How do I set up ISA Server to Deny/Permit access based on IP-address AND User
In the site and content rules' and 'protocol rules' you need to choose to specify access by using user or ip-address. In some cases it might be useful to have a combination. We did the following to solve the problem. In the 'site and content rules' we specified access by IP-address in the 'protocol rules' we specified access by user-account. The problem we solved this way: everybody is allowed at any time to access the internet from our internal network but everybody is only allowed access to the internet from our dial-up network during office hours.