Policy for Anonymous web browsing

[Jordan]

I have setup and ISA server and purchased some additional monitoring/access
control software for it. A lot of the rules on it are based on the users
name. Unfortunatlely, my log is filled with a lot of items that show user
anonymous connecting to a lot of thing instead of DOMAIN\Username.

Is there a GP that I can use to make it so IE will not try an anonymous
connection and if so, will this have any negative impact?

 

[Steven L Umbach]

There are three types of connections to an ISA server - firewall client, proxy web,
and secure NAT. If users are using secure NAT, then they are just using the ISA
server as a gateway and rules other than those for users/groups will apply to them.
Proxy web is for users who have their web browser configured to use the ISA server as
their proxy server and they will have user/group rules applied and be logged as the
user for any connection through their web browser only. Firewall Client will have all
traffic to the ISA server subject to user/group rules and always be logged as the
user.

Either make sure everyone has the firewall client installed or you can use Group
Policy to enforce the proxy server connection settings for Internet Explorer for
either user or computer. Just make sure that the user is also restricted from
accessing the connection settings for Internet Explorer or they will try to bypass
the proxy server settings. --- Steve

In Group Policy for user configuration look under user configuration/Windows
Settings/Internet Explorer maintenance/connection for where to configure proxy
settings. There is a similar setting under computer configuration. Also look under
user configuration/administrative templates/Windows components/Internet Explorer for
ways to restrict user access to IE settings which in my opinion the less they have
the better. --- Steve