Scribd
Upload
48 views7 pages

Script

The document provides instructions for installing ObserveIT software on a Windows server. It includes steps to install SQL Server databases, IIS web sites, SSL certificates and ObserveIT application files. Powershell scripts are used to configure IIS, install prerequisites and grant permissions to service accounts.

Uploaded by

Dương Dương
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
48 views7 pages

Script

The document provides instructions for installing ObserveIT software on a Windows server. It includes steps to install SQL Server databases, IIS web sites, SSL certificates and ObserveIT application files. Powershell scripts are used to configure IIS, install prerequisites and grant permissions to service accounts.

Uploaded by

Dương Dương
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 7

OITServiceAccount@cyberark-lab.

local Admin@123
1. DBA: ( đứng trên con web , login bằng account service , account service phải
được add vô admin local , và account service này phải được allow login vào dba với
dạng widnows authen có role creater and security admin)

$observeitInstallerPath = "c:\temp\ObserveIT_Setup_v7.14.3.65"

Start-Process "$observeitInstallerPath\DB\SQLPackage.exe" -ArgumentList


"/server:WIN-GT71PRNHMF1.cyberark-lab.local", "/makedatabase", "/quiet" -Wait

Get-Content "$observeitInstallerPath\DB\Sql_Setup.txt" | Select-String -Pattern


"Package executed successfully"

Nếu hiện lên dòng Package executed successfully là done


lab done cái này rồi nè

2. Web console :

note : chạy cụm dưới đây sài powershell dưới quyền admin

Install-WindowsFeature Web-Server, Web-WebServer, Web-Common-Http, Web-Default-Doc,


Web-Dir-Browsing, Web-Http-Errors, Web-Static-Content, Web-Stat-Compression, Web-
Security, Web-Filtering, Web-App-Dev, Web-Net-Ext45, Web-Asp, Web-Asp-Net45, Web-
ISAPI-Ext, Web-ISAPI-Filter, Web-Mgmt-Tools, Web-Mgmt-Compat, Web-Mgmt-Console,
NET-WCF-Services45, NET-WCF-HTTP-Activation45 -IncludeManagementTools

$observeitInstallerPath = "c:\temp\ObserveIT_Setup_v7.14.3.65"
$SQLServer = 'WIN-GT71PRNHMF1.cyberark-lab.local'
$DNSForestName = "cyberark-lab.local"
$Creds = Get-Credential
$WebSiteName = 'ObserveITWebConsole'
$WebSitePort = "443"
$WebSiteProtocol = "https"
$ComputerName = (Get-WmiObject -Class Win32_ComputerSystem).PSComputerName
$MachineFQDN = $ComputerName + '.' + $DNSForestName
$ApplicationPool = "IIS:\AppPools\$WebSiteName"
$WebSiteBinding = ":" + $WebSitePort + ":"
$OutputDestination = 'C:\temp'

New-Item -Name ObserveIT -Path "C:\Program Files" -ItemType Directory


New-Item -Name Web -Path "C:\Program Files\ObserveIT" -ItemType Directory
Import-Module WebAdministration
New-Item $ApplicationPool -Force
New-Item IIS:\Sites\$WebSiteName -PhysicalPath 'C:\Program Files\ObserveIT\Web\' -
Bindings @{protocol = $WebSiteProtocol; bindingInformation =$WebSiteBinding } -
Force
Set-ItemProperty IIS:\Sites\$WebSiteName\ -Name applicationpool -Value $WebSiteName
-Force

Import-Module WebAdministration
$ConfigSection = Get-IISConfigSection -SectionPath
"system.webServer/security/access" -Location "$WebSiteName"
Set-IISConfigAttributeValue -AttributeName sslFlags -AttributeValue Ssl -
ConfigElement $ConfigSection
Get-IISConfigAttributeValue -ConfigElement $ConfigSection -AttributeName sslFlags

Set-ItemProperty -Path "IIS:\Sites\$WebSiteName" -Name Logfile.enabled -Value


$false

$NodeJSInstaller = $observeitInstallerPath + '\Web\PreRequisite_nodeServices.exe'


$ComponentInstallArguments = "wconly=1", "sqlcli=1", "/install", "/quiet",
"/norestart" ,"/log PreRequisite_nodeServices.log"
Start-Process $NodeJSInstaller -ArgumentList $ComponentInstallArguments -Wait

đợi cái trên kia chạy xong tiếp đến chạy cái này

function Set-LogonRight ($accountToAdd) {


if ( [string]::IsNullOrEmpty($accountToAdd) ) {
Write-Output "no account specified"
exit
}
$sidstr = $null
try {
$ntprincipal = new-object System.Security.Principal.NTAccount
"$accountToAdd"
$sid =
$ntprincipal.Translate([System.Security.Principal.SecurityIdentifier])
$sidstr = $sid.Value.ToString()
} catch {
$sidstr = $null
}
Write-Output "Account: $($accountToAdd)"
if ( [string]::IsNullOrEmpty($sidstr) ) {
Write-Output "Account not found!"
exit -1
}
Write-Output "Account SID: $($sidstr)"
$tmp = [System.IO.Path]::GetTempFileName()
Write-Output "Export current Local Security Policy"
secedit.exe /export /cfg "$($tmp)"
$c = Get-Content -Path $tmp
$currentSetting = ""
foreach ($s in $c) {
if ( $s -like "SeServiceLogonRight*") {
$x = $s.split("=", [System.StringSplitOptions]::RemoveEmptyEntries)
$currentSetting = $x[1].Trim()
}
}
if ( $currentSetting -notlike "*$($sidstr)*" ) {
Write-Output "Modify Setting ""Logon as a Service"""
if ( [string]::IsNullOrEmpty($currentSetting) ) {
$currentSetting = "*$($sidstr)"
} else {
$currentSetting = "*$($sidstr),$($currentSetting)"
}
Write-Output "$currentSetting"
$outfile = @"
[Unicode]
Unicode=yes
[Version]
signature="`$CHICAGO`$"
Revision=1
[Privilege Rights]
SeServiceLogonRight = $($currentSetting)
"@
$tmp2 = [System.IO.Path]::GetTempFileName()
Write-Output "Import new settings to Local Security Policy"
$outfile | Set-Content -Path $tmp2 -Encoding Unicode -Force
Push-Location (Split-Path $tmp2)
try {
secedit.exe /configure /db "secedit.sdb" /cfg "$($tmp2)" /areas
USER_RIGHTS
} finally {
Pop-Location
}
} else {
Write-Output "NO ACTIONS REQUIRED! Account already in ""Logon as a
Service"""
}
Write-Output "Done."
}

Set-LogonRight "$($Creds.GetNetworkCredential().UserName)"

báo done thì chạy tiếp cái này

$ComponentInstallArguments = "/i", ($observeitInstallerPath + '\Web\WebConsole\


ObserveIT.WebConsoleSetup.msi'), "/qb", "/norestart", "DATABASE_SERVER=$SQLServer",
"TARGETAPPPOOL=$WebSiteName", "TARGETSITE=$WebSiteName",
"DATABASE_LOGON_TYPE=WindowsAccount", "SERVICE_USERNAME=$
($Creds.GetNetworkCredential().Domain + '\' +
$Creds.GetNetworkCredential().UserName)", "SERVICE_PASSWORD=$
($Creds.GetNetworkCredential().Password)","/leo", ".\WebConsoleMSI.log"

Start-Process msiexec.exe -ArgumentList $ComponentInstallArguments -Wait -


NoNewWindow

done thì chạy tiếp cái này :

Set-Location "C:\Program Files\ObserveIT\Web\V2\apis"

Get-ChildItem *.zip | foreach {Expand-Archive -LiteralPath $_.FullName -


DestinationPath $($_.Directory.ToString() + '\' + $_.BaseName.ToString()) -Force}

Set-Location "C:\Program Files\ObserveIT\Web\V2\apps"

Get-ChildItem *.zip | foreach {Expand-Archive -LiteralPath $_.FullName -


DestinationPath $($_.Directory.ToString() + '\' + $_.BaseName.ToString()) -Force}

xong thì chạy cái này để check xem có cài đúng k

add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object
TrustAllCertsPolicy
iisreset /start
Import-Module WebAdministration
Get-IISSite $WebSiteName | Start-IISSite
$CurrentURL = $WebSiteProtocol + '://localhost:' + $WebSitePort +
'/ObserveIT/FormLoginAuth.aspx?UserDefaultPage=True'
(Invoke-WebRequest $CurrentURL).RawContent -match 'ObserveIT - Login Page'

xong hết rồi thì tiếp cài tới con application


3. Application
Mở powershell dưới quyền administrator

chạy mấy lệnh dưới này để cài các yêu cầu windows :

Install-WindowsFeature Web-Server, Web-WebServer, Web-Common-Http, Web-Default-Doc,


Web-Dir-Browsing, Web-Http-Errors, Web-Static-Content, Web-Stat-Compression, Web-
Security, Web-Filtering, Web-App-Dev, Web-Net-Ext45, Web-Asp, Web-Asp-Net45, Web-
ISAPI-Ext, Web-ISAPI-Filter, Web-Mgmt-Tools, Web-Mgmt-Compat, Web-Mgmt-Console,
NET-WCF-Services45, NET-WCF-HTTP-Activation45 -IncludeManagementTools

xong rồi thì mở powershell với service account :

$observeitInstallerPath = "c:\temp\ObserveIT_Setup_v7.14.3.65"
$SQLServer = 'WIN-GT71PRNHMF1.cyberark-lab.local'
$DNSForestName = "cyberark-lab.local"
$Creds = Get-Credential
$WebSiteName = 'ObserveITApplicationServer'
$WebSitePort = "443"
$WebSiteProtocol = "https"
$ComputerName = (Get-WmiObject -Class Win32_ComputerSystem).PSComputerName
$MachineFQDN = $ComputerName + '.' + $DNSForestName
$ApplicationPool = "IIS:\AppPools\$WebSiteName"
$WebSiteBinding = ":" + $WebSitePort + ":"
$OutputDestination = 'C:\temp'

xong rồi tiếp cái này :


New-Item -Name ObserveIT -Path "C:\Program Files" -ItemType Directory
New-Item -Name Web -Path "C:\Program Files\ObserveIT" -ItemType Directory
Import-Module WebAdministration
New-Item $ApplicationPool -Force
New-Item IIS:\Sites\$WebSiteName -PhysicalPath 'C:\Program Files\ObserveIT\
Web\' `-Bindings @{protocol = $WebSiteProtocol; bindingInformation =
$WebSiteBinding } -Force
Set-ItemProperty IIS:\Sites\$WebSiteName\ -Name applicationpool -Value
$WebSiteName -Force

xong rồi thì chạy tiếp cái này để ssl cho application
Import-Module WebAdministration
$ConfigSection = Get-IISConfigSection -SectionPath
"system.webServer/security/access" -Location "$WebSiteName"
Set-IISConfigAttributeValue -AttributeName sslFlags -AttributeValue Ssl -
ConfigElement $ConfigSection
Get-IISConfigAttributeValue -ConfigElement $ConfigSection -AttributeName
sslFlags

xong rồi thì tiếp cái này


Set-ItemProperty -Path "IIS:\Sites\$WebSiteName" -Name Logfile.enabled -Value
$false
xong rồi thì add cert ssl
add cert xong rồi thfi tiếp cái này để cài app :
$NodeJSInstaller = $observeitInstallerPath + '\Web\
PreRequisite_nodeServices.exe'
$ComponentInstallArguments = "wconly=1", "sqlcli=1", "/install", "/quiet",
"/norestart" ,"/log PreRequisite_nodeServices.log"
Start-Process $NodeJSInstaller -ArgumentList $ComponentInstallArguments -Wait
xong rồi thì tiếp cái này :

function Set-LogonRight ($accountToAdd) {


if ( [string]::IsNullOrEmpty($accountToAdd) ) {
Write-Output "no account specified"
exit
}
$sidstr = $null
try {
$ntprincipal = new-object System.Security.Principal.NTAccount
"$accountToAdd"
$sid =
$ntprincipal.Translate([System.Security.Principal.SecurityIdentifier])
$sidstr = $sid.Value.ToString()
} catch {
$sidstr = $null
}
Write-Output "Account: $($accountToAdd)"
if ( [string]::IsNullOrEmpty($sidstr) ) {
Write-Output "Account not found!"
exit -1
}
Write-Output "Account SID: $($sidstr)"
$tmp = [System.IO.Path]::GetTempFileName()
Write-Output "Export current Local Security Policy"
secedit.exe /export /cfg "$($tmp)"
$c = Get-Content -Path $tmp
$currentSetting = ""
foreach ($s in $c) {
if ( $s -like "SeServiceLogonRight*") {
$x = $s.split("=", [System.StringSplitOptions]::RemoveEmptyEntries)
$currentSetting = $x[1].Trim()
}
}
if ( $currentSetting -notlike "*$($sidstr)*" ) {
Write-Output "Modify Setting ""Logon as a Service"""
if ( [string]::IsNullOrEmpty($currentSetting) ) {
$currentSetting = "*$($sidstr)"
} else {
$currentSetting = "*$($sidstr),$($currentSetting)"
}
Write-Output "$currentSetting"
$outfile = @"
[Unicode]
Unicode=yes
[Version]
signature="`$CHICAGO`$"
Revision=1
[Privilege Rights]
SeServiceLogonRight = $($currentSetting)
"@
$tmp2 = [System.IO.Path]::GetTempFileName()
Write-Output "Import new settings to Local Security Policy"
$outfile | Set-Content -Path $tmp2 -Encoding Unicode -Force
Push-Location (Split-Path $tmp2)
try {
secedit.exe /configure /db "secedit.sdb" /cfg "$($tmp2)" /areas
USER_RIGHTS
} finally {
Pop-Location
}
} else {
Write-Output "NO ACTIONS REQUIRED! Account already in ""Logon as a
Service"""
}
Write-Output "Done."
}

Set-LogonRight "$($Creds.GetNetworkCredential().UserName)

chạy mà ok thì tiếp cái này :

$ComponentInstallArguments = "/i", ($observeitInstallerPath + '\Web\AppServer\


ObserveIT.AppServerSetup.msi'), "/qb", "/norestart", "DATABASE_SERVER=$SQLServer",
"TARGETAPPPOOL=$WebSiteName", "TARGETSITE=$WebSiteName",
"DATABASE_LOGON_TYPE=WindowsAccount", "SERVICE_USERNAME=$
($Creds.GetNetworkCredential().Domain + '\' +
$Creds.GetNetworkCredential().UserName)", "SERVICE_PASSWORD=$
($Creds.GetNetworkCredential().Password)","/leo", ".\AppServerMSI.log"
2 cái trên là 1 lệnh xong thì tiếp cái này
Start-Process msiexec.exe -ArgumentList $ComponentInstallArguments -Wait -
NoNewWindow
chạy xong rồi thì cái lệnh này để check xem cài đúng chưa :
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object
TrustAllCertsPolicy
iisreset /start
Import-Module WebAdministration
Get-IISSite $WebSiteName | Start-IISSite
$CurrentURL = $WebSiteProtocol + '://localhost:' + $WebSitePort +
'/ObserveitApplicationServer/v2/apis/health/_health'
Invoke-WebRequest $CurrentURL -UseBasicParsing

You might also like