|
 |
|
|
Published
|
: |
January 10, 2008 |
Last Updated |
: |
January 10, 2008 |
|
|
|
Introduction |
Most of
the time, servers are located inside a dedicated room,
and we as an ISA Administrators are not available in
that room all the time. What if ISA Server was located in another floor, or it is
in a different building ? how about if
we were in another country ! We can control ISA Server remotely through different ways. In this article, I will demonstrate to you
how to enable remote administration of ISA Server, what
rules to enable, and how to control it from a remote machine.
|
|
|
Configuration
ISA Server 2006 comes with a
predefined rules called System Policy. Click
here
to read more about System Policy.
In this
article we will be configuring
some rules of the System Policy to enable Remote
administration for ISA Server 2006.
- Open
ISA Server Management Console,
Click on Start > All Programs >
Microsoft ISA Server
> ISA Server Management
- Click on the
Firewall Policy
node, as you can see, this is a fresh install of ISA
Server 2006,and it still has its default
Deny rule, and as I said previously we are
going to work with the System Policy ,and not going
to create any new rule to allow remote
administration
- From the right
side panel, under the
Tasks tab,
click on
Edit System Policy
- The
System Policy Editor
will open, for the purpose of this article we will
work with the Remote Management
configuration group. Clicking on any System Policy
configuration group from the left panel ( will be
marked with a red
arrow ), will open its configuration
page on the right side.

To connect to ISA
Server remotely, the System
Policy offers you three options
:
Microsoft Management :
using the MMC
Terminal Server :
using Remote Desktop Connection
Web Management :
I will not be
discussing Web Management, as I
do not have any Web Application
that can remotely manage ISA
Server, later on if my hands
fall on any application that
does this, I will be
demonstrating it
- Microsoft Management allows you to connect to ISA Server using the Microsoft Management Console, which you can install it on a remote machine, and from it you can connect to your ISA Server.

- By default Microsoft Management is
Enabled, but you will
need to specify from which machines you
are going to connect to your ISA Server,
this can be configure by clicking on the
From Tab, by default
the Remote Management Computers
is included under the From
source, and by default , the Remote
Management Computers is empty and you
will need to populate it.
- Click on the
Remote Management
Computers and then click on the
Edit Button, the
Remote Management Computers
Properties page will open, here
you can add a single Computer, an
address range, or a complete subnet to
the remote management computers, in this
article, I am the only administrator of
ISA Server, and I will only install the
MMC on my Vista Laptop, so I will add a
Computer, click the Add
button , then click on Computer
- Browse to the remote computer by
clicking on the Browse
button, or start filling its name, IP
address and a brief description if you
want, once its set, click on the OK Button

The Computer will be listed as shown
below, Click on the OK
button
- Click the Apply button
so the changes take effect

We are ready now to install the MMC on
my Vista Laptop to connect to ISA
Server, lets do that.
- Run ISA
Server Setup, click on Install ISA Server
2006
- You will get the
Welcome to
the Installation Wizard for
Microsoft ISA Server 2006
page, click on Next
- Accept the Terms and click
Next
- Enter the required
information and click on Next
- From the Setup Type page, Choose
Typical, click
Next

If you decided to choose Custom,
you will notice that only ISA Server
Management will be installed as this is a
Client Operating System
- In the Ready
to Install the Program
page, click on the Install
button
- Installation will be
completed, enable the checkbox
beside the Invoke ISA Server
Management when the wizard closes,
so that ISA Server MMC would be
opened once I click the Finish button.
- ISA Server MMC will
be opened

as u can see, on the right side
panel, under the Tasks
Tab, there is an option to Connect to a Local or Remote ISA
Server
- Click on it, the
Connect To page
will open, fill in the ISA Server
machine name you wan to connect , or
click on the Browse
button to select it from your
Network. I am using my laptop , and my laptop
is not part of the domain that ISA
Server is joined to, so I will need
to select the 2nd option where it
says: Connect using other
user credentials, if my
laptop was joined to the domain and
I am logging to it with a domain user
account, I would have left the
first option where it says : Connect using the credentials of the
logged-on user ,once all info is filed,
click on OK

You will the be connected to ISA
Server, and you can start working with it as if you
were setting in front of it.
- To Disconnect from
ISA Server Management, from the
right panel under the Tasks tab,
click on the Disconnect From
ISA Server Management

With this, we have concluded the
part concerning the Management
Console and now will start will the
Terminal Server policy.
- To Edit the System
Policy ( if you have it closed by now ), Click on
the Firewall Policy node From the
right side panel, under the Tasks
tab, click on Edit System Policy


If you chose the Remote
Management Computer and
clicked on the Edit
button, you would see the name of
the machine I added previously when
I was configuring the Microsoft
Management rule.

With this we are done configuring the System Policy.
Two remaining configuration should be set to enable
RDP to ISA Server, and they are as follow:
- On
ISA itself, go to the Terminal Services
Configuration and make sure that the
RDP-TCP connection is only bound to
the ISA Internal interface
(Properties -> Network Adapter).
To do this, click on Start >
Administrative Tools >
Terminal Services Configuration,
from the left panel click the Connection
node > then on the right page, right click the
RDP-TCP then click on
properties > click on the
Network Adapters Tab and then from the drop
down list , choose the Internal NIC
- Enable Remote Desktop,
this is done by right clicking on
My Computer >
Properties > click
on the Remote tab >
then make sure the checkbox beside
Enable Remote Desktop on
this computer is enabled.
Establishing
RDP Connection from Windows Vista
- Now from my Vista
machine, lets open Remote Desktop Connection to
connect to ISA Server. Click on Start
> All Programs >
Accessories > Remote Desktop
Connection
-
Enter the computer
name and click on Connect,
you will be asked for the
credentials to connect to the remote
ISA Server

Summary
Administrating ISA Server remotely
is possible, and you do not need to
create any extra rule to allow
connection through MMC or RDC, ISA Server 2006 comes with a predefined
set of rules called System Policy.
System Policy offers you multiple ways
to connect to ISA Server remotely. In this article, I showed you in details
what are the configuration needed to be
set on the ISA Server, and what you need to do on the client machine as well to establish
the remote connection.
|
|
|
|
|
|
|