It's not the world's best solution but you could assign static ip addresses to these machines and setup the authentication to be based upon the ip address. I see no other way to get this to work. The ISA client software is based on integrated authentication so the machine must be part of the domain. Another way might be to put these machines in a seperate domain and setup a trust. This way you can use the integrated authentication..