2k3
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View 2k3 as PDF for free.
More details
- Words: 3,417
- Pages: 104
ScreenOS Server Build Revision 5.b Document
ScreenOS Server Build Table of Contents Introduction to the ScreenOS Server ............................................................................................................ 2 General Info .............................................................................................................................................. 2 Installation steps........................................................................................................................................ 2 Included zip files .................................................................................................................................... 2 Additional Data Needed............................................................................................................................ 2 Install Windows Server 2003, Enterprise Edition......................................................................................... 3 Modify Network Settings............................................................................................................................ 20 Run Windows Update ................................................................................................................................. 22 Set Primary DNS Suffix.............................................................................................................................. 24 Install Active Directory............................................................................................................................... 26 Install IIS..................................................................................................................................................... 45 Create Web Sites......................................................................................................................................... 49 Modify Default Password Policies.............................................................................................................. 50 Create User Accounts and Groups .............................................................................................................. 53 Install Certificate Authority ........................................................................................................................ 54 Install SCEP ............................................................................................................................................ 66 Install a RADIUS Server ............................................................................................................................ 72 Install a TFTP, FTP, SYSLOG server ........................................................................................................ 99 Install a Multicast Server and scripts ........................................................................................................ 104
Revision Date: 4/2/2007
Page 1 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Introduction to the ScreenOS Server The ScreenOS courses require a server, a Windows Server 2003 Enterprise Edition. This guide describes how to install the Windows server.
General Info Windows 2003 Server Enterprise Hostname: ScreenOSServer.edu.juniper.local IP Address: 10.1.75.111 Network Mask: 255.255.255.0 Default Gateway: 10.1.75.111 Domain: edu.juniper.local NT Domain: EDU
Installation steps 1. Install Windows Server 2003, Enterprise Edition. It may be possible to use another version of Windows Server 2003, but support is required for Active Directory, DNS, IIS, and a Certificate Authority. 2. Modify Network Settings. 3. Run Windows Update. 4. Set Primary DNS Suffix. 5. Install Active Directory/DNS. 6. Install IIS. 7. Create Web Sites. 8. Modify Default Password Policies. 9. Create User Accounts and Groups. Use the included scripts to create all the required user accounts and groups. 10. Install Certificate Authority. 11. Windows Update. Restart the system once all the steps are complete.
Included zip files Included along with this document should be three compressed zip archive files (WebContent.zip, and Scripts.zip). Use each of these as specified in these installation instructions. These files contain: WebContent.zip: web server content Scripts.zip: setup scripts for automating portions of the installation
Additional Data Needed You will need to download the latest ScreenOS firmware. To host on the FTP Server.
Revision Date: 4/2/2007
Page 2 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Install Windows Server 2003, Enterprise Edition Begin by booting from the Windows Server 2003 installation disk. Follow the instructions accepting the defaults along the way, except as indicated throughout this guide.
Revision Date: 4/2/2007
Page 3 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Revision Date: 4/2/2007
Page 4 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Revision Date: 4/2/2007
Page 5 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Revision Date: 4/2/2007
Page 6 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Revision Date: 4/2/2007
Page 7 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Revision Date: 4/2/2007
Page 8 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Revision Date: 4/2/2007
Page 9 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Revision Date: 4/2/2007
Page 10 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Revision Date: 4/2/2007
Page 11 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Revision Date: 4/2/2007
Page 12 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Select Per Device or Per User.
Revision Date: 4/2/2007
Page 13 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
The Computer Name assigned to this server should be SCREENOSSERVER. Use any administrator password that you want. Example”password”
Revision Date: 4/2/2007
Page 14 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Revision Date: 4/2/2007
Page 15 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Revision Date: 4/2/2007
Page 16 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
For now, make sure to place the machine in a workgroup. Active Directory will be added later.
Revision Date: 4/2/2007
Page 17 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Revision Date: 4/2/2007
Page 18 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Revision Date: 4/2/2007
Page 19 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Modify Network Settings
Revision Date: 4/2/2007
Page 20 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Use the following network settings: IP Address: 10.1.75.111 Network Mask: 255.255.255.0 Default Gateway: 10.1.75.1 Primary DNS: 127.0.0.1 Secondary DNS: any reachable DNS server with external resolution capability. example (24.53.86.13)
Revision Date: 4/2/2007
Page 21 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Run Windows Update Update the Windows 2003 SP1 server will all updates.
Revision Date: 4/2/2007
Page 22 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Start > Programs > Windows Update. Install all Updates. Restart as required.
Revision Date: 4/2/2007
Page 23 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Set Primary DNS Suffix Go to Start > My Computer > (Right Click) > Properties
Revision Date: 4/2/2007
Page 24 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Go to Computer Name tab, click Change, then click More…Add Primary Domain Suffix edu.juniper.local. Restart as required.
Revision Date: 4/2/2007
Page 25 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Install Active Directory Launch the Configure Your Server Wizard by clicking the Add or remove a role link on the Manage Your Server window. If this window has been closed, you can alternatively click Start > Administrative Tools > Configure Your Server Wizard.
Revision Date: 4/2/2007
Page 26 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Next.
Revision Date: 4/2/2007
Page 27 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Select Custom Configuration, then select Domain Controller (Active Directory) and click Next.
Revision Date: 4/2/2007
Page 28 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Next.
Revision Date: 4/2/2007
Page 29 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Next.
Revision Date: 4/2/2007
Page 30 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Next.
Revision Date: 4/2/2007
Page 31 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Select Domain controller for a new domain and click Next.
Revision Date: 4/2/2007
Page 32 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Select Domain in a new forest and click Next.
Revision Date: 4/2/2007
Page 33 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Enter the Full DNS name for the domain, edu.juniper.local, and click Next.
Revision Date: 4/2/2007
Page 34 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Enter the Domain NetBIOS name EDU and click Next.
Revision Date: 4/2/2007
Page 35 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Next.
Revision Date: 4/2/2007
Page 36 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Next.
Revision Date: 4/2/2007
Page 37 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Select the middle option and click Next.
Revision Date: 4/2/2007
Page 38 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Select 2nd option and click Next.
Revision Date: 4/2/2007
Page 39 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Enter a password of your choosing and click Next. For example “password”
Revision Date: 4/2/2007
Page 40 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Next.
Revision Date: 4/2/2007
Page 41 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Configuration wizard grinds for a while.
Revision Date: 4/2/2007
Page 42 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Finish. Restart as required.
Revision Date: 4/2/2007
Page 43 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Active Directory now installed.
Revision Date: 4/2/2007
Page 44 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Install IIS Launch the Configure Your Server Wizard by clicking the Add or remove a role link on the Manage Your Server window. If this window has been closed, you can alternatively click Start > Administrative Tools > Configure Your Server Wizard. Click Next, Next to reach this screen, select Application server (IIS, ASP.NET)and click Next.
Revision Date: 4/2/2007
Page 45 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Select FrontPage Server Extensions. Click Next.
Revision Date: 4/2/2007
Page 46 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Next.
Revision Date: 4/2/2007
Page 47 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Finish.
Revision Date: 4/2/2007
Page 48 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Create Web Sites Add the two web pages Congrats.htm and blockme.htm to IIS http://10.1.75.111 will be congrats.htm http://10.1.75.111/blockme.htm
Revision Date: 4/2/2007
Page 49 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Modify Default Password Policies Go to Start > Administrative Tools > Domain Security Policy. Under Security Settings > Account Policies > Password Policy, modify each of the policies by right-clicking on the policy and changing the setting to those shown on the next page.
Revision Date: 4/2/2007
Page 50 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Set each Password Policy as shown. Enforce password history: 0 passwords remembered Maximum password age: 0 Minimum password age: 0 days Minimum password length: 1 characters Password must meet complexity requirements: Disabled Store passwords using reversible encryption: Disabled
Revision Date: 4/2/2007
Page 51 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
After making these changes, open a command prompt and run the command gpupdate to force an immediate update of the group policy.
Revision Date: 4/2/2007
Page 52 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Create User Accounts and Groups Use the included script (ScreenOSPopulateAD.cmd) to create the required users and groups within Active Directory. This script can be run from the command prompt, or by double-clicking.
Revision Date: 4/2/2007
Page 53 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Install Certificate Authority To install the Certificate Authority, go to Start > Control Panel > Add or Remove Programs.
Revision Date: 4/2/2007
Page 54 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Add/Remove Windows Components and select Certificate Services. Click Yes when prompted to continue, then click Next.
Revision Date: 4/2/2007
Page 55 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Next.
Revision Date: 4/2/2007
Page 56 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Next, enter ScreenOS Edu Incorporated in the field for the Common Name. Then click Next.
Revision Date: 4/2/2007
Page 57 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Next.
Revision Date: 4/2/2007
Page 58 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Yes.
Revision Date: 4/2/2007
Page 59 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Yes, then click Finish to complete the installation.
Revision Date: 4/2/2007
Page 60 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
You now need to define a new CRL Distribution Point. Go to Start > Administrative Tools > Certification Authority. Right-click on ScreenOS Edu Incorporated and select Properties. Click on the Extensions tab. In the list of CRL locations, find the entry that begins ldap:///. You need to create a near duplicate of this entry, except that your new entry must include the <ServerDNSName> token between the 2nd and 3rd slash as in ldap://<ServerDNSName>/. Unfortunately, you cannot edit an existing entry. You will have to create a new entry that is the same as the old entry, except for the addition of the <ServerDNSName>. Note: writing the existing entry down on paper is probably the best way.
Revision Date: 4/2/2007
Page 61 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Once you have created the new entry, you will need to make some changes to the settings for the two ldap:// entries. For the original ldap:/// entry, make sure only the first and last check boxes, as shown below, are checked. For your new ldap://<ServerDNSName>/ entry, see the next slide.
Revision Date: 4/2/2007
Page 62 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
For your new entry, check the three middle boxes.
Revision Date: 4/2/2007
Page 63 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Now click on the Security tab. Click Add, and add the user certadmin to the list.
Revision Date: 4/2/2007
Page 64 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
The certadmin user should have the Request Certificates permission.
Revision Date: 4/2/2007
Page 65 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Install SCEP Simple Certificate Enrollment Protocol (SCEP) Add-on for Certificate Services. Go to Microsoft’s site and find the file “cepsetup.exe
Revision Date: 4/2/2007
Page 66 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Install “cepsetup.exe” on the Windows 2003 Server. Click Yes
Click Yes
Revision Date: 4/2/2007
Page 67 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Next
Click Next
Revision Date: 4/2/2007
Page 68 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
This makes an extra step when one does the labs. But, leave this checked and click Next.
Revision Date: 4/2/2007
Page 69 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Fill out the fields and click Next.
Revision Date: 4/2/2007
Page 70 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Finish.
Revision Date: 4/2/2007
Page 71 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Install a RADIUS Server Add remove programs and select Windows components.
Revision Date: 4/2/2007
Page 72 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Details… Install “Internet Authentication Service” Click OK then Next.
Revision Date: 4/2/2007
Page 73 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Start Admin Tools Internet Authentication Service
Revision Date: 4/2/2007
Page 74 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
So that RADIUS can view the Active Directory database you must “Register Server in Active Directory” for Internet Authentication Service.
Select OK.
Revision Date: 4/2/2007
Page 75 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click OK
Revision Date: 4/2/2007
Page 76 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Now we need to add all the Radius clients that can access the Radius server. Click “New RADIUS Client”
Revision Date: 4/2/2007
Page 77 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Add RADIUS clients as below. Below is all the RADIUS clients we need to add with a password of “screenos” 1.1.1.10 1.1.2.10 1.1.3.10 1.1.1.20 1.1.2.20 1.1.3.20 1.1.1.30 1.1.2.30 1.1.3.30 1.1.1.40 1.1.2.40 1.1.3.40
Revision Date: 4/2/2007
1.1.4.10 1.1.4.20 1.1.4.30 1.1.4.40
Page 78 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Revision Date: 4/2/2007
Page 79 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
The password is “screenos” then Finish
Revision Date: 4/2/2007
Page 80 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Done with all Clients
Revision Date: 4/2/2007
Page 81 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Add a new Remote Access Policy
Revision Date: 4/2/2007
Page 82 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Next
Revision Date: 4/2/2007
Page 83 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Revision Date: 4/2/2007
Page 84 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Ethernet then Next
Revision Date: 4/2/2007
Page 85 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Select Group and click Add
Revision Date: 4/2/2007
Page 86 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Enter “Students” Click OK
Revision Date: 4/2/2007
Page 87 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Next
Revision Date: 4/2/2007
Page 88 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Next we will change this later.
Revision Date: 4/2/2007
Page 89 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Finish
Revision Date: 4/2/2007
Page 90 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Right Click and Properties
Revision Date: 4/2/2007
Page 91 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Edit profile
Revision Date: 4/2/2007
Page 92 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Select Authentication tab. Check Unencrypted Auth. Click OK.
Revision Date: 4/2/2007
Page 93 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
This is normal Click Yes. Then OK.
Revision Date: 4/2/2007
Page 94 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
All done here.
Revision Date: 4/2/2007
Page 95 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Manage users for Active Directory and now we will Enable remote access for all the users
Revision Date: 4/2/2007
Page 96 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
For every user right click on the user and select properties. Click Dial-in then Allow access then OK. Do this for all the users.
Revision Date: 4/2/2007
Page 97 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Allow dial-in access for all users then you are done Configuring Radius.
Revision Date: 4/2/2007
Page 98 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Install a TFTP, FTP, SYSLOG server There is a free utility called 3CDaemon from 3COM. The file is 3cdv2r10.zip http://support.3com.com/software/utilities_for_windows_32_bit.htm Run setup. Click Next.
Revision Date: 4/2/2007
Page 99 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Yes.
Revision Date: 4/2/2007
Page 100 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Next
Revision Date: 4/2/2007
Page 101 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Next
Revision Date: 4/2/2007
Page 102 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
All done Click OK.
Revision Date: 4/2/2007
Page 103 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Install a Multicast Server and scripts Unzip. Iperf.exe, multicast-client.bat, multicast-server.bat
Copy iperf.exe to “C:\”
Revision Date: 4/2/2007
Page 104 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Table of Contents Introduction to the ScreenOS Server ............................................................................................................ 2 General Info .............................................................................................................................................. 2 Installation steps........................................................................................................................................ 2 Included zip files .................................................................................................................................... 2 Additional Data Needed............................................................................................................................ 2 Install Windows Server 2003, Enterprise Edition......................................................................................... 3 Modify Network Settings............................................................................................................................ 20 Run Windows Update ................................................................................................................................. 22 Set Primary DNS Suffix.............................................................................................................................. 24 Install Active Directory............................................................................................................................... 26 Install IIS..................................................................................................................................................... 45 Create Web Sites......................................................................................................................................... 49 Modify Default Password Policies.............................................................................................................. 50 Create User Accounts and Groups .............................................................................................................. 53 Install Certificate Authority ........................................................................................................................ 54 Install SCEP ............................................................................................................................................ 66 Install a RADIUS Server ............................................................................................................................ 72 Install a TFTP, FTP, SYSLOG server ........................................................................................................ 99 Install a Multicast Server and scripts ........................................................................................................ 104
Revision Date: 4/2/2007
Page 1 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Introduction to the ScreenOS Server The ScreenOS courses require a server, a Windows Server 2003 Enterprise Edition. This guide describes how to install the Windows server.
General Info Windows 2003 Server Enterprise Hostname: ScreenOSServer.edu.juniper.local IP Address: 10.1.75.111 Network Mask: 255.255.255.0 Default Gateway: 10.1.75.111 Domain: edu.juniper.local NT Domain: EDU
Installation steps 1. Install Windows Server 2003, Enterprise Edition. It may be possible to use another version of Windows Server 2003, but support is required for Active Directory, DNS, IIS, and a Certificate Authority. 2. Modify Network Settings. 3. Run Windows Update. 4. Set Primary DNS Suffix. 5. Install Active Directory/DNS. 6. Install IIS. 7. Create Web Sites. 8. Modify Default Password Policies. 9. Create User Accounts and Groups. Use the included scripts to create all the required user accounts and groups. 10. Install Certificate Authority. 11. Windows Update. Restart the system once all the steps are complete.
Included zip files Included along with this document should be three compressed zip archive files (WebContent.zip, and Scripts.zip). Use each of these as specified in these installation instructions. These files contain: WebContent.zip: web server content Scripts.zip: setup scripts for automating portions of the installation
Additional Data Needed You will need to download the latest ScreenOS firmware. To host on the FTP Server.
Revision Date: 4/2/2007
Page 2 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Install Windows Server 2003, Enterprise Edition Begin by booting from the Windows Server 2003 installation disk. Follow the instructions accepting the defaults along the way, except as indicated throughout this guide.
Revision Date: 4/2/2007
Page 3 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Revision Date: 4/2/2007
Page 4 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Revision Date: 4/2/2007
Page 5 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Revision Date: 4/2/2007
Page 6 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Revision Date: 4/2/2007
Page 7 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Revision Date: 4/2/2007
Page 8 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Revision Date: 4/2/2007
Page 9 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Revision Date: 4/2/2007
Page 10 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Revision Date: 4/2/2007
Page 11 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Revision Date: 4/2/2007
Page 12 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Select Per Device or Per User.
Revision Date: 4/2/2007
Page 13 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
The Computer Name assigned to this server should be SCREENOSSERVER. Use any administrator password that you want. Example”password”
Revision Date: 4/2/2007
Page 14 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Revision Date: 4/2/2007
Page 15 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Revision Date: 4/2/2007
Page 16 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
For now, make sure to place the machine in a workgroup. Active Directory will be added later.
Revision Date: 4/2/2007
Page 17 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Revision Date: 4/2/2007
Page 18 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Revision Date: 4/2/2007
Page 19 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Modify Network Settings
Revision Date: 4/2/2007
Page 20 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Use the following network settings: IP Address: 10.1.75.111 Network Mask: 255.255.255.0 Default Gateway: 10.1.75.1 Primary DNS: 127.0.0.1 Secondary DNS: any reachable DNS server with external resolution capability. example (24.53.86.13)
Revision Date: 4/2/2007
Page 21 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Run Windows Update Update the Windows 2003 SP1 server will all updates.
Revision Date: 4/2/2007
Page 22 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Start > Programs > Windows Update. Install all Updates. Restart as required.
Revision Date: 4/2/2007
Page 23 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Set Primary DNS Suffix Go to Start > My Computer > (Right Click) > Properties
Revision Date: 4/2/2007
Page 24 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Go to Computer Name tab, click Change, then click More…Add Primary Domain Suffix edu.juniper.local. Restart as required.
Revision Date: 4/2/2007
Page 25 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Install Active Directory Launch the Configure Your Server Wizard by clicking the Add or remove a role link on the Manage Your Server window. If this window has been closed, you can alternatively click Start > Administrative Tools > Configure Your Server Wizard.
Revision Date: 4/2/2007
Page 26 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Next.
Revision Date: 4/2/2007
Page 27 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Select Custom Configuration, then select Domain Controller (Active Directory) and click Next.
Revision Date: 4/2/2007
Page 28 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Next.
Revision Date: 4/2/2007
Page 29 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Next.
Revision Date: 4/2/2007
Page 30 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Next.
Revision Date: 4/2/2007
Page 31 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Select Domain controller for a new domain and click Next.
Revision Date: 4/2/2007
Page 32 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Select Domain in a new forest and click Next.
Revision Date: 4/2/2007
Page 33 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Enter the Full DNS name for the domain, edu.juniper.local, and click Next.
Revision Date: 4/2/2007
Page 34 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Enter the Domain NetBIOS name EDU and click Next.
Revision Date: 4/2/2007
Page 35 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Next.
Revision Date: 4/2/2007
Page 36 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Next.
Revision Date: 4/2/2007
Page 37 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Select the middle option and click Next.
Revision Date: 4/2/2007
Page 38 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Select 2nd option and click Next.
Revision Date: 4/2/2007
Page 39 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Enter a password of your choosing and click Next. For example “password”
Revision Date: 4/2/2007
Page 40 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Next.
Revision Date: 4/2/2007
Page 41 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Configuration wizard grinds for a while.
Revision Date: 4/2/2007
Page 42 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Finish. Restart as required.
Revision Date: 4/2/2007
Page 43 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Active Directory now installed.
Revision Date: 4/2/2007
Page 44 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Install IIS Launch the Configure Your Server Wizard by clicking the Add or remove a role link on the Manage Your Server window. If this window has been closed, you can alternatively click Start > Administrative Tools > Configure Your Server Wizard. Click Next, Next to reach this screen, select Application server (IIS, ASP.NET)and click Next.
Revision Date: 4/2/2007
Page 45 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Select FrontPage Server Extensions. Click Next.
Revision Date: 4/2/2007
Page 46 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Next.
Revision Date: 4/2/2007
Page 47 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Finish.
Revision Date: 4/2/2007
Page 48 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Create Web Sites Add the two web pages Congrats.htm and blockme.htm to IIS http://10.1.75.111 will be congrats.htm http://10.1.75.111/blockme.htm
Revision Date: 4/2/2007
Page 49 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Modify Default Password Policies Go to Start > Administrative Tools > Domain Security Policy. Under Security Settings > Account Policies > Password Policy, modify each of the policies by right-clicking on the policy and changing the setting to those shown on the next page.
Revision Date: 4/2/2007
Page 50 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Set each Password Policy as shown. Enforce password history: 0 passwords remembered Maximum password age: 0 Minimum password age: 0 days Minimum password length: 1 characters Password must meet complexity requirements: Disabled Store passwords using reversible encryption: Disabled
Revision Date: 4/2/2007
Page 51 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
After making these changes, open a command prompt and run the command gpupdate to force an immediate update of the group policy.
Revision Date: 4/2/2007
Page 52 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Create User Accounts and Groups Use the included script (ScreenOSPopulateAD.cmd) to create the required users and groups within Active Directory. This script can be run from the command prompt, or by double-clicking.
Revision Date: 4/2/2007
Page 53 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Install Certificate Authority To install the Certificate Authority, go to Start > Control Panel > Add or Remove Programs.
Revision Date: 4/2/2007
Page 54 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Add/Remove Windows Components and select Certificate Services. Click Yes when prompted to continue, then click Next.
Revision Date: 4/2/2007
Page 55 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Next.
Revision Date: 4/2/2007
Page 56 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Next, enter ScreenOS Edu Incorporated in the field for the Common Name. Then click Next.
Revision Date: 4/2/2007
Page 57 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Next.
Revision Date: 4/2/2007
Page 58 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Yes.
Revision Date: 4/2/2007
Page 59 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Yes, then click Finish to complete the installation.
Revision Date: 4/2/2007
Page 60 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
You now need to define a new CRL Distribution Point. Go to Start > Administrative Tools > Certification Authority. Right-click on ScreenOS Edu Incorporated and select Properties. Click on the Extensions tab. In the list of CRL locations, find the entry that begins ldap:///. You need to create a near duplicate of this entry, except that your new entry must include the <ServerDNSName> token between the 2nd and 3rd slash as in ldap://<ServerDNSName>/. Unfortunately, you cannot edit an existing entry. You will have to create a new entry that is the same as the old entry, except for the addition of the <ServerDNSName>. Note: writing the existing entry down on paper is probably the best way.
Revision Date: 4/2/2007
Page 61 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Once you have created the new entry, you will need to make some changes to the settings for the two ldap:// entries. For the original ldap:/// entry, make sure only the first and last check boxes, as shown below, are checked. For your new ldap://<ServerDNSName>/ entry, see the next slide.
Revision Date: 4/2/2007
Page 62 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
For your new entry, check the three middle boxes.
Revision Date: 4/2/2007
Page 63 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Now click on the Security tab. Click Add, and add the user certadmin to the list.
Revision Date: 4/2/2007
Page 64 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
The certadmin user should have the Request Certificates permission.
Revision Date: 4/2/2007
Page 65 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Install SCEP Simple Certificate Enrollment Protocol (SCEP) Add-on for Certificate Services. Go to Microsoft’s site and find the file “cepsetup.exe
Revision Date: 4/2/2007
Page 66 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Install “cepsetup.exe” on the Windows 2003 Server. Click Yes
Click Yes
Revision Date: 4/2/2007
Page 67 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Next
Click Next
Revision Date: 4/2/2007
Page 68 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
This makes an extra step when one does the labs. But, leave this checked and click Next.
Revision Date: 4/2/2007
Page 69 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Fill out the fields and click Next.
Revision Date: 4/2/2007
Page 70 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Finish.
Revision Date: 4/2/2007
Page 71 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Install a RADIUS Server Add remove programs and select Windows components.
Revision Date: 4/2/2007
Page 72 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Details… Install “Internet Authentication Service” Click OK then Next.
Revision Date: 4/2/2007
Page 73 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Start Admin Tools Internet Authentication Service
Revision Date: 4/2/2007
Page 74 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
So that RADIUS can view the Active Directory database you must “Register Server in Active Directory” for Internet Authentication Service.
Select OK.
Revision Date: 4/2/2007
Page 75 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click OK
Revision Date: 4/2/2007
Page 76 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Now we need to add all the Radius clients that can access the Radius server. Click “New RADIUS Client”
Revision Date: 4/2/2007
Page 77 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Add RADIUS clients as below. Below is all the RADIUS clients we need to add with a password of “screenos” 1.1.1.10 1.1.2.10 1.1.3.10 1.1.1.20 1.1.2.20 1.1.3.20 1.1.1.30 1.1.2.30 1.1.3.30 1.1.1.40 1.1.2.40 1.1.3.40
Revision Date: 4/2/2007
1.1.4.10 1.1.4.20 1.1.4.30 1.1.4.40
Page 78 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Revision Date: 4/2/2007
Page 79 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
The password is “screenos” then Finish
Revision Date: 4/2/2007
Page 80 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Done with all Clients
Revision Date: 4/2/2007
Page 81 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Add a new Remote Access Policy
Revision Date: 4/2/2007
Page 82 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Next
Revision Date: 4/2/2007
Page 83 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Revision Date: 4/2/2007
Page 84 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Ethernet then Next
Revision Date: 4/2/2007
Page 85 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Select Group and click Add
Revision Date: 4/2/2007
Page 86 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Enter “Students” Click OK
Revision Date: 4/2/2007
Page 87 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Next
Revision Date: 4/2/2007
Page 88 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Next we will change this later.
Revision Date: 4/2/2007
Page 89 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Finish
Revision Date: 4/2/2007
Page 90 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Right Click and Properties
Revision Date: 4/2/2007
Page 91 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Edit profile
Revision Date: 4/2/2007
Page 92 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Select Authentication tab. Check Unencrypted Auth. Click OK.
Revision Date: 4/2/2007
Page 93 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
This is normal Click Yes. Then OK.
Revision Date: 4/2/2007
Page 94 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
All done here.
Revision Date: 4/2/2007
Page 95 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Manage users for Active Directory and now we will Enable remote access for all the users
Revision Date: 4/2/2007
Page 96 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
For every user right click on the user and select properties. Click Dial-in then Allow access then OK. Do this for all the users.
Revision Date: 4/2/2007
Page 97 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Allow dial-in access for all users then you are done Configuring Radius.
Revision Date: 4/2/2007
Page 98 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Install a TFTP, FTP, SYSLOG server There is a free utility called 3CDaemon from 3COM. The file is 3cdv2r10.zip http://support.3com.com/software/utilities_for_windows_32_bit.htm Run setup. Click Next.
Revision Date: 4/2/2007
Page 99 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Yes.
Revision Date: 4/2/2007
Page 100 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Next
Revision Date: 4/2/2007
Page 101 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Click Next
Revision Date: 4/2/2007
Page 102 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
All done Click OK.
Revision Date: 4/2/2007
Page 103 of 104 Copyright © 2007 - Juniper Networks
ScreenOS Server Build Revision 5.b Document
Install a Multicast Server and scripts Unzip. Iperf.exe, multicast-client.bat, multicast-server.bat
Copy iperf.exe to “C:\”
Revision Date: 4/2/2007
Page 104 of 104 Copyright © 2007 - Juniper Networks
Related Documents
2k3
December 2019 4
2k3
May 2020 3
17638255 Exchange 2k3 Setup On Win2k3 Server
June 2020 4
Backup-restore Data Trong Win Server 2k3
May 2020 1
Imp & Mang Ex-change Server 2k3
November 2019 2