ISA 2000: Block Barry's Access Except For One Site
Q: I need to block Internet access for Barry, except for one site.
A: As long as all users are required to authenticate when surfing, this is doable. You can specify exclusions using the Site and Content rules.
However, if any combination of (S&C and Protocol) rules is allowing anonymous access (anywhere), Barry may be able to get through; web browsers typically try to use anonymous connections before authenticating.
You Will Need:
A Destination Set ("Barry's White List"): contains only
www.thealloweddomain.dom (and any other domains you do want Barry to access).
Protocol Rule(s) allowing access to HTTP/S.
Site and Content Rules something like this:
Allow (Domain Users) Anywhere Anytime
Deny (Barry) (All Sites Except Selected Destination Set: Barry's White List)
or, if you've already got a "full privilege" user group segregated:
Allow (Internet Access Group) Anywhere Anytime
Allow (Barry) (Selected Destination Set: Barry's White List) Anytime