Re: One for Steve Foster

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance



Gary D wrote:

Hi Steve. You replied to my earlier post about restricting web sites
using
destination sets and s/c rules in ISA.

I had a default set of SBS2003 rules. I am able to ALLOW a user access
to
all websites except for hotmail.com (for example). BUT I am unable to
DENY
the user access to all websites except for hotmail.com

When the 2nd scenario is in place all websites seemed to be barred, as
though the specific allow (for hotmail.com) is being ignored.

As I undoubtedly explained, Deny always beats Allow.

So, any Rule that Denies All effectively kills all access (this is handy to know if you've got a trojan/spyware/whatever spewing crud to the net).

You need two Rules:

* one to Allow access to specific sites (or a blanket Allow All)
* one to Deny access to "All except Selected Destinations" using the allowed sites set


--
Steve Foster [SBS MVP]
---------------------------------------
MVPs do not work for Microsoft. Please reply only to the newsgroups.
.



Relevant Pages

  • Re: Service Unavailable - DefaultAppPool Issue
    ... In fact I have deleted the other customer websites ... The introduced virtual directories remain the DefaultAppPool. ... How do you set IIS and the websites back to the original state? ... Steve Foster [SBS MVP] ...
    (microsoft.public.windows.server.sbs)
  • Re: Network Drive Access Problem
    ... client computers. ... The scenario we have is the one that follows: ... Steve Foster [SBS MVP] ...
    (microsoft.public.windows.server.sbs)