You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close

04: Installing and Configuring PolicyPak GPCR for use with SQL Server using SQL Authentication

This document will step through preparing for and installing the GPCR server and Admin Client software, and assumes MS SQL Server is installed on a separate, accessible server, using default settings.

Configuring Active Directory

Set who is allowed to access the GPCR client and what computers will have their data collected.

  1. Create a security group in the domain (e.g. GPCR Admin) and populate it with and administrators that require access to the GPCR client (admin console)
  2. Create a security group in the domain (e.g. GPCR Computers) and populate it with individual computers or other computer groups (e.g. Domain Computers) that will participate the compliance reporting.

Configuring SQL Server

Set server Authentication

Authentication must be set to allow both SQL and windows authentication

  1. Open “Microsoft SQL Server Management Studio” and connect to your server instance
  2. Right-click on SQL server instance and click “Properties”
  3. On the Server Properties page click on the “Security” tab and set the Server authentication to “SQL Server and Windows Authentication”

  4. Click OK to Close
  5. If changed, restart MSSQLSERVER service

Create DB Admin

Create an administrative SQL account within SSMS to own and access the GPCR database.

  1. Expand “Security”, right-click “Logins” and select “New Login”
  2. On General tab

    1. Set Login name, e.g. “GPCR_DBAdmin”
    2. Select radio button “SQL Server authentication” and set password
    3. Uncheck “Enforce password policy”

  3. Click on “Server Roles” tab and select “public” and “sysadmin” roles

  4. Save and close

Create Empty DB

GPCR requires an empty SQL database be present during the installation

  1. In Microsoft SSMS, right-click on “Databases” and select “New Database”

  2. Enter name for database (e.g. GPCR)
  3. Set Owner as DB admin created earlier (GPCR_DBAdmin in example)
  4. Place DB and log files where desired, if different from default
  5. Save and close

Ensuring Connectivity

Ensure communication is open between GPCR Client and SQL server

Enable DTC

The following is run on both the PolicyPak GPCR Client computer (Where the Admin Console is installed) and the remote SQL Server

  1. Open Component Services

    1. Open the “run” box (Win-R), type “dcomcnfg” and click OK

  2. Expand Console Root -> Component Services -> Computers -> My Computer -> Distributed Transaction Coordinator, Right-Click on Local DTC and click Properties

  3. On the Security tab -> Security Settings and Configure as follows:

    1. Check “Network DTC Access”
    2. Check “Allow Inbound” and “Allow Outbound”
    3. Select “No Authentication Required”
    4. Check “Enable SNA LU 6.2 Transactions”
    5. Click OK

  4. The MSDTC service will need to be restarted for the changes to take affect – Click YES to restart now or NO to restart manually later.

Enable Firewall Rules

Enable DTC through the firewall on both PolicyPak GPCR Server and the remote SQL Server

  1. Open the Windows Defender Firewall
  2. Click on “Allow an app or feature through Windows Defender Firewall”

  3. Find “Distributed Transaction Coordinator”, check and check the appropriate Network profile (e.g. Domain).

  4. Click OK to save and close

Installing GPCR

When installing GPCR, download the latest bits from PolicyPak. It is our recommendation that when downloading the latest software version, to grab “everything” (latest bits plus Paks, manuals and guidance). They can be found at https://portal.policypak.com/downloads/everything

GPCR Server

These steps assume that this is the first time GPCR has been installed. If previously installed, you will also be prompted to choose between the previously configured database and admin group, and the setting new values for each.

  1. In the downloaded ISO or ZIP, open “PolicyPak Group Policy Compliance Reporter” folder and run PolicyPak GP Compliance Reporter (Server).msi
  2. Click “Next >” through first screen
  3. GPCR requires that Server and client (admin console) be at version 20.3.2366.420 at minimum. select “Yes, I confirm” and “Next >” to continue
  4. Accept agreement and “Next >” to continue
  5. Change installation or just click “Next >” to accept default (recommended) and continue
  6. Click “Change” and find domain security group created earlier (GPCR Admin in example) and click “Next >”

  7. Select “Microsoft SQL Server and “Next >”

  8. Configure Connection to SQL Server

    1. Server = Hostname or IP address of SQL server
    2. Uncheck “Trusted Connection …”
    3. Type in Username and password of SQL account created earlier
    4. Click “Refresh” to get list of Databases on SQL server and select empty DB created earlier
    5. Next >

  9. Install -> click yes if prompted for *.msi

GPCR Client

The GPCR Client (Admin Console) can be installed on any computer. It is recommended that it be installed on the computer that is used for Group Policy Administration.

Note: The client itself is not licensed and thereby can be installed on as many computers as required.

  1. In the downloaded ISO or ZIP, open “PolicyPak Group Policy Compliance Reporter” folder and run PolicyPak GP Compliance Reporter (Admin Console).msi
  2. Click “Next >” through first screen
  3. GPCR requires that Server and client (admin console) be at version 20.3.2366.420 or higher. Select “Yes, I confirm” and “Next >” to continue
  4. Accept agreement and “Next >” to continue
  5. Change installation or just click “Next >” to accept default (recommended) and continue
  6. Select desired application shortcuts and click “Next >”
  7. Install -> click yes if prompted for *.msi

GPCR General configuration

For information on completing the GPCR configuration wizard, setting up Auditing and Licensing, and for general usage, please refer to the manual. In addition, review the KB video Installing Compliance Reporter Server and Client

  • 904
  • 30-Apr-2020
  • 2387 Views