To assign administrative roles for array administrators (Enterprise Edition)

ISA Server 2006 Enterprise Edition only

1. In the console tree of ISA Server Management, click the applicable array:
2. • Expand Microsoft Internet Security and Acceleration Server 2006, expand Arrays, and then click Array_Name.
3. On the Tasks tab, click Assign Administrative Roles.
4. If the computer running the ISA Server services is in a domain, on the Assign Roles tab, click the upper Add button. Then, do the following:
   1. In Group or User, type the name of the group or user that can access the Configuration Storage server.
   2. In Role, select one of the following:
      • ISA Server Array Administrator. Allows the specified group or user full control permissions for the array. The administrator can also view the enterprise policy applied to the array.
      • ISA Server Array Auditor. Allows the specified group or user monitoring permissions and to view the array configuration.
      • ISA Server Array Monitoring Auditor. Allows the specified group or user some monitoring permissions.
5. If the computer running the ISA Server services is in a workgroup, on the Assign Roles tab, click the lower Add button. Then, do the following:
   1. In Group or User, type the name of the group or user that can access the Configuration Storage server.
   2. In Role, select one of the following:
      • ISA Server Array Administrator. Allows the specified group or user full control permissions for the array. The administrator can also view the enterprise policy applied to the array.
      • ISA Server Array Auditor. Allows the specified group or user monitoring permissions and to view the array configuration.
      • ISA Server Array Monitoring Auditor. Allows the specified group or user some monitoring permissions.

Note

• To open ISA Server Management, click Start, point to All Programs, point to Microsoft ISA Server, and then click ISA Server Management.

Important

• If the computer running the ISA Server services is in a workgroup, you must create identical (mirrored) accounts to those specified in this procedure on each array member.
• In workgroup scenarios, you specify the user or group name in two locations:
  • When you click the upper Add button, in Group or User, use the following format to specify the group or user name: Configuration_Storage_Server_Name\UserName.
  • When you click the lower Add button, in Group or User, use the following format to specify the group or user name: UserName. Do not specify the Configuration_Storage_Server_Name.
• If the Configuration Storage server is in a domain, a domain-level user should be specified. Do not specify a local user.
• Do not delegate administrative roles to these security identifiers (SIDs): Creator Owner and Creator Group. This is because these SIDs do not exist on the Active Directory Application Mode (ADAM) on which the ISA Server configuration is stored.
• Administrative roles are described in Administration Concepts at ISA Server Guidance(http://www.microsoft.com/).

Related Topics

---

Get latest ISA Server content at ISA Server Guidance(http://www.microsoft.com/). Send feedback about this page.

• English-to-Russian translation