Internet Access for Macintoshes behind ISA 2000 Part 1

In a default SBS2000 or SBS 2003 Premium installation, ISA is configured to allow outbound web and internet access for members of a Windows security group. Macintosh workstations cannot interact with this particular interface and, as such, will not be able to get out to the internet, even when proxy information is correctly configured. This document discusses one of two possible ISA configuration changes that will allow Macintosh workstations to access the internet. The solution in this first method assumes that the organization using ISA does NOT want to limit access to the internet for anyone on the local intranet. If this type of internet access restriction is desired, please look at the second document (coming soon) for that implementation.

ISA 2000 has four areas that much be changed in order for Macs to access the public internet. All four areas have one item in common – they all rely on Windows authentication information that the Macs cannot supply. For that reason, all four areas must be set so no authentication information is requested.

Follow these steps to make the necessary configuration changes to ISA:

1. Open the ISA Management console.

2. Expand the Access Policy folder.
3. In the Site and Content Rules folder, make the following changes to both the Small Business Server Internet Access Site and Content Rule and the Small Business Server All Users Site and Content Rule:
   1. Right-click on the rule and select Properties.

   2. Click on the Applies To tab.
   3. Select the Any Request radio button and click OK.
4. Repeat step 3 for the Small Business Internet Access Protocol Rule in the Protocol Rules folder.
5. Right-click on the server and select Properties.
6. Click the Outgoing Web Requests tab.
7. Under Connections, turn off the Ask unauthenticated users for identification checkbox and click OK.
8. When prompted, save the changes and restart the ISA services.