I'm not sure what *you* mean by control in this context. You can control wireless users exactly the same as you can control wired users, or any other users (e.g., RAS). Wireless is just another point of entry. I’m assuming, of course, that point of entry is behind your firewall. From the perspective of network security, *how* a user got there is usually irrelevant (it’s usually secured by the access method itself, not the network as a whole), so wired and wireless users eventually end up in the same place. And thus, all are subject to the same rules, policies, controls, etc., of the ISA server. It’s no different than if you had RAS clients. Dial-up is just another entry point. Once on the network, there really is no difference among your users (not unless you take extra steps to distinguish among them (e.g., allocating different IP ranges)).