I have a TMG 2010 SP1 server running on Server 2008 R2 in a single-NIC configuration - not live yet.
I will be allowing web access in three fashions:
- one method is using the TMG as the default gateway for our network so that devices that don't support proxy for web traffic can still access the web (albeit filtered
- another is using the TMG as an anonymous proxy for a separate domain/guest computers that don't have accounts on our primary domain
- the other method is to use the proxy server to get clients to authenticate to easily track which user went where.
Mgmt wants to allow employees to override access restrictions if they are authenticated (so we can track who went where) so that people can still perform their duties without IT intervening, but if they abuse it we can track it.
I've tried creating two Web Access rules within TMG: one that denies access but allows override for the appropriate AD group, another below that that denies and does not allow override for "All Users". The problem is that even if the user is authenticated, it matches the request to the non-override rule; as soon as I disable the rule, they can override.
Any ideas on how to allow override only if the user is authed?
0 Answers