Assign administrative roles for enterprise administrators (Enterprise Edition)

  • Article

To assign administrative roles for enterprise administrators (Enterprise Edition)ISA Server 2006 Enterprise Edition only

  1. In the console tree of ISA Server Management, click Enterprise:

    • Expand Microsoft Internet Security and Acceleration Server 2006, and then click Enterprise.

  2. On the Tasks tab, click Assign Administrative Roles.

  3. If the computer running the ISA Server services is in a domain, on the Assign Roles tab, click the upper Add button. Then, do the following:

    1. In Group or User, type the name of the group or user that can access the Configuration Storage server.
    2. In Role, select one of the following:
      ISA Server Enterprise Administrator. Allows the specified group or user full control permissions.
      ISA Server Enterprise Auditor. Allows the specified group or user to view the enterprise and array configurations.

  4. If the computer running the ISA Server services is in a workgroup, on the Assign Roles tab, click the lower Add button. Then, do the following:

    1. In Group or User, type the name of the group or user that can access the Configuration Storage server.
    2. In Role, select one of the following:
      ISA Server Enterprise Administrator. Allows the specified group or user full control permissions.
      ISA Server Enterprise Auditor. Allows the specified group or user to view the enterprise and array configurations.

Note

To open ISA Server Management, click Start, point to All Programs, point to Microsoft ISA Server, and then click ISA Server Management.

Important

If the computer running the ISA Server services is in a workgroup, you must create identical (mirrored) accounts to those specified here on each array member.
In workgroup scenarios, you specify the group or user name in two locations:

  • When you click the upper Add button, in Group or User, use the following format to specify the group or user name: Configuration_Storage_Server_Name\UserName.
  • When you click the lower Add button, in Group or User, use the following format to specify the group or user name: UserName. Do not specify the Configuration_Storage_Server_Name.

Do not delegate administrative roles to these security identifiers (SIDs): Creator Owner and Creator Group. This is because these SIDs do not exist on the Active Directory Application Mode (ADAM) on which the ISA Server configuration is stored.

Administrative roles are described in Administration Concepts at ISA Server Guidance(https://www.microsoft.com/).

Other Resources

ISALink_DomainWorkgroupPermissions