Install and configure an Audit and Control Management web server

  • Article

 

Applies to: Audit and Control Management Server 2013

Summary: Learn how to install and configure an Audit and Control Management web server.

The ACM Web server hosts all client components of the Microsoft Audit and Control Management Server 2013, which include the Administrative console, Audit Policy Configuration console and File Audit Trail Reporting. There are four parts to setting up an Microsoft Audit and Control Management Server 2013Web Server:

  • Prepare your Windows environment

  • Add the Web Server (IIS) role and associated role services (Windows Server 2012)

  • Add the Web Server (IIS) role and associated role services (Windows Server 2008 R2)

  • Create an ACM Web Server Application

  • Connect to an ACM database

  • Grant privileges to the database

Prepare your Windows environment

Install Prerequisites

  1. Before you configure your Windows environment for ACM Web server, install the most recent or desired updates to the server.

  2. Install Microsoft .Net Framework 4.0

Follow the instructions to add the Web Server (IIS) role and associated role services for your appropriate version of Windows Server.

Add the Web Server (IIS) role and associated role services (Windows Server 2012)

  1. Click Start, point to Administrative Tools, and then click Server Manager.

  2. Under the Manage menu, select Add Roles and Features.

  3. In the left navigation pane, highlight Installation Type, and then select Role-based or feature-based Installation. Click Next.

  4. Select Select a server from the server pool and then highlight the appropriate server (local is selected by default). Click Next.

  5. Select Web Server (IIS), and then click Next.

  6. When prompted to Add role services required for ASP.NET, click Add Required Role Services.

  7. Scroll through the options under Role Services, and select the following:

    • Windows Authentication (under Security)

    • Management Tools and all of the options under it, including all of the options under IIS 6 Management Compatibility

  8. If prompted to Add features required for Management Service, click Add Required Features.

  9. Click Next, and then verify that the following options appear on the Confirm installation Selections dialog box:

    • Web Server

      • Common HTTP Features

        • Static Content

        • Default Document

        • Directory Browsing

        • HTTP Errors

      • Application Development

        • ASP.NET

        • .NET Extensibility

        • ISAPI Extensions

        • ISAPI Filters

      • Health and Diagnostics

        • HTTP Logging

        • Request Monitor

    • Security

      • Windows Authentication

      • Request Filtering

    • Performance

      • Static Content Compression

    • Management Tools

      • IIS Management Console

      • IIS Management Scripts and Tools

      • Management Service

      • IIS Management Compatibility

        • IIS 6 Metabase Compatibility

        • IIS 6 WMI Compatibility

        • IIS 6 Scripting Tools

        • IIS 6 Management Console

  10. Click Install, and then after the installation completes successfully, click Close.

Add the Web Server (IIS) role and associated role services (Windows Server 2008 R2)

  1. Click Start, point to Administrative Tools, and then click Server Manager.

  2. Under Roles Summary, click Add Roles. Click Next.

  3. In the Select Server Roles dialog box, select Web Server (IIS), and then click Next.

  4. If prompted, click Add Required Features to add the features required for the Management Service, and then click Next.

  5. In the Select Role Services dialog box, under Role Services, select ASP.NET.

  6. When prompted to Add role services required for ASP.NET, click Add Required Role Services.

  7. Scroll through the options under Role Services, and select the following:

    • Windows Authentication (under Security)

    • Management Tools and all of the options under it, including all of the options under IIS 6 Management Compatibility

  8. If prompted to Add features required for Management Service, click Add Required Features.

  9. Click Next, and then verify that the following options appear on the Confirm installation Selections dialog box:

    • Web Server

      • Common HTTP Features

        • Static Content

        • Default Document

        • Directory Browsing

        • HTTP Errors

      • Application Development

        • ASP.NET

        • .NET Extensibility

        • ISAPI Extensions

        • ISAPI Filters

      • Health and Diagnostics

        • HTTP Logging

        • Request Monitor

    • Security

      • Windows Authentication

      • Request Filtering

    • Performance

    • Static Content Compression

    • Management Tools

      • IIS Management Console

      • IIS Management Scripts and Tools

      • Management Service

      • IIS Management Compatibility

        • IIS 6 Metabase Compatibility

        • IIS 6 WMI Compatibility

        • IIS 6 Scripting Tools

        • IIS 6 Management Console

  10. Click Install, and then after the installation completes successfully, click Close.

Add the Application Service account to the Local Administrators group on the server

  1. Using an account that is a member of the Administrators group, log in to the server.

  2. Click Start, click Control Panel, and then click User Accounts.

  3. Under User Accounts, click Give others access to this computer.

  4. In the Add New User dialog box, enter the user name and domain for the Application Service account you created earlier, and then click Next.

  5. Select Administrator and then click Finish.

Add the Application Service account to the Log on as a batch job policy setting

  1. Click Start, point to Administrative Tools, and then click Local Security Policy.

  2. Double-click User Rights Assignment, and then in the details pane, double-click Log on as a batch job.

  3. Click Add User or Group, add the Application Service account under Enter the object names to select, and then click OK.

  4. Double-click Deny log on as a batch job, verify that the Application Service account is not listed in the box, and then click OK.

Create an ACM Web Server Application

To create the ACM web server application on this server:

  1. Click Start, All Programs, Microsoft Office ACM, and then click Microsoft Office ACM Configuration Utility.

  2. On the left navigation pane, click "ACM Web Server".

  3. Enter a name for the ACM web application. A new web application will be created for the web files located in C:\Program files (x86)\Microsoft Office\Office 15\ACM\Web.

  4. Provide a domain user account for the credentials used by the web application to connect to the database.

  5. Enter the application pool identity password.

  6. Specify the initial Central Administrator account. If Central Administrators have previously been added, this will be ignored.

    Note

    The initial Central Administrator account must be used the first time that you access the web site, otherwise you will be unable to access the site. As soon as you access the site using the initial Central Administrator account, you will be able to grant access for other accounts.

  7. Click Create.

Connect to an ACM database

The ACM Web Server must be connected to the ACM database. If you have not created an ACM database, follow the instructions in Install and configure an Audit and Control Management application server. Once you have created a database:

  1. Click Start, All Programs, Microsoft Office ACM, and then click Microsoft Office ACM Configuration Utility.

  2. On the left navigation pane, click Connect to ACM database tab.

  3. Enter the name of the SQL Server\instance where your ACM database is located.

  4. Enter the database name.

  5. Click Save Connection.

Grant privileges to the database

Grant the appropriate privileges to the account that you configured as the Application Pool Identity so that it has the necessary access to the database.

  1. Open SQL Server Management Studio and connect to the database server where the ACM database was created.

  2. In SQL Server Management Studio, expand Security, right-click Logins, and then click New Login.

  3. In the Login name box, type the name of the service account that you used as the IIS application pool identity for the ACM web Server, and then click Search.

  4. In the pane on the left side, click Server Roles.

  5. Select public server role.

  6. In the pane on the left side, click User Mapping.

  7. Select the name of the ACM Server database and then select db_owner role.

  8. Click OK.

Note

If you do not want to grant the db_owner role to this account, you can grant the db_datareader and db_datawriter roles. Then grant access for the given login to execute stored procedures in the database by using the following script. Note that name_of_ACM_database is a placeholder for the name of the database that you created, and account_logging_into_ACM is a placeholder for the given login.

USE 'name_of_ACM_database'
GO
create role sp_execute
GO
grant execute to sp_execute
GO
EXEC sp_addrolemember 'sp_execute', 'account_logging_into_ACM'