

Copyright 2004 2005 After Hours Information Technology http://www.ahit.com.au
spacer