WebsitePanel Server – Post installation tasks

This post install post contains the following:

  1. User placement and Group memberships
  2. Configuring Firewall
  3. For WebsitePanel Server on Exchange Server

 

The three users we made during the installation are all placed in domain/users folder. You can move these somewhere else as fitting your environment.

  1. User WPServer must be a member of the following security Groups: Note: This is the user created when installing WebsitePanel Server module.
    user-wpserver-02
    – Administrators
    – Domain Admins
    – Organization Management
    – IIS_IUSRS
  2. User WPServer must also be a member of local administrators groups on your WebsitePanel Server.
    On your server run lusrmgr.msc and verify the membership:
    Note: this is the user created when installing WebsitePanel Server module.
    Note: it is not required in all cases to have this user a member of local administrators group, but it should be there as default.
    user-wpserver-01

Configuring Firewal

I’m first going to show, how to do it in one step using a single line of powershell, and hen using GUI.

Configure Firewall using Powershell
Note, remember to change or remove the -RemoteAddress IP parameter to fit your setup.
Also change -Profile to private or any if needed.
Note: if you get an error when running the New-NetFirewallRule cmdlet, try importing the module containing it first: Import-Module NetSecurity
New-NetFirewallRule -Name "WSPanelServer" -DisplayName "WSPanel Server" -Protocol TCP -Description "WebsitePanel Server port 9003" -Enabled True -Profile Domain -Action Allow -RemoteAddress "192.168.1.220" -LocalPort "9003"
PSfirewall-01

If you have multiple servers you might want to setup the rule on all of them in one step from ISE
Here we use CIM, which is Common Information Module
ISEfirewall-01
The script used for the above action:
$strComputers = @("Test01","Test02");
$cred = Get-Credential -Credential mydomain\administrator
foreach ($PC in $strComputers)
{
$CIM = New-CimSession -ComputerName $PC -Credential $cred;
New-NetFirewallRule -Name "WSPanelServer" -DisplayName "WSPanel Server" `
-Protocol TCP -Description "WebsitePanel Server port 9003" -Enabled True `
-Profile Domain -Action Allow -RemoteAddress "192.168.1.220" -LocalPort "9003" `
-CimSession $cim
}

Here is a page for inspiration on how to choose multiple computers using Get-Adcomputer instead of ‘hardcoding’ the servernames.
Hey, Scripting Guy! Blog: Use PowerShell to Create New Windows Firewall Rules

Configure Firewall using GUI
We need to configure the firewall on each of the WebsitePanel Servers we install.

  1. Open Windows Firewall with Advanced Security by running wf.msc
    Click Inboud Rules and New Rule..
    firewall-01
  2. Select Port and click Next >
    firewall-02
  3. Select TCP and type WebsitePanel Server management port: 9003, click Next > 
    firewall-03
  4. Select Allow the connection and click Next >
    firewall-04
  5. Deselect all but Domain and click Next >
    firewall-05
  6. Enter a fitting Name and maybe a Description, which is optional.
    firewall-06
  7. Right click on your new rule, and select Properties.
    firewall-07
  8. Select the Scope tab, and add the IP of your WebsitePanel Portal server.
    Doing this, as it is best to limit access as much as possible.
    firewall-08

 

For WebsitePanel Server on Exchange Server:
Verify wheter PowerShellVirtualDirectory is accepting Windows Authentication

Using Powershell:
Get-PowerShellVirtualDirectory | Get-PowerShellVirtualDirectory | select windowsauthentication | fl
WindowsAuthentication : False
Get-PowerShellVirtualDirectory | Set-PowerShellVirtualDirectory -WindowsAuthentication $True
Get-PowerShellVirtualDirectory | Get-PowerShellVirtualDirectory | select windowsauthentication | fl
WindowsAuthentication : True

windowsauthentication

Posted in Powershell, Server 2012, WebsitePanel

Leave a Reply