Defining Groups of Users

There are two general types of users in Internet Security and Acceleration Server. The first is the Active Directory user or group, represented by an FPCAccount object. A set of Active Directory users or groups can be assembled in an FPCAccounts collection.

The second type is the non-Windows user, represented by an FPCNonWindowsUser object. Non-Windows users are users who are authenticated using an authentication scheme other than that of Active Directory. Each non-Windows user is defined by a user name and a namespace that identifies the applicable authentication scheme. Examples of non-Windows users include RADIUS and SecurID users. A set of non-Windows users can be assembled in an FPCNonWindowsUsers collection.

Non-Windows users can also be domain users that a Forefront TMG computer belonging to a workgroup can authenticate by communicating with a domain controller using the Lightweight Directory Access Protocol (LDAP). These users are known as LDAP users.

You can also create a set of users, represented by an FPCUserSet object. A user set may contain both users that are assembled in an FPCAccounts collection and users that are assembled in an FPCNonWindowsUsers collection. All of the user sets that are defined in an array can be assembled in an FPCUserSets collection.

Forefront TMG also provides the following predefined user sets:

When you create policy rules (FPCPolicyRule objects), you can apply them to specific Internet Protocol (IP) addresses or to the users that are included in one or more user sets. When you apply a rule to user sets, the users will have to present their credentials for authentication, as required by the specific rule.

For example, to apply an access rule to a user set, call the Add method of the FPCRefs collection retrieved in the UserSets property of the FPCAccessProperties object for the rule and specify the name of the user set to which the rule applies. For VBScript code examples that show how to create a user set and how to add a user set to an access rule, see Adding an Access Rule and Controlling Access by a Schedule and a User Set.

Send comments about this topic to Microsoft

Build date: 11/30/2009

© 2008 Microsoft Corporation. All rights reserved.