General discussion


Removing ISA2004 from the network

By adamcort ·
I have just started at a company, and there is a requirement to remove ISA2004 from the network.

It was put in as an interim solution to accelerate the internet connection for Citrix users on another site.

Before I go any further, I will let you all know that my knowledge of ISA2004 can be written on a postage stamp with a crayon.

What I need to do is the following;

There is a group configured in ISA that if you are a member of, you get internet access when on the Citrix Desktop. I need to remove all the users from this group and bypass the ISA Server.

I have moved a user out from there current OU, removed them from the above group and tested there internet access, and it is fine. So, I can only assume that some GPO is being applied on logon to Citrix which is applying the internet connection settings. I need to find it?!?!?!?


This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
Thread display: Collapse - | Expand +

All Comments

Collapse -

by CG IT In reply to Removing ISA2004 from the ...

not that easy. ISA 2004 has more security than ISA 2000.

First is there is one security group created in Active Directory that ISA uses to validate that users are allow Internet Access. That is the Internet Access users Security Group.

ISA checks this group as authentication for users. The second security is the type of user. Secure NAT and ISA Firewall client. ISA firewall client allows a computer to find ISA without lenghtly configuration of the browser and TCP/IP properties. Secure NAT is the proxy server settings [which is manually configuring user browsers].

If you remove the user from the Internet Security users group, that user should not be able to access the internet, but that doesn't restrict the computer from being able to access the internet if the computer is configured as Secure NAT or Firewall Client.

See for more on ISA server

Collapse -

by CG IT In reply to

there is a lot more to ISA in allowing internet access. ISA 2004 is highly configurable.

There are site and content rules, protocol rules, day and time rules, access policies.

If you don't know ISA 2004, best to find an expert and have them come in and configure it.

Back to Desktop Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums