ISA Server 2006 Enterprise Edition only
Depending on the specific topology of your network, different permissions should be configured for the roles accessing the Configuration Storage server.
For instructions, see Assign administrative roles for array administrators and Assign administrative roles for enterprise administrators.
If the computer running the Microsoft Internet Security and Acceleration (ISA) Server 2006 services belongs to a workgroup, but the Configuration Storage server belongs to a domain, user accounts configured on the domain should be used to access the Configuration Storage server.
Create mirrored accounts on each array member, for intra array communication and administration. That is, create accounts with the same settings as the user account specified on this array member.
For example, suppose that the Configuration Storage server belongs to the microsoft.com domain. Two computers running ISA Server services each belong to a workgroup. The enterprise administrator, with a user name Adina, will administer this enterprise. Adina must belong to the Enterprise Administrators group. For this example, the following actions are required:
When Adina connects to the enterprise, she does the following:
If the computer running the ISA Server services belongs to a domain, but the Configuration Storage server belongs to a workgroup, create an administrative account on the Configuration Storage server.
Note that in this scenario, only one Configuration Storage server can be used for the enterprise. Create domain accounts for intra-array communication and administration.
If both the computer running the ISA Server services and the Configuration Storage server belong to the same workgroup, create a single administrative account.
Note that in this scenario, only one Configuration Storage server can be used for the enterprise. You do not have to create domain accounts for intra-array communication and administration.
Create mirrored accounts on each array member for intra-array communication and administration. You may want to create mirrored accounts for each administrator. Alternatively, create mirrored accounts for each role.