如果企业需要大规模部署ISA Client,有几种方法可以进行:
1、共享ISA Client,让员工在自行安装;
2、采用SCCM进行部署;
3、加载在安装介质中,安装系统是自行安装;
4、采用脚本,通过组策略进行安装。
很多情况下,我们采用第四种方法进行,因为方法一不一定每个员工都能正常的进行安装,方法二不是每个企业都部署有SCCM,方法三不是每个系统都需要重新安装,方法四呢,现在绝大多数企业都部署有DC,客户端也是加入DC进行管理。
以下为ISA安装脚本的制作步骤:
================================
a. 下载ISA客户端:http://www.microsoft.com/DownLoads/details.aspx?displaylang=zh-cn&FamilyID=05c2c932-b15a-4990-b525-66380743da89
b. 将客户端放置在共享文件夹中,E.g. “\\fileserver\ISACLIENT-KB929556-CHS.EXE <file:///\\fileserver\ISACLIENT-KB929556-CHS.EXE>”.
c. 在命令行中运行(需要手动填写ISA服务器名):\\fileserver\ISACLIENT-KB929556-CHS.EXE <file:///\\fileserver\ISACLIENT-KB929556-CHS.EXE> /C:"setup.exe /Q /P ""SERVER_NAME_OR_IP=<ISAServerName> ENABLE_AUTO_DETECT=0 REFRESH_WEB_PROXY=0"""
更多方法可以参考 “how to distribute firewall client for ISA Server” :http://technet.microsoft.com/en-us/library/bb794739.aspx
那么如何让部署的客户端可以自动侦测到ISA服务器呢?微软官方也给出了方法:
1. Configure ISA server as the WPAD server.
1) Enable ISA server listen for Automatic Discovery request.
In ISA management console, please select “Networks” node, then right click “Internal” and select “Properties”. Select “Publish automatic discovery information” at “Auto Discovery” Tab. Please note, we need to use 80 port at “Use this port for automatic discovery requests” box since we choose DNS to create the WPAD entry.
2) Configure Bypass list.
If you hope internal clients could directly access some internal sites, you may want to add Bypass list at the “Web Browser” tab. ISA will according to the configuration to automatically change the WPAD file.
Please note, at this time, we must configure both the domain name and its IP address as below picture. Otherwise, we cannot bypass the internal sites through the WPAD file created by ISA.
3) Confirm we have enabled WPAD configuration in ISA server.
On the client, please put in <http://ISAServerInternalIPaddress/wpad.dat> at IE, it will prompt to download the wpad.dat file. It means we have enabled WPAD listen for internal requests on ISA.
2. Configure WPAD entry in DNS server.
Open the DNS console on DNS server. Expand “Forward lookup Zones”.
1) Right click “contoso.local”, select “New Host (A)…”. Add ISA server to a new host as below picture.
2) Right click “contoso.local”, select “New Alias (CNAME)…”. Add a new Alias as below and point it to ISA server.
3. Confirm the Client has enabled “Automatically Discovery settings”.
更多信息可以参考:
参考信息
1、Automatic Detection Concepts in ISA Server 2006 http://technet.microsoft.com/en-us/library/bb794779.aspx
2、Configuring DNS and DHCP Support for Web Proxy and Firewall Client Autodiscovery:http://technet.microsoft.com/en-us/library/cc302584.aspx

0

收藏

跃跃领舞

45篇文章,15W+人气,0粉丝

Ctrl+Enter 发布

发布

取消

0

0

0
分享
跃跃领舞