vendredi 4 juin 2010

How to Configure Windows Server 2008 for Site System Roles

Here is a blurb I actually found on the Microsoft TechNet forums as I was searching for answers to my Windows 2008/SCCM SP1 RC Lab issues and I thought it was worth repeating again here for those in the same boat.

Here is the blurb from the help information that will be in the RTM release of SP1.

Topics referencing Configuration Manager 2007 SP1 and Configuration Manager 2007 R2 are pre-release documentation and are subject to change in future releases. Blank topics are included as placeholders.

Topic last updated—March 2008

Microsoft System Center Configuration Manager 2007 requires the WebDAV component to be installed and enabled on the management points and BITS-enabled distribution points. The WebDAV component is not included in Windows Server 2008 operating system.

Note

The information in this topic applies only to Configuration Manager 2007 SP1.

You must download, install, and configure WebDAV manually on management points and BITS-enabled distribution points running Windows Server 2008. On BITS-enabled distribution points, you might also have to edit the requestFiltering section of the applicationHost.config file if your packages contain extensions that are blocked.

Important

Enabling WebDAV and modifying the requestFiltering section for the Web site increases the attack surface of the computer. Enable WebDAV only when required for management points and BITS-enabled distribution points. If you enable WebDAV on the default Web site, it is enabled for all applications using the default Web site. If you modify the requestFiltering section, it is modified for all Web sites on that server. The security best practice is to run Configuration Manager 2007 on a dedicated Web server. If you must run other applications on the Web server, use a custom Web site for Configuration Manager 2007.

Site servers and branch distribution points require Remote Differential Compression (RDC) to generate package signatures and perform signature comparison. RDC is not installed by default on computers running Windows Server 2008.

Reporting points running Windows Server 2008 require ASP.NET with Windows Authentication to be enabled.

To install and configure WebDAV for BITS-enabled distribution points and management points

1. In Server Manager, on the Features node, start the Add Features Wizard.
* On the Select Features page, select BITS Server Extensions.
* When prompted, click Add Required Role Services to add the dependent components, including the Web Server (IIS) role.
* On the Select Features page, select Remote Differential Compression, and then click Next.
* On the Web Server (IIS) page, click Next.
* On the Select Role Services page, under IIS 6 Management Compatibility, select IIS 6 WMI Compatibility.
* Under Application Development, select ASP.NET and, when prompted, click Add Required Role Services to add the dependent components.
* Under Security, select Windows Authentication, and then click Next.
* On the Confirmation page, click Install, and then complete the rest of the wizard.
2. Download the x86 or x64 version of WebDAV at http://go.microsoft.com/fwlink/?LinkId=108052.
3. Run either webdav_x86_golive.msi or webdav_x64_golive.msi, depending on your processor.
4. Enable WebDAV and create an Authoring Rule, as follows:
* Open Internet Information Services (IIS) Manager.
* In the Connections pane, expand the Sites node in the tree, and then click SMSWEB if you are using a custom Web site or click Default Web Site if you are using the default Web site for the site system.
* In the Features View, double-click WebDAV Authoring Rules.
* When the WebDAV Authoring Rules page is displayed, in the Actions pane, click Enable WebDAV.
* After WebDAV has been enabled, in the Actions pane, click Add Authoring Rule.
* In the Add Authoring Rule dialog box, under Allow access to, click All content.
* Under Allow access to this content to, click All users.
* Under Permissions, click Read, and then click OK.
5. Change the property behavior as follows:
* In the WebDAV Authoring Rules page, in the Actions pane, click WebDAV Settings.
* In the WebDAV Settings page, under Property Behavior, set Allow anonymous property queries to True.
* Set Allow Custom Properties to False.
* Set Allow property queries with infinite depth to True.
* If this is a BITS-enabled distribution point, under WebDAV Behavior, set Allow access to hidden files to True.

Important

Allow access to hidden files is not required for management points and should not be configured.

* In the Action pane, click Apply.
1. Close Internet Information Services (IIS) Manager.
2. Verify that there are no error messages for the distribution point or management point role, as follows:
* In the Configuration Manager console, navigate to System Center Configuration Manager / System Status / Site Status / - / Site System Status.
* Check the status of the management point and distribution point roles.
* If you see any errors, right-click the role, click Show Messages, and then click All to see more detail.

To modify the requestFiltering section on BITS-enabled distribution points

1. On the BITS-enabled distribution points, open %windir%\System32\inetsrv\config\applicationHost.config.
2. Search for the section.
3. Determine the file extensions that you will have in the packages on that distribution point. For each file extension that you require, change allowed to true.
4. For example, if your package will contain a file with an .mdb extension, change the line to .

Important

Allow only the file extensions required for your packages.

1. Save and close applicationHost.config.

To add Remote Differential Compression to site servers and branch distribution points

1. In Server Manager, on the Features node, start the Add Features Wizard.
2. On the Select Features page, select Remote Differential Compression, and then click Next.
3. Complete the rest of the wizard.

To enable ASP.NET and Windows Authentication on the reporting point

1. In Server Manager, on the Roles node, start the Add Roles Wizard.
2. On the Select Server Roles page, select Web Server (IIS).
3. When prompted, click Add Required Role Services to add the dependent components.
4. On the Select Server Roles page, click Next.
5. Under Application Development, select ASP.NET and, when prompted, click Add Required Role Services to add the dependent components.
6. Under Security, select Windows Authentication, and then click Next.
7. On the Confirmation page, click Install, and then complete the rest of the wizard.

Aucun commentaire:

Enregistrer un commentaire