Roles for domain and workgroup (Enterprise Edition)

ISA Server 2006 Enterprise Edition only

Depending on the specific topology of your network, different permissions should be configured for the roles accessing the Configuration Storage server.

For instructions, see Assign administrative roles for array administrators and Assign administrative roles for enterprise administrators.

Computer running ISA Server services belongs to a workgroup

If the computer running the Microsoft Internet Security and Acceleration (ISA) Server 2006 services belongs to a workgroup, but the Configuration Storage server belongs to a domain, user accounts configured on the domain should be used to access the Configuration Storage server.

Create mirrored accounts on each array member, for intra array communication and administration. That is, create accounts with the same settings as the user account specified on this array member.

For example, suppose that the Configuration Storage server belongs to the microsoft.com domain. Two computers running ISA Server services each belong to a workgroup. The enterprise administrator, with a user name Adina, will administer this enterprise. Adina must belong to the Enterprise Administrators group. For this example, the following actions are required:

• Create mirrored accounts for Adina on both computers running ISA Server services. (The accounts must have identical credentials.)
• Add Adina's domain user name to the users allowed to access the Configuration Storage server.
• Add the user name (specified in the mirrored account) to the list of mirrored accounts used for monitoring this array.

When Adina connects to the enterprise, she does the following:

1. Specifies the credentials of the user who is logged on when specifying how to connect to the Configuration Storage server.
2. Specifies different credentials when specifying how to connect to each array member.
3. Specifies Adina as the user name for array member credentials.

Computer running ISA Server services belongs to a domain

If the computer running the ISA Server services belongs to a domain, but the Configuration Storage server belongs to a workgroup, create an administrative account on the Configuration Storage server.

Note that in this scenario, only one Configuration Storage server can be used for the enterprise. Create domain accounts for intra-array communication and administration.

Computer running ISA Server services and Configuration Storage server belong to a workgroup

If both the computer running the ISA Server services and the Configuration Storage server belong to the same workgroup, create a single administrative account.

Note that in this scenario, only one Configuration Storage server can be used for the enterprise. You do not have to create domain accounts for intra-array communication and administration.

Create mirrored accounts on each array member for intra-array communication and administration. You may want to create mirrored accounts for each administrator. Alternatively, create mirrored accounts for each role.

---

Get latest ISA Server content at ISA Server Guidance. Send feedback about this page.

• English-to-Russian translation