Internet access control in Windows 2003 domain server environmment

10 pts.
Tags:
Domain Controller
Internet access
User Permissions
Windows Server 2003
i want to control internet access to some of my PC in my Windows 2003 domain Network. Plz help
ASKED: November 23, 2008  8:03 AM
UPDATED: April 9, 2010  9:24 AM

Answer Wiki

Thanks. We'll let you know when a new response is added.

<a href=”http://support.microsoft.com/kb/331062″>Three letters – ISA </a>

You can also install ISA Server after you upgrade to Windows Server 2003. However, the packet filter extension driver in the release version of ISA Server is incompatible with Windows Server 2003, and it is blocked from loading during installation. During installation, you can safely ignore all error messages that are related to this issue because ISA Server SP1 includes a compatibility fix for the driver. After you install ISA Server, the incompatible software services do not start. You must then apply ISA Server SP1 to implement the driver fix. After you install ISA Server SP1, you must install the ISA Server 2000 Required Updates for Windows Server 2003 package.

Before you install ISA Server on a computer running Windows Server 2003, make sure that the computer is disconnected from the Internet. The computer must remain disconnected from the Internet until you successfully complete all the following steps. After that, you can safely connect the computer to the Internet.

Note Do not remove (uninstall) ISA Server before you install ISA Server SP1. If you have to remove ISA Server, you must wait until you have completed your installation of ISA Server SP1.

To install ISA Server on Windows Server 2003, follow these steps:

1. Start the ISA Server Setup process. You receive the following message:
ISA 2000

ISA 2000 requires Service Pack 1 to function correctly on this version of Windows. During the installation, error messages and error event logs regarding compatibility might appear. These messages may be ignored during the installation. Install Service Pack 1 after this installation is complete. Service Pack 1 can be downloaded from http://go.microsoft.com/fwlink/?linkid=4833.

For more information, contact Microsoft.
2. Click Continue. When Setup completes the installation of ISA Server, you receive the following message in the notification area:
Devices or applications disabled
‘ISA 2000′ will cause Windows to become unstable. Windows has prevented these drivers from loading. Click here for more details.
3. When Setup is complete, you receive the following message:
Setup has failed to start one or more services. Please examine the event log for more details.
4. Download and install ISA Server SP1. After you install SP1, you must restart the ISA Server computer.
5. After the computer restarts, download and install the ISA Server 2000 Required Updates for Windows Server 2003 package. To obtain this update, view the “ISA Server 2000 Required Updates for Windows Server 2003″ section of this article.

After you install the ISA Server 2000 Required Updates for Windows Server 2003 package, ISA Server functions correctly.
Back to the top
Running ISA Server 120-Day Trial Software on Windows Server 2003
The ISA Server 120-day trial program is currently only supported on Windows 2000-based servers. You must remove the ISA Server trial program from any server running Windows 2000 before you upgrade to Windows Server 2003.
Back to the top
Known Issues That Occur When Running ISA Server on Windows Server 2003

* When you run ISA Server 2000 and Microsoft Internet Information Services 6.0 (IIS) on the same computer, you may experience issues with the ISA Server Web proxy service (W3proxy). By default, IIS listens on all IP addresses. This prevents W3proxy from binding to port 80 for Web publishing. To resolve this issue, follow these steps:
1. Install the Windows Server 2003 Support Tools (included with Windows Server 2003), and then locate the Httpcfg.exe file.
2. Run the Httpcfg.exe utility to configure HTTP.sys to stop listening on all IP addresses. To do this, type httpcfg delete iplisten -i 0.0.0.0 at a command prompt.
3. Configure HTTP.sys to listen only on the specified IP address (usually the internal IP address of ISA Server) by typing httpcfg set iplisten -i ip-address at a command prompt.
4. Stop the IIS HTTP service by typing net stop http at a command prompt.
5. Stop the ISA Server Web proxy service by typing net stop w3proxy at a command prompt.
6. Restart the IIS HTTP service by typing net start http at a command prompt.
7. Restart any related IIS services. For example, type net start “World Wide Web Publishing Service”.
8. Restart the ISA Server Web proxy service by typing net start w3proxy at a command prompt.
* ISA Server digest authentication may not function when it is run with a Windows Server 2003 domain. On the Windows Server 2003 domain controller, you have to register Iissuba.dll. By default, this file is not registered on Windows Server 2003. To resolve this issue, follow these steps:
1. Start a command prompt.
2. Type Rundll32 iissuba.dll, RegisterIISSUBA on each Windows Server 2003 domain controller.

Note This command is case-sensitive.
* You cannot run the ISA Server Security Configuration Wizard in Dedicated mode unless the computer is a member of a domain.
* Remote client connections may be unsuccessful when they send requests to ISA Server computers configured as a Network Load Balancing cluster that has a virtual IP address (VIP) on the external interface. This problem occurs if there are multiple VIPs on the internal interface, and if the UseISAAddressInPublishing registry key that is described in the followng Microsoft Knowledge Base article is used:

311777 (http://support.microsoft.com/kb/311777/EN-US/ ) How to Enable Translating Client Source Address in Server Publishing
Traffic sent from the ISA Server internal interface to the published server originates from one of the internal VIPs and not an individual firewall’s device IP address. The problem occurs because reply traffic is load-balanced and may be sent to a firewall that does not have a context for the connection. This traffic is dropped and will never return to the remote client. This results in a connection failure.
* When you install ISA Server, view reports, or read the ISA Server online help, you may receive the following message:
Microsoft Internet Explorer’s Enhanced Security configuration is currently enabled on your server. This enhanced level of security reduces the risk of attack from Web-based content that is not secure, but it may also prevent Web sites from displaying correctly and restrict access to network resources.
To prevent this message from appearing, click to select the In the future, do not show this message check box, and then click OK.

Discuss This Question: 5  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Samatra
    [...] details: internet access control in windows 2003 domain server environmment [...]
    0 pointsBadges:
    report
  • Samatra
    [...] More [...]
    0 pointsBadges:
    report
  • Yasir Irfan
    You can also use open source gateway called untangle check by blog
    report
  • Sdftadsgf
    How to create a policy in ISA 2000 to stop browsing all porn sites?
    10 pointsBadges:
    report
  • Samatra
    [...] Internet access control in Windows 2003 domain server environmment [...]
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following