# Post installation ## Add certificate to the root store If a self-signed certificate was selected, you should import the certificate into the Trusted Root Certification Authorities container on every device where the Adaptiva Admin Portal will be accessed. Each OneSite Administrator who will use the Admin Portal from a remote device will need to import the certificate. Alternatively, the certificate can be deployed using a GPO or Intune policy. ### Download and install the certificate 1. In your browser, navigate to your Adaptiva Server name with optional *:port* - `https://servername[:port]`. Example: `https://cm.onelab.com:9678` 2. You will see the message **Your connection isn't private**. 3. Click on the text **Not secure** next to the Address URL. 4. Click on **Your connection to this site isn't secure**. ![Connection Warning](https://1238239958-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FzBcNZqjCKqgdpA83eD4o%2Fuploads%2Fgit-blob-1a23801d5947f9f5d64c50599bca2d3b46ccd36e%2Fimage32.png?alt=media) 5. Click on the certificate icon to view the certificate. ![Certificate Details](https://1238239958-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FzBcNZqjCKqgdpA83eD4o%2Fuploads%2Fgit-blob-5a5b191d4828540f9fdb9ac53122f8650eda039e%2Fimage33.png?alt=media) 6. Select the **Details** tab. 7. Click on **Export**. 8. Select a destination (your **Downloads** folder) - leave the default filename of **adaptiva.crt**. 9. Close your browser. 10. In File Explorer, browse to the saved certificate and double-click it. 11. Select **Install Certificate...**. 12. Select **Local Machine (recommended)** and click **Next**. 13. Select **Place all certificates in the following store**. 14. Click **Browse**, select **Trusted Root Certification Authorities** and click **OK**. 15. Click **Next** and then click **Finish**. #### Alternatively 1. The certificate is stored in the registry at `HKLM\SOFTWARE\Adaptiva\server\certificates.cloudui_public_cert` 2. The data can be saved into a UTF-8 formatted text file with a .crt extension. 3. You can then run the following command to import the certificate: `Certutil.exe -addstore root "\adaptiva.crt"` #### Test the certificate 1. In your browser, enter the Adaptiva Server name with optional *:port* - `https://adaptivaservername[:port]`. 2. You will now see the Admin Portal login page. 3. There will now be a lock icon next to the URL ![Secure Site Details](https://1238239958-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FzBcNZqjCKqgdpA83eD4o%2Fuploads%2Fgit-blob-80b6b764d852778d4518704f6551dcc3e10dcfb3%2Fimage34.png?alt=media) ### Content Library Location The Content Library will default to Adaptiva Server installation folder **%Path%\Adaptiva\AdaptivaServer\Data\ContentLibrary**. Consider moving the Content Library to a dedicated drive that can be backed up or replicated. It is not supported to use a UNC path. Review this [How-To article](https://support.adaptiva.com/hc/en-us/articles/203736410-How-To-Change-the-location-of-the-content-library-) for instructions on moving the Content Library location. > **IMPORTANT**: Ensure this drive is backed up or replicated. ### Configure SQL Database Best Practices By default, the installation account is assigned as the owner of the Adaptiva database. SQL best practice is to set the SA account to the owner. 1. In **SQL Management Studio**, right-click on the **adaptiva** database and select **Properties**. 2. Select the **Files** page. Change the Owner to **SA**. 3. Select the **Options** page. Verify the Recovery model is set to **Simple**. > **NOTE**: If the Adaptiva database will be part of a SQL Always On Availability Group, the Recovery model should be set to Full. ### Finalize the Workspace ONE Integration This is only applicable if the Workspace ONE integration was selected. After a successful installation, return to the Workspace ONE UEM console to complete the integration of the two platforms. 1. Navigate to the Adaptiva settings page (**Groups & Settings | All Settings | System | Enterprise Integration | Peer Distribution | Adaptiva**) and enter either the name or the internal IP address of the Adaptiva server. This will allow the ACC to communicate with the Adaptiva server on the internal network. 2. Upload the Adaptiva Server certificate so the authentication between the ACC and Adaptiva services is secure. Recall the certificate was saved here: ***%InstallPath%*****\Program Files\Adaptiva\AdaptivaServer\data\security\AdaptivaServer.cer**. ![Certificate Upload](https://1238239958-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FzBcNZqjCKqgdpA83eD4o%2Fuploads%2Fgit-blob-2d880df93643c9cc3809cfc915cd3c64b4744433%2Fimage35.png?alt=media) 3. Click **Save**. The system will save the settings and immediately perform a health check to validate communications and then initiate publication of application metadata to the Adaptiva Server. ![Health Check](https://1238239958-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FzBcNZqjCKqgdpA83eD4o%2Fuploads%2Fgit-blob-904df99f6445b7381da395542f75c6023d407fe7%2Fimage36.png?alt=media) #### (Optional) Reduce SQL permissions To remove SQL sysadmin access from the account 1. Stop the **AdaptivaServer** service. 2. In **SQL Management Studio**, select the ConfigMgr database and click **New Query**, enter the following command: ```sql CREATE ROLE db_executer\ GRANT EXECUTE TO db_executer ``` 3. Click **Execute**. 4. Repeat the above step against the Adaptiva database. 5. Expand **Security | Logins** folder, right-click the account used for installation and select **Properties**. 6. Select the **Server Roles** page and uncheck the server role: **sysadmin**. 7. Select **User Mapping**. 8. In the **Users mapped to this login** section, select the **adaptiva** database, and under the database role membership, select the following roles: ```sql db_datareader db_datawriter db_ddladmin db_executer ``` 9. In the **Users mapped to this login** section, select the **ConfigMgr** database, and under the database role membership, de-select the `db_owner` role, and select the following roles: ```sql db_datareader db_datawriter db_ddladmin db_executer ``` ![Login Properties](https://1238239958-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FzBcNZqjCKqgdpA83eD4o%2Fuploads%2Fgit-blob-1f121a9584a9e5e8310db28f3d55f91afe04fcb9%2Fimage37.png?alt=media) 10. Click **OK** when complete. 11. Start the **AdaptivaServer** service. ## Additional configuration After you have completed the installation of the OneSite platform, you may choose to apply additional configurations to optimize your environment. These optional steps vary depending on the solution you’ve implemented and the size and complexity of your organization. * [Create your network topology](https://docs.adaptiva.com/platform-guide/network-topology.md) * [Configure security and access control](https://docs.adaptiva.com/platform-guide/security.md) * [Set up event notifications](https://docs.adaptiva.com/platform-guide/settings/event-notifications) ## Administration and troubleshooting * [Perform administrative tasks on Adaptiva clients with the Adaptiva Administration Tool (AAT)](https://support.adaptiva.com/hc/en-us/articles/360028239692-Administration-Adaptiva-Administration-Tool-AAT) * [Troubleshoot client connectivity](https://docs.adaptiva.com/platform-guide/client-validator)