Safari IE Firefox - Group Policy -> ISA Proxy

  • dyfrin
  • Expert
  • Expert
  • User avatar
  • Posts: 503
  • Loc: WI

Post 3+ Months Ago

Hi guys,
Some interesting things developed over the course of setting up an ISA server for user tracking/reporting for web usage. We also have smartfilter installed on there for filtering (K-12 District).

As you may know, to get users to authenticate with ISA for web tracking you can:
A. Install the Firewall Client
B. Set browsers to use proxy settings pointing at your ISA server.

Obviously, we are using B since people bring in phones/laptops etc and are able to use internet. With some rules set up in ISA to block regular HTTP out, and an Active Directory policy to set proxy settings, and to disable changing connection settings.
But this is only for domain computers, so looking into a way to set up a page that instructs personal laptops/phones to use the proxy settings to connect, anyone got ideas?

Now for theintersting part:
IE works as intended. Login credentials are sent to ISA and the connection tab is missing in ie7, greyed out in ie6.
Safari is mostly there. You cannot go to change connection settings, but login credentials are not passed, so it nicely asks for user/pass.
Firefox is untouched. You can't just browse(http blocked), but can set up a proxy server at home or know of one, change your settings and out you go.

To combat firefox(haven't tested konq/opera/etc) we are going to block all access out except for ftp to all machines, and watch for things being denied from servers.
One issue with that, is the nice vista sidebar items that don't play with proxy, and likewise osx's items will be blocked. End of world? No, but would be nice if all apps used ie proxy settings or you could set your own.
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

I don't understand a couple of things. Are the "people" who bring in laptops employees of the company, outside clients or a combination of the two?

You mentioned credentials. What login credentials are required for the non domain laptops?
  • dyfrin
  • Expert
  • Expert
  • User avatar
  • Posts: 503
  • Loc: WI

Post 3+ Months Ago

people = staff/students

I don't care what their local logins are, I just want their stuff filtered as it would be liability to the district, since they are using our internet connection.

I wish for a page to appear (kind of like tmobile has at starbucks) where when you try to connect, and can't, it will refer you to directions (which I would script for each browser/os) to change settings to use the proxy server to get out.

Each person connecting would already have a domain username that ISA checks AD for so that would not be an issue.
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

So, all you want is a single redirect script which you can find through Google. The directions for each browser and OS can all be on the same page.

Post Information

  • Total Posts in this topic: 4 posts
  • Users browsing this forum: No registered users and 64 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.