Now that we have applied an internal to external rule blocking all users access to the internet, other than those users in a whitelist, we have the obvious issue of non authenticated users, not on our domain, i.e.; domain-less guests not being able to access the internet. Other than configuring each machine to use our alternative gateway - which would require a member of IT to be onsite everytime a guest arrives - can this be done through ISA adn AD?
Asked
Active
Viewed 1,935 times
1
-
Tell us a little about these "guests". Are they on their own machines plugging into your LAN using DHCP? Are they using your machines, and if so how are they logging into yours? – Bret Fisher Mar 01 '11 at 06:48
-
Are they on their own machines plugging into your LAN using DHCP - Yes or by wireless, but their own machines and own logins - no domain awareness. – Klaptrap Mar 01 '11 at 08:37
1 Answers
1
You can create a rule to allow unhautenticated users Internet access and give it a higher priority than the rule allowing only authenticated users; but then, users would simply be allowed Internet access without authentication, because the second rule would never kick in.
You can create a guest account to be used by guest users, with very restricted domain access (or even only as a local non-admin user on the ISA Server computer) and only use it for Internet access.
Massimo
- 70,200
- 57
- 200
- 323
-
This means that the guest machine will need to be domain aware which relies on a member of IT to be available and to configure each guest device? – Klaptrap Mar 01 '11 at 06:19
-
No, the user will be asked for credentials when accessing the web and; there is no need for the machine to be joined to the domain for this to work. – Massimo Mar 01 '11 at 10:04
-