Block client ICS on ISA

By m0104142107 ·
I'm the administrator of one of our companies site offices. In our site office we have an ISA 2004 Server using leased line for internet. Nobody can access the internet unless I configure their IP address on the ISA. I noticed that one of our laptop users not having internet access is able to access the web through a wireless connection.

I'm suspecting that one of our internet users is using ICS to share his connection through a wireless router as i discovered two IP address registered to his PC. One is registered to our ISA having 192.168.42.XX on LAN and the other is through his wireless LAN. I tried using "tracert" to find out if i can get the IP address of the router but it just points me to going to our ISA server leased line IP going to yahoo.

In short, how can I prevent client computers from using ICS to share their internet through ISA 2004. Is there a firewall policy for this.


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

See Technet article on this very subject

by robo_dev In reply to Block client ICS on ISA

Enable or Disable Internet Connection Sharing by Using Group Policy

Collapse -


by m0104142107 In reply to See Technet article on th ...

thanks for your quick and direct reply.

Collapse -

I think your using ISA capabilities wrong.

by CG IT In reply to thanks

ISA server on a domain has it's own security group. only those users who are members of that security group can gain access to the internet. Also, there is a firewall client program for workstations that typically must be used for computers to access ISA server. Further, ISA server is a proxy server. So, browsers must go through the proxy to get to the internet [in reality host traffic doesn't actually go to the internet. ISA server goes and gets the content and passed it to the originating client. So with ICS, the originating client would be the host that is sharing their connection to ISA, therefore they should get the content from ISA rather than the actual host that requested it.

Also, with Group Policy, you can configure browsers to have or not have the proxy server addess.This effectively shuts off access to ISA server.

So, given these few security features [there are more for ISA] if configured properly, there should be no unauthorized internet access through ISA. Even using ICS, to "bridge" between and "share" a NIC on a computer that has access.

If you suspect this is truly happening, go to and post it in their forum, they will be very interested in finding one rogue ICS on a client that actually worked bypassing ISA Server's security configuration.

Related Discussions

Related Forums