Assign administrative roles for array administrators (Enterprise Edition)

  • Article

To assign administrative roles for array administrators (Enterprise Edition)ISA Server 2006 Enterprise Edition only

  1. In the console tree of ISA Server Management, click the applicable array:

    • Expand Microsoft Internet Security and Acceleration Server 2006, expand Arrays, and then click Array_Name.

  2. On the Tasks tab, click Assign Administrative Roles.

  3. If the computer running the ISA Server services is in a domain, on the Assign Roles tab, click the upper Add button. Then, do the following:

    1. In Group or User, type the name of the group or user that can access the Configuration Storage server.
    2. In Role, select one of the following:
      ISA Server Array Administrator. Allows the specified group or user full control permissions for the array. The administrator can also view the enterprise policy applied to the array.
      ISA Server Array Auditor. Allows the specified group or user monitoring permissions and to view the array configuration.
      ISA Server Array Monitoring Auditor. Allows the specified group or user some monitoring permissions.

  4. If the computer running the ISA Server services is in a workgroup, on the Assign Roles tab, click the lower Add button. Then, do the following:

    1. In Group or User, type the name of the group or user that can access the Configuration Storage server.
    2. In Role, select one of the following:
      ISA Server Array Administrator. Allows the specified group or user full control permissions for the array. The administrator can also view the enterprise policy applied to the array.
      ISA Server Array Auditor. Allows the specified group or user monitoring permissions and to view the array configuration.
      ISA Server Array Monitoring Auditor. Allows the specified group or user some monitoring permissions.

Note

To open ISA Server Management, click Start, point to All Programs, point to Microsoft ISA Server, and then click ISA Server Management.

Important

If the computer running the ISA Server services is in a workgroup, you must create identical (mirrored) accounts to those specified in this procedure on each array member.
In workgroup scenarios, you specify the user or group name in two locations:

  • When you click the upper Add button, in Group or User, use the following format to specify the group or user name: Configuration_Storage_Server_Name\UserName.
  • When you click the lower Add button, in Group or User, use the following format to specify the group or user name: UserName. Do not specify the Configuration_Storage_Server_Name.

If the Configuration Storage server is in a domain, a domain-level user should be specified. Do not specify a local user.

Do not delegate administrative roles to these security identifiers (SIDs): Creator Owner and Creator Group. This is because these SIDs do not exist on the Active Directory Application Mode (ADAM) on which the ISA Server configuration is stored.

Administrative roles are described in Administration Concepts at ISA Server Guidance(https://www.microsoft.com/).

Other Resources

ISALink_DomainWorkgroupPermissions