Proofpoint | ObserveIT On-Premises Insider Threat Management

Installing ObserveIT Web Console

The ObserveIT Web Console is the component that is used to configure, administer and use the product. Multiple Web Consoles can be installed in an environment for redundancy purposes.

In most cases, the Web Console is installed on the same machine as the Application Server (the first one, in case of multiple Application Servers). However, it’s also possible to configure a dedicated machine for this.

The time displayed in the Web Console is defined by the time zone of the database. Therefore, it is recommended that the Web Console and Database are installed with the same time zone.

Before you can verify the Web Console installation you must install the SQL Native client. This lets you work with ObserveIT REST APIs.

Prerequisite for installing the Web Management Console: Download the most recent version of Microsoft ASP .Net Core Runtime Windows Hosting Bundle.

Installing the ObserveIT Web Console with PowerShell

You can use the following PowerShell commands to install the ObserveIT Web Console. (This is the recommended procedure.) 

Optionally, you can use the manual precedure, see Installing ObserveIT Web Console.

Prerequisites:

  1. Connect (with RDP) to the server that will host the ObserveIT Web Console component as the Active Directory Service Account.

  2. Download the ObserveIT installer into c:\temp and extract the contents. (See Downloading the Latest Version.)

    (Assume the installer files are extracted to c:\temp\ObserveIT_Setup_vx.xx.y.yy path, where x.xx the major ObserveIT version, and y.yy is the minor version and build.)

  3. Run PowerShell as Administrator.

  4. From the table below, copy the rows from Command column, replacing the values as applicable. The Values to Replace column indicates which values you will need to replace.

    Paste the commands in the table below into the PowerShell window.

    Command Values to Replace
    $observeitInstallerPath = "c:\temp\ObserveIT_Setup_vx.xx.y.yy" Replace the generalized path with the correct path for your ObserveIT installer. For example: C:\temp\ObserveIT_Setup_v7.11.0.25
    $SQLServer = '<# FQDN of the SQL Server #>' Replace the commented section with FQDN of your SQL Server
    $DNSForestName = "<# enter your DNS domain name here #>" Replace the commented section with the DNS domain name of your Active Directory. For example: domain.local.
    $Creds = Get-Credential  
    $WebSiteName = 'ObserveITWebConsole'  
    $WebSitePort = "443"  
    $WebSiteProtocol = "https"  
    $ComputerName = (Get-WmiObject -Class Win32_ComputerSystem).PSComputerName  
    $MachineFQDN = $ComputerName + '.' + $DNSForestName  
    $ApplicationPool = "IIS:\AppPools\$WebSiteName"  
    $WebSiteBinding = ":" + $WebSitePort + ":"  
    $OutputDestination = 'C:\temp'  
  5. When PowerShell prompts, Enter your Active Directory Service Account credentials here, enter your Active Directory username in the format DOMAIN\account.

  6. Install the required Windows features:

    Install-WindowsFeature Web-Server, Web-WebServer, Web-Common-Http, Web-Default-Doc, Web-Dir-Browsing, Web-Http-Errors, Web-Static-Content, Web-Stat-Compression, Web-Security, Web-Filtering, Web-App-Dev, Web-Net-Ext45, Web-Asp, Web-Asp-Net45, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Mgmt-Tools, Web-Mgmt-Compat, Web-Mgmt-Console, NET-WCF-Services45, NET-WCF-HTTP-Activation45 -IncludeManagementTools

  7. Create the directory and Microsoft IIS folder structures:

    New-Item -Name ObserveIT -Path "C:\Program Files" -ItemType Directory
    New-Item -Name Web -Path "C:\Program Files\ObserveIT" -ItemType Directory
    Import-Module WebAdministration
    New-Item $ApplicationPool -Force
    New-Item IIS:\Sites\$WebSiteName -PhysicalPath 
    'C:\Program Files\ObserveIT\Web\' `
    -Bindings @{protocol = $WebSiteProtocol; bindingInformation = 
    $WebSiteBinding } -Force
    Set-ItemProperty IIS:\Sites\$WebSiteName\ -Name applicationpool -Value 
    $WebSiteName -Force
    Get-Item 'IIS:\Sites\Default Web Site\' | Remove-Item -Recurse
    Get-Item 'IIS:\AppPools\DefaultAppPool\' | Remove-Item -Recurse
    
  8. Require SSL for connections to the ObserveIT Web Console websites:

    Import-Module WebAdministration
    $ConfigSection = Get-IISConfigSection -SectionPath 
    "system.webServer/security/access" -Location "$WebSiteName"
    Set-IISConfigAttributeValue -AttributeName sslFlags -AttributeValue 
    Ssl -ConfigElement $ConfigSection
    Get-IISConfigAttributeValue -ConfigElement $ConfigSection 
    -AttributeName sslFlags
    
  9. Disable IIS logging:

    Set-ItemProperty -Path "IIS:\Sites\$WebSiteName" -Name Logfile.enabled -Value $false

  10. Configure the best-practice IIS Application Pool recycling settings:

    Import-Module WebAdministration
    $AppPoolPath = "IIS:\AppPools\$ApplicationPool "
    Set-ItemProperty $AppPoolPath -Name Recycling.periodicRestart.time 
    -Value 0.08:00:00
    Clear-ItemProperty $AppPoolPath -Name Recycling.periodicRestart.schedule
    $RestartAt = @('12:00', '20:00', '07:00')
    New-ItemProperty -Path $AppPoolPath -Name Recycling.periodicRestart.schedule 
    -Value $RestartAt
    
  11. Assign the provisioned TLS certificate to the ObserveIT Web Console website. (The TLS certificate was provisioned in Back-end Components Prerequisites.

  12. Right-click the StartMenu and click Run.

  13. Type inetmgr and click OK.

  14. In the Microsoft Internet Information Services management console, select and expand your server and then expand Sites.

  15. Right-click the ObserveITWebConsole website and click Bindings.

  16. Select the row starting with https in the Site Bindings window and click Edit.

  17. From the SSL certificate drop-down, at the bottom of the window, select your provisioned TLS certificate.

  18. Click OK to apply the settings.

  19. Click Close in the Site Bindings window.

  20. Install ObserveIT Web Console prerequisites:

    $NodeJSInstaller = $observeitInstallerPath + '\Web\PreRequisite_nodeServices.exe' $ComponentInstallArguments = "wconly=1", "sqlcli=1", "/install", "/quiet", "/norestart" ,"/log PreRequisite_nodeServices.log" Start-Process $NodeJSInstaller -ArgumentList $ComponentInstallArguments -Wait

  21. Assign Logon as Service Rights to the Active Directory Service Account:

    function Set-LogonRight ($accountToAdd) {
        if ( [string]::IsNullOrEmpty($accountToAdd) ) {
            Write-Output "no account specified"
            exit
    }
        $sidstr = $null
    try {
            $ntprincipal = new-object System.Security.Principal.NTAccount "$accountToAdd"
            $sid = $ntprincipal.Translate([System.Security.Principal.SecurityIdentifier])
            $sidstr = $sid.Value.ToString()
    } catch {
            $sidstr = $null
    }
        Write-Output "Account: $($accountToAdd)"
        if ( [string]::IsNullOrEmpty($sidstr) ) {
            Write-Output "Account not found!"
            exit -1
    }
        Write-Output "Account SID: $($sidstr)"
        $tmp = [System.IO.Path]::GetTempFileName()
        Write-Output "Export current Local Security Policy"
        secedit.exe /export /cfg "$($tmp)" 
        $c = Get-Content -Path $tmp 
        $currentSetting = ""
        foreach ($s in $c) {
            if ( $s -like "SeServiceLogonRight*") {
                $x = $s.split("=", [System.StringSplitOptions]::RemoveEmptyEntries)
                $currentSetting = $x[1].Trim()
        }
    }
        if ( $currentSetting -notlike "*$($sidstr)*" ) {
            Write-Output "Modify Setting ""Logon as a Service"""
            if ( [string]::IsNullOrEmpty($currentSetting) ) {
                $currentSetting = "*$($sidstr)"
        } else {
                $currentSetting = "*$($sidstr),$($currentSetting)"
        }
            Write-Output "$currentSetting"
    $outfile = @"
    [Unicode]
    Unicode=yes
    [Version]
    signature="`$CHICAGO`$"
    Revision=1
    [Privilege Rights]
    SeServiceLogonRight = $($currentSetting)
    "@
            $tmp2 = [System.IO.Path]::GetTempFileName()
            Write-Output "Import new settings to Local Security Policy"
            $outfile | Set-Content -Path $tmp2 -Encoding Unicode -Force
            Push-Location (Split-Path $tmp2)
        try {
                secedit.exe /configure /db "secedit.sdb" /cfg "$($tmp2)" /areas USER_RIGHTS 
        } finally { 
                Pop-Location
        }
    } else {
            Write-Output "NO ACTIONS REQUIRED! Account already in ""Logon as a Service"""
    }
        Write-Output "Done."
    }
    
    Set-LogonRight "$($Creds.GetNetworkCredential().UserName)"
    
  22. Install the ObserveIT Web Console by executing the following command:

    $ComponentInstallArguments = "/i", ($observeitInstallerPath + '\Web\WebConsole\ObserveIT.WebConsoleSetup.msi'), "/qb", "/norestart", "DATABASE_SERVER=$SQLServer", "TARGETAPPPOOL=$WebSiteName", "TARGETSITE=$WebSiteName", "DATABASE_LOGON_TYPE=WindowsAccount", "SERVICE_USERNAME=$($Creds.GetNetworkCredential().Domain + '\' + $Creds.GetNetworkCredential().UserName)", "SERVICE_PASSWORD=$($Creds.GetNetworkCredential().Password)","/leo", ".\WebConsoleMSI.log"

    Start-Process msiexec.exe -ArgumentList $ComponentInstallArguments -Wait -NoNewWindow

  23. Extract the Advanced ObserveIT Web Console components:

    Set-Location "C:\Program Files\ObserveIT\Web\V2\apis"

    Get-ChildItem *.zip | foreach {Expand-Archive -LiteralPath $_.FullName -DestinationPath $($_.Directory.ToString() + '\' + $_.BaseName.ToString()) -Force}

    Set-Location "C:\Program Files\ObserveIT\Web\V2\apps"

    Get-ChildItem *.zip | foreach {Expand-Archive -LiteralPath $_.FullName -DestinationPath $($_.Directory.ToString() + '\' + $_.BaseName.ToString()) -Force}

  24. Validate the ObserveIT Web Console is installed correctly:

    add-type @"
        using System.Net;
        using System.Security.Cryptography.X509Certificates;
        public class TrustAllCertsPolicy : ICertificatePolicy {
            public bool CheckValidationResult(
                ServicePoint srvPoint, X509Certificate certificate,
                WebRequest request, int certificateProblem) {
                return true;
            }
        }
    "@
    [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
    iisreset /start
    Import-Module WebAdministration
    Get-IISSite $WebSiteName | Start-IISSite
    $CurrentURL = $WebSiteProtocol + '://localhost:' + $WebSitePort + 
    '/ObserveIT/FormLoginAuth.aspx?UserDefaultPage=True'
    (Invoke-WebRequest $CurrentURL).RawContent -match 'ObserveIT - Login Page'
    

    If successful, the PowerShell prompt returns the value of True. The ObserveIT Web Console installation is now complete.

If after installing the ObserveIT Web Console component you decide to change the Microsoft Internet Information Services configuration (such as switching http to https), re-install the ObserveIT Web Console. ObserveIT cannot detect changes to Microsoft IIS.

Related Topic:

Custom Installation Steps

version 7.12.2