Create an Access Rule Providing Administrators
Greater Access to Protocols and Sites
Network administrators require a higher level of Internet access than other users on the
network. However, even network administrators should be restrained from protocols that can
lead to a significant risk of network compromise. One of these protocols is the Internet Relay
Chat protocol, which is often used to trade viruses and pirated software. We will create a rule
that allows members of the Domain Administrators group access to all protocols except for
the dangerous IRC protocol.
The Access Rule can be characterized by the entries in the following table:
Rule Element Value
Order (priority)
2 (after all rules are created)
Name
Administrator Internet Access
Action
Allow
Protocols
All Protocols except IRC
From/Listener
Internal
To
External
Condition
Administrators (group)
The rule will look like this in the Firewall Policy Details pane:
Perform the following steps to create the administrators Access Policy:
1. In the Microsoft Internet Security and Acceleration Server 2004 management
console, right click on the Firewall Policy node in the left pane of the console, point to
New and click Access Rule.
2. On the Welcome to the New Access Rule Wizard page, enter the name of the rule in
the Access rule name text box. In this example, we will call the rule Administrator
Internet Access. Click Next.
3. On the Rule Action page, select Allow and click Next.
4. On the Protocols page, select the All outbound protocols except selected option from
the This rule applies to dropdown list, then click Add.
ISA Server 2004 Configuration Guide 145
