How to Configure Windows Server 2008 for Site Systems
When Configuration Manager 2007 SP1 site systems will be installed on Windows Server 2008 computers, additional configuration changes might be required to ensure successful installation and operation.
The procedures in this topic can be used to configure Windows Server 2008 to support Configuration Manager 2007 SP1 site system installation.
To Install Internet Information Services (IIS) to support Configuration Manager 2007 SP1 site systems on Windows Server 2008 Computers
This procedure describes how to install Internet Information Services (IIS) 7.0 Windows Server 2008 to support the following site system roles:Management point.
Background Intelligent Transfer Service (BITS)-enabled distribution point.
Reporting point.
Software Update Point.
Server locator point.
- To install and configure WebDAV for IIS 7.0 to support management point and BITS-enabled distribution point site system computers
Because WebDAV IIS extensions required for the management point and BITS-enabled distribution point site system roles are not installed by default with IIS 7.0, WebDAV extensions must be manually installed and configured after installing IIS 7.0.
To add Remote Differential Compression for site server and branch distribution point computers
If a site system will be used only to host the site server or branch distribution point site system roles, IIS is not required. However, site servers and branch distribution point site systems require Remote Differential Compression (RDC) to generate package signatures and perform signature comparison. RDC is not installed by default on computers running Windows Server 2008 and must be enabled manually.注意
Installing Configuration Manager 2007 SP1 primary and secondary site systems is supported on Windows Server 2008 read-only domain controller (RODC) computers. During site installation using the Configuration Manager 2007 Setup Wizard, the wizard will identify that the site is being installed on an RODC and search for a writable domain controller to create the necessary groups required by the type of site installation. However, when installing secondary sites using the Install Secondary Site Installation Wizard from a Configuration Manager console, the groups required for the secondary site installation must be pre-created in Active Directory Domain Services before beginning the installation.
- To modify the requestFiltering section on BITS-enabled distribution point computers
If package source files distributed to BITS-enabled distribution points contain file extensions that are blocked by default in IIS 7.0, the requestFiltering section of the applicationHost.config file must be modified to allow required extensions.
重要
Enabling WebDAV and modifying the requestFiltering section of the applicationHost.config file for the Web site increases the attack surface of the computer. Enable WebDAV only when required for management points and BITS-enabled distribution points. If you enable WebDAV on the default Web site, it is enabled for all applications using the default Web site. If you modify the requestFiltering section, it is modified for all Web sites on that server. The security best practice is to run Configuration Manager 2007 on a dedicated Web server. If you must run other applications on the Web server, use a custom Web site for Configuration Manager 2007. For more information, see Best Practices for Securing Site Systems.
注意
The information in this topic applies only to Configuration Manager 2007 SP1.
To Install Internet Information Services (IIS) on Windows Server 2008 Computers
On the Windows Server 2008 computer, navigate to Start / All Programs / Administrative Tools / Server Manager to start Server Manager. In Server Manager, select the Features node and click Add Features to start the Add Features Wizard.
On the Select Features page of the Add Features Wizard:
Select BITS Server Extensions. When prompted, click Add Required Role Services to add the dependent components, including the Web Server (IIS) role.
Select Remote Differential Compression, and then click Next.
On the Web Server (IIS) page of the Add Features Wizard, click Next.
On the Select Role Services page of the Add Features Wizard:
Under Application Development, select ASP.NET and, when prompted, click Add Required Role Services to add the dependent components.
注意
ASP should also be selected if the site system will be configured as a reporting point.
Under Security, select Windows Authentication.
In the Management Tools node, under IIS 6 Management Compatibility, ensure that both IIS 6 Metabase Compatibility and IIS 6 WMI Compatibility are selected and then click Next.
On the Confirmation page, click Install, and then complete the rest of the wizard.
Click Close to exit the Add Features Wizard, and then close Server Manager.
To install and configure WebDAV for IIS 7.0 to support management point and BITS-enabled distribution point site system computers
Depending on your server operating system platform, download either the x86 or x64 version of WebDAV from: https://go.microsoft.com/fwlink/?LinkId=108052.
Depending on which version was downloaded, run either the webdav_x86_rtw.msi or the webdav_x64_rtw.msi file to install WebDAV IIS 7.0 extensions.
Enable WebDAV and create an Authoring Rule, as follows:
Navigate to Start / All Programs / Administrative Tools / Internet Information Services (IIS) Manager to start Internet Information Services 7 Application Server Manager. In Server Manager, select the Features node, and click Add Features to start the Add Features Wizard.
In the Connections pane, expand the Sites node in the navigation tree, and then click Default Web Site if you are using the default Web site for the site system or SMSWEB if you are using a custom Web site for the site system.
In the Features View, double-click WebDAV Authoring Rules.
When the WebDAV Authoring Rules page is displayed, in the Actions pane, click Enable WebDAV.
After WebDAV has been enabled, in the Actions pane, click Add Authoring Rule.
In the Add Authoring Rule dialog box, under Allow access to, click All content.
Under Allow access to this content to, click All users.
Under Permissions, click Read, and then click OK.
Change the property behavior as follows:
In the WebDAV Authoring Rules page, in the Actions pane, click WebDAV Settings.
In the WebDAV Settings page, under Property Behavior, set Allow anonymous property queries to True.
Set Allow Custom Properties to False.
Set Allow property queries with infinite depth to True.
If this is a BITS-enabled distribution point, under WebDAV Behavior, set Allow hidden files to be listed to True.
In the Action pane, click Apply.
Close Internet Information Services (IIS) Manager.
To add Remote Differential Compression for site server and branch distribution point computers
In Server Manager, on the Features node, click Add Features to start the Add Features Wizard.
On the Select Features page, select Remote Differential Compression, and then click Next.
Complete the rest of the wizard.
Close Server Manager.
To modify the requestFiltering section on BITS-enabled distribution point computers:
Open the applicationHost.config file located in the %windir%\System32\inetsrv\config\ directory on the BITS-enabled distribution point site system.
Search for the <requestFiltering> section.
Determine the file extensions that you will have in the packages on that distribution point. For each file extension that you require, change allowed to true.
For example, if your package will contain a file with an .mdb extension, change the line <add fileExtension=".mdb" allowed="false" /> to <add fileExtension=".mdb" allowed="true" />.
Allow only the file extensions required for your packages.
Save and close the applicationHost.config file.