Requirements

The server on which our software is installed must be a member of the same forest in which it will be used. Our software cannot be used against accounts in trusted domains that are located in another Active Directory forest.


Active Directory Requirements

Our software uses LDAPv3 and works against all versions of Active Directory including Windows 2008, Windows Server 2012, and Windows Server 2016. We do recommend regular patching including applying all recommended and critical Microsoft updates.


Exchange Server Requirements

Our software does not require any version of Microsoft Exchange Server. We can use some attributes that are provided by the Exchange Server “schema” prep forest. To use attributes such as the extension attributes (aka custom attributes) we suggest you “prep” you forest with a minimum of Exchange Server 2003, but this is not necessary.


Server Operating System

Our software only installs on x64 editions of Microsoft Windows Server.

  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016

Either the Standard Edition, Enterprise Edition or Datacenter are supported. Both physical server an virtual server is supported. For Windows Server 2008 R2, Server 2012, or Server 2016, you must install the full installation. Server Core installations are not supported.


Internet Information Server

  • Internet Information Service (IIS) 7.5, 8, 8.5, 9, or 10
  • ASP.NET must be enabled
  • .NET Framework v4.0 must be installed/enabled
  • Integrated Windows Authentication must be allowed on the root Web site

Quick Installation of Prerequisites

You can quickly install all of the roles and features necessary using the PowerShell's Server Manager module. This allows you to specify all the roles and features required.

Windows Server 2008 R2
1.  Open a PowerShell command prompt as an administrator 
2.  Type Import-Module ServerManager and press Enter
3.  Type Add-WindowsFeature Web-Server, Web-Basic-Auth, Web-Windows-Auth, Web-ASP-NET, Web-Net-Ext, AS-Web-Support and press Enter
4.  Reboot if prompted.
          
Windows Server 2012 / Windows Server 2012 R2
1.  Open a PowerShell command prompt as an administrator  
2.  Type Import-Module ServerManager and press Enter
3.  Type Add-WindowsFeature Web-Server, Web-Basic-Auth, Web-Windows-Auth, NET-FRAMEWORK-45-Core, NET-FRAMEWORK-45-ASPNET, Web-HTTP-Logging, Web-NET-Ext45, Web-ASP-Net45 and press Enter
4.  Reboot if prompted.
          
Windows Server 2016
1.  Open a PowerShell command prompt as an administrator 
2.  Type Import-Module ServerManager and press Enter
3.  Type Add-WindowsFeature Web-Server, Web-Mgmt-Console, Web-Scripting-Tools, Web-Basic-Auth, Web-Windows-Auth, NET-FRAMEWORK-45-Core, NET-FRAMEWORK-45-ASPNET, Web-HTTP-Logging, Web-NET-Ext45, Web-ASP-Net45 and press Enter
4.  Reboot if prompted.
          

Microsoft / Windows Updates

Once the prerequisites are installed, we strongly recommend that you perform a Microsoft Update and install all recommended and critical updates. This includes any updates to Microsoft's .NET Framework.


Interoperability with Other Web Applications

Our software usually works fine with most web applications running on the same IIS server provided the server remains in a minimum of IIS 6 mode. We recommend against running our software on the same server with Microsoft SharePoint.


Service / Proxy Account

All updates to the Active Directory are performed under the security context of a proxy account (sometimes called a service account.) While the proxy account can be restricted to a very minimum set of permissions, we recommend that the proxy account be a member of either the Account Operators or domain’s Administrators group. Here are some properties of the proxy account that you should take note of:

  • Name the account something recognizable such as SVC_DirectoryUpdate
  • Proxy account password should have a strong password (15 characters)
  • Proxy account’s password must not expire

Application Pool

An application pool is a memory space in which a web application executes. Web applications are assigned to the DefaultAppPool by default and that is usually works. For recent versions of our software, our installer creates a dedicated .NET 4.0 application pool. However for earlier versions you may need to do this manually. See this TechNote creating an application pool for older Ithicos applications. See TechNote for more information.

  • Name the application pool something like IthicosAppPool
  • Application pool identity must run as the NetworkService user
  • 32-bit mode must be disabled

Installer’s Account

The person that installs our software should use a user account that is both a domain account and a member of the server’s local Administrators group.


Secure Sockets Layer (SSL)

SSL is a security layer that protects HTTP data as it is transmitted across your network or the Internet. We strongly recommend that any web site that transmits personal data use SSL. Our software will work on a web site that uses SSL or not.

SSL uses a certificate that is “signed” by a certificate authority. We recommend that the certificate be issued by a certificate authority (CA) that is trusted by the browser clients that your users will be using. This prevents security warnings; users should never get used to ignoring security warnings.

Enabling SSL is a feature of Internet Information Server. The exact process will depend on the operating system.

Follow these links:


Browser Requirements

Our software uses ASP.NET and AJAX controls to create some enhanced functionality within the browser; some call this Web 2.0 technology. This means that it is not as simple as a standard web page and thus browsers must be carefully tested.

Our current releases support the following browser versions:

  • Internet Explorer 8.x - 11.x - IE compatibility mode must be off
  • Microsoft Edge
  • Firefox 16.x and later
  • Google Chrome v11.x and later

We only update current versions of our software when a new browser is released. This does not mean that older versions of our software or other browsers (Safari or Chrome) will not work, but we may not support them if you have problems. We recommend customers stay on software maintenance so that they can upgrade to newer builds of the software as they become available.

Note also that Internet Explorer is required to use Integrated Windows Authentication (IWA) unless you have a 3rd party browser that supports IWA.