The idea is we want to give a few non domain members access to the web only and not have to prompt them for ID. all other non domain members must be prompted for authentication. I thought I could do it buy creating client address sets with the individual machines IP addresses (they are static)
I did a liitle research and got the below of the microsoft website:
"When a Web Proxy or Firewall client requests HTTP content, ISA Server checks the rules to determine if a specific rule allows anonymous users access (either because it applies to all users, or it applies to a client address set that includes the IP address of the client). If so, then the request will be allowed. Otherwise, if no rule has been configured to allow anonymous users access, ISA Server will require that the client authenticate itself, to determine if a rule applies to the specific, authenticated user."
I beleive For the above to be true one has to have the ask unauthenticated users for identification TAB unchecked (under array properties for outgoing web requests) ?
Is this still a secure setup ? Our Isa server currently has that TAB checked and I need to be sure that the network will still be secure, and that this config will work before
I suggest it to my manager.
Any suggestions would be most welcome. The Isa server is set up as a cache only server with superscout the web filter. Our firewall is on a different machine.
Thank-you.