Maintaining ISA Server 2004

How to Implement Remote Administration :

In most organizations, you will not perform ISA Server administration directly from the ISA Server computer console. The ISA Server computer should be located in a physically secure server room and you should administer the server from your client computer. If your organization has multiple locations with ISA Servers installed in each location, you may need to manage all the servers from your desktop. Remote administration enables you to administer ISA Server in all these cases.

You have two options for remotely administrating ISA Server. You can use a Terminal Services or Remote Desktop connection to administer the server, or you can install the ISA Server Management Console on another computer and use it to manage the ISA Server computer.

If you have installed ISA Server on a server running Windows 2000, you can use Terminal Services to manage the ISA Server computer. If ISA Server is installed on a computer running Windows Server 2003, you can use Remote Desktop in the same way. When you use Terminal Services or Remote Desktop to administer the ISA Server computer, you can view the desktop of the ISA Server computer as if you were in front of the monitor attached to the ISA Server computer. The advantage of using Terminal Services or Remote Desktop to administer ISA Server is that you can manage virtually all the settings on the server, not just ISA Server.

To enable remote administration of ISA Server on computers running Windows Server 2003, you must be a member of the Administrators group or Remote Desktop Users group on the ISA Server computer, or be granted permission to use Remote Desktop to connect to the server. To enable remote administration of ISA Server running on a Windows 2000 computer, you must install Terminal Services on the server in either Application or Remote Administration mode. Then the user properties must be configured to allow remote connections using Terminal Services.

To run ISA Server Management, you need the following:
1- A personal computer with a 300-megahertz (MHz) or higher, Pentium II–compatible CPU
2- Windows Server 2003, Windows 2000 Server or Windows 2000 Professional, or Windows XP
3- 256 megabytes (MB) of memory
4- 19 MB of available hard-disk space.

When you install ISA Server, the default system policy allows remote administration from all members of a computer set named Remote Management Computers. This computer set is used to assign remote access permissions in both the MMC system policy configuration group and the Terminal Services configuration group. By default, no computers are in this group, so no computers can connect to the ISA Server computer for remote management. To enable remote management on the ISA Server computer, you must configure remote administration by editing the appropriate MMC or Terminal Server configuration group in the System Policy editor.

Key Terms
administrative role Used to assign permissions on ISA Server. Each administrative role has a predefined set of permissions that allow the user to perform specific tasks on the ISA Server computer.

firewall access rule A configuration object on ISA Server that defines what types of network traffic will be allowed on the ISA Server computer. By default, all network traffic is blocked unless a firewall access rule allows the specific traffic.

Remote Management Computers A computer set that is used to provide remote management access to ISA Server. This computer set should include all the IP addresses of the computers that are used to perform remote administration on the ISA Server computer.

system policy A set of firewall access rules that controls how the ISA Server computer communicates with computers on the attached networks.

Google