Secret Server Installation Server 2003 and Windows XP

Table of Contents
Table of Contents .......................................................................................................................................... 1 I. A. B. C. II. A. B. C. D. 1. 2. E. F. G. 1. 2. 3. III. A. B. 1. 2. 3. 4. 5. Introduction .......................................................................................................................................... 3 ASP.NET Website .............................................................................................................................. 3 SQL Server Database ......................................................................................................................... 3 Administrative Access ....................................................................................................................... 3 Prerequisites ......................................................................................................................................... 3 System Requirements Overview ....................................................................................................... 3 Additional Recommendations........................................................................................................... 3 Beginning the Installation Process .................................................................................................... 4 Installing IIS ....................................................................................................................................... 5 Windows Server 2003 / Windows Server 2003 R2 ....................................................................... 5 Windows XP Professional.............................................................................................................. 7 Installing the .NET Framework 3.5 SP1 ............................................................................................. 9 Additional step if .NET was installed before IIS .............................................................................. 10 Installing and Configuring SQL Server ............................................................................................. 11 Installing SQL Sever ..................................................................................................................... 11 Creating the SQL Server Database .............................................................................................. 15 Creating the SQL Server User ...................................................................................................... 15 Secret Server MSI ............................................................................................................................ 17 Download the latest version of Secret Server ................................................................................ 17 Running the MSI .............................................................................................................................. 17 Standard Option ......................................................................................................................... 17 Advanced Option ........................................................................................................................ 17 File Destination ........................................................................................................................... 17 Application Name........................................................................................................................ 17 Completing Installation from Secret Server ................................................................................ 17

Last revised: 8/20/2012

IV. V.

Completing Secret Server installation from website ...................................................................... 18 Manual Installation - Creating Secret Server Website (No MSI) ......................................................... 19 1. 2. Installing as a Virtual Directory (Windows XP / Server 2000 / Server 2003 [R2])....................... 19 Installing as part of a Website (Windows XP / Server 2000 / Server 2003 [R2]) ........................ 20 Appendix ......................................................................................................................................... 24 SQL Server 2008 Express Prerequisites ........................................................................................... 24 Using Windows Authentication ...................................................................................................... 24 Installing an SSL Certificate ............................................................................................................. 24 1. 2. What is an SSL Certificate?.......................................................................................................... 24 Where can I obtain an SSL Certificate? ....................................................................................... 24

VI. A. B. C.

2

I.

Introduction
A. ASP.NET Website

Secret Server is installed as an ASP.Net Website. The MSI will setup the website with the correct permissions and create the settings in IIS. Once the website is setup the installation will be completed by a 5 step process within the application itself.

B.

SQL Server Database

Secret Server requires an instance of SQL Server for the database backend. The SQL Server database will require a SQL account with dbOwner permission to complete the installation.

C.

Administrative Access

Throughout most of this installation, you will be required to be an administrator to perform most of these actions. Please ensure that you are logged on to your system with an account that has Administrative permissions.

II.

Prerequisites

NOTE: This is the installation guide for Windows XP and Windows Server 2003. If you are looking for the installation guide for Windows Vista and Windows Server 2008, please click here.

A.

System Requirements Overview

1. One of the following operating systems:  Windows Server 2003  Windows Server 2003 R2  Microsoft Windows XP Professional1 (Not Recommended) 2. Microsoft SQL Server 2005 or Microsoft SQL Server 2008 including R2 (any Edition). 3. Microsoft Internet Information Services (IIS) (Internal Part of Operating System) 4. Microsoft .NET Framework 3.5 with Service Pack 1. Both 32-bit and 64-bit editions are supported. WARNING: An important security update has been released for the Microsoft .NET Framework. Please ensure that this update is installed on your server to ensure maximum security. For further detail and how to obtain the patch, please click here.

B.

Additional Recommendations

1. SSL enable your Secret Server by following the steps in Installing an SSL Certificate. 2. Run Microsoft Update on your server to make sure all components are up to date.
1

Windows XP is only supported for testing environments. Microsoft does not support this operating system as a production environment.

3

C.
1. 2. 3. 4.

Beginning the Installation Process

Components should be installed in this order. Internet Information Services (IIS) .NET Framework 3.5 SP1 SQL Server Secret Server

4

D.

Installing IIS

IIS is an internal part of the Microsoft Windows Operating System. Installing it will vary depending on which version of the Operating System you are using. 1. Windows Server 2003 / Windows Server 2003 R2 Start by opening the Control Panel, and opening “Administrative Tools”. Open the “Manage My Server Wizard”. Click “Next >” twice. The system will then analyze your server. Select “Custom Configuration”

1. 2. 3. 4.

Then click “Next >”.

5

5. Select “Application Server (IIS, ASP.NET) and click “Next >”

6. Once the set up is complete, your server now has IIS installed. We recommend you run Windows Update to get the latest security patches for IIS once you have IIS installed.

6

2. Windows XP Professional Please ensure you have your Windows installation disk available if the system asks for it. This disk should have been included with the System Manufacturer or the Administrator that installed Windows on that machine. 1. Start by clicking the Start Menu, then Control Panel. 2. Open the “Add or Remove Programs” control panel item. 3. Click “Add/Remove Windows Components”. A dialog like this should appear. It may take a moment or two for the system to load.

4. Check the Internet Information Services (IIS) box and click continue. TIP: You can customize the installation of IIS by clicking “Details…” when IIS is highlighted. 5. Click “Next >”. At this point, Windows will now install IIS. It may ask you for your operating system’s disk.

7

6. At this point, IIS is now installed. Depending on your operating system, Windows may ask you to restart your computer. You can verify the installation of IIS by opening the Control Panel, clicking “Administrative Tools”, and an icon in there should now appear called “Internet Information Services”. We recommend you run Windows Update to get the latest security patches for IIS once you have IIS installed.

8

E.

Installing the .NET Framework 3.5 SP1

TIP: If you have run Windows Update, the .NET Framework 3.5 SP1 should already be installed. Run the ‘aspnet_regiis.exe’ command as noted in following section. TIP: We recommend installing IIS before you complete this process. 1. Begin by downloading the .NET Framework 3.5 SP1 2. Execute the download to begin the installation process. 3. Once setup is complete, ASP.NET and the .NET Framework are now properly installed on your system. WARNING: Microsoft has released an update for the .NET Framework 3.5 SP1 which contains compatibility fixes for applications running on previous versions of the .NET Framework. It is recommended that this update is installed after the .NET Framework 3.5 SP1 has been installed. It can be downloaded here: http://support.microsoft.com/kb/959209

WARNING: An important security update has been released for the Microsoft .NET Framework. Please ensure that this update is installed on your server to ensure maximum security. For further detail and how to obtain the patch, please click here.

9

F.

Additional step if .NET was installed before IIS

We recommend installing IIS before you install ASP.NET. However, if the .NET Framework 3.5 SP1 was already installed before IIS was, there are some additional steps required to configure ASP.NET in IIS. You must register ASP.NET in IIS. This step is only necessary if you installed the .NET Framework 3.5 SP1 before IIS. 1. Begin by clicking Start > Run, then type in cmd.exe and click “OK”

2. At the command prompt, type “cd %WINDIR%\Microsoft.NET\Framework\v2.0.50727” and press enter. 3. Then at the command prompt, type “aspnet_regiis.exe /i" and press enter. The ASP.NET registration into IIS will then begin. After a few moments, ASP.NET will be registered in IIS.

1. ASP.NET is now correctly registered.

10

G.

Installing and Configuring SQL Server

1. Installing SQL Sever We recommend using SQL Server 2008. A free edition called SQL Server 2008 Express is available to download. WARNING: SQL Server 2008 Express has some prerequisites that must be installed first. Please see our appendix for required software for SQL Server 2008 Express. The instructions given below are for the SQL 2008 Express Edition with Tools. The installation processes for other editions such as Enterprise or Standard may be similar, but not the same. TIP: There are several editions of SQL Server 2008 Express. We recommend downloading “SQL Server 2008 Express with Tools”. This KB article has the link on Microsoft’s site. 1. Download the installation package, right-click it and select “Run as Administrator” if you have UAC enabled. 2. From the welcome screen, select “Installation” from the left menu.

11

3. Select “New SQL Server installation stand-alone installation or add features to an existing installation”. 4. SQL Server will then initialize your installation.

12

5. SQL Server may ask you to install some preparation files first. Select “Install”

6. Continue to click next until the “Feature Selection screen is next”

13

7. Select “Database Engine Services” and “Management Tools – Basic” and select “Next”.

8. Under “Instance Configuration” click “Next”. 9. Ensure your environment meets all of your Disk Space requirements. 10. For “Server Configuration” click “Use the same account for all SQL Server services”. a. Under the “Account Name” drop down list select “NT AUTHORITY\NETWORK SERVICE” b. Do not enter anything into the password field. c. Click “OK”. d. Click “Next” 11. For Database Engine Configuration, the installer will then ask you if you want to enable Mixed Mode or Windows only mode. a. Mixed Mode (Recommended) Mixed Mode is required if you intend on using a SQL Server account to authenticate Secret Server to your SQL Server. If you are doing an evaluation and using the Secret Server MSI, we recommend Mixed Mode with a SQL Authentication account. See Creating the SQL Server User for instructions. b. Windows Mode This will prevent SQL Server account authentication and require a Windows Service account to run the Secret Server website. This will also require additional configuration in IIS once Secret Server is installed. There is a KB article that walks through the advanced setup at support.thycotic.com.

14

Click the “Add Current User” for the “SQL Server Administrators”. 12. Continue to click next until the “Ready to Install” step is reached. Ensure all of the configuration options look correct. 13. SQL Server 2008 Express is now installed. TIP: We recommend running Microsoft Update to get all of the latest service packs and fixes for SQL 2008. 2. Creating the SQL Server Database

NOTE: The Secret Server installer will create the database for you if it does not exist and the user account has permission to create a new database. 1. 2. 3. 4. Open Management Studio Express. Connect to your SQL Server database. Right click the “Databases” folder and select “New Database…" Enter a database name and click “OK” 3. Creating the SQL Server User Open Management Studio Express. Connect to your SQL Server Database. Expand the “Security” folder. Right click “Logins” and select “New Login…”

1. 2. 3. 4.

15

5. 6. 7. 8. 9. 10. 11.

Select SQL Server authentication (Requires Mixed Mode enabled) Enter a new username and password. Uncheck Enforce password policy to prevent the account from expiring. Select the “User Mappings” from the left menu. Check the checkbox next to your Secret Server database. Give the user “db_owner” permission. Click OK.

16

III.

Secret Server MSI

WARNING: The Secret Server MSI does not support Windows XP. If it is your only option, follow the manual install steps in Manual Installation - Creating Secret Server Website (No MSI). TIP: Make sure you have the prerequisites installed before attempting to setup Secret Server.

A.

Download the latest version of Secret Server

The latest version of Secret Server is available for Download. Once clicking the Download button, the setup.exe file will be downloaded to your machine.

B.

Running the MSI

When running the setup.exe file, your first option will be to choose Standard or Advanced. 1. Standard Option Installs Secret Server as a Virtual Directory under the Default Website. This is recommended if you have existing sites using the Default Website and it is also the fastest way to get up and running. 2. Advanced Option Installs Secret Server as a new Website without using the Default Website. This option allows you to specify a port number that the website will run under. Using this option assumes some knowledge of IIS and is often followed up by adding a DNS entry on the domain controller. This option must be used if there is no Default Website. 3. File Destination This is the location where the application files will exists. The folder is typically C:\inetpub\wwwroot\SecretServer but can be customized to follow your convention. 4. Application Name Application name will be used when creating the Application Pool and either the website or the virtual directory depending on the selected option above. 5. Completing Installation from Secret Server Once the MSI completes, the website will be setup with the correct permissions. The browser will open to allow you to complete the Secret Server installation from the webpage. The following section will guide you through this process.

17

IV.

Completing Secret Server installation from website

Secret Server is now ready to begin installation through its installer. Open a browser and browse to where your Secret Server is located, for example: http://localhost/secretserver. Secret Server has a 5 step installation process: 1. This step ensures that Secret Server has write access to its location. If required, you must give the correct account write and modify permissions to the application folder to continue. Once the permissions are set, click “Next”. TIP: (Advanced) If you don’t want to change the permissions of a folder, you can give Secret Server a Windows Username and Password that does, and Secret Server will “impersonate” as that user during the installation process. TIP: Secret Server only needs write permission during installation and upgrade. You can remove the write and modify permissions once the installation process is complete. 2. Step two creates your unique encryption key. This key is generated securely and used to encrypt and decrypt values stored in the database. Click “Next”. 3. Step 3 is where you specify the database. If Secret Server is installed on the same machine as SQL Server, you can specify (local). If you are using a named instance of SQL, specify a slash then the instance name, for instance: (local)\InstanceName. NOTE: Secret Server will create the database for you if it does not exist. Enter the SQL Username and Password if using SQL Server Authentication, or select Windows Authentication. To create a SQL Server user, see Creating the SQL Server User. Secret Server will now attempt to download and install the latest version from the internet. You must have an active internet connection. If you do not, Secret Server will continue to install the current version. Secret Server will ask you to agree to your End User Licenses Agreement. If you do, click continue. Secret Server will then configure your database. Secret Server will now ask you to create your first user. This user will have administrative access within the application. Once logged into Secret Server you may apply your licenses by going to Administration, Licenses and entering your License name and key.

4.

5. 6. 7.

Secret Server has now successfully been installed. See the User Guide for information on using Secret Server.

18

V.

Manual Installation - Creating Secret Server Website (No MSI)

If you are knowledgeable of IIS and would prefer to manually install the website without using the MSI, you can follow these instructions. TIP: Make sure you have the required software installed before attempting to setup Secret Server. Download the latest version of Secret Server. After clicking the download button you will be taken to a page where you can choose to download a ZIP file that contains the Secret Server files. Use this ZIP file for the instructions below. Secret Server can be installed in a few different ways:    As a Virtual Directory As a Website (Server 2003 only) Part of a Website

1. Installing as a Virtual Directory (Windows XP / Server 2000 / Server 2003 [R2]) 1. Extract the contents of the ZIP file where you would like Secret Server to be located on your system. 2. Ensure that the folder has the proper permissions on it for IIS. Ensure that the ASPNET and NETWORK SERVICE Windows Account has Read, Write, and Modify permissions on the folder where Secret Server is installed. The same permissions should be applied to the IIS anonymous account, called “IUSR_machinename” Where machinename is the name of the computer. 3. Open the IIS Control Panel by going into the Control Panel, then “Administrative Tools” > “Internet Information Services”.

19

4. Select “Default Web Site”, right-click it, select “New” then “Virtual Directory”.

5. Select an alias for your Secret Server. The alias is what will be appended to the website. For instance, http://myserver/SecretServer, then click Next. 6. Choose the Directory Where Secret Server was installed by clicking “Browse” and selecting the folder where you originally extracted the zip folder. 7. You will be prompt with what permission. Secret Server requires Read and Run Scripts. Secret Server is now ready to be installed. 2. Installing as part of a Website (Windows XP / Server 2000 / Server 2003 [R2]) 1. Extract Secret Server to the path where your website is (Commonly C:\Inetpub\wwwroot). For example, C:\Inetpub\wwwroot\SecretServer 2. Ensure that the folder has the proper permissions on it for IIS. Ensure that the ASPNET Windows Account has Read, Write, and Modify permissions on the folder where Secret Server is installed. The same permissions should be applied to the IIS anonymous account, called “IUSR_machinename” Where machinename is the name of the computer. 3. Open the IIS Control Panel by going into the Control Panel, then “Administrative Tools” > “Internet Information Services”

20

4. Expand the Default Website and locate the Secret Server folder. Right-click it, and select “Properties”.

21

5. On the Directory Tab, click the “Create” button. This will enable Secret Server to run as an application.

22

6. On the ASP.Net Tab ensure that ASP.Net Version is set to 2.0.x.

1. Secret Server is now ready to be installed follow the instructions at Completing Secret Server installation from website.

23

VI.

Appendix
A. SQL Server 2008 Express Prerequisites

SQL Server 2008 Express requires some software to be installed before it can be installed. TIP: Only the Express Edition requires these components to be installed separately. If you are installing another edition of SQL such as Standard or Enterprise, these components will be installed for you. 1. Windows PowerShell 1.0. Get PowerShell 1.0 2. Microsoft .NET Framework 3.5 SP1. See our System Requirements for information about the .NET Framework 3.5 SP1. 3. Windows Installer 4.5. Get Windows Installer 4.5.

B.

Using Windows Authentication

Secret Server requires a change to a file in order to use Integrated Windows Authentication. 1. Locate the directory where you extracted the Secret Server application. 2. Locate the file called “web.config” and open it using a simple text editor, such as notepad or WordPad. 3. Change the section of the web.config located on lines 54 and 55: <!-- Uncomment Below For Impersonation --> <!-- <identity impersonate=”true” /> --> To: <!-- Uncomment Below For Impersonation --> <identity impersonate=”true” /> 4. Restart IIS by clicking “Start” > “Run” and type “IISRESET” and restart. Note: IISRESET will restart your entire IIS. Be careful when using this application, as it will restart other web application on the server, which may result in undesirable behavior.

C.

Installing an SSL Certificate

1. What is an SSL Certificate? An SSL (Secure Socket Layer) Certificate greatly enhances the security between the user’s browser and the server Secret Server is installed on. It encrypts all data between the server and the client’s browser so if an attacker were to look at the data being transmitted between the two, they would not be able to decipher it. 2. Where can I obtain an SSL Certificate? A certificate can be obtained from various companies such as Thawte or VeriSign. It is also possible to create your own, see Creating and installing your own.

24