To manage ISA Server 2004, you might wish to install the ISA Server Administration Tools on your laptop or desktop.
You cannot install the ISA Server 2004 Administration Tools on a computer that is also running the ISA Server 2000 Administration Tools. When the ISA Server 2004 installation takes place, it removes the ISA Server 2000 version. You cannot run the ISA Server 2000 and ISA Server 2004 Management consoles on the same machine at the same time.
Follow these steps to install the ISA Server Administration Tools:
Connect to the ISA Server 2004 installation directory, and run Setup.exe from the Fpc folder or insert the ISA Server CD into the computer. After the Microsoft ISA Server Setup launches, click Install ISA Server 2004.
On the Welcome To The Installation Wizard For Microsoft ISA Server 2004 page, click Next.
On the License Agreement page, select I Accept The Terms In The License Agreement, and click Next.
On the Customer Information page, enter your name and the name of your organization in the User Name and Organization fields. Enter your serial number in the Product Serial Number field, and click Next.
On the Setup Type page, select Custom. (See Table 2-1 for a description of the other options available.) Click Change if you would like to change the location of the program files on the hard disk, and click Next.
If you are installing the ISA Server Management console onto a workstation, you receive a message stating that only the Management tools can be installed. Click OK.
Select only ISA Server Management, and then click Next.
Review your settings, and then click Install.
When the installation completes, click Finish.
You need to configure your ISA server's system policies so that your computer is allowed to perform remote management.
For more information on system policies, see the section "Know Your System Policies," later in this chapter.
From the ISA Server Management console on the server, click Firewall Policy, then on the Tasks tab, click Show System Policy Rules.
Double-click the Allow Remote Management From Selected Computers Using MMC system policy, and ensure that the Enable check box is selected.
Click the From tab, select Remote Management Computers, and then click Edit.
In the Remote Management Computers Properties dialog box, click Add to choose to add your computer, a range of addresses, or an entire subnet.
To reduce your attack surface, specify individual computers that have reserved IP addresses. If you travel or cannot reserve an IP address, you might need to add different subnets.
Click OK to close the Rule Element dialog box, then click OK to close the Remote Management Computers Properties dialog box.
At the ISA Server Management console, click Apply. Click OK again after the changes have been applied.
You can also configure the ISA server to allow administration through a Terminal Services connection. To perform these steps, configure the machine to support a Remote Desktop connection (see Windows Server 2003 Help for instructions), and then follow the steps for configuring the Remote Management From Selected Computers Using MMC given earlier, but select the Allow Remote Management From Selected Computers Using Terminal Services system policy rule instead.
You can manage more than one ISA server in a single console by using the Connect To Local Or Remote ISA Server task. To connect to a local ISA server or add a remote ISA server, follow these steps:
Click Microsoft Internet Security And Acceleration Server 2004 in the left (content) pane, and then click Connect To Local Or Remote ISA Server in the right (tasks) pane.
In the Connect To dialog box, you have the option to connect to the local computer or the remote computer. If connecting to the local computer, click OK. If connecting to the remote computer, click Another Computer (Remote Management); type the name of the remote ISA server or click Browse to search for the remote ISA server; specify the user credentials by using the credentials of the logged on user or typing the user name, password, and domain; and finally click OK.
The ISA server now appears in the left (content) pane.