You can install Forefront TMG using an unattended server setup. In order to run the installation in unattended mode, you prepare the setup information in a file that is used by the setup process during installation. In this mode, running a command triggers the setup, and reads the settings from an answer file. You do not need to monitor the installation process, and enter setup information when prompted by the setup process. This mode is recommended for deployments of multiple Forefront TMG servers.

Note:
To run an unattended setup, you must be a member of the Administrators group on the local computer.
To run an unattended setup
  1. Create an answer file with the required parameters. You can modify the Forefront TMG sample installation answer file (InstallStandaloneServer.ini). See below for a description of the Answer file parameters.

  2. At the command prompt, type the following:

    PathToISASetup \Setup.exe [/r]/v" /q[b|n] FULLPATHANSWERFILE=\"PathToINIFile\Filename.ini\""

    where:

    • PathToISASetup is the path to the Forefront TMG installation files. The path can be the root folder of the Forefront TMG CD or a shared folder (on your network) that contains the Forefront TMG files.

    • /r indicates an unattended reinstallation.

    • /q sets the user interface level:

      • q, qn—No user interface.

      • qb—Basic user interface; only setup progress bar and error messages.

    • PathToINIFile is the path to the folder that contains the unattended installation information.

    • Filename .ini is the name of the answer file.

    For example, the following command performs an unattended installation using the sample InstallStandaloneServer.ini as the answer file. It is located in drive C:\Microsoft Forefront TMG.

    /v" /qn FULLPATHANSWERFILE="C:\Microsoft Forefront TMG\Unattended_Setup_Sample\InstallStandaloneServer.INI\""

Note the following:

Answer file parameters

The following table describes the entries and values in the InstallStandaloneServer.ini file of the server.

Entry Description Required or optional

PIDKEY

Specifies the product key. This is the 25-digit number located on the back of the Forefront TMG CD case.

Required for all installation scenarios.

UPDATESUPPRESS

By default, Forefront TMG initiates a system wide scan for updates using Windows Update. If this parameter is specified, Forefront TMG does not initiate the scan for updates.

Optional.

INTERNALNETRANGES

Specifies the range of addresses in the Internal network. InstallStandaloneServer.ini must specify at least one IP address; otherwise, setup fails. The syntax is:

N From1-To1,From2-To2,... FromN-ToN
where N is the number of ranges and From1-To1 are the starting and ending IP addresses in each range.

Required.

InstallDir={install_directory}

Specifies the installation folder for Forefront TMG. If not specified, the value defaults to the first disk drive with enough space. The syntax is:

Drive :\ Folder

The default folder is: %Program Files%\Microsoft Forefront TMG

Optional for all installation scenarios.

COMPANYNAME=Company_Name

Specifies the name of the company installing the product.

Optional for all installation scenarios.

DONOTDELLOGS = {0|1}

If value is set to 1, the log files on the computer are not deleted. The default is 0.

Optional for uninstalling.

DONOTDELCACHE = {0|1}

If value is set to 1, the cache files on the computer are not deleted. The default is 0.

Optional for uninstalling.

ADDLOCAL= {MSFirewall_Management}, {MSFirewall_Services}, {MSDE}

Specifies a list of features (delimited by commas) that should be installed on the computer. To install all the features, set ADDLOCAL=ALL.

Optional for all installation scenarios.

REMOVE={MSFirewall_Management}, {MSFirewall_Services}, {MSDE}

Specifies a list of features (delimited by commas) that should be removed from the computer. To remove all the features, set REMOVE=ALL.

Optional for all installation scenarios.

IMPORT_CONFIG_FILE =Importfile.xml

Specifies a configuration file to import.

Required when upgrading.

MIGRATION_PASSWORD

Specifies the password to use when importing sensitive data, as part of the migration process.

Required when you specify the IMPORT_CONFIG_FILE entry.

Enterprise: ARRAY_AUTHENTICATIONMETHOD

Defines the array's authentication method.

Possible values: Windows (LDAP) or Certificate (LDAPS). When you set this value, you must also specify a value in CLIENT_CERTIFICATE_FULLPATH. Default value: Windows.

Optional when installing the following:

  • A new array member.

  • Combined Forefront TMG services and Enterprise Management server.

Must be set to Certificate in workgroup scenarios.

Enterprise:

ARRAY_DESCR

Describes the array.

Default: Empty.

Optional when installing the following:

  • A server to a new array (not used when joining an existing array).

  • Combined Forefront TMG services and Enterprise Management server.

Enterprise:

ARRAY_MODE

Specifies whether the server installation creates a new array or the server joins an existing array. Possible values: New or Join.

Default: New.

Optional when installing the following:

  • A server to a new array (not used when joining an existing array).

  • A new array specified for the server installation.

Enterprise:

ARRAY_DNS_NAME

Specifies the name that Firewall and Web proxy clients use when connecting to the array.

Default: Computer name.

Optional when installing the following:

  • A server to a new array (not used when joining an existing array).

  • Combined Forefront TMG services and Enterprise Management server.

Enterprise:

ARRAY_ENTERPRISEPOLICY

Specifies which enterprise policy to use. Default: Array Policy Only.

Required when installing a server to a new array. Should not be specified when installing Forefront TMG services and Enterprise Management server in a new enterprise.

Enterprise:

ARRAY_INTERNALNET

Specifies the range of IP addresses in the new array's internal networks. Defines the description of the new array.

N From1-To1,From2-To2,... FromI-ToI
where N is the number of ranges, and FromI-ToI are the starting and ending IP addresses in each range.

Required when installing the following:

  • A server to a new array.

  • Combined Forefront TMG services and Enterprise Management server.

  • Joining an existing array that does not have an internal network defined.

Should not be specified when installing a server to an existing array that has an internal network defined.

Optional when using ARRAY_INTERNALNET_ENTERPRISE_NETS.

Enterprise:

ARRAY_INTERNALNET_ENTERPRISE_NETS

Specifies the names of enterprise networks that are included in the array's Internal network.

Syntax: "network1" "network2"…"networkN".

If a network name contains quotation marks ("), replace them with two quotation marks ("").

Optional if ARRAY_INTERNALNET is specified. Otherwise, required when installing a server to a new array.

Should not be specified when installing an Enterprise Management server for a new enterprise.

Enterprise:

ARRAY_NAME

Specifies the name of the new array or the name of an existing array, when joining an array.

Default: Computer name (for new array installation).

Optional when installing the following:

  • A server to a new array (not used when joining an existing array).

  • Combined Forefront TMG services and Enterprise Management server.

Required when installing a server to an existing array.

Enterprise:

CLIENT_CERTIFICATE_FULLPATH

Specifies which root certificate to use when connecting to the Enterprise Management server.

Optional when installing the following:

  • A server to a new array.

  • Combined Forefront TMG services and Enterprise Management server.

  • A server to an existing array.

Required in workgroup scenarios.

Enterprise:

ENTERPRISE_DESCR

Describes the enterprise.

Default: Empty.

Optional when installing the following:

  • Enterprise Management server in a new enterprise.

  • Combined Forefront TMG services and Enterprise Management server in a new enterprise.

Enterprise:

ENTERPRISE_MODE

Specifies whether the Enterprise Management server is a new enterprise or is a replica of an existing Enterprise Management server. Possible values: New or Replica.

Default: New.

Optional when installing the following:

  • Enterprise Management server in a new enterprise.

  • Combined Forefront TMG services and Enterprise Management server in a new enterprise.

Enterprise:

ENTERPRISE_NAME

Specifies the name of the enterprise.

Default: Enterprise.

Optional when installing the following:

  • Enterprise Management server in a new enterprise.

Enterprise:

HOST_ID

Specifies the host ID of the array member. Each array member must have a different host ID number.

Default: Automatically assigned.

Optional when installing the following:

  • A server to a new array.

  • Combined Forefront TMG services and Enterprise Management server.

  • A server to an existing array.

INTRA_ARRAY_ADDRESS_IP

Defines the IP address used for communication by Forefront TMG computers that are in the same array. The IP address must be an IP address on the Forefront TMG computer.

Optional when installing the following:

  • A server to a new array.

  • Combined Forefront TMG services and Enterprise Management server.

  • A server to an existing array.

SERVER_CERTIFICATE_FULLPATH

Specifies which server certificate to use.

Optional when installing the following:

  • Enterprise Management server.

  • Combined Forefront TMG services and Enterprise Management server.

Required in scenarios containing workgroups or untrusted domains.

SERVER_CERTIFICATE_PASSWORD

Specifies the password for the server certificate. You must set SERVER_CERTIFICATE_PASSWORD when an encrypted certificate is specified in SERVER_CERTIFICATE_FULLPATH.

Optional when installing the following:

  • Enterprise Management server.

  • Combined Forefront TMG services and Enterprise Management server.

Required in scenarios containing workgroups or untrusted domains.

STORAGESERVICE_ACCOUNT

Specifies the user account name to use for the Enterprise Management server.

Default: NT AUTHORITY\NetworkService.

Required when installing a Enterprise Management server on a domain controller.

Otherwise, should not be specified.

STORAGESERVER_COMPUTERNAME

Specifies the fully qualified domain name (FQDN) of the Enterprise Management server to which to connect. The default value is localhost, in which case the Enterprise Management server installed on this computer is used.

Required when installing the following:

  • A server to a new or existing array.

  • A replica Enterprise Management server (when ENTERPRISE_MODE is set to Replica, regardless of whether you are also installing Forefront TMG services).

STORAGESERVER_CONNECT_ACCOUNT

Specifies the name of the user account that will be used to connect to the STORAGESERVER_COMPUTERNAME. Default: User account that is currently logged on.

Optional when installing the following:

  • A server to a new array.

  • Combined Forefront TMG services and Enterprise Management server (when replicating).

  • A server to an existing array.

STORAGESERVER_CONNECT_PWD

Specifies, in plaintext, a password for the STORAGESERVER_CONNECT_ACCOUNT. Default: password for the user who is currently logged on.

Optional when installing the following:

  • A server to a new array.

  • Combined Forefront TMG services and Enterprise Management server (when replicating).

  • A server to an existing array.

STORAGESERVICE_PWD

Specifies the password for STORAGESERVICE_ACCOUNT account.

Default: No password.

Optional when installing the following:

  • Combined Forefront TMG services and Enterprise Management server.

  • Enterprise Management server (or replica only).

SUPPORT_EARLIER_CLIENTS

Specifies whether clients running earlier versions of Firewall Client or an earlier operating system version can connect to this Forefront TMG array. Possible values: 0 (default) or 1.

In an enterprise environment, optional when installing the following:

  • A server to a new array.

  • Combined Forefront TMG services and Enterprise Management server.

Related Topics