Denying Internet site specific access via ISA



  • 1. Outbound Fax problem
    I've tried sending two faxes from Outlook XP and SBS2000. One fax was without an attachment, and the second one is with an attachment The fax without the attachment faxes without any problems. The second one fails with an error message in my inbox stating that not all attachments could be rendered Any ideas why this is happening, and how to fix it Torrey Laue Modern Travel Services
  • 2. Two Exchange servers in admin group
    Hi group We have an SBS2k server as our main server but also have another member server which has Exchange2k installed. We have the following network setup Server 1 (DC) SBS2k runs - SQL server and lots of other memory hungry applications. Server 1 is mainly used as an application, print and SQL server. Server 2 (Member server) Win2k server - Runs ISA and Exchange2k server. When server two was installed onto the network we created an Administraive group in Exchange and had both the exchange on server 1 and also Exchange on Server 2 join an Administraive group. How do i remove the administrative group without totally messing Exchange? To recap we have Exchange2k on both servers. One last thing though, when we stop the services on Server1 (DC) we stop getting mail into the orgainsation. Server 1 shows in Exchange as the GC server but Server2 is the master server in the Admin group.

Denying Internet site specific access via ISA

Postby Bill Dunn » Fri, 08 Oct 2004 06:58:47 GMT


I am attempting to restrict interest access by one client to a specific
internet site and not gaining much headway.

SBS2K SP1, DHCP enabled, 2 NICS and broadband. Clients running ISA firewall

Here's what I have done so far and I must be missing something since the
client (Win2K) can still access the site I am attempting to restrict.

In ISA, set a Policy Element / Destination Set to the site I want to
restrict. I've done with twice - 1 with the FQDN and the other using the
sites actual IP address.

In ISA Access Policy, set a policy with the Destination set to the
"forbidden" sites FQDN. Created another with the forbidden sites actual IP
address.  Action tab set to Deny and Apply Tab set to my local client user.
Another one created with apply to tab set to local user client (internal
network) computer name.

Nothing works... they can still reach the outside internet site even after
updating the ISA firewall client with the Update Now tab.

I'm sure I'm missing something but can't seem to figure out what that may

Any ideas appreciated.

Bill Dunn

Re: Denying Internet site specific access via ISA

Postby Adam Rippon » Fri, 08 Oct 2004 07:08:18 GMT


See link below...



Re: Denying Internet site specific access via ISA

Postby Marina Roos [SBS-MVP] » Fri, 08 Oct 2004 07:24:34 GMT

Hi Bill,

Any help here:

Smallbizserver.Net > SBS 2000 > ISA Server 2000 > ISA for Dummies:


Microsoft SBS-MVP

"Bill Dunn" < XXXX@XXXXX.COM > schreef in bericht


Re: Denying Internet site specific access via ISA

Postby Bill Dunn » Wed, 13 Oct 2004 09:52:04 GMT

Thanks for the pointers/ I've been out of town and just got around to
playing.    the references were helpful but I think I must be missing
something.  Here's what I have now -

Destination set with blocked site FQDN and IP elements
Client Address set with the one client computer IP address listed
Site and Content rules (2) 1 for internet access policy & the 2nd for the
blocked site destination set set up as per MS KB 300492

My problem is that IF I set the Site & Content Deny Rule to apply to "Users
& Groups", enter the apply to using the users name (e.g. domain\userID), the
client can still gain access to the deny site.  HOWEVER, If I apply the rule
to the Client Set that has the client's IP address, all works fine.

Is there some way to make this deny apply to specific users so that if they
travel to a different client computer, they will still not be able to gain
access to the prohibited site?

Thanks much,

Bill Dunn


Similar Threads:

1.Deny Internet access to specific workstations ISA 2004 sp1

We need to deny internet access to a few workstations. I can see where we 
can deny based on IP address but these are DHCP clients. What I'd really 
like to do is create a group in Active Directory called "Denied 
Workstations" and add or remove computers from that group as needed.


2.Deny Internet access to specific workstations ISA 2004 sp1 [Thanks for the effort]

3.How to deny Internet Access for Specific Computer with IP address obtained from

Urgently need to know how to configure the ISA server to 
deny Internet access to specific computer with IP address 
obtained from DHCP.


4.deny access to specific web pages for specific users

I have an ISA 2004 server and i want to restrict specific users to access 
specific web pages. I create a rule that deny's access to all web sites and 
a second that allows access to the specific sites, but it does not work. Any 
suggestions would be appreciable. 

5.Blocking Access to Specific Domain via ISA?


Is there a way to block access to a specific domain (e.g. )
with ISA? We are running it in Cache Mode only.

Thanks for any help.


6. Failed Site-To-Site VPN via Internet

7. Problem accessing specific site through ISA server

8. Limiting site access to specific groups in ISA

Return to SmallBiz


Who is online

Users browsing this forum: No registered users and 87 guest