1

I'm a newbie and please excuse me if my question is so foolish :)
Here is the scenario:
In our company we have 50 PCs: 40 PCs have joined to the domain and 10 PCs haven't joined to the domain (simply just a work-group) and we never want to join them to the domain.

Now we want to limit the internet access and bandwidth for whole 50 PCs. We can simply do that for the 40 PCs (which are joined to the domain) using Microsoft Forefront TMG and Bandwidth Splitter extension but how about the 10 PCs (which are not part of any domain)?
Can Microsoft Forefront TMG handle users that are not part of a domain?
If not what is the solution?
Do I have to use applications like CCProxy?

Any suggestion appreciated, thanks.

shokri
  • 13
  • 2
  • 4

1 Answers1

1

There's nothing to stop your workgroup machines using TMG as their proxy, but you won't be able to authenticate the users using Integrated Authentication in IE or the TMG client.

If you configure the machines as proxy clients (i.e. by configuring the proxy address in the browser) and there are no rules that allow anonymous connections then your workgroup users will receive a logon prompt from their browser - and they will need a domain account. This is likely to irritate users and if you're going to have to give each user a domain account then you might as well join the machines to the domain.

If you want the workgroup machines to all have the same set of restrictions (perhaps a different set of restrictions from your domain joined machines) then you could ensure that they all have IP addresses in a specific range and then restrict traffic based on that range. You would need to allow the connections to be anonymous though.

Chris McKeown
  • 7,168
  • 1
  • 18
  • 26
  • Thank you Chris for your reply, but how could I restrict traffic based the range? Is there any program to do that? How could I allow the connections to be anonymous? sorry for my silly questions but I'm really a newbie and I need to know more. Thank you for your help:) – shokri Jul 27 '12 at 08:59
  • This is basic TMG configuration - did you set the server up or have you inherited it? It sounds like you need someone experienced with configuring TMG to give you a hand. In short, you can create a network object and specify the IP address range that you give to your Workgroup computers. An anonymous rule is one that allows connections from the 'All Users' group. – Chris McKeown Jul 27 '12 at 12:57