Installing Ranger's server components on a member server or workstation

Question

Is it possible to run the Ranger server components on a machine other than a domain controller?

Symptoms

N/A

N/A

Cause

N/A

Resolution

N/A

Instructions

Yes. There are three different ways of installing and running Ranger's server components:

1) On an NT4/2000 domain controller.

This is the recommended method of installation. Install Ranger to a directory on the server. The Ranger Server and Ranger Accounts Server services will be installed and run automatically to enable LAN Ranger messaging and direct Ranger group lookup when users log on. Since the server is a domain controller the user accounts database can be accessed by Ranger Accounts Server directly.

2) On a member server (a server connected to a domain but not a domain controller)

Ranger can be installed on a member server as above, but the Ranger Accounts Server will not be able to directly access the user accounts database. To configure Ranger Accounts Server to ask another machine (a domain controller) to perform account lookup, add the following registry entry on the member server.

Use this registry key to direct the server lookup to a valid domain controller.

"HKEY_LOCAL_MACHINESOFTWAREHyperion Security SoftwareRangerAccss"

Create a string value called "User Account Computer Name" with the
name of a domain controller as a value eg."server"

3) On a non-NT/2000 server

Ranger's server components can be installed on a non-NT/2000 server. However, the following must be considered:

The Ranger server components must be installed to a server (e.g. Novell, Linux Samba share, etc) that is accessible by all clients via a UNC path or a mapped drive letter. (e.g. serverranger or p:ranger where p: is mapped in a login script to a server directory).

If programs cannot be run directly on the server (e.g. Novell) then an Windows administrative machine can be used to act as the "Ranger Server" to run Ranger Server and LAN Ranger.

The "Ranger server" machine should be a machine that is always left on (to ensure LAN Ranger logging and security functions are always active).

The machine should have a static IP address.

The machine's IP address should be configured in RangerAdmin's Settings dialog:


The RgrSvr.exe and LANRanger.exe programs should be added to either the registry's HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun key or the machine's STARTUP folder to ensure they are always restarted when the machine is rebooted.

Since the Ranger Accounts Server will only work with NT/2000 servers client machines will need to be configured for the "STARTUP folder shortcut" method of logging on. This requires Microsoft policy editor to be configured on client machines, a valid Config.pol file created and group specific SecMon shortcuts to be placed in group STARTUP folders. (see manual or dealer for more information)

Testing

N/A