Installation and Configuration Guide

Similar documents
Installation and Configuration Guide

Publishing Updates Guide

Enabling Secure Sockets Layer for a Microsoft SQL Server JDBC Connection

Software Center Update Publisher (SCUP) / Software Update Point (SUP) APSCNLAN Support

Copyright

SolarWinds. Patch Manager. Evaluation Guide. Version 2.1.2

SCCM Plug-in User Guide. Version 3.0

VMware AirWatch Integration with RSA PKI Guide

AirWatch Mobile Device Management

Step-by-step installation guide for monitoring untrusted servers using Operations Manager

Workspace ONE UEM Integration with RSA PKI. VMware Workspace ONE UEM 1810

Configuring Windows 7 VPN (Agile) Client for authentication to McAfee Firewall Enterprise v8. David LePage - Enterprise Solutions Architect, Firewalls

VMware AirWatch Integration with SecureAuth PKI Guide

Workspace ONE UEM Certificate Authority Integration with JCCH. VMware Workspace ONE UEM 1810

20411D D Enayat Meer

Using SSL to Secure Client/Server Connections

GO Software Pty Limited Map: 27 Tacoma Blvd, Pasadena SA 5042 ABN: ACN: How to Export a Self Signed Server Certificate

VMware AirWatch Certificate Authentication for EAS with NDES-MSCEP

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: November 10, 2011

Configuring Alfresco Cloud with ADFS 3.0

Windows Smart Card Logon Use Case

Install and Issuing your first Full Feature Operator Card

PST for Outlook Admin Guide

BROWSER-BASED SUPPORT CONSOLE USER S GUIDE. 31 January 2017

VMware AirWatch Certificate Authentication for EAS with NDES-MSCEP. For VMware AirWatch

VMware AirWatch Certificate Authentication for EAS with ADCS

Configuration of Microsoft Live Communications Server for Partitioned Intradomain Federation

Troubleshooting smart card logon authentication on active directory

NBC-IG Installation Guide. Version 7.2

Nimsoft Service Desk. Single Sign-On Configuration Guide. [assign the version number for your book]

V1.0 Nonkoliseko Ntshebe October 2015 V1.1 Nonkoliseko Ntshebe March 2018

Setting up Certificate Authentication for SonicWall SRA / SMA 100 Series

Module 3 Remote Desktop Gateway Estimated Time: 90 minutes

App Orchestration 2.0

VMware Horizon JMP Server Installation and Setup Guide. 13 DEC 2018 VMware Horizon 7 7.7

How to Configure S/MIME for WorxMail

Configuration examples for the D-Link NetDefend Firewall series

ms-help://ms.technet.2004apr.1033/win2ksrv/tnoffline/prodtechnol/win2ksrv/howto/efsguide.htm

SOA Software Intermediary for Microsoft : Install Guide

SAPO Trust Centre: Certificate Installation on Exchange Manual

How to Import a Certificate When Using Microsoft Windows OS

Acronis Backup & Recovery 11 Beta Advanced Editions

Enabling Smart Card Logon for Linux Using Centrify Suite

Enabling Smart Card Logon for Mac OS X Using Centrify Suite

Copyright and Trademarks

Patch Manager INSTALLATION GUIDE. Version Last Updated: September 25, 2017

RSA SecurID Access SAML Configuration for Kanban Tool

YubiKey Smart Card Deployment Guide

Symantec Managed PKI. Integration Guide for ActiveSync

White Paper. Deployment of ActiveX Controls via Microsoft Windows Active Directory. Fabasoft Folio 2016 Update Rollup 6

Configuring EAP for Wireless Network Connectivity By Victor Zapata

www. t ha lesesecur it y. com Thales e-security Integration Guide for Microsoft Windows Server 2016

Using Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS)

Ekran System High Availability Deployment Guide

V7610 TELSTRA BUSINESS GATEWAY

Parallels Mac Management for Microsoft SCCM

The information in this document is based on these software and hardware versions:

5.5.3 Lab: Managing Administrative Settings and Snap-ins in Windows XP

www. t ha les-esecur it y. com Thales e-security Integration Guide for Microsoft Windows Server 2012 and 2012 R2

Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS)

Using SSL/TLS with Active Directory / LDAP

PEAP under Unified Wireless Networks with ACS 5.1 and Windows 2003 Server

RSA SecurID Access SAML Configuration for StatusPage

Algo Lync Interface for SIP Audio Alerter User Guide

Enterprise Architect. User Guide Series. Model Wizard

Module 1 Web Application Proxy (WAP) Estimated Time: 120 minutes

Genesys Security Deployment Guide. What You Need

Installation Guide. Mobile Print for Business version 1.0. July 2014 Issue 1.0

Assureon Installation Guide Client Certificates. for Version 6.4

Logon to Windows Vista using smartcard and CertiID in a Windows 2008 environment.

Microsoft Dynamics GP Web Client Installation and Administration Guide For Service Pack 1

Hypertext Transfer Protocol Over Secure Sockets Layer (HTTPS)

Dealing with Event Viewer

ms-help://ms.technet.2004apr.1033/ad/tnoffline/prodtechnol/ad/windows2000/howto/mapcerts.htm

PEAP under Cisco Unified Wireless Networks with ACS 4.0 and Windows 2003

Configuration Note. snom 360 Phone with VX for Branch Survivability. Release 1.0

RSA SecurID Access SAML Configuration for Datadog

Encode Rule Explorer App v1.0.2 for IBM QRadar Documentation

VMware Horizon JMP Server Installation and Setup Guide. Modified on 19 JUN 2018 VMware Horizon 7 7.5

Wavecrest Certificate SHA-512

Working with Database & Objects

Fax to Encryption Instructions

Configuring Certificate Authorities and Digital Certificates

AMS Device View Installation Guide. Version 2.0 Installation Guide May 2018

Install Certificate on the Cisco Secure ACS Appliance for PEAP Clients

DNSSEC Deployment Guide

Privileged Access Agent on a Remote Desktop Services Gateway

BitLocker: How to enable Network Unlock

Parallels Mac Management for Microsoft SCCM

Mitel MiVoice Connect Security Certificates

Module 4 Network Controller Estimated Time: 90 minutes

Quick Start - Virtual Server idataagent (Microsoft/Hyper-V)

HP Server Updates Catalog for System Center Configuration Manager 2007 User Guide

LABEL ARCHIVE Administrator s Guide

Registration and Renewal procedure for Belfius Certificate

Send documentation comments to

Install the ExtraHop session key forwarder on a Windows server

Recertifying a Customized Driver Package (WLK)

Password Reset Server Installation

For my installation, I created a VMware virtual machine with 128 MB of ram and a.1 GB hard drive (102 MB).

Transcription:

Installation and Configuration Guide 1

Document Versions: Date Version Description June 14, 2014 1.0 Initial Release March 14, 2016 1.1 Minor Changes June 21, 2017 1.2 Added Trusted Publishers 2

Installing SCUP 2011: Install WSUS (If needed). This can be WSUS 3.0 SP2 or WSUS on Server 2012 or greater. If using WSUS 3.0 SP2, You should also install KB2734608. If SCUP 2011 console is going to be installed remote from the WSUS server, you need to install the WSUS Admin Console using the RSAT installer for the OS you are running. The hotfixes should be applied on the WSUS Server and SCUP console (if remotely installed) for WSUS 3.0 SP2. If using WSUS 3.0 SP2, You will need to install KB2530678. The hotfixes should be applied on the WSUS Server and SCUP console machine (if remotely installed). Download and Install Microsoft.NET Framework 4.0 (If Needed). 3

Run SCUP 2011 Installer from an elevated command prompt. Click Next. Click Next. 4

Review and accept the license agreement then click Next. Accept the default installation location and click Next. Click Next to begin the installation. 5

SCUP 2011 Configuration: Start System Center Updates Publisher 2011 from the start menu ensure to run as Administrator. From the ribbon, click Options. On the Update Server Tab, Click the checkbox to enable publishing to an update server. In the settings, choose one of the radio buttons to Connect to a local update server or Connect to a remote update server:. If your SCUP console is installed remotely from the WSUS server choose the remote option and configure the server settings. Note: In this example, we choose the Connect to a local update server since SCUP is installed on the WSUS server. 6

Click the Test Connection button. Next you need to determine if you will use a self-signed certificate or a certificate from a PKI (If using PKI see this guide to certificate creation). If using Server 2012 R2 and selfsigned certificates, view this post on how to allow Server 2012 R2 WSUS server to create a selfsigned certificate. Click the Create (creates a selfsigned cert) or Browse (to select PKI cert you created) button and choose OK on the message box. Note: In this example, we clicked the Create button and will use a self-signed certificate. 7

Click on the ConfigMgr Server tab in the Options pane. Check the Enable Configuration Manager integration checkbox. This allows us to use the Automatic publication type from the SCUP console. In the Settings, Choose the Connect to a local Configuration Manager Server or Connect to a remote Configuration Manager server:. Note: In this example, we choose Connect to a local Configuration Manager server. Click the Test Connection button. Click OK on the message box. Note: You can optionally configure the values used for the Automatic publication type in this tab. 8

Open up a MMC console Click Start, Run and Type MMC then click Enter Click Ctrl + M to open the Add/Remove Snap-in wizard Click on Certificates and click add. Choose the Computer account option and then click the Next button. Click the Finish button. Click the OK button to open the Certificate Snap-in. In the Certificates Snap-In, Browse to Certificates > WSUS > Certificates. You will see the WSUS self-signed certificate in this node. 9

Right click the certificate > Click All Tasks > Click Export. Click Next on the Welcome Wizard. In the Export Private Key page, leave the default No, do nor export the private key selected and click Next. In the Export File Format page, leave the default DER encoded binary X.509 (.CER) selected and click Next. In the File to Export page, Browse to a location and enter a filename for the certificate file and click Next. Note: we will use this file and import it into a group policy object. In this example, we saved the file to C:\WSUSCert.cer. 10

Click Finish and then OK on the message box. We will now distribute this certificate using Group Policy. We will create a new GPO at the root level so all machines will be able to install third-party updates. You can optionally use the Default Domain Policy. Right click the Domain and choose Create a GPO in this domain, and lick it here.. 11

In our environment, we called the GPO SCUP Settings. Right click the SCUP Settings GPO and Click Edit. Navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies. Right Click Trusted Root Certification Authorities and Click Import 12

Click the Next button on the Welcome wizard. On the File to Import page, browse out to the certificate file location where the certificate was exported. In our environment, the File name was C:\WSUSCERT.CER In the Certificate Store page, verify Trusted Root Certification Authorities is set and click Next. Click Finish. Click OK on the import was successful message box. Verify the Certificate was added to the Trusted Root Certification Authorities node within the Group Policy Object. Repeat the previous three steps for the Trusted Publishers store within the Group Policy Object. 13

Verify the Certificate was added to the Trusted Publishers node within the Group Policy Object. Within the same group policy, Navigate to Computer Configuration > Administrative Templates > Windows Components > Windows Update. Choose Allow signed updates from an intranet Microsoft update service location. Click Enabled. Click the OK Button. Run a gpupdate /force command on the machine where the SCUP console was installed to ensure the certificate is trusted. You should now have the selfsigned certificate in the Trusted Publishers and Trusted Root Certification Authorities stores on the machine where the SCUP console is installed. 14

SCUP 2011 is now installed and configured. We will go over importing our catalog into SCUP 2011 in the next guide. Optional (Trusted Publishers): All the remaining configurations are optional, but will save you time when publishing the catalog for the first time. Whenever a new catalog is imported or an update published that contains a digital signature you will be prompted whether you want to always want to trust the certificate used. There are currently over 70 different code signing certificates for applications within our catalog. We can edit a configuration file used by SCUP to import the current list of certificates being used to sign applications within our catalog. This allow you to not have to manually click Always accept content from when publishing a product for the first time. 15

Create a backup of the current user.config file located in: %localappdata%\microsoft\scup 2011.exe_StrongName_2wzdfzni mh1kefuisr0pqsefwkw5k4tp\5.0.1727.0 Your configuration file should look similar the picture in the left if this was a new installation of SCUP. If you already trusted any certificates in SCUP, your XML will include an additional element named TrustedPublishers Download the following ZIP file https://patchmypc.net/scupcatal og/downloads/trustedpublishers. zip and open the XML file named trustedpublishers.xml from the extracted ZIP file 16

Copy all the content within the trustedpublishers.xml and paste it as a new setting element within the element: <Scup.Properties.Settings> The example yellow box shows where we would paste the text copied from the trustedpublishers.xml You can overwrite the TrustedPublishers element if already exists in the user.config file Once the additional content is pasted into the user.config file save the file 17

Open SCUP and navigate to the Trusted Publishers tab in the Options menu You should now have a large list of trusted publishers We will periodically update the https://patchmypc.net/scupcatal og/downloads/trustedpublishers. zip to include new code signing certificates for venders in our catalog 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback