Secret Server Installation Windows 5

7/28/2019 Secret Server Installation Windows 5

1/24

Last revised: 8/20/2012

Secret Server Installation Server 2003 and

Windows XP

Table of ContentsTable of Contents .......................................................................................................................................... 1

I. Introduction .......................................................................................................................................... 3

A. ASP.NET Website .............................................................................................................................. 3

B. SQL Server Database ......................................................................................................................... 3

C. Administrative Access ....................................................................................................................... 3

II. Prerequisites ......................................................................................................................................... 3

A. System Requirements Overview ....................................................................................................... 3

B. Additional Recommendations........................................................................................................... 3

C. Beginning the Installation Process .................................................................................................... 4

D. Installing IIS ....................................................................................................................................... 5

1. Windows Server 2003 / Windows Server 2003 R2 ....................................................................... 5

2. Windows XP Professional .............................................................................................................. 7

E. Installing the .NET Framework 3.5 SP1 ............................................................................................. 9

F. Additional step if .NET was installed before IIS .............................................................................. 10

G. Installing and Configuring SQL Server ............................................................................................. 11

1. Installing SQL Sever ..................................................................................................................... 11

2. Creating the SQL Server Database .............................................................................................. 15

3. Creating the SQL Server User ...................................................................................................... 15

III. Secret Server MSI ............................................................................................................................ 17

A. Download the latest version of Secret Server ................................................................................ 17

B. Running the MSI .............................................................................................................................. 17

1. Standard Option ......................................................................................................................... 17

2. Advanced Option ........................................................................................................................ 17

3. File Destination ........................................................................................................................... 17

4. Application Name ........................................................................................................................ 17

5. Completing Installation from Secret Server ................................................................................ 17


2/24

2

IV. Completing Secret Server installation from website ...................................................................... 18

V. Manual Installation - Creating Secret Server Website (No MSI) ......................................................... 19

1. Installing as a Virtual Directory (Windows XP / Server 2000 / Server 2003 [R2]) ....................... 19

2. Installing as part of a Website (Windows XP / Server 2000 / Server 2003 [R2]) ........................ 20

VI. Appendix ......................................................................................................................................... 24

A. SQL Server 2008 Express Prerequisites ........................................................................................... 24

B. Using Windows Authentication ...................................................................................................... 24

C. Installing an SSL Certificate ............................................................................................................. 24

1. What is an SSL Certificate?.......................................................................................................... 24

2. Where can I obtain an SSL Certificate? ....................................................................................... 24


3/24

3

I. IntroductionA. ASP.NET Website

Secret Server is installed as an ASP.Net Website. The MSI will setup the website with the correct

permissions and create the settings in IIS. Once the website is setup the installation will be completed

by a 5 step process within the application itself.

B. SQL Server DatabaseSecret Server requires an instance of SQL Server for the database backend. The SQL Server database will

require a SQL account with dbOwnerpermission to complete the installation.

C. Administrative AccessThroughout most of this installation, you will be required to be an administrator to perform most of

these actions. Please ensure that you are logged on to your system with an account that has

Administrative permissions.

II. PrerequisitesNOTE: This is the installation guide for Windows XP and Windows Server 2003. If you are looking for the

installation guide for Windows Vista and Windows Server 2008, pleaseclick here.

A. System Requirements Overview1. One of the following operating systems:

Windows Server 2003

Windows Server 2003 R2 Microsoft Windows XP Professional1 (Not Recommended)

2. Microsoft SQL Server 2005 or Microsoft SQL Server 2008 including R2 (any Edition).3. Microsoft Internet Information Services (IIS) (Internal Part of Operating System)4. Microsoft .NET Framework 3.5 with Service Pack 1. Both 32-bit and 64-bit editions are

supported.

WARNING: An important security update has been released for the Microsoft .NET Framework.

Please ensure that this update is installed on your server to ensure maximum security. For

further detail and how to obtain the patch, pleaseclick here.

B. Additional Recommendations1. SSL enable your Secret Server by following the steps inInstalling an SSL Certificate.2. RunMicrosoft Updateon your server to make sure all components are up to date.

1Windows XP is only supported for testing environments. Microsoft does not support this operating system as a

production environment.
http://updates.thycotic.net/link.ashx?Windows6InstallerGuidehttp://updates.thycotic.net/link.ashx?Windows6InstallerGuidehttp://updates.thycotic.net/link.ashx?Windows6InstallerGuidehttp://weblogs.asp.net/scottgu/archive/2010/09/28/asp-net-security-update-now-available.aspxhttp://weblogs.asp.net/scottgu/archive/2010/09/28/asp-net-security-update-now-available.aspxhttp://weblogs.asp.net/scottgu/archive/2010/09/28/asp-net-security-update-now-available.aspxhttp://update.microsoft.com/http://update.microsoft.com/http://update.microsoft.com/http://update.microsoft.com/http://weblogs.asp.net/scottgu/archive/2010/09/28/asp-net-security-update-now-available.aspxhttp://updates.thycotic.net/link.ashx?Windows6InstallerGuide


4/24

4

C. Beginning the Installation ProcessComponents should be installed in this order.

1.

Internet Information Services (IIS)2. .NET Framework 3.5 SP13. SQL Server4. Secret Server


5/24

5

D. Installing IISIIS is an internal part of the Microsoft Windows Operating System. Installing it will vary depending

on which version of the Operating System you are using.

1. Windows Server 2003 / Windows Server 2003 R21. Start by opening the Control Panel, and opening Administrative Tools.2. Open the Manage My Server Wizard.3. Click Next > twice. The system will then analyze your server.4. Select Custom Configuration

Then click Next >.


6/24

6

5. Select Application Server (IIS, ASP.NET) and click Next >

6. Once the set up is complete, your server now has IIS installed.We recommend you run Windows Update to get the latest security patches for IIS once you have IIS

installed.


7/24

7

2. Windows XP ProfessionalPlease ensure you have your Windows installation disk available if the system asks for it. This disk

should have been included with the System Manufacturer or the Administrator that installed

Windows on that machine.

1. Start by clicking the Start Menu, then Control Panel.2. Open the Add or Remove Programs control panel item.3. Click Add/Remove Windows Components. A dialog like this should appear. It may take a

moment or two for the system to load.

4. Check the Internet Information Services (IIS) box and click continue.TIP:You can customize the installation of IIS by clicking Details when IIS is highlighted.

5. Click Next >. At this point, Windows will now install IIS. It may ask you for your operatingsystems disk.


8/24

8

6. At this point, IIS is now installed. Depending on your operating system, Windows may askyou to restart your computer.

You can verify the installation of IIS by opening the Control Panel, clicking Administrative

Tools, and an icon in there should now appear called Internet Information Services.

We recommend you run Windows Update to get the latest security patches for IIS once you have IIS

installed.


9/24

9

E. Installing the .NET Framework 3.5 SP1TIP: If you have run Windows Update, the .NET Framework 3.5 SP1 should already be installed. Run the

aspnet_regiis.exe command as noted in following section.

TIP: We recommend installing IIS before you complete this process.

1.

Begin bydownloadingthe .NET Framework 3.5 SP12. Execute the download to begin the installation process.3. Once setup is complete, ASP.NET and the .NET Framework are now properly installed on your

system.

WARNING: Microsoft has released an update for the .NET Framework 3.5 SP1 which contains

compatibility fixes for applications running on previous versions of the .NET Framework. It is

recommended that this update is installed after the .NET Framework 3.5 SP1 has been installed.

It can be downloaded here:http://support.microsoft.com/kb/959209

WARNING: An important security update has been released for the Microsoft .NET Framework. Please

ensure that this update is installed on your server to ensure maximum security. For further detail and

how to obtain the patch, pleaseclick here.
http://www.microsoft.com/downloads/details.aspx?familyid=ab99342f-5d1a-413d-8319-81da479ab0d7&displaylang=enhttp://www.microsoft.com/downloads/details.aspx?familyid=ab99342f-5d1a-413d-8319-81da479ab0d7&displaylang=enhttp://www.microsoft.com/downloads/details.aspx?familyid=ab99342f-5d1a-413d-8319-81da479ab0d7&displaylang=enhttp://support.microsoft.com/kb/959209http://support.microsoft.com/kb/959209http://support.microsoft.com/kb/959209http://weblogs.asp.net/scottgu/archive/2010/09/28/asp-net-security-update-now-available.aspxhttp://weblogs.asp.net/scottgu/archive/2010/09/28/asp-net-security-update-now-available.aspxhttp://weblogs.asp.net/scottgu/archive/2010/09/28/asp-net-security-update-now-available.aspxhttp://weblogs.asp.net/scottgu/archive/2010/09/28/asp-net-security-update-now-available.aspxhttp://support.microsoft.com/kb/959209http://www.microsoft.com/downloads/details.aspx?familyid=ab99342f-5d1a-413d-8319-81da479ab0d7&displaylang=en


10/24

10

F. Additional step if .NET was installed before IISWe recommend installing IIS before you install ASP.NET. However, if the .NET Framework 3.5

SP1 was already installed before IIS was, there are some additional steps required to configure

ASP.NET in IIS. You must register ASP.NET in IIS. This step is onlynecessary if you installed the.NET Framework 3.5 SP1 before IIS.

1. Begin by clicking Start > Run, then type in cmd.exe and click OK

2. At the command prompt, type cd %WINDIR%\Microsoft.NET\Framework\v2.0.50727 andpress enter.

3. Then at the command prompt, type aspnet_regiis.exe /i" and press enter. The ASP.NETregistration into IIS will then begin. After a few moments, ASP.NET will be registered in IIS.

1. ASP.NET is now correctly registered.


11/24

11

G. Installing and Configuring SQL Server1. Installing SQL Sever

We recommend using SQL Server 2008. A free edition called SQL Server 2008 Express is available to

download.

WARNING: SQL Server 2008 Express has some prerequisites that must be installed first. Please see our

appendixfor required software for SQL Server 2008 Express.

The instructions given below are for the SQL 2008 Express Edition with Tools. The installation processes

for other editions such as Enterprise or Standard may be similar, but not the same.

TIP:There are several editions of SQL Server 2008 Express. We recommend downloading SQL Server

2008 Express with Tools.This KB articlehas the link on Microsofts site.

1. Download the installation package, right-click it and select Run as Administrator if you haveUAC enabled.

2. From the welcome screen, select Installation from the left menu.
http://updates.thycotic.net/link.ashx?SQLServerExpressDownloadhttp://updates.thycotic.net/link.ashx?SQLServerExpressDownloadhttp://updates.thycotic.net/link.ashx?SQLServerExpressDownloadhttp://updates.thycotic.net/link.ashx?SQLServerExpressDownloadhttp://updates.thycotic.net/link.ashx?SQLServerExpressDownloadhttp://updates.thycotic.net/link.ashx?SQLServerExpressDownloadhttp://updates.thycotic.net/link.ashx?SQLServerExpressDownload


12/24

12

3. Select New SQL Server installation stand-alone installation or add features to an existinginstallation.

4. SQL Server will then initialize your installation.


13/24

13

5. SQL Server may ask you to install some preparation files first. Select Install

6. Continue to click next until the Feature Selection screen is next


14/24

14

7. Select Database Engine Services and Management Tools Basicand select Next.

8. Under Instance Configuration click Next.9. Ensure your environment meets all of your Disk Space requirements.10.For Server Configuration click Use the same account for all SQL Server services.

a. Under the Account Name drop down list select NT AUTHORITY\NETWORK SERVICEb. Do not enter anything into the password field.c. Click OK.d. Click Next

11.For Database Engine Configuration, the installer will then ask you if you want to enable MixedMode or Windows only mode.

a. Mixed Mode (Recommended)Mixed Mode is required if you intend on using a SQL Server account to authenticate Secret Server to

your SQL Server. If you are doing an evaluation and using the Secret Server MSI, we recommend Mixed

Mode with a SQL Authentication account. SeeCreating the SQL Server Userfor instructions.

b. Windows ModeThis will prevent SQL Server account authentication and require a Windows Service account to run the

Secret Server website. This will also require additional configuration in IIS once Secret Server is

installed. There is a KB article that walks through the advanced setup at support.thycotic.com.


15/24

15

Click the Add Current User for the SQL Server Administrators.

12.Continue to click next until the Ready to Install step is reached. Ensure all of the configurationoptions look correct.

13.SQL Server 2008 Express is now installed.TIP: We recommend running Microsoft Update to get all of the latest service packs and fixes for SQL

2008.

2. Creating the SQL Server DatabaseNOTE: The Secret Server installer will create the database for you if it does not exist and the

user account has permission to create a new database.

1. Open Management Studio Express.2. Connect to your SQL Server database.3. Right click the Databases folder and select New Database"4. Enter a database name and click OK

3. Creating the SQL Server User1. Open Management Studio Express.2. Connect to your SQL Server Database.3. Expand the Security folder.4. Right click Logins and select New Login


16/24

16

5. Select SQL Server authentication (Requires Mixed Mode enabled)6. Enter a new username and password.7. Uncheck Enforce password policyto prevent the account from expiring.8. Select the User Mappings from the left menu.9. Check the checkbox next to your Secret Server database.10.Give the user db_owner permission.11.Click OK.


17/24

17

III. Secret Server MSIWARNING: The Secret Server MSI does not support Windows XP. If it is your only option, follow the

manual install steps inManual Installation - Creating Secret Server Website (No MSI).

TIP: Make sure you have theprerequisitesinstalled before attempting to setup Secret Server.

A. Download the latest version of Secret ServerThe latest version of Secret Server is available forDownload. Once clicking the Download button, the

setup.exe file will be downloaded to your machine.

B. Running the MSIWhen running the setup.exe file, your first option will be to choose Standard or Advanced.

1. Standard OptionInstalls Secret Server as a Virtual Directory under the Default Website. This is recommended if you have

existing sites using the Default Website and it is also the fastest way to get up and running.

2. Advanced OptionInstalls Secret Server as a new Website without using the Default Website. This option allows you to

specify a port number that the website will run under. Using this option assumes some knowledge of IIS

and is often followed up by adding a DNS entry on the domain controller. This option must be used if

there is no Default Website.

3. File DestinationThis is the location where the application files will exists. The folder is typically

C:\inetpub\wwwroot\SecretServer but can be customized to follow your convention.

4. Application NameApplication name will be used when creating the Application Pool and either the website or the virtual

directory depending on the selected option above.

5. Completing Installation from Secret ServerOnce the MSI completes, the website will be setup with the correct permissions. The browser will open

to allow you to complete the Secret Server installation from the webpage. The following section will

guide you through this process.
http://www.thycotic.com/products_secretserver_download.htmlhttp://www.thycotic.com/products_secretserver_download.htmlhttp://www.thycotic.com/products_secretserver_download.htmlhttp://www.thycotic.com/products_secretserver_download.html


18/24

18

IV. Completing Secret Server installation from websiteSecret Server is now ready to begin installation through its installer. Open a browser and browse to

where your Secret Server is located, for example: http://localhost/secretserver.

Secret Server has a 5 step installation process:

1. This step ensures that Secret Server has write access to its location. If required, you must givethe correct account write and modify permissions to the application folder to continue. Once

the permissions are set, click Next.

TIP: (Advanced) If you dont want to change the permissions of a folder, you can give Secret

Server a Windows Username and Password that does, and Secret Server will impersonate as

that user during the installation process.

TIP: Secret Server only needs write permission during installation and upgrade. You can

remove the write and modify permissions once the installation process is complete.

2. Step two creates your unique encryption key. This key is generated securely and used to encryptand decrypt values stored in the database. Click Next.

3. Step 3 is where you specify the database.If Secret Server is installed on the same machine as SQL Server, you can specify (local). If you are

using a named instance of SQL, specify a slash then the instance name, for instance:

(local)\InstanceName.

NOTE: Secret Server will create the database for you if it does not exist.

Enter the SQL Username and Password if using SQL Server Authentication, or select Windows

Authentication. To create a SQL Server user, seeCreating the SQL Server User.

4. Secret Server will now attempt to download and install the latest version from the internet. Youmust have an active internet connection. If you do not, Secret Server will continue to install the

current version.

5. Secret Server will ask you to agree to your End User Licenses Agreement. If you do, clickcontinue. Secret Server will then configure your database.

6. Secret Server will now ask you to create your first user. This user will have administrative accesswithin the application.

7. Once logged into Secret Server you may apply your licenses by going to Administration, Licensesand entering your License name and key.

Secret Server has now successfully been installed. See theUser Guidefor information on using Secret

Server.
http://updates.thycotic.net/link.ashx?SecretServerUserGuidehttp://updates.thycotic.net/link.ashx?SecretServerUserGuidehttp://updates.thycotic.net/link.ashx?SecretServerUserGuidehttp://updates.thycotic.net/link.ashx?SecretServerUserGuide


19/24

19

V.

Manual Installation - Creating Secret Server Website (No MSI)If you are knowledgeable of IIS and would prefer to manually install the website without using the MSI,you can follow these instructions.

TIP: Make sure you have therequired softwareinstalled before attempting to setup Secret Server.

Downloadthe latest version of Secret Server. After clicking the download button you will be taken to a

page where you can choose to download a ZIP file that contains the Secret Server files. Use this ZIP file

for the instructions below.

Secret Server can be installed in a few different ways:

As a Virtual Directory As a Website (Server 2003 only) Part of a Website

1. Installing as a Virtual Directory (Windows XP / Server 2000 / Server2003 [R2])

1. Extract the contents of the ZIP file where you would like Secret Server to be located on yoursystem.

2. Ensure that the folder has the proper permissions on it for IIS. Ensure that the ASPNET andNETWORK SERVICE Windows Account has Read, Write, and Modify permissions on the

folder where Secret Server is installed. The same permissions should be applied to the IIS

anonymous account, called IUSR_machinename Where machinename is the name of the

computer.

3. Open the IIS Control Panel by going into the Control Panel, then Administrative Tools >Internet Information Services.
http://www.thycotic.com/products_secretserver_download.htmlhttp://www.thycotic.com/products_secretserver_download.htmlhttp://www.thycotic.com/products_secretserver_download.html


20/24

20

4. Select Default Web Site, right-click it, select New then Virtual Directory.

5. Select an alias for your Secret Server. The alias is what will be appended to the website. Forinstance, http://myserver/SecretServer, then click Next.

6. Choose the Directory Where Secret Server was installed by clicking Browse and selectingthe folder where you originally extracted the zip folder.

7. You will be prompt with what permission. Secret Server requires Read and Run Scripts.Secret Server is now ready to be installed.

2. Installing as part of a Website (Windows XP / Server 2000 / Server2003 [R2])

1. Extract Secret Server to the path where your website is (Commonly C:\Inetpub\wwwroot).For example, C:\Inetpub\wwwroot\SecretServer

2. Ensure that the folder has the proper permissions on it for IIS. Ensure that the ASPNETWindows Account has Read, Write, and Modify permissions on the folder where Secret

Server is installed. The same permissions should be applied to the IIS anonymous account,

called IUSR_machinename Where machinename is the name of the computer.

3. Open the IIS Control Panel by going into the Control Panel, then Administrative Tools >Internet Information Services


21/24

21

4. Expand the Default Website and locate the Secret Server folder. Right-click it, and selectProperties.


22/24

22

5. On the Directory Tab, click the Create button. This will enable Secret Server to run as anapplication.


23/24

23

6. On the ASP.Net Tab ensure that ASP.Net Version is set to 2.0.x.

1. Secret Server is now ready to be installed follow the instructions atCompleting Secret Serverinstallation from website.


24/24

Documents

Secret Server Installation Windows 5