Windows Server

installing passwork on following os windows server 2016 windows server 2019 windows server 2022 1\ minimum system requirements passwork is not resource demanding the amount of resources required (ram, cpu, hdd) and the number of servers depend on the number of active users, the amount of data stored, and the requirements for system fault tolerance see the technical requirements docid 0qxzmsecr2kfjk3wtcqub 2\ basic steps before installation run powershell as administrator right click on the start icon in the lower left corner of the screen; select windows powershell (administrator) from the context menu if windows server 2016 is used, you must enable the tls protocol to download packages to the operating system as described below powershell \[net servicepointmanager] securityprotocol = \[net securityprotocoltype] tls12 create a temporary directory for downloading packages and archives powershell if ( not (test path "$env\ systemdrive\windows\temp\passwork install" pathtype container)) { new item path "$env\ systemdrive\windows\temp\passwork install" itemtype directory write host "directory successfully created" foregroundcolor green } else { write host "directory already exists" } override user group names using sid powershell $usergroupsid = "s 1 5 32 545" $usersecurityidentifier = new object system security principal securityidentifier($usergroupsid) $usergroupname = $usersecurityidentifier translate(\[system security principal ntaccount]) value $usergroupname = $usergroupname split("\\")\[1] $iis iusrsgroupsid = "s 1 5 32 568" $iis iusrssecurityidentifier = new object system security principal securityidentifier($iis iusrsgroupsid) $iis iusrsgroupname = $iis iusrssecurityidentifier translate(\[system security principal ntaccount]) value $iis iusrsgroupname = $iis iusrsgroupname split("\\")\[1] install the iis role with the module powershell install windowsfeature name web server includemanagementtools install windowsfeature name web cgi includemanagementtools 3\ php installation download the php archive powershell try { (new object system net webclient) downloadfile( "https //repos passwork pro/repository/windows packages/php build/82/php latest zip", "$env\ systemdrive\windows\temp\passwork install\php latest zip" ) write host "php loaded successfully" foregroundcolor green } catch { write host "error loading php $ " foregroundcolor red } in case of an error, you can download the archive manually — https //repos passwork pro/repository/windows packages/php build/82/php latest zip https //repos passwork pro/repository/windows packages/php build/82/php latest zip unzip the contents to program files powershell expand archive ` path "$env\ systemdrive\windows\temp\passwork install\php latest zip" ` destinationpath "$env\ programfiles\\" add php utilities to the path variable environment powershell if ( not (\[system environment] getenvironmentvariable("path", \[system environmentvariabletarget] user) contains("$env\ programfiles\php8 2"))) { \[system environment] setenvironmentvariable( "path", \[system environment] getenvironmentvariable("path", \[system environmentvariabletarget] user) + ";$env\ programfiles\php8 2", \[system environmentvariabletarget] user ) write host "php directory added to path environment variable" foregroundcolor green } else { write host "the php directory is already present in the path environment variable" } to test it, open a new powershell window and run the php v cmdlet set users permissions to the group for the php directory powershell invoke expression "icacls '$env\ programfiles\php8 2' /grant '${usergroupname} (oi)(ci)`m'" 4\ installing mongodb database download mongodb installer powershell try { (new object system net webclient) downloadfile("https //repos passwork pro/repository/windows packages/mongodb database latest msi", "$env\ systemdrive\windows\temp\passwork install\mongodb database latest msi") write host "mongodb successfully uploaded" foregroundcolor green } catch { write host "error loading mongodb $ " foregroundcolor red } in case of an error, you can download the installer manually — https //repos passwork pro/repository/windows packages/mongodb database latest msi https //repos passwork pro/repository/windows packages/mongodb database latest msi install mongodb by default powershell try { start process filepath "msiexec exe" argumentlist "/l v", "$env\ systemdrive\windows\temp\mdbinstall log", "/qb", "/i", "$env\ systemdrive\windows\temp\passwork install\mongodb database latest msi", "should install compass=0", "addlocal=router,serverservice" wait erroraction stop } catch { write host "error installing mongodb $ " foregroundcolor red } to install mongodb on another drive, you need to add "installlocation=a \mongodb" create a directory for the mongodb administration utilities powershell if ( not (test path "$env\ programfiles\mongodb\tools\\")) { new item itemtype directory force path "$env\ programfiles\mongodb\tools\\" write host "directory successfully created" foregroundcolor green } else { write host "directory already exists" } download administration utilities powershell try { (new object system net webclient) downloadfile( "https //repos passwork pro/repository/windows packages/database tools latest zip", "$env\ systemdrive\windows\temp\passwork install\database tools latest zip" ) write host "administration utilities loaded" foregroundcolor green } catch { write host "error loading administration utilities $ " foregroundcolor red } in case of an error, you can download the installer manually — https //repos passwork pro/repository/windows packages/database tools latest zip https //repos passwork pro/repository/windows packages/database tools latest zip unzip content powershell expand archive ` path "$env\ systemdrive\windows\temp\passwork install\database tools latest zip" ` destinationpath "$env\ programfiles\mongodb\tools\\" add administration utilities to the path variable environment powershell if ( not (\[system environment] getenvironmentvariable("path", \[system environmentvariabletarget] user) contains("$env\ programfiles\mongodb\tools"))) { \[system environment] setenvironmentvariable( "path", \[system environment] getenvironmentvariable("path", \[system environmentvariabletarget] user) + ";$env\ programfiles\mongodb\tools", \[system environmentvariabletarget] user ) write host "mongodb administration utilities have been added to the path environment variable" foregroundcolor green } else { write host "mongodb administration utilities are already present in the path environment variable" } 5\ installing modules for iis download archive with modules powershell try { (new object system net webclient) downloadfile( "https //repos passwork pro/repository/windows packages/iis package latest zip", "$env\ systemdrive\windows\temp\passwork install\iis package latest zip" ) write host "archive successfully uploaded" foregroundcolor green } catch { write host "error loading archive $ " foregroundcolor red } in case of an error, you can download the installer manually — https //repos passwork pro/repository/windows packages/iis package latest zip https //repos passwork pro/repository/windows packages/iis package latest zip unzip modules for iis powershell expand archive ` path "$env\ systemdrive\windows\temp\passwork install\iis package latest zip" ` destinationpath "$env\ systemdrive\windows\temp\passwork install\\" install visual c++ powershell try { start process ` filepath "$env\ systemdrive\windows\temp\passwork install\vc redist x64 exe" ` argumentlist "/q" wait erroraction stop } catch { write host "visual c++ installation ended with an error $ " foregroundcolor red } install php manager powershell try { start process filepath "msiexec exe" ` argumentlist "/i $env\ systemdrive\windows\temp\passwork install\phpmanagerforiis x64 msi /quiet /norestart" ` wait erroraction stop } catch { write host "php manager installation failed with an error $ " foregroundcolor red } install url rewrite powershell try { start process filepath "msiexec exe" ` argumentlist "/i $env\ systemdrive\windows\temp\passwork install\rewrite amd64 en us msi /quiet /norestart" ` wait erroraction stop } catch { write host "url rewrite installation ended with an error $ " foregroundcolor red } 6\ getting the latest version of passwork create a directory for passwork powershell if ( not (test path "$env\ systemdrive\inetpub\wwwroot\passwork")) { new item itemtype directory force path "$env\ systemdrive\inetpub\wwwroot\passwork" write host "directory successfully created" foregroundcolor green } else { write host "directory already exists" } go to the passwork customer portal and copy your certificate number get the latest version of passwork by entering your certificate number powershell try { (new object system net webclient) downloadfile( "https //portal passwork pro/api/download?certificate=certificate number", "$env\ systemdrive\windows\temp\passwork install\passwork zip" ) write host "passwork successfully uploaded" foregroundcolor green } catch { write host "passwork download error $ " foregroundcolor red } unzip passwork to the iis directory powershell expand archive ` path "$env\ systemdrive\windows\temp\passwork install\passwork zip" ` destinationpath "$env\ systemdrive\inetpub\wwwroot\passwork\\" create a web config for redirect rules powershell "\<?xml version=`"1 0`" encoding=`"utf 8`"?> \<configuration> \<system webserver> \<rewrite> \<rules> \<rule name=`"imported rule 1`" stopprocessing=`"true`"> \<match url=`"^app/( )/( )/template (\[a z a z0 9]+) html`" ignorecase=`"false`" /> \<conditions logicalgrouping=`"matchall`"> \<add input=`"{request filename}`" matchtype=`"isfile`" ignorecase=`"false`" negate=`"true`" /> \</conditions> \<action type=`"rewrite`" url=`"app/{r 1}/{r 2}/template html`" /> \</rule> \<rule name=`"imported rule 2`" stopprocessing=`"true`"> \<match url=`"^extension/js/( )/( )/template (\[a z a z0 9]+) html`" ignorecase=`"false`" /> \<action type=`"rewrite`" url=`"extension/js/{r 1}/{r 2}/template html`" /> \</rule> \<rule name=`"imported rule 3`" stopprocessing=`"true`"> \<match url=`"^( )$`" ignorecase=`"false`" /> \<conditions logicalgrouping=`"matchall`"> \<add input=`"{request filename}`" matchtype=`"isdirectory`" ignorecase=`"false`" negate=`"true`" /> \<add input=`"{request filename}`" matchtype=`"isfile`" ignorecase=`"false`" negate=`"true`" /> \</conditions> \<action type=`"rewrite`" url=`"index php? url=/{r 1}`" appendquerystring=`"true`" /> \</rule> \</rules> \</rewrite> \</system webserver> \</configuration>" | out file filepath "$env\ systemdrive\inetpub\wwwroot\passwork\public\web config" encoding utf8 set permissions for the passwork location powershell invoke expression "icacls 'c \inetpub\wwwroot' /grant '${usergroupname} (oi)(ci)`m'" invoke expression "icacls 'c \inetpub\wwwroot' /grant '${$iis iusrsgroupname} (oi)(ci)`m'" invoke expression "icacls 'c \inetpub\wwwroot' /grant 'iusr (oi)(ci)`m'" 7\ configuring iis web server connect modules in powershell to manage iis powershell import module iisadministration import module webadministration add pssnapin phpmanagersnapin unlock the handlers configuration in iis powershell invoke expression "$env\ windir\system32\inetsrv\appcmd exe unlock config section\ system webserver/handlers" get the ports in use by the operating system powershell function test portinuse { param ( \[int]$port ) try { $listener = \[system net sockets tcplistener] new(\[system net ipaddress] any, $port) $listener start() $listener stop() return $false } catch { return $true } } check busy default ports for the website powershell if (test portinuse port 80) { $httpport = 5353 } else { $httpport = 80 } create a website ( passwork web site ) with http protocol powershell new website name "passwork web site" port $httpport physicalpath "$env\ systemdrive\inetpub\wwwroot\passwork\public" force register a php version for the website powershell new phpversion scriptprocessor "$env\ programfiles\php8 2\php cgi exe" sitename "passwork web site" virtualpath "/" activate drivers and extensions for the website powershell $availableextensions = get phpextension sitename "passwork web site" virtualpath "/" $commands = @( @{name="php curl dll"; status="enabled"}, @{name="php gettext dll"; status="enabled"}, @{name="php zip dll"; status="enabled"}, @{name="php phalcon dll"; status="enabled"}, @{name="php mongodb dll"; status="enabled"}, @{name="php ldap dll"; status="enabled"}, @{name="php gd dll"; status="enabled"}, @{name="php openssl dll"; status="enabled"}, @{name="php soap dll"; status="enabled"}, @{name="php mbstring dll"; status="enabled"}, @{name="php mysqli dll"; status="enabled"}, @{name="php opcache dll"; status="enabled"} ) foreach ($command in $commands) { $extension = $availableextensions | where object {$ name eq $command name} if ( not $extension) { write host "$($command name) not available" } elseif ($extension status eq "enabled") { write host "$($command name) already enabled" } else { set phpextension name $command name status enabled sitename "passwork web site" virtualpath "/" write host "$($command name) activated successfully" } } restart the iis web server powershell restart service name "w3svc" open http //localhost 80 http //localhost 80 or http //localhost 5353 http //localhost 5353 test the connection to passwork 7\ passwork parameter checklist when you connect to passwork for the first time, you will need to go over the checklist that includes automatic parameter checking checking connection to mongodb database generating an encryption key for mongodb license verification leave all fields as they are if you are installing a new passwork copy after finishing the checklist, you will be offered to create the first passwork user and set their login, password and email address for notifications this user is always local and the owner of passwork by default, in case of assigning ldap/sso user an owner, it will automatically become local and you will not be able to authorise in passwork 8\ configuring passwork for https access 8 1 generating self signed ssl certificate check busy default ports for the website powershell if (test portinuse port 443) { $httpsport = 444 } else { $httpsport = 443 } create a self signed https certificate with a server name value powershell $dnsname = "$env\ computername" $newcert = new selfsignedcertificate dnsname $dnsname certstorelocation cert \localmachine\my 8 2 creating iis binding for access to passwork over https protocol create https binding in the passwork website powershell new webbinding name "passwork web site" ipaddress " " port $httpsport protocol "https" get the current binding of the passwork website powershell $binding = get webbinding name "passwork web site" protocol "https" bind a previously created self signed certificate to the https protocol of the website powershell $binding addsslcertificate($newcert getcerthashstring(), "my") restart the iis web server powershell restart service name "w3svc" open https //localhost 443 https //localhost 443 or https //localhost 444 https //localhost 444 to test the connection to passwork 8 3 configuring passwork to work over https protocol when using a secure ssl connection (https), client browsers require certain flags to process passwork data these flags are called session cookie secure and disablesamesitecookie if these flags are not set, browsers will not be able to establish connections and the connection will be rejected, which can lead to authorisation errors set the ;session cookie secure parameter in the file c \program files\php8 2\php ini bash session cookie secure = 1 set the disablesamesitecookie parameter in c \inetpub\wwwroot\passwork\app\config\config ini to off bash disablesamesitecookie = off do not set these parameters or reset them to their original value if you change your mind about using ssl and http 9\ configure background tasks background tasks are tasks that are executed by the scheduler in the background for example, ldap synchronisation, loading favicons, and other tasks that are time consuming, persistent, or resource demanding see a guide on background tasks docid\ pj1ekrpvv2ndjc8hbpacp 10\ set up security before modifying security settings, we strongly recommend to make sure that passwork is stable and works correctly, and to back up the files you are making changes to server security is an important part of ensuring the protection of valuable company data and resources it is a process that requires planning and execution to ensure maximum protection against various threats look through the overview of security settings docid\ abhmikjranomvre2zgelg