Hideez Authentication Service (EN)
  • Hideez Authentication Service for Enterprises
    • Release notes
    • Key features of the Hideez Authentication Service in 5 minutes
  • Quick Start Guides
    • Hideez Authenticator Mobile app guide
    • Hideez Key guide
    • Passkey guide
    • FIDO Security Key guide
      • Activation FIDO key and setting PIN code
    • Quick Start Guide for subscriptions
      • Hideez Security Key
      • Hideez Authenticator App
      • Passkeys
    • Guide for Hideez Enterprise Server on Cloud
      • Passkeys
      • Mobile app
      • Hideez Key
  • Use cases
    • Hideez Authenticator Mobile App
      • Passwordless PC login
      • Password-based PC login
      • SSO login to Webservises (FIDO2) via mobile app
        • Using Hideez Authenticator as your passwordless authentication method for SSO
      • Using Hideez Authenticator as your two-factor authentication method for SSO
      • OTP generation by Hideez Authenticator App for 2FA
      • RDP login by Hideez Authenticator App
      • Remote PC lock
    • Hideez Key
      • Proximity Lock
      • Proximity Unlock
        • Unlock PC by Hideez Dongle Touch (Tap-and-Go)
      • Proximity settings (guide for admin)
      • Automatic RDP Launch and Logon
      • Password manager and OTP generator
      • OTP manager for two-factor authentication
    • FIDO Security Key
      • SSO login to Web Servises via Hardware Key (FIDO2)
      • Passwordless PC Login to Entra ID (Azure AD).
      • Using Hideez Key as U2F security key for your two-factor authentication
      • Other vendors' hardware keys
    • Passkey
      • SSO login to Web Services (FIDO2) via Passkey and Hideez Server as Identity Provider
    • Emergency blocking of all computers
    • Employee's account disabling
  • Hideez Enterprise Server
    • Hideez Enterprise Server
    • Glossary
    • Hideez Server Architecture
    • Deployment
      • Database installation
        • MySQL on Windows
        • MySQL on Linux
        • Microsoft SQL Server on Windows
        • Microsoft SQL Server on Linux
      • HES deployment
        • Windows
        • Linux
        • Docker
        • Deployment without Internet access
        • Troubleshooting
      • HES update
        • Windows
        • Linux
        • Docker
      • Publishing on-premises HES for remote users
    • Administration
      • How to change the password for an administrator account?
      • How to recover a forgotten admin password?
      • Adding an admin account
      • Deleting an admin account
      • How to enable two-factor authentication at the Hideez Enterprise Server?
      • Authorization on the HES server via a FIDO key
      • Platform authentication on the HES server
      • Connecting Linux server to Active Directory
      • Setting Hideez Server parameters
      • Configuring DNS server
      • Setting up a Proxy for Mobile App Access to HES
      • How to create and set Hideez Key Access Profiles
      • How to manage companies and departments?
      • How to manage Positions?
      • Enable load balancing
      • Data Protection
    • Dashboard
      • Information about the server
      • Information about employees
      • Information about devices
      • Workstations Information
    • Employees
      • How to add an Employee?
      • Employees management
      • Employee management with Active Directory
    • Workstations
      • How to add and approve Workstations?
      • Workstations management
      • Workstation Profiles
      • Use Proximity Unlock Workstations
    • Hardware Vaults
      • How to add Hideez Key into the Server
      • Assign a key to the user
      • Remove the key from the Employee
      • Set a profile for a Hardware Vault
      • How to see an RFID code on the Employee key?
    • Accounts
      • Creating personal employee accounts
      • Creating shared employee accounts
      • Personal account management
      • Shared account management
      • Accounts backup and restore
      • How to work with the account template?
    • Keys Management
      • Keys Statuses
      • Transition to Reserved status
      • Keys Activation mechanism
      • Cancel issuance of Hideez Key (Reserved -> Ready)
      • Transition to Suspended status
      • Transition to Locked status
      • Transition to Deactivated status
      • Transition to Compromised status
      • Removing the Locked status
      • Wipe procedure
      • Delete key from Hideez Server
    • Audit
      • Workstation events
      • Workstation Sessions
      • Summaries
    • Single Sign On settings
      • How to get employee licenses
      • Enabling Single Sign-On (SSO) for Employees
      • User settings
    • Configuring SAML Protocol
    • Configuration OIDC (OpenID Connect)
  • Hideez Server Integration
    • Microsoft Entra ID
      • Import and Sync Users from Entra ID
        • Administrator-Initiated Manual Password Changes
        • User-Initiated Password Changes
    • Active Directory (On-Premises)
      • Import and Sync Users from Active Directory (On-Premises)
        • Administrator-Initiated Manual Password Changes
        • User-Initiated Password Changes
        • Active Directory (On-Premises) Access and Rights Delegation
    • SAML integration
      • ASA AnyConnect VPN
      • Citrix services
      • Fortinet services
      • GitHub Enterprise
      • GitLab on premises
      • Google Workspace
      • Microsoft Exchange for Authentication via SAML
        • ADFS Installation
      • Okta
      • Oracle Business Intelligence Enterprise Edition (OBIEE)
        • Step 1: Configure the Identity Provider — Hideez Enterprise Server (HES)
        • Step 2: Configure the Service Provider — Oracle Access Manager (OAM)
        • Step 3: Register Oracle Access Manager (OAM) in Hideez Enterprise Server (HES)
        • Step 4: Configure Directory Services and Web Infrastructure
        • Step 5: Configure Oracle Business Intelligence Enterprise Edition (OBIEE) for Single Sign-On (SSO)
    • Open ID Connect integration
      • Hideez Server as an External Authentication Method for Microsoft Entra ID via OIDC
      • OKTA (OIdC)
    • WS-Federation integration
      • Configure Exchange Outlook Web Application and Exchange Admin Center
  • Hideez Client App
    • Hideez Client deployment
      • Installation of the Hideez Client Application
      • Deploying Hideez Client MSI via GPO (Group Policy Object)
      • Configuration app
      • Uninstall Hideez Client app
      • Uninstalling via GPO
      • Upgrade Hideez Client
      • Downgrade Hideez Client
    • Application interface
      • General Settings
      • Logon settings
      • Aditional settings
      • Configuring hotkeys
    • Account management
      • Account creation
      • Editing an Existing Account
      • Deleting your account
    • Shortcuts
    • Remote Vault connection
    • Mobile Authenticator
  • Hideez Authenticator App
    • Quick overview
    • Admin guide
      • Setup for PC login scenario
        • Passwordless PC Login Setup
          • Configuring an Active Directory Certification Authority
          • Hideez Enterprise Server setup for passwordless login
          • Setting Up Passwordless Workstation Login with Entra ID
        • Password-based PC login Setup
      • Setup for SSO login scenario
    • User guide
      • Mobile App Primary Setup
      • App enrollment on Hideez Server
        • Enroll the application on Hideez Server for SSO
          • SSO enrollment (admin account)
          • SSO enrollment (user account)
        • PC Authorization Enrollment
          • Enrollment for Passwordless PC Authorization
            • Passwordless account re-enrollment
          • Enrollment for Password-based PC Authorization
            • Account roaming
      • Login with Hideez Authenticator
        • SSO login
        • PC login
          • Offline passwordless login
          • Login to the remote PC via RDP
      • PC lock
      • OTP generation
      • Software key disabling
        • PC logon disabling
        • SSO logon disabling
      • Service operations
  • Hideez Key (Enterprise Edition)
    • Hideez Key (Enterprise Edition)
    • Technical Specifications
      • Technical specifications Hideez Key 3
      • Technical specifications Hideez Key 4
    • Principles of operation
    • Device Layout
    • Battery maintenance
    • Hideez Key modes
    • How to update the Hideez Key (Enterprise) firmware
    • How to enter credentials with the Hideez Key
    • How to unlock PC
    • Key for Physical doors
  • Product Updates
    • Product updates
    • Hideez Enterprise Server updates
    • Hideez Key firmware updates
    • Hideez Client updates
    • Hideez Authenticator updates
  • API
    • Hideez Enterprise Server web API
  • FAQ
    • How-to's
      • How to add an Employee?
      • How to add personal user account on HES?
      • How to assign Hideez Key to a user?
      • How to activate Hideez Key?
      • How to unlock Hideez Key on HES?
      • How to unlock PC with Hideez Key?
      • How to setup proximity PC unlock?
      • How to use Hideez Key on remote PC?
      • How to enroll the Hideez Authentication app on HES for SSO?
      • How to login on HES with Hideez Authenticator?
      • How to enroll the Hideez Authentication app for PC login?
      • How to login to PC with Hideez Authenticator?
      • Enable QR Code Display for Hideez Authenticator on the Lock Screen of a Windows Remote Workstation
    • Hideez Client App
      • What do I do if I see the message "Connection failed. Trying to re-bond device"?
      • What do I do if the connection with the HES server cannot be established?
      • What should I do if the Password Manager menu item is not displayed?
    • Hideez Enterprise Server
      • How to view logs at Hideez Enterprise Server?
    • Setting Up Gmail with HES
    • Hideez Authenticator
      • QR code is not displayed at the credential provider on my PC
      • I have registered successfully but cannot login
      • What do I do if I changed domain and cannot login now
      • Does the Hideez App collect or transmit data from the phone to third parties or services?
    • Hideez Key
      • What physical conditions are dangerous for the Hideez Key?
      • Is the Hideez Key allowed on planes?
      • How to enable FIDO2 passwordless authentication with Microsoft Azure AD for use with Windows 10-11
  • Documentation portal
Powered by GitBook
On this page
  • 1. Install IIS
  • 2. Download HES server
  • 3. Configuring the HES
  • 4. Configuring IIS

Was this helpful?

  1. Hideez Enterprise Server
  2. Deployment
  3. HES deployment

Windows

HES deployment - Windows

1. Install IIS

1.1. Add IIS role

  • Open Server Manager and click Manage -> Add Roles and Features. Click Next.

  • Select Role-based or feature-based installation and click Next.

  • Select the appropriate server. The local server is selected by default. Click Next.

  • Enable Web Server (IIS) and click Next.

  • No additional features are necessary to install the Web Adaptor, so click Next.

  • On the Web Server Role (IIS) dialog box, click Next.

  • On the Select role services dialog box, verify that the web server components listed below are enabled. Click Next.

  • Verify that your settings are correct and click Install.

  • When the installation completes, click Close to exit the wizard.

1.2. Enable WebSockets on IIS

  • Open Server Manager and click Manage.

  • Use the Add Roles and Features wizard from the Manage menu or the link in Server Manager.

  • Select Role-based or Feature-based Installation. Select Next.

  • Select the appropriate server (the local server is selected by default). Select Next.

  • Expand Web Server (IIS) in the Roles tree, expand Web Server, and then expand Application Development.

  • Select WebSocket Protocol. Select Next.

  • If additional features aren't needed, select Next.

  • Select Install.

  • When the installation completes, select Close to exit the wizard.

1.3. Download and install Windows Hosting Bundle

Note: You MUST have IIS installed before installing Windows Hosting Bundle.

2. Download HES server

Option 1

You can download the zip file from:

then unzip its contents to a folder C:\Hideez\HES.

Option 2

Or you can do it with PowerShell:

> Invoke-WebRequest -Uri  https://update.hideez.com/hes/windows_x64_latest.zip  -OutFile  ~\windows_x64_latest.zip
> Expand-Archive -LiteralPath ~\windows_x64_latest.zip -DestinationPath C:\Hideez\HES

this download and extract the HES to C:\Hideez\HES directory

3. Configuring the HES

Navigate to the 'C:\Hideez\HES' directory and run the HES.Wizard application next, follow the setup tips and configure the server

4. Configuring IIS

4.1. Create a Self-Signed Certificate for IIS

Option 1 (creating a certificate using IIS)

  • Start IIS Manager.

  • Click on the name of the server in the Connections column on the left. Double-click on Server Certificates.

  • In the Actions column on the right, click on Create Self-Signed Certificate...

  • Enter any friendly name (for example HES) and then click OK.

  • You will now have an IIS Self Signed Certificate valid for 1 year listed under Server Certificates.

You can click on the created certificate and see its properties.

Option 2 (creating a certificate using PowerShell)

An alternative way to create a certificate is to use the cmdlet New-SelfSignedCertificate in PowerShell, which can be used to specify the required CN:

New-SelfSignedCertificate -DnsName <you_domain_name>  -FriendlyName <friendly_name>

for example:

New-SelfSignedCertificate -DnsName hideez.example.com -FriendlyName HES

4.2. Add the Web Site

  • Start IIS Manager.

  • In the Connections pane, right-click the Sites node in the tree view, and then click Add Web Site.

  • In the Add Web Site dialog box, type a friendly name for your Web site in the Site name box. "HES" would be a good choice.

  • In the Physical path box, type the physical path of the Web site's folder (C:\Hideez\HES), or click the browse button (...) to browse the file system to find the folder.

  • If you want to select a different application pool than the one listed in the Application Pool box. In the Select Application Pool dialog box, select an application pool from the Application Pool list, and then click OK.

  • The default value in the IP address box is All Unassigned. If you must specify a static IP address for the Web site, type the IP address in the IP address box.

  • Optionally, type a host header name for the Web site in the Host Header box.

  • If you do not have to make any changes to the site, and you want the Web site to be immediately available, select the Start Web site immediately check box.

  • Click OK.

  • After warning, "The binding" *: 80 ′ is assigned to another site ... ", click YES

  • In the Bindings pane click "Add" and Add site Binding with type https for you hostname port 443 and with you certificate (In the SSL certificate drop-down menu, select your certificate).

  • In Sites node turn off "Default Web Site".

4.3. Application pool configuration

  • Go into the IIS Manager

  • Click on Application Pools (on the left)

  • Right click on your application pool

  • Select Advanced Settings

  • General

    • Change the value of .NET CLR Version to No Managed Code

  • Process Model

    • Change the value of Idle Time-out (minutes) to 0

    • Change the value of Load User Profile to True

  • Recycling

    • Change Regular Time Interval (minutes) to 0

PreviousHES deploymentNextLinux

Last updated 4 months ago

Was this helpful?

you can find an update guide for Windows.

By default, access to the new server: login - password - admin

Windows Hosting Bundle, which includes the .NET Core Runtime and IIS support
https://update.hideez.com/hes/windows_x64_latest.zip
Here
admin@server