52 people following this project (follow)

UPDATED FOR VERSION 1.2.1

Installation Process

Required Software:
  1. IIS 7.0 or 7.5
  2. MSSQL 2005+ (v1.2.1 MSSQL 2008 or 2008 R2 Only)
  3. ASP.NET must be installed and active
  4. .NET 4.0 RTM must be installed, the application works on both x86 and x64 platforms (http://www.microsoft.com/downloads/details.aspx?FamilyID=9cfb2d51-5ff4-4491-b0e5-b386f32c0992&displaylang=en)
Install Instructions:
  1. v1.2.1 Instructions:
    1. uManage uses a group to control which users are able to be modified by Admin users, this prevents other employees from resetting passwords for service or administrative accounts.
    2. Create a new Global Security Group in Active Directory called "uManage-Users".
    3. Add any users/employees whose information you want to view or modify from uManage to the new group.
  2. It’s best to setup a directory on the system to hold the application. Best practice says to create the directory on a drive that does not contain the system files (C:\). We use “D:\uManage”.
  3. Download the latest stable release, as of writing that is v1.2.
  4. Unzip the files into the new directory.
  5. Open the IIS Manager.
  6. Create a new website.
  7. You can use an existing Application Pool, however remember that the application pool must be running .NET 4.0 and not 2.0. For security reasons we suggest running this application under its own isolated pool, remember we deal with some pretty sensitive data in this system.
  8. Point the website to the directory we created.
  9. The account that is used in the Application Pool must also be granted modify permission to the website directory so it can dynamically update the configuration files as part of the Setup Wizard.
  10. Select the IP address and port number to use. To make the user’s life much easier we suggest leaving the default of port 80 and using a host header. If you want to run the application over HTTPS/SSL you will need to setup a dedicated IP address and ensure HTTPS is selected as the protocol.
  11. Make sure to un-check the checkbox to start the website immediately.
  12. If you decided to use a host header make sure your DNS record has also been created so that users can use a name instead of IP Address.
  13. Once the site is created you also need to enable Windows Authentication, and disable Anonymous Authentication. Under the IIS group select Authentication.
    1. Select Windows Authentication and click “Enable” in the Actions Pane.
    2. Select 'Anonymous Authentication' and click 'Disable' in the actions pane.
  14. OK, start the website.
  15. See the section titled Delegating User Control for help in setting up the required permissions to modify domain objects.
  16. Browse to the site, the Setup Wizard should load.
  17. Walk through the Setup Wizard. The Wiard does the following important things:
    1. Makes sure you accept the license agreement
    2. Connects to and verifies access to your domain
    3. Connects to your database server and creates the required database (Requires SQL Authentication! To manually setup the DB see below)
    4. Allows you the change the User Portal settings
    5. Confirms your settings
    6. Configures the application and loads it!
Manual Database Setup
Follow the steps below to manually create the database for uManage and update the application configuration file to use it.
  1. Run the Application Setup Wizard - This creates a lot of the required tie-ins and application settings that you won't have to deal with later like Encryption of the configuration file.
  2. Open SQL Management Studio (uManage works with 2005 and up database engines)
  3. Create a new database (We suggest the following naming format: uManage-<your domain>, an example: uManage-familynet)
  4. Create your login user:
    1. If you want to create your own SQL Authentication user then do that now (Why didn't you use the setup wizard though? It does exactly what your doing now)
    2. If you are using Windows Authentication make sure you have the login added to the database
  5. Install the database:
    1. We include a SQL file (The same one the Wizard uses) to do this
    2. Browse to the application folder
    3. The sql file is located here: AppRoot/App_Data/SQL/uManage-Import.sql
      1. Note: Don't worry about deleting the file later, the App_Data folder is protected from any HTTP requests by IIS
    4. Verify tables, Stored Procedures were created
    5. You must now Execute a Stored Procedure to add a user account in uManage to the admin groups.
      1. For simplicity we have provided a file attachment to these instructions that contains a simple version of the sproc, simply update the username to grant rights to and point it at your database, then execute it.
      2. Download here: AddUserToRoles.sql
  6. After the database is ready the last step is to modify the web.config file in the AppRoot folder:
    1. The only change required will be to the Connection String for AppService.
    2. Because the connection string can really be many things you can research them here: http://www.connectionstrings.com/sql-server-2005
    3. The only setting we would suggest is to add this to your connection string: "MultipleActiveResultSets=true;"
  7. When the setup wizard is run without a database it takes the application offline so users do not attempt to connect and receive error messages. From the AppRoot folder remove the file: "AppOffline.htm"
  8. The application should now be online
Delegating User Control:
  1. Access one of your Authoritative Domain Controllers.
  2. Open Active Directory Users and Computers Snap-In.
  3. Create a standard user account for a new user.
    1. We use a user called “User Manager” with a username of umanage.
    2. The account can reside anywhere in the directory, OU doesn’t matter.
  4. Right Click on the Domain container and select Delegate Control…
  5. When the Wizard opens click next to skip the welcome page
  6. Add the user you just created.
  7. Select the common task called “Create, Delete and Manage user accounts.”
    1. v1.2.1: Also select the common task called "Modify the membership of a group."
  8. Click next to display a summary.
  9. Click finish to assign the delegation permissions.
  10. When you setup uManage use the user account you setup in these steps to connect to the domain, this account will perform all of the required updates and changes.
Log Users in Automagically:
Since this is an AD application it would be great if the users did not have to enter credentials every time they access the site. However, Internet Explorer has some great security features, one of which will not pass in credentials to requesting sites automatically unless it is sure the site is safe, more importantly in the Local Intranet security group. If you open up the Internet Explorer “Internet Options” toolbox and select the “Security” tab there is an icon for “Local Intranet”, click it. There is also a button right below called “Sites”. Simply enter in the FQDN or IP Address of the application. You may need to restart IE for it to take effect.

For the more GPO inclined user you can also set the above setting in Group Policy to cut down on all of the work. The Petri forums have the answer: http://www.petri.co.il/forums/showthread.php?t=14249.

Tested Browsers:
We try to test all of the functionality on all of the browsers in the world but there are just too many. Instead here is our test base:
  1. Internet Explorer 8, handles the Triton engine
  2. FireFox 3.5, handles Mozilla
  3. Chrome 4, handles WebKit
NOTE: NTLM Authentication was tested and worked in all of the above browsers but was not tested in browsers that may share the same rendering engine but are actually different applications like Safari or Opera.

Last edited Nov 5 2010 at 6:39 PM by rikishipabst, version 6

Comments

No comments yet.