HI Guys and Girls,

Objective:
1. Have proxy logs include username without annoying users or stopping

servers from doing downloads. Support Terminal Server

So far:
1. Clntrust runs on most workstations. I find must I also must REQUIRE

authentication at the BM server. Of course as soon as I do - I must
login
via web page at the servers (inc Terminal Server - which is
unacceptable).

2. Tried a suggestion Cat made about creating an access rule for my
servers (I did it by IP range), then enabling "authenticate only when

hitting restricted page". If I look at effect effective rules I see my

rule (allow application proxy http port 80, source - my server ip
range,
dest any) and then the default deny all, all rule.

Unfortunately, this doesn't seem to require the workstations (which
are
not in the range set by my rule) to authenticate. It still logs them
by IP
address. Sigh. If I "enforce access rules" then I break browsing for
the
workstations (of course).

I then created a second rule saying "allow application proxy http port
80,
source - NDS Org container, dest any". I thought - now I can enforce access rules. But it still broke workstation browsing !!!! I made sure

aclcheck is loaded at the server.

3. pxyauth.exe - sigh. Unfortunately I work with a person who believes

that you should have almost a context per user !!! Creating an
acceptable
solution with pxyauth is not possible - the pick list for context is
too
big for users. The other fun thing I have noticed is that *all* our
Citrix
box web browsing is now logged against my account. What the ???

***All I want to do at this stage is log the usernames !!!!

Any help appreciated !!

Running BM3.7 SP2 with "fp3c" update.

TIA,

Ian