To enable HTTP downloads on a Windows 2008 server using IIS
Original Instructions by Taylor Wolfe, Systems Engineer @ JAMF and added more information by me.
Start menu >> Administration Tools >> Server Manager >> Roles >> Add the Web Server(IIS) role (in the setup select all checkboxes for 'Security' section. everything else leave default settings)
Start menu >> Administrative Tools >> Internet Information Services Manager
Expand the server >> right-click on 'Sites' >> click 'Add Web Site...'
Site name: 'Casper HTTP File Server'
Physical path: this is the folder you need to give IIS for some system files (you might need to have casperadmin or a user have full access to this folder prior you assign this - e.g. Right Click > Properties > Security > add and give the domain user casperadmin full access)
Click 'Connect as..' and give the user credentials who has full access (e.g.-casperadmin) to 'Physical path' you assigned earlier > Click OK
You can click 'test Settings' and see if it connects to the assigned folder with without any issues.
6. Expand the server >> Expand web sites >> right-click on 'Casper HTTP File Server' >> click 'Add Virtual Directory'
- Enter 'CasperShare' as the Virtual Directory's name and enter the physical path to the CasperShare > Click 'Connect as...'
8. Click 'Connect as..' and give the user credentials who has read-only access (e.g.-casperinstall) to 'Physical path' you assigned earlier > Click OK
You can click 'test Settings' and see if it connects to the assigned folder with without any issues.
With the CasperShare selected, double click 'Authentication'
Enable Basic Authentication and put 'Your Domain' and Disable 'Anonymous Authentication'
11. With the CasperShare selected, double click 'Authorization Rules, and give casperadmin and casperinstall users rights (as Specified Users:) to the Virtual Directory
and Remove 'Allow All Users' access.
Select the 'Casper HTTP File server' >> double click 'MIME Types'
Click 'Add' in the right hand column and add an additional MIME type for .dmg, .pkg, .mpkg, .bom and .* file types.
Set ".dmg" with a MIME type of "file/download"
- Set ".pkg" with a MIME type of "application/octet-stream"
- Set ".mpkg" with a MIME type of "application/vnd.apple.installer+xml"
- Set ".bom" with a MIME type of "file/download"
- Set ".*" with a MIME type of "file/download"
- Set "." with a MIME type of "application/octet-stream"
14. With the CasperShare selected, double click 'Directory Browsing' and Disable Directory Browsing if it is enabled for testing (Default will be Disabled) - This will disable people from seeing list of directories and files of the HTTP share (security purposes).
Casper uses absolute path to the packages/scripts so directory browsing not needed.
e.g.- https://my.company.com/CasperShare/Packages//Evernote.pkg
You can temporarily enable Directory Browsing for testing the HTTP share to visit the share and make sure files and folders show up after authentication (otherwise you'll get error 403 but that's fine as directory browsing is disabled) but please Disable Directory Browsing after testing!!!
NEXT STEP is to create SSL certificate for this IIS 7 and allow HTTPS instead of HTTP to disable cleartext password communication.
Once you finish installing SSL certs, nest step is to allow HTTPS
Expand the server >> Expand web sites >> right-click on 'Casper HTTP File Server' >> click 'Bindings' >> Add > https with port 443
You can remove HTTP bindings for this site now and allow only HTTPS.
You can test the HTTPS by going to your website from your web browser via HTTPS. Also check the authentication.
-------------------------
Update (13/02/2012): Please add "." with a MIME type of "application/octet-stream". Otherwise any pkg with postflight script will fail.
-------------------------