# StifleR Dashboard Installation ## Prerequisites * Microsoft .NET 4.8 * Installation account must have Administrator rights * Install the **Internet Information Services (IIS)** role on the server:\ The minimum IIS role and features required can be installed by using the following PowerShell command: ``` Install-WindowsFeature -Name Web-Server, Web-Windows-Auth -IncludeManagementTools ``` * Decide on whether the Dashboard Web Site will be using HTTPS (optional at this point, but recommended). For more information on this, see [this page](https://documentation.2pintsoftware.com/stifler/2.10/configuration/securing-stifler-operations-with-ssl/preparing-the-stifler-dashboard-web-site-for-ssl). ## Installation From an Elevated Command prompt launch **StifleR.Dashboard.Installer64.msi**. At the "Welcome" screen, feel welcomed, and then click **Next**. {% embed url="" %} *** At the "End-User License Agreement" screen, once you have reviewed the EULA, check the box: \ **I accept the terms in the License Agreement**, and then click **Next**. {% embed url="" %} *** At the "Select Operation Mode and Parameters" screen, verify the URLs for the dashboard to connect to the StifleR server and dashboard web service. By default, the port number for the StifleR service is 1414. If during the [StifleR Server installation](https://documentation.2pintsoftware.com/stifler/2.10/installation/server/stifler-server-installation), a different port was used, modify the URL accordingly. Once complete, click **Next** to continue. {% hint style="info" %} Note: By default, the installation wizard will define the URLs as HTTP based sites. It is acceptable to install the Dashboard using HTTP for testing, but in production, it is strongly recommended to use HTTPS. To configure the Dashboard to use HTTPS, simply change the URLs to https\://\:\.\ For more information on how to secure IIS for HTTPS, see the page: [Using a Web Server Certificate](https://documentation.2pintsoftware.com/stifler/2.10/configuration/securing-stifler-operations-with-ssl/using-a-full-iis-certificate). {% endhint %} {% embed url="" %} *** At the "Dashboard Website Configuration" screen, select the desired IIS web site to install the dashboard. \ \&#xNAN;*Using a Custom Web Site and Application Pool*\ If desired, you can configure the dashboard to use a web site and application pool other than the default. If so, a web site and application pool must be created in advance. Once the custom web site is created, select the custom web site in the drop down. If using a custom application pool, check the box: **Use a custom app pool instead of the web site default**. Once complete, click **Next** to continue. {% embed url="" %} *** At the "Destination Folder" screen, enter the path in which the Dashboard program files should be installed and then click **Next**. {% embed url="" %} *** At the "Ready to install..." screen, click **Install** to begin the installation. {% embed url="" %} *** At the At the "Completed" screen, the installation wizard is complete. Click **Finish** and enjoy a nice cup of coffee, you’ve earned it. {% embed url="" %} ## Post Installation As access to the StifleR dashboards is limited by Windows Group membership there is a requirement to make some security configuration changes on the StifleR Dashboards website within IIS. Specifically, we need to remove Anonymous access, and configure Windows Authentication. Within the Windows Authentication configuration: for a non-domain joined server, the only auth provider configured is **NTLM**; for a domain-joined server, the only auth provider configured is **Negotiate:Kerberos**. You can set this manually within IIS Manager under **Sites** - **Default Web Site** - **StifleRDashboard** - **Authentication**, but the easiest way is to run the following PowerShell snippet: ``` #-------------------------------- #Configure IIS for Authentication #-------------------------------- $partofdomain = (Get-CimInstance win32_computersystem).PartOfDomain $siteName = "Default Web Site/StifleRDashboard" Write-Host "Removing Anonymous Authentication from website." Set-WebConfigurationProperty -filter /system.webServer/security/authentication/AnonymousAuthentication -name enabled -value false -PSPath IIS:\ -location $siteName Write-Host "Configuring IIS for Windows Authentication." Set-WebConfigurationProperty -filter /system.webServer/security/authentication/WindowsAuthentication -name enabled -value True -PSPath IIS:\ -location $siteName Write-Host "Configuring Windows Auth Providers" #First we remove all providers, disable Kernel-mode authentication, then re-add single authentication provider. Get-WebConfigurationProperty -Filter system.webServer/security/authentication/WindowsAuthentication ` -Location $siteName -Name providers.Collection | Select-Object -ExpandProperty Value | ForEach-Object {Remove-WebConfigurationProperty -Filter system.webServer/security/authentication/WindowsAuthentication -Location $SiteName -Name providers.Collection -AtElement @{value=$_}} $winKernel = (Get-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -location $siteName -filter /system.WebServer/security/authentication/windowsAuthentication -name "useKernelMode").Value if ($winKernel -eq $True){ Write-Host "Disabling Kernel-mode authentication." Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -location $siteName -filter /system.WebServer/security/authentication/windowsAuthentication -name "useKernelMode" -value false } #If StifleR is running on a domain joined server, auth provider is configured to Negotiate:Kerberos. if ($partofdomain -eq $true){ Write-Host "Server is domain joined. Configuring Negotiate:Kerberos as authentication provider." Add-WebConfigurationProperty -Filter system.webServer/security/authentication/WindowsAuthentication ` -Location $siteName -Name providers.Collection -AtIndex 0 -Value "Negotiate:Kerberos" } #If StifleR is running on a non-domain joined server, auth provider is configured to NTLM if ($partofdomain -eq $false){ Write-Host "Server is not member of a domain. Configuring NTLM as authentication provider." Add-WebConfigurationProperty -Filter system.webServer/security/authentication/WindowsAuthentication ` -Location $siteName -Name providers.Collection -AtIndex 0 -Value "NTLM" } ``` {% hint style="success" %} Note: It is recommended that the URL of the StifleR Dashboard is added to the Trusted Sites zone in Internet Options. The StifleR Dashboard URL should be something like the example below: Ex: http(s)://servername.domain.com/Stiflerdashboard {% endhint %} {% hint style="info" %} Note: If implementing SSL security for the StifleR Dashboard, you will have to assign a certificate to the Default Website. See [this link](https://documentation.2pintsoftware.com/stifler/2.10/configuration/securing-stifler-operations-with-ssl/using-a-full-iis-certificate) for more information. {% endhint %} ### Testing the Dashboard Website Navigate to the StifleR Dashboard website by visiting the URL defined during the setup wizard. By default this would be:\ **http(s)://servername.domain.com/Stiflerdashboard**