Forefront Threat Management Gateway

All the latest news and tips on Microsoft Forefront Threat Management Gateway


ISA Server 2004 Best Practices Analyzer Tool (IsaBPA)

  • Comments 9
  • Likes

Last month we submitted the ISA Server 2004 Best Practices Analyzer Tool (codename IsaBPA).

What is IsaBPA?

The ISA Server Best Practices Analyzer is a tool that collects configuration data from the local ISA Server computer, such as ISA configuration settings, hardware configuration, OS configuration and more. It examines the above information. Then it notifies the user if there are any configuration issues, and provides information regarding how to fix them.

What Does IsaBPA Cover?

The current release of IsaBPA performs more than 100 checks. Some of the issues that can be detected are:

  • Certificate management issues, such as an invalid or a missing certificate on the published web server or on the ISA Server computer itself.
  • Single network adapter scenario issues, such as the use of the External network in the policy.
  • Deployment issues, such as missing basic access rules.
  • Networking issues, such as inability to connect to the DNS server or to the Configuration Storage Server (in Enterprise Edition.)

IsaBPA Features

The ISA Server Best Practices Analyzer has several cool features. The tool has a live update mechanism. It allows the administrator to check whether there are new updates for the tool and download them. You can set this tool to check for live updates every time the tool starts. In addition, if you are a command-line person, you can run this tool from the command-line or schedule a weekly scan.

Using IsaBPA

IsaBPA can be used in a number of ways. It can be used to proactively check the health of the ISA Server deployment, finding issues that may increase the stability of the system, improve security and improve performance. It can also be used to assist troubleshooting of a particular issue. In many cases, the use of IsaBPA can eliminate the need for calling Microsoft support.
It is noteworthy that the tool is not invasive in any way. It does not change anything in the system. IsaBPA only informs you about probable issues and suggests ways to fix them.

Getting IsaBPA

The IsaBPA is available for download for free and can be found at:

What’s next?

First of all, we are looking into listing hundreds of ISA properties, so you may all view your ISA settings (even some settings that cannot be viewed via the MMC). Next we are thinking about adding new checks. We might add several OWA checks, for instance a check that examines the ports specified for listening and for bridging. We are also thinking about adding basic Configuration Storage Server checks, some RADIUS checks, and more. Finally, we are looking into bugs found in the last release.

Idan Plonsky, ISA Team

  • Hi,

    is it true that i found some bugs?

    1) ISABPA reports ISA installed on Virtual PC but Virtual Server 2005 R2 is installed
    2) It is not possible to run ISAINFO in ISABPA. ISABPA creates the ISAINFO XML file but nothing is displayed in ISABPA. YOu have to run ISAINFO manually. I tested it with ISABPA 2.5.3439.50 and configuration file 4.0.3440.277 english and german ISA)
    3) ISA reports missing certificates but there are two certificates in the computer certificate store.
    4) The link to the ISA Security Hardening Guide is wrong. The correct path is:

    Thanks Marc

  • Hi Marc,

    The IsaBPA can run the ISAInfo. You can find the output at the IsaBPA install directory at %programfiles%\Microsoft IsaBPA. To view this file at its best, you can also download the ISAInfo xml parser, which is not included in the IsaBPA package.

    The certificates that the IsaBPA are looking for should have a corresponding private key as well as being located at the computer certificate store.

    The other issues are known and will be fixed for next version.

  • Overall, I think the BPA at the point is more of a troubleshooting tool for those unquainted with the ISA firewall. But I have to say I didn't find much in terms of "best practices". Thanks! --Tom.

  • I have installed and tested ISA BPA on my ISA Servers.

    The following message 'This ISA Server computer is not hardened' has been displayed in the report.

    What are the criteria used to say that the ISA Server is not hardened?
    Can we have the exact details of the tests performed?


  • I too have run the SCW and BPA tool and still get the message that this server is not hardened.  Kind of frustrating when the link it points to for hardening basically says to use the SCW if you have 2k3 SP1 and then not much else otherwise.

  • This issue has been fixed in the next ISA Server Best Practices Analyzer version.
    You can get the new version from the Microsoft Download Center at:

  • This issue has been fixed in the next ISA Server 2004 Best Practices Analyzer version.
    You are welcome to download it from the Microsoft Download Center.

  • Kind of frustrating when the link it p.

  • Thanks for the great info. I really loved this. I would like to apprentice at the same time as you amend your web site, how could i subscribe for a blog site?
    For more info on showbox please refer below sites:
    Latest version of Showbox App download for all android smart phones and tablets. - It’s just 2 MB file you can easily get it on your android device without much trouble. Showbox app was well designed application for android to watch movies and TV shows, Cartoons and many more such things on your smartphone.
    For showbox on iOS (iPhone/iPad), please read below articles:
    Showbox for PC articles:
    There are countless for PC clients as it is essentially easy to understand, simple to introduce, gives continuous administration, effectively reasonable. it is accessible at completely free of expense i.e., there will be no establishment charges and after establishment it doesn't charge cash for watching films and recordings. Not simply watching, it likewise offers alternative to download recordings and motion pictures. The accompanying are the strides that are to be taken after to introduce Showbox application on Android/iOS (iPhone/iPad).
    The above all else thing to be done is, go to the Security Settings on your Android telephone, Scroll down and tap on 'Obscure sources'.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment