Create an Access Rule Providing Administrators Greater Access to Protocols and Sites
Network administrators require a higher level of Internet access than other users on the network. However, even network administrators should be restrained from protocols that can lead to a significant risk of network compromise. One of these protocols is the Internet Relay Chat protocol, which is often used to trade viruses and pirated software. We will create a rule that allows members of the Domain Administrators group access to all protocols except for the dangerous IRC protocol.
The Access Rule can be characterized by the entries in the following table:
Rule Element | Value |
Order (priority) | 2 (after all rules are created) |
|
|
Name | Administrator Internet Access |
|
|
Action | Allow |
|
|
Protocols | All Protocols except IRC |
|
|
From/Listener | Internal |
|
|
To | External |
|
|
Condition | Administrators (group) |
|
|
The rule will look like this in the Firewall Policy Details pane:
Perform the following steps to create the administrators Access Policy:
1.In the Microsoft Internet Security and Acceleration Server 2004 management console, right click on the Firewall Policy node in the left pane of the console, point to New and click Access Rule.
2.On the Welcome to the New Access Rule Wizard page, enter the name of the rule in the Access rule name text box. In this example, we will call the rule Administrator Internet Access. Click Next.
3.On the Rule Action page, select Allow and click Next.
4.On the Protocols page, select the All outbound protocols except selected option from the This rule applies to dropdown list, then click Add.
ISA Server 2004 Configuration Guide | 145 |
