How to Secure the ISA Server Computer with Security Configuration Wizard

The Microsoft Windows Server 2003 operating system with Service Pack 1 (SP1) includes an attack surface reduction tool called the Security Configuration Wizard (SCW). Depending on the server role you select, the SCW determines the minimum functionality required, and disables functionality that is not required.
When you install Windows Server 2003 SP1 on the ISA Server computer, you can install the SCW and use the wizard to harden the computer.
The SCW guides you through the process of creating, editing, applying, or rolling back a security policy based on the selected roles of the server. The security policies that are created with the SCW are .xml files that, when applied, configure services, network security, specific registry values, audit policy, and if applicable, Internet Information Services (IIS). The SCW includes a role for ISA Server computers.
To apply the appropriate ISA Server roles, perform the following steps

1. On the ISA Server computer, click Start, point to Administrative Tools, and then click Security Configuration Wizard.
2. In the Security Configuration Wizard, on the Welcome page, click Next.
3. On the Configuration Action page, select Create a new security policy.
4. On the Select Server page, in Server, type the name or IP address of the ISA Server computer.
5. On the Processing Security Configuration Database page, click Next.
6. On the Welcome page of the Role-based Service Configuration page, click Next.
7. On the Select Server Roles page, select the following, and then click Next:
   1. Select Microsoft Internet Security and Acceleration Server 2004, if you are hardening a computer running the ISA Server services (for ISA Server Enterprise Edition, an array member).
   2. Select Remote Access/VPN Server, if you will be using the ISA Server computer for virtual private network (VPN) functionality.
      
      
      On the Select Client Features page, select the default client roles, as appropriate. No special client roles are specifically required for hardening ISA Server. Then, click Next.
8. On the Select Administration and Other Options page, select the following options:
   1. Select Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition: Configuration Storage, if the Configuration Storage server is installed on this computer (for ISA Server Enterprise Edition only).
   2. Select Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition: Client installation share, if the Firewall Client share is installed on this computer.
   3. Select Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition: MSDE Logging, if ISA Server advanced logging options are installed on this computer.
   4. Select Remote Access Quarantine Agent, if you will enable quarantine for ISA Server. (You must have selected the Remote Access/VPN Server server role in step 7.)
9. On the Select Additional Services page, select the appropriate services and click Next.
10. Click Next until you finish the wizard.

Source : http://technet.microsoft.com/hi-in/library/cc302501(en-us).aspx