Microsoft Internet Security and Acceleration (ISA) Server 2004 Administrator s Pocket Consultant

Bud Ratliff and

Jason Ballard with the Microsoft ISA Server Team

PUBLISHED BY Microsoft Press A Division of Microsoft Corporation

One Microsoft Way Redmond, Washington
98052-6399

Copyright © 2006 by Bud Ratliff and Jason Ballard

All rights reserved. No part of the contents of this book may be reproduced or transmitted in any form or by any means without the written permission of the publisher.

Library of Congress Control Number: 2005935316

Printed and bound in the United States of America.

1 2 3 4 5 6 7 8 9 QWE 0 9 8 7 6 5

Distributed in Canada by H.B. Fenn and Company Ltd.

A CIP catalogue record for this book is available from the British Library.

Microsoft Press books are available through booksellers and distributors worldwide. For further information about international editions, contact your local Microsoft Corporation office or contact Microsoft Press International directly at fax (425) 936-7329. Visit our Web site at www.microsoft.com/mspress. Send comments to mspinput@microsoft.com.

Microsoft, Active Directory, ActiveSync, FrontPage, Microsoft Press, MSDN, NetMeeting, Outlook, SharePoint, Win32, Windows, Windows Media, Windows NT, Windows Server, and Windows Server System are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Other product and company names mentioned herein may be the trademarks of their respective owners.

The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.

This book expresses the author's views and opinions. The information contained in this book is provided without any express, statutory, or implied warranties. Neither the authors, Microsoft Corporation, nor its resellers, or distributors will be held liable for any damages caused or alleged to be caused either directly or indirectly by this book.

Acquisitions Editor: Martin DelRe

Project Editor: Laura Sackerman

Body Part No. X11-50519

Acknowledgements

The process of writing this second edition of the Microsoft Internet Security and Acceleration (ISA) Server Administrator's Pocket Consultant took a lot longer than any of us expected. One would think a second edition would be a lot easier, but with the rich set of new features available in ISA Server 2004, we rewrote almost the entire book. Furthermore, we added five chapters to the previous edition to bring the grand total to 20 chapters that cover a range of new features and scenarios.

We want to thank several contributing authors who provided us with specific content:

Chapter 11, "Securing Virtual Private Network Access," benefited from the assistance of Frédéric Esnouf, who is the author of a French-language ISA Server book (see a link in the "Additional Resources" appendix), and the developer of QSS, a Quarantine Solution for ISA Server. QSS is available at http://esnouf.net/qss.

Chapter 12, "Scripting with Microsoft ISA Server 2004," was written by Jesper Hanno, who is a Microsoft MVP with ISA Server, and also an expert in Microsoft Exchange, Microsoft Windows Server, and Microsoft Internet Information Services (IIS). He provides community news and solutions through his Web sites at http://www.hanno.dk and www.it-experts.dk.

Chapter 16, "Configuring Microsoft ISA Server with Microsoft Exchange Server 2003," was partially written by Jonathan Hassel, who is a writer, speaker, and consultant. You can find out more about him at http://www.jonathanhassell.com.

Chapter 17, "Configuring Microsoft ISA Server with Microsoft SharePoint Portal Server 2003," was developed by Barry Martin of The Mirazon Group (www.mirazon.com), who is an MCT and MCSE.

Chapter 19, "Configuring ISA Server with Virtual Server 2005," was developed by John Ross of The Mirazon Group (www.mirazon.com), who is an MCT and MCSE.

In addition, each chapter traveled through four different teams before it could be completed: the wonderful Microsoft Press editorial staff, the ISA Server MVPs, the Microsoft ISA Server Product Team, and the Microsoft Security Content Review Board (SCRB). We want to thank all the folks who helped make this book accurate and complete.

ISA MVP Reviewers:

• Deiter "Ramblin' Man" Rauscher, Frédéric "Mssr. Incredible" Esnouf, Kai "You Talkin' to Me?" Wilke, Dr. Tom "The Godfather" Shinder, and all the other great MVPs who helped!

ISA Team Reviewers:

• We thank the talented Microsoft ISA Server Team who helped build this great product and review many chapters: Adina Hagege, Alexandra Faynburd, Ilan Herbst, the ever wise and generous Jim Harrison, Nathan Bigman, Pesach Shelnitz, Yoram Singer, David Roundtree, and Josue Fontanez.

SCRB:

• Michael Glass and David Visintainer were the SCRB team members who recruited the reviewers and coordinated their time. Our reviewers were Vic Shahid, Kimmo Bergius, Mark Kradel, Joel Schaeffer, and Matthijs ten Seldam. Thanks for your great suggestions.

The nSight team made sure all the punctuation, grammar, and wording were correct. Many thanks to the following folks:

• Susan McClung, nSight Project Manager

• Teresa Horton, Copyeditor

• Karmyn Guthrie, Proofreader

• Peter Amirault, Gabe Weiss, Terrie Robertson, and Angela Montoya, Desktop Publishing Specialists

• Jack Lewis, Indexer

We want to particularly thank Tony Northrup, our Technical Editor, who helped to shape the book into sturdy form and improve its quality. We also want to thank Laura Sackerman, our Project Editor, and Martin DelRe—you couldn't ask for better folks to help guide you through the process of building a book. Thanks for your understanding and extra work in helping to adjust the schedule to accommodate the unavoidable realities of life.

Because we're writing this at 2:00 in the morning (the time most of this book was written), please forgive us if we haven't named you specifically. You know who you are, and we thank you so much!

Bud thanks his wife for her patience, and for only saying "I told you so" once. He thanks his son for providing welcome door-pounding interruptions for some father/son time. He also thanks the many, many people in the ISA Server, Microsoft, and Lexington communities for their support, friendship, and generosity.

Jason would like to thank his wife and son for their tremendous support throughout the entire book. The project took longer than expected, but you both remained positive and encouraged me to keep working to get the book completed.

About the Authors

Jason Ballard

Jason Ballard is an Information Systems Assistant Manager for Toyota Motor Manufacturing North America. He is responsible for servers, storage, and backup technologies. Jason received a bachelor's degree in Business Administration from the University of Kentucky.

Jason is an accomplished presenter and public speaker, having presented seminars and demonstrations for emerging technologies to a variety of audiences. Outside of work, Jason enjoys many activities, including time with his family, running, cycling, golf, and basketball.

Bud Ratliff

Bud Ratliff, a Microsoft ISA Server MVP, is also a project management professional, MCSE, MCT, and principal partner in The Solarity Group (www.solarity.com), a Microsoft Certified Partner providing training, consulting, and support for clients internationally. He helps clients improve their ability to do business through the strategic application of processes, training, and technology. Bud travels internationally to speak on topics related to leadership, productivity, project management, security, and Windows operating systems. Bud enjoys time with his family, reading, running, playing his bass guitar, and meeting new and interesting people around the world. You can reach Bud at Bud.Ratliff@solarity.com.