Restricted users fail to authenticate with NTLM
When Content Gateway is configured to perform Legacy NTLM authentication with Active Directory, users who are restricted to a subset of workstations may not successfully authenticate.
The problem is due to the way Content Gateway establishes a session with the domain controller.
To work around the problem, in your Active Directory add a workstation named “TMP” and include it in the set of workstations available to the restricted users. TMP is the surrogate workstation name used by Content Gateway when establishing a session. TMP is used because, for security reasons, the actual workstation name is not provided by the browser in the authentication handshake.