We have a Windows server on our private side that needs to see out - right
now just to update itself and the like, later it will host an Exchange email

We have, in nwadmn, bm_server, bm_setup, Authentication Context

Authenticate only when a user attempts to access a restricted page

checked off.

1. What happens if I uncheck it? Leaving it unchecked seems to allow web
browsing to people who didn't used to have that right.

2. Is there a way to get the Windows server to do what it needs with it
running clntrust and w/o Authenticate only being checked?

Any other pointers on getting this to work would be appreciated. It's
obviously inconvenient for the Windows server to be running a Netware client
if there's a way to avoid that.

Thanks in advance.