The only downside to this type of configuration is
that it becomes more difficult to scale this configuration because groups and users
have to be duplicated between individual servers.
Delegating and Customizing Administrative Access
to the ISA Console
After a best-practice model is developed for controlling access to an ISA server through
role-based access control, those groups can then be created and delegated access to an ISA
server. Groups can either be created in Active Directory, if the ISA server is a domain
member, of local groups can be created for workgroup member servers.
Creating Active Directory Groups for Admin Access
If an Active Directory environment is utilized, creation of the access groups for delegation
of ISA administration is straightforward. It is recommended to create the three groups to
correspond with the three levels of ISA Administration. To create a group, do the following:
NOTE
The following procedure illustrates the creation of AD groups in a Windows Server
2003 environment. The procedure is slightly different on a Windows 2000 server.
1. On an Active Directory domain controller, open Active Directory Users and
Computers (ADUC) by clicking Start, All Programs, Administrative Tools, Active
Directory Users and Computers.
Pages:
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691