You can install Forefront TMG using an unattended server setup. In order to run the installation in unattended mode, you prepare the setup information in a file that is used by the setup process during installation. In this mode, running a command triggers the setup, and reads the settings from an answer file. You do not need to monitor the installation process, and enter setup information when prompted by the setup process. This mode is recommended for deployments of multiple Forefront TMG servers.
Note: |
---|
To run an unattended setup, you must be a member of the Administrators group on the local computer. |
-
Create an answer file with the required parameters. You can modify the Forefront TMG sample installation answer file (InstallStandaloneServer.ini). See below for a description of the Answer file parameters.
-
At the command prompt, type the following:
PathToISASetup \Setup.exe [/r]/v" /q[b|n] FULLPATHANSWERFILE=\"PathToINIFile\Filename.ini\""
where:
- PathToISASetup is the path to the
Forefront TMG installation files. The path can be the root folder
of the Forefront TMG CD or a shared folder (on your network) that
contains the Forefront TMG files.
- /r indicates an unattended
reinstallation.
- /q sets the user interface level:
- q, qn—No user interface.
- qb—Basic user interface; only setup
progress bar and error messages.
- q, qn—No user interface.
- PathToINIFile is the path to the
folder that contains the unattended installation information.
- Filename .ini is the name of
the answer file.
For example, the following command performs an unattended installation using the sample InstallStandaloneServer.ini as the answer file. It is located in drive C:\Microsoft Forefront TMG.
/v" /qn FULLPATHANSWERFILE="C:\Microsoft Forefront TMG\Unattended_Setup_Sample\InstallStandaloneServer.INI\""
- PathToISASetup is the path to the
Forefront TMG installation files. The path can be the root folder
of the Forefront TMG CD or a shared folder (on your network) that
contains the Forefront TMG files.
Note the following:
- The InstallStandaloneServer.ini file
contains configuration information that is used by Setup in
unattended mode. It has no effect on an interactive Forefront TMG
setup.
- If you do not specify a parameter in the
file, the default value is used.
- The InstallStandaloneServer.ini file
is located in the following folder on the Forefront TMG CD:
FPC\Unattended_Setup_Sample
- In an Enterprise configuration, there are a
number of additional sample answer files, as described in the
following table.
File name Description InstallStandaloneServer.ini
Installs a computer running Forefront TMG services.
InstallRemoteManagement.ini
Installs TMG management only.
InstallEnterpriseManagementServer.ini
Installs an Enterprise Management server.
Uninstallserver.ini
Uninstalls a server.
Answer file parameters
The following table describes the entries and values in the InstallStandaloneServer.ini file of the server.
Entry | Description | Required or optional |
---|---|---|
PIDKEY |
Specifies the product key. This is the 25-digit number located on the back of the Forefront TMG CD case. |
Required for all installation scenarios. |
UPDATESUPPRESS |
By default, Forefront TMG initiates a system wide scan for updates using Windows Update. If this parameter is specified, Forefront TMG does not initiate the scan for updates. |
Optional. |
INTERNALNETRANGES |
Specifies the range of addresses in the Internal network. InstallStandaloneServer.ini must specify at least one IP address; otherwise, setup fails. The syntax is: N From1-To1,From2-To2,... FromN-ToN |
Required. |
InstallDir={install_directory} |
Specifies the installation folder for Forefront TMG. If not specified, the value defaults to the first disk drive with enough space. The syntax is: Drive :\ Folder The default folder is: %Program Files%\Microsoft Forefront TMG |
Optional for all installation scenarios. |
COMPANYNAME=Company_Name |
Specifies the name of the company installing the product. |
Optional for all installation scenarios. |
DONOTDELLOGS = {0|1} |
If value is set to 1, the log files on the computer are not deleted. The default is 0. |
Optional for uninstalling. |
DONOTDELCACHE = {0|1} |
If value is set to 1, the cache files on the computer are not deleted. The default is 0. |
Optional for uninstalling. |
ADDLOCAL= {MSFirewall_Management}, {MSFirewall_Services}, {MSDE} |
Specifies a list of features (delimited by commas) that should be installed on the computer. To install all the features, set ADDLOCAL=ALL. |
Optional for all installation scenarios. |
REMOVE={MSFirewall_Management}, {MSFirewall_Services}, {MSDE} |
Specifies a list of features (delimited by commas) that should be removed from the computer. To remove all the features, set REMOVE=ALL. |
Optional for all installation scenarios. |
IMPORT_CONFIG_FILE =Importfile.xml |
Specifies a configuration file to import. |
Required when upgrading. |
MIGRATION_PASSWORD |
Specifies the password to use when importing sensitive data, as part of the migration process. |
Required when you specify the IMPORT_CONFIG_FILE entry. |
Enterprise: ARRAY_AUTHENTICATIONMETHOD |
Defines the array's authentication method. Possible values: Windows (LDAP) or Certificate (LDAPS). When you set this value, you must also specify a value in CLIENT_CERTIFICATE_FULLPATH. Default value: Windows. |
Optional when installing the following:
Must be set to Certificate in workgroup scenarios. |
Enterprise: ARRAY_DESCR |
Describes the array. Default: Empty. |
Optional when installing the following:
|
Enterprise: ARRAY_MODE |
Specifies whether the server installation creates a new array or the server joins an existing array. Possible values: New or Join. Default: New. |
Optional when installing the following:
|
Enterprise: ARRAY_DNS_NAME |
Specifies the name that Firewall and Web proxy clients use when connecting to the array. Default: Computer name. |
Optional when installing the following:
|
Enterprise: ARRAY_ENTERPRISEPOLICY |
Specifies which enterprise policy to use. Default: Array Policy Only. |
Required when installing a server to a new array. Should not be specified when installing Forefront TMG services and Enterprise Management server in a new enterprise. |
Enterprise: ARRAY_INTERNALNET |
Specifies the range of IP addresses in the new array's internal networks. Defines the description of the new array. N From1-To1,From2-To2,... FromI-ToI |
Required when installing the following:
Should not be specified when installing a server to an existing array that has an internal network defined. Optional when using ARRAY_INTERNALNET_ENTERPRISE_NETS. |
Enterprise: ARRAY_INTERNALNET_ENTERPRISE_NETS |
Specifies the names of enterprise networks that are included in the array's Internal network. Syntax: "network1" "network2"…"networkN". If a network name contains quotation marks ("), replace them with two quotation marks (""). |
Optional if ARRAY_INTERNALNET is specified. Otherwise, required when installing a server to a new array. Should not be specified when installing an Enterprise Management server for a new enterprise. |
Enterprise: ARRAY_NAME |
Specifies the name of the new array or the name of an existing array, when joining an array. Default: Computer name (for new array installation). |
Optional when installing the following:
Required when installing a server to an existing array. |
Enterprise: CLIENT_CERTIFICATE_FULLPATH |
Specifies which root certificate to use when connecting to the Enterprise Management server. |
Optional when installing the following:
Required in workgroup scenarios. |
Enterprise: ENTERPRISE_DESCR |
Describes the enterprise. Default: Empty. |
Optional when installing the following:
|
Enterprise: ENTERPRISE_MODE |
Specifies whether the Enterprise Management server is a new enterprise or is a replica of an existing Enterprise Management server. Possible values: New or Replica. Default: New. |
Optional when installing the following:
|
Enterprise: ENTERPRISE_NAME |
Specifies the name of the enterprise. Default: Enterprise. |
Optional when installing the following:
|
Enterprise: HOST_ID |
Specifies the host ID of the array member. Each array member must have a different host ID number. Default: Automatically assigned. |
Optional when installing the following:
|
INTRA_ARRAY_ADDRESS_IP |
Defines the IP address used for communication by Forefront TMG computers that are in the same array. The IP address must be an IP address on the Forefront TMG computer. |
Optional when installing the following:
|
SERVER_CERTIFICATE_FULLPATH |
Specifies which server certificate to use. |
Optional when installing the following:
Required in scenarios containing workgroups or untrusted domains. |
SERVER_CERTIFICATE_PASSWORD |
Specifies the password for the server certificate. You must set SERVER_CERTIFICATE_PASSWORD when an encrypted certificate is specified in SERVER_CERTIFICATE_FULLPATH. |
Optional when installing the following:
Required in scenarios containing workgroups or untrusted domains. |
STORAGESERVICE_ACCOUNT |
Specifies the user account name to use for the Enterprise Management server. Default: NT AUTHORITY\NetworkService. |
Required when installing a Enterprise Management server on a domain controller. Otherwise, should not be specified. |
STORAGESERVER_COMPUTERNAME |
Specifies the fully qualified domain name (FQDN) of the Enterprise Management server to which to connect. The default value is localhost, in which case the Enterprise Management server installed on this computer is used. |
Required when installing the following:
|
STORAGESERVER_CONNECT_ACCOUNT |
Specifies the name of the user account that will be used to connect to the STORAGESERVER_COMPUTERNAME. Default: User account that is currently logged on. |
Optional when installing the following:
|
STORAGESERVER_CONNECT_PWD |
Specifies, in plaintext, a password for the STORAGESERVER_CONNECT_ACCOUNT. Default: password for the user who is currently logged on. |
Optional when installing the following:
|
STORAGESERVICE_PWD |
Specifies the password for STORAGESERVICE_ACCOUNT account. Default: No password. |
Optional when installing the following:
|
SUPPORT_EARLIER_CLIENTS |
Specifies whether clients running earlier versions of Firewall Client or an earlier operating system version can connect to this Forefront TMG array. Possible values: 0 (default) or 1. |
In an enterprise environment, optional when installing the following:
|