So you want to ensure that you have full access to ISA before, during and after patching for 09-016 (assuming you don’t have a box with more than 4 procs) http://blogs.technet.com/sbs/archive/2009/04/20/ms09-012-and-isa-server-standard-edition-14109-failures.aspx
Listen to this for the reason you want to add a policy for remote management:
Inside SBS Episode #12 – The ISA Server Meltdown | Odeo: Search, Discover and Share Digital Media from Millions of Audio and Video Clips:
Mark, Damian, Justin, Chris on ISA.
8:53 minutes in Justin talks about it.
- Launch the ISA console
- Click on Firewall Policy
- Click on Edit system policy
Okay see that setting that says “Remote Management”?
See where you build a rule to add your external [static] IP address to remotely manage the box via TS no matter what? See where you can even add the ability to ping from your remote server?
Click edit, then add your static IP to that category of “remote management computers”. Adding that rule there means you won’t hit a “lockout” when you remotely manage ISA….like…installing a security patch.