Forefront TMG 2010 Forward Proxy Session
-
Saturday, November 24, 2012 10:02 AM
Hi all,
We have Forefront TMG 2010 configured as Forward Proxy. All internal users need to pass through TMG before they can access internet. Right now all the settings seems working well. User will set FF TMG IP address on internet browser proxy setting.
I just want to know, is there any way to restrict user session to internet. My point is, let say Alex want to access internet from his pc, he open web browser. Authentication will prompt and Alex need to supply his username and password. Then, he able to access internet. How can we restrict the same user Alex, from using his own username and password to access internet from different pc at the same time. In simple word, Alex cannot use his own username and password from different pc at the same time.
Is there any ways to do it?
Cheers.
All Replies
-
Sunday, November 25, 2012 10:19 PM This isn't a TMG problem but rather an Active Directory problem, back in server 2003 we could use LimitLogin (http://support.microsoft.com/kb/237282) but if you are running server 2008/R2 or server 2012 you would need a 3rd party tool such as UserLock from IS Decisions (http://www.isdecisions.com/products/userlock/).
Nathan Storms | The Architect Evangelist
- Proposed As Answer by NathanStorms Sunday, November 25, 2012 10:19 PM
- Marked As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Monday, December 03, 2012 1:23 AM
-
Sunday, November 25, 2012 11:01 PM
Thanks Nathan for your suggestion.
I detailt it some more. Actually, they used AD and TMG. But unfortunately, none of their users machine were joined to domain. So, the issue that exactly happened was they like to share their username and password. Some users have restriction on internet access while the others not. When it come to internet access, some users like to use other username and password and not their own.
Is there any setting or configuration that could be made on TMG.
Thanks in advanced!
-
Tuesday, November 27, 2012 6:48 AMI am not aware of any other configuration that can be made on TMG to produce the requested result.
Nathan Storms | The Architect Evangelist
-
Wednesday, November 28, 2012 4:01 PMModerator
Hi,
Thank you for the post.
“This isn't a TMG problem but rather an Active Directory problem, back in server 2003 we could use LimitLogin” – I agree with Nathan, but it will not accomplish the stated task of limiting user connections through ISA. Even when ISA knows the user, ISA does not have the means to apply a limitation of “x maximum connections from user y”. Even when a valid user is accessing a web server through ISA, each application instance may create multiple TCP connections. Limitlogon – this will have no effect on either the number of client connections or credentials sharing between users where ISA authentication is concerned.
To the point of controlling credentials sharing between users, nothing short of *enforced* company policy will accomplish this and even that is not guaranteed.
Regards,
Nick Gu - MSFT
- Proposed As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Friday, November 30, 2012 7:09 AM
- Marked As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Monday, December 03, 2012 1:23 AM
-
Thursday, December 06, 2012 3:02 AM
Thanks Nick and Nathan for your explanation. At least we have a clear picture for the said configuration.
Thanks a lot!
.png)
