Microsoft Internet Security and Acceleration (ISA) Server 2004 Unleashed

After the necessary server configuration is complete, the actual client software can be installed. There are several different installation options, as follows:

  • Manual Installation

  • Unattended Installation

  • Automatic Group Policy Installation

Each of these installation options has its particular pros and cons, as described in this section.

NOTE

If older versions of the ISA Client are installed, they should be upgraded to match the version that corresponds to the server version itself. Conversely, the ISA Client version for ISA Server 2004 cannot connect to down-level Proxy Server 1.x/2.x servers; the type of traffic required is considered to be a security risk.

The prerequisites to installing the Firewall client are as follows:

  • Any 32-bit version of Windows (client versions recommended)

  • No ISA Server Management Console software installed

Manually Installing the ISA Firewall Client

The most straightforward way to install the Firewall client is to simply run through the Setup.exe GUI. To install the client this way, do the following:

1.

From the ISA Firewall client share (see previous section on how to install this), run setup.exe by double-clicking on it.

2.

At the welcome screen, click Next to continue.

3.

At the Destination Folder dialog box, accept the default path and click Next to continue.

4.

From the subsequent dialog box, shown in Figure 11.7, choose whether to Automatically Detect the Appropriate ISA Server Computer or specifically define where the ISA server is. In this case, because the auto detection was previously configured, select to automatically detect and click Next to continue.

Figure 11.7. Installing the ISA Firewall client.

5.

Click Install to begin the file copy.

6.

Click Finish to end the wizard.

Using Unattended Setup Scripts to Deploy the ISA Firewall Client

The ISA Client setup.exe can be automated as part of installation via a batch process, a login script, or a software distribution program. Through a particular set of command-line options, the entire process can be made completely non-interactive and automated. For example, the following command sequence installs the firewall client:

[View full width]

\\servername\mspclnt\setup.exe /v"SERVER_NAME_OR_IP=EnterNameofISAServer ENABLE_AUTO_DETECT=1 REFRESH_WEB_PROXY=1 /qn"

For example, Figure 11.8 illustrates this, run from the command line of a client.

Figure 11.8. Installing the Firewall client from the command prompt.

In the figure, server25 is the name of the ISA Server, ENABLE_AUTO_DETECT=1 turns on the automatic detection of the ISA Server, and REFRESH_WEB_PROXY=1 turns on automatic configuration of the Web Proxy info.

Deploying the Firewall Client via Active Directory Group Policies

The most efficient and automated approach to ensuring that the Firewall client is deployed and updated on a regular basis is to use Active Directory Group Policy Objects (GPOs), which allow for software installation and customization of various Registry and system settings automatically. Group policies can be applied to all workstations in a domain, or to a subset of systems. To create this type of GPO in an Active Directory domain, do the following:

CAUTION

For this type of group policy, where Firewall client software will be deployed, it is not recommended to deploy the GPO to all systems on a network, but rather to a limited subset, such as all workstations. Be sure to test the GPO on a sample OU first as well.

1.

From a Domain Controller in the Internal network, open ADUC (Start, All Programs, Administrative Tools, Active Directory Users and Computers).

2.

From the console tree, drill down to the Organizational Unit where the GPO will be applied (such as a Workstations OU), right-click, and choose Properties.

3.

Select the Group Policy tab, then click on the New button.

TIP

If the Group Policy Management Console (GPMC) is installed, it needs to be opened and the GPO created directly from it. The GPMC greatly extends the capabilities of AD Group Policy administration and is highly recommended. It can be downloaded from Microsoft at the following URL:

http://go.microsoft.com/fwlink/?linkid=21813

4.

Enter a descriptive name for the GPO and click OK.

5.

Expand the GPO to Computer Configuration, Software Settings, Software Installation.

6.

Right-click Software Installation and choose New, Package.

7.

In the File Name field, enter the UNC path of the MSI installer file, such as \\servername\mspclnt\ms_fwc.msi, as is shown in Figure 11.9, and click OK.

Figure 11.9. Creating a GPO for ISA Client installation.

8.

From the Deploy Software dialog box, choose Assigned and click OK. The GPO should look similar to what is shown in Figure 11.10.

Figure 11.10. Reviewing the ISA Firewall Client GPO settings.

9.

Close the GPO Editor.

With the GPO in place, all computer accounts in the OU to which it applies will have the ISA Firewall Client software automatically installed. With the auto-setup options previously described, the configuration can also be automated, making it seamless to the end user.

    Related

    Категории