Please take a look at this thread.
It will help with your question and make sure to read all of it hence its had a revision of the Rule.
Thanks Saul. Is this the only way to make this work? Most of our users use firefox (or even Safari and Chrome) as a web browser. Also this would not help our guests and students accessing the internet, would it? Should I be looking at another configuration, other then WCCP?
We want this to be as transparent as possible. It is very political here and this would not go over well.
Safari would not be supported for transparent NTLM authentication. The user would get a pop-up box asking to authenticate.
Firefox will work but will needs to be setup to pass NTLM authentication if you want it to work transparently. Otherwise it will pop a box to authenticate as well. A simple add on is NTLM Auth.
Chrome will work just fine. It uses IE settings.
IE should work just fine without having to do anything. It already trusts intranet sites and will pass authentication.
Handling the unauthenticated students would be easy because they would be on a separate vlan. You can make a rule that says: If this vlan (ip address range) then do not authenticate. Then any browser they use will work fine.
Is there another method I should be looking at that would do what we want?