Windows Share Point Services Administrator's Guide

Introducing Windows SharePointServicesMicrosoft Windows SharePoint Services helps users work together. SharePoint sites provide a central repository fordocuments, information, and ideas, and allow users to work interactively.

Windows SharePoint Services is an update and revision to SharePoint Team Services 1.0 from Microsoft, and offersmany improvements over SharePoint Team Services 1.0, several of which are detailed in the following sections.

Windows SharePoint Services Service Pack 2 extends Windows SharePoint Services to support advanced extranetdeployments. Additional information about Service Pack 2 features is available in What's New in WindowsSharePoint Services Service Pack 2.

What's New for Site UsersThe following are a just few of the new features for users of Windows SharePoint Services.

Document versioning and document check-in and check-out

Use document versioning to automatically create a backup copy of a file whenever it is saved to a documentor picture library. Users can also check out a file to lock it while editing, preventing other users fromoverwriting or editing it inadvertently.

New lists and views

Create a picture library to share a collection of digital pictures or graphics. Create an Issue tracking list tomaintain a history on a specific issue. Use the calendar Monthly, Weekly, and Daily views to view informationin any SharePoint list that has a date and time column.

Other improvements to lists

Users can add attachments to list items, including HTML pages, documents, and images. List owners canapprove or reject items that are submitted to the list and add comments. List owners can also applypermissions to a list, allowing only specific users to make changes to the list.

Support for list and site templates

Users can save SharePoint lists as templates, and reuse them or distribute them to other sites. Administratorsand Web Designers can save sites as templates to capture best practices or to define a consistent look andfeel.

Support for Web Parts and Web Part Pages

Each list in a site is a Web Part that allows easy customization and personalization using the browser. Userscan customize Web Parts or add new Web Parts to a page.

Quicker page and site creation

Users can go to one page to create any SharePoint list, such as discussion lists, document libraries, and otherlists. Users can also create sites on demand without involving the IT department by using Self-Service SiteCreation.

For a complete list of new features and information about using these features, see the Help system for WindowsSharePoint Services.

Windows SharePoint Services Administrator's Guide Página 1 de 382

What's New for DevelopersThe following are a few of the new features for developers working with or adding on to Windows SharePointServices.

Built on the .NET framework

SharePoint sites are built on ASP.NET and are extensible by using the .NET framework. Service Pack 2supports both ASP.NET 1.1 and ASP.NET 2.0.

Support for solutions

Use the object model to create custom solutions on the Windows SharePoint Services platform. Remote programmability with SOAP

Access the object model from a remote location by using the SOAP protocol.

For a complete list of new developer features and more information about using these features, see the WindowsSharePoint Services Software Development Kit.

What's New for Server AdministratorsThe following new features have been included to help administrators of Windows SharePoint Services.

Architecture Scalable architecture

Windows SharePoint Services scales from a single server to a server farm with multiple front-end Webservers and back-end database servers. Front-end Web servers are stateless, so the load can be balancedacross them.

Support for running multiple applications on a virtual server

You can exclude part of the URL namespace on a virtual server so that Windows SharePoint Services doesnot overwrite data for a Web application. Windows SharePoint Services can coexist with other applicationson a single virtual server.

Store all documents, metadata, and site data in a database

Microsoft SQL Server or Microsoft SQL Server 2000 Desktop Engine (Windows) (WMSDE) is used tostore all site data, including documents. This improves reliability by ensuring complete transactional integrity ofthe data, and enables the scale-out architecture. Using the database also allows for both full-text searchingand backing up sites by backing up the database.

Per-site full-text searching

Use SQL Server full-text indexing to provide site-wide searching of sites on your server. Comprehensive administrative object model

Enables rich scenarios for writing custom management tools to manage sites.

International Support for multiple language sites

Multiple language sites can be hosted on a single server or server farm running Windows SharePoint Services.Note that site language is independent of server language.

Regional settings for each site


Each site can have its own regional settings, such as time zone.

Management Create sites from SharePoint Central Administration or by allowing Self-Service Site Creation

Administrators can create sites for users or allow users to create their own sites automatically by usingSelf-Service Site Creation.

Site quotas and notifications

Set quotas for site storage size and generate automatic notifications for the site owner when a site reaches itssize limit. In Active Directory account creation mode, you can also set a quota to specify the maximumnumber of users that can be added to Microsoft Active Directory directory service from any single SharePointsite collection.

Inactive site management

Site owners are notified on a periodic basis of all their sites, and asked to confirm that the sites are in use ordelete them. If multiple notices are sent to the site owner without any response, the administrator can specifythat the site be automatically deleted.

Site-level backup and restore

Each site in a server farm can be individually backed up and restored. This feature can be used for archivinginactive sites prior to deleting them.

Blocked file extensions

Server administrators can block the upload of specific file types (for example MP3 or .exe files). Site migration

Sites on one server can be moved to another by using the Microsoft SharePoint Migration Tool(Smigrate.exe).

Setup and Upgrade Easy installation for small deployments

If you want to set up Windows SharePoint Services on a single server with WMSDE, you can run Setup withthe default settings and have a working site within minutes.

Support for server farm installations

With Windows SharePoint Services, you can set up a server farm configuration, which includes multiplefront-end Web servers and multiple back-end database.

Site migration

SharePoint Team Services 1.0 sites can be migrated to Windows SharePoint Services by using the MicrosoftSharePoint Migration Tool (Smigrate.exe).

Security Works with standard Windows authentication and security methods

Use Windows SharePoint Services with any IIS 6.0 authentication method, including Kerberos authentication.Connect to the database by using Windows authentication or SQL Server authentication, and integrateWindows SharePoint Services with Microsoft Active Directory directory service.

SharePoint administrators group

Allow members of a domain group to perform central administration tasks without granting them administratorWindows SharePoint Services Administrator's Guide Página 3 de 382

rights to the local server computer. Manage users from SharePoint Central Administration

Use the SharePoint Central Administration pages to add or delete users on all sites and assign site owners. Domain group support

Use domain groups to control access to your site. New in SP2: Extranet deployments made easier using Active Directory Federated Services (AFDS)

ScenariosMicrosoft Windows SharePoint Services can help people communicate within an organization, on the World WideWeb, and across these boundaries. The following scenarios illustrate how Windows SharePoint Services can be usedin these situations.

Enhance Your Organization's Intranet No matter how large or small your organization, the users inside your organization have data, documents, andthoughts to share with other users in the organization. You can install Windows SharePoint Services to a single serverto support a small organization, or you can create a server farm environment to support a large, multinationalorganization.

Inside a Small Organization

In a smaller organization, you can install and run Windows SharePoint Services without a lot of overhead. Forexample, you can:

Use the single server installation to get a site up and running quickly. Turn on Self-Service Site Creation to allow users to build sites as needed. Enable full-text searching so your users can easily find the information and documents they need.

Inside a Large Organization

In a larger organization, you can take advantage of more sophisticated administration features. For example, you can: Use a server farm configuration to support load balanced servers. Increase efficiency by running both Windows SharePoint Services and other Web applications on the same

servers. Install language packs to allow for sites in different languages around the world. Prompt for site use confirmation, and automatically delete unused Web sites. Manage site users efficiently by using domain groups instead of individual users.

Host SharePoint Sites on the InternetIf you are an Internet Service Provider (ISP), you can appreciate the large-scale management features available withWindows SharePoint Services. And because Windows SharePoint Services includes a comprehensive administrativeobject model, you can build custom administration tools to manage your servers and SharePoint sites.

For example, you can: Use a server farm configuration to allow load balancing for your servers. Take advantage of the new site and server architecture to help isolate server processes from each other. Set quotas for sites, so that you can predict how much space each site will take up on your servers, and set

appropriate billing policies for larger sites. Use Windows SharePoint Services in Active Directory account creation mode so that new user accounts are

created automatically, up to a configurable limit, based on the e-mail addresses.Windows SharePoint Services Administrator's Guide Página 4 de 382

Provide automatic site backups for a monthly fee.

Communicate with External Partners by Using an ExtranetIf you work with external partners, or if you have users who need to access data from outside of your organization'sfirewall, you can run Windows SharePoint Services in an intranet/extranet environment. In this configuration, you can:

Allow both internal and external users to view and interact with the same content and data. Employ the antivirus protection and blocked file extension features to help protect your server integrity.

Using Windows SharePoint Services as a PlatformWindows SharePoint Services is a platform technology, and is designed to be extensible. Several products build onWindows SharePoint Services, and you can extend Windows SharePoint Services to work with your product. Youcan find information about ways to extend Windows SharePoint Services in the Windows SharePoint ServicesSoftware Development Kit.

©2003 Microsoft Corporation. All rights reserved.


ï»¿

What's New in WindowsSharePoint Services Service Pack2Microsoft Windows SharePoint Services Service Pack 2 (SP2) is now available as a download from the MicrosoftDownload Center. Windows SharePoint Services SP2 adds the following functionality to Windows SharePointServices SP1:

Support for IP-bound virtual servers Support for advanced extranet configurations Kerberos authentication enabled by default Support for Microsoft ASP.NET 2.0 Support for Microsoft Windows Server 2003 64-bit implementations

Service Pack 2 also includes the changes from Service Pack 1 and all hotfixes that have been released since ServicePack 1.

NoteÂ Â Additional hotfixes might be released between the time that SP2 is completed and the time when SP2 isreleased. To ensure you have all the latest hotfixes, be sure to check for the availability of any additional hotfixes.

Support for IP-bound virtual serversPrevious releases of Windows SharePoint Services did not support assigning static IP addresses to virtual serversextended with Windows SharePoint Services. Instead, it was required that you use host headers and configure allvirtual servers with an IP address setting of All Unassigned.

This limitation, as described in Microsoft Knowledge Base article KB 830342: "Soap:Server Exception of TypeMicrosoft.SharePoint.SoapServer.SoapServerException" Message Appears When You Try to Edit a Portal by UsingFrontPage, prevented the ability to host multiple virtual servers on which Secure Sockets Layer (SSL) is enabled onone Web server. In Windows SharePoint Services Service Pack 2, this limitation has been removed, and WindowsSharePoint Services now supports assigning a static IP address to a virtual server that has been extended withWindows SharePoint Services.

NoteÂ Â Windows SharePoint Services SP2 does not support IP-bound virtual servers that were deployed inscalable hosting mode, as described in the Server Farm Scalable Hosting Mode Deployment topic of the WindowsSharePoint Services Administrator's Guide.

Support for advanced extranet configurationsOrganizations who want to implement extranet deployments for Windows SharePoint Services often use a reverseproxy and load balancers to protect and manage access to the virtual server front ends. This type of advancedextranet configuration could alter the protocol, host header, or port of the request before it reaches the server runningWindows SharePoint Services. Several functions within Windows SharePoint Services generate links and e-mailmessages based on the protocol, host header, and port of the request as it is received by the server running WindowsSharePoint Services. If the protocol, host header, or port were altered, the wrong URL would be returned to theclient.


http://r.office.microsoft.com/r/rlidAWSContentRedir?AssetID=DC012304611033&CTT=11&Origin=HA100240591033


http://r.office.microsoft.com/r/rlidAWSContentRedir?AssetID=XT011315101033&CTT=11&Origin=HA100240591033



Windows SharePoint Services, prior to Service Pack 2, does not support the type of advanced extranet configurationdescribed above. Configurations that changed the protocol, host header, or port caused Windows SharePointServices to return the wrong URL to the client. This is because Windows SharePoint Services generated repliesbased on the host header (protocol, host, and port) received in the client request.

To demonstrate how this advanced extranet configuration behaved prior to Windows SharePoint Services SP2, thefollowing diagram and example describe the process of a client request that is sent over an SSL connection that isterminated on a reverse proxy server.

The following steps describe this process:1. In SSL termination, the client sends a request to the server using SSL. In this example, the URL is

https://adatum.com.2. The reverse proxy server converts the request from SSL (HTTPS) to HTTP and passes it to the server

running Windows SharePoint Services as http://adatum.com.3. Because Windows SharePoint Services received the request as an HTTP request it generates HTTP links,

rather than HTTPS (SSL) links on the page that will be returned to the client. In this example, WindowsSharePoint Services uses http://adatum.com as the base for the links on the pages it returns.

4. The reverse proxy server then converts the reply back into HTTPS and forwards it to the client. However,the links on the page within the reply are still HTTP links, which is incorrect for the user because they need tobe HTTPS links.

Windows SharePoint Services SP2 solves this problem by providing support for advanced extranet configurations.However, this support is not enabled by default. To enable this support, you must use the following command lineoperations, which are new with Windows SharePoint Services SP2, to map the incoming URL and substitute theoutgoing URL.

Notes Scalable hosting mode is not supported with advanced extranet configurations. For more information, see

Server Farm Scalable Hosting Mode Deployment. Links within alerts work with advanced extranet configurations, only if the user subscribed to the alert after

this support was enabled. If the user subscribes to the alert before this feature is configured, the alert willcontinue to use the wrong URL (HTTP instead of HTTPS) in its links even after advanced extranetconfiguration support is enabled.

The new command line operations supported in stsadm.exe are: Addalternatedomain Addzoneurl Deletealternatedomain Deletezoneurl Enumalternatedomains Enumzoneurls

The following sections describe these command line operations.

AddalternatedomainConfigures the incoming URL and maps it to a URL zone. For each Web request, Windows SharePoint Servicesdetermines the protocol, host header, and port of the request and looks for a matching incoming URL that waspreviously entered using this command line operation. If a matching incoming URL is found, Windows SharePointServices then determines which zone will be used to format the outgoing response. Note that you can perform aseparate zone mapping for each virtual server.

Example Syntax:


stsadm.exe â€“o addalternatedomain â€“url http://sharepoint:1234 â€“urlzone default â€“incomingurl http://sharepoint.internal.adatum.com:1234

The following table describes the properties associated with this command line operation. Property Description

-url

URL of the virtual server as it is displayed on the Virtual Server List page in the SharePoint CentralAdministration site. If the virtual server is bound to a specific IP address or to a specific host header inMicrosoft Internet Information Services (IIS), you can also use that IP address or host header as the valuefor this property.

NoteÂ Â The value of this property is displayed in the Virtual Server List in SharePoint CentralAdministration.

-urlzone Specifies which one of the five zones with which the outgoing URL is associated. The possible values for thisproperty are: default, internet, intranet, extranet, or custom.

-incomingurl URL for any requests that come from the reverse proxy server or client to the Web server. You can mapmultiple incoming URLs to the same URL zone.

NoteÂ Â Windows SharePoint Services uses a linear search to look-up the URL. If too many incoming URLs areadded, performance could be affected.

AddzoneurlAdds a URL to a zone and specifies the URL to return to the client.

Example Syntax:stsadm.exe â€“o Addzoneurl â€“url http://sharepoint:1234 â€“urlzone default â€“zonemappedurl http://www.adatum.com

NoteÂ Â There can be only one outgoing URL per URL zone. This example uses the default URL zone.

NoteÂ Â Windows SharePoint Services SP2 introduces new behaviors associated with an outgoing URL that ismapped to the default zone. Specifically, when you turn on Self-Service Site Creation for a particular virtual server,the SSSC announcement that is posted to the root site will contain a link to the SSSC page using that outgoing URLthat you mapped, rather than the URL listed in the IIS metabase. In addition, when an administrative alert e-mailmessage is generated, the e-mail message will contain links based on the outgoing URL you mapped, rather than theURL listed in the IIS metabase. This behavior does not apply to outgoing URLs that are mapped to any zone, otherthan the default zone.


-url

URL of the virtual server as it is displayed on the Virtual Server List page in the SharePoint CentralAdministration site. If the virtual server is bound to a specific IP address or to a specific host header in IIS,you can also use that IP address or host header as the value for this property.


-urlzone

Specifies which one of the five zones with which the outgoing URL is associated. The possible values for thisproperty are: default, internet, intranet, extranet, or custom.

NoteÂ Â You can associate only one outgoing URL with a URL zone for a particular virtual server.


-zonemappedurlURL used in Web pages or e-mail messages going from the Web server to the reverse proxy server or theclient. This URL is the one that can be reached by the end user. This step ensures that the end user sees thecorrect URL when the URL is returned from the server to the client.

DeletealternatedomainDeletes an incoming URL from a URL zone.

Example Syntax:stsadm.exe â€“o deletealternatedomain -url http://sharepoint:1234 -incomingurl http://sharepoint.internal.adatum.com:1234


-urlURL of the virtual server as it is displayed on the Virtual Server List page in the SharePoint CentralAdministration site. If the virtual server is bound to a specific IP address or to a specific host header in IIS, thenyou can also use that IP address or host header as the value for this property.

-incomingurl

URL for any requests that come from the reverse proxy server or client to the Web server. You can mapmultiple incoming URLs to the same URL zone.

NoteÂ Â You use this property with the deletealternatedomain operation to specify which incoming URL youwant to delete.

DeletezoneurlDeletes an outgoing URL from a URL zone.

Example Syntax:stsadm.exe â€“o deletezoneurl -url http://sharepoint:1234 â€“urlzone default



-urlzone

Specifies which one of the five zones with which the outgoing URL will be associated. The possible values forthis property are: default, internet, intranet, extranet, or custom.

NoteÂ Â You use this property with the deletezoneurl operation to specify which zone the outgoing URLbelongs to that you want to delete.

ImportantÂ Â After using command line operations to add or delete URLs, you must restart IIS on each serverrunning Windows SharePoint Services in your server farm for your changes to take effect. To restart IIS, use thefollowing syntax from the command prompt: iisreset.exe /noforce

EnumalternatedomainsLists the incoming URLs and which URL zones and outgoing URLs they are mapped to.

Example Syntax:stsadm.exe â€“o enumalternatedomains â€“url http://sharepoint:1234


The following table describes the property associated with this command line operation. Property Description

-url

URL of the virtual server as it is displayed on the VirtualServer List page in the SharePoint Central Administrationsite. If the virtual server is bound to a specific IP addressor to a specific host header in IIS, then you can also usethat IP address or host header as the value for thisproperty.

EnumzoneurlsLists the outgoing URLs and which URL zones they are mapped to.

Example Syntax:stsadm.exe â€“o enumzoneurls â€“url http://sharepoint:1234


-url

URL of the virtual server as it is displayed on the VirtualServer List page in the SharePoint Central Administrationsite. If the virtual server is bound to a specific IP addressor to a specific host header in IIS, you can also use thatIP address or host header as the value for this property.

Example: Understanding URL MappingThis example builds on the the earlier reverse proxy example, but with URL mapping applied, using the command lineoperations described earlier. In this example, the administrator uses the addalternatedomain command line operationto map the incoming URL (http://adatum.com) to the Extanet zone and also uses the Addzoneurl command lineoperation to map the outgoing URL (https://adatum.com) to the Extanet zone.

The following steps and the following figure describe this process:1. The client sends a request to the server over SSL by using the https://adatum.com URL.2. The reverse proxy server intercepts the request and forwards it to Windows SharePoint Services as

http://adatum.com (non SSL).3. Windows SharePoint Services looks up the zone associated with this incoming URL to determine the

outgoing URL to use, and then generates links on the page (to be returned to the client) using thehttps://adatum.com URL and sends the reply to the reverse proxy server.

4. The reverse proxy server then forwards the reply to the client with links on the pages based on thehttps://adatum.com URL, which is correct for the client.

For more information about advanced extranet configurations, see the Reverse Proxy Configurations for WindowsSharePoint Services and Internet Security and Acceleration Server white paper.

Kerberos authentication enabled by defaultEarlier releases of Windows SharePoint Services changed the default authentication method from Kerberosauthentication to NTLM. Windows SharePoint Services SP2 does not change the default IIS authentication settings.

The ability to choose either Kerberos authentication or NTLM authentication is available in both the SharePointCentral Administration application and the stsadm.exe command-line utility. You choose an authentication type whenyou create the SharePoint Central Administration virtual server, extend a virtual server, or extend a virtual server and


http://r.office.microsoft.com/r/rlidAWSContentRedir?AssetID=HA011915231033&CTT=11&Origin=HA100240591033


map it to an existing virtual server.

For the stsadm.exe command line, there is a new optional parameter: exclusivelyusentlm. If this parameter is notspecified, then the virtual server is not modified and retains its original authentication configuration which by default isKerberos authentication.

Support for ASP.NET 2.0Windows SharePoint Services SP2 now supports both Microsoft ASP.NET 1.1 and Microsoft ASP.NET 2.0. Youcan also run ASP.NET 1.1 and ASP.NET 2.0 side-by-side on different virtual servers running Windows SharePointServices SP2, to support solutions or Web Parts that require one version or the other.

Windows SharePoint Services SP2 provides the same feature/functionality when running on ASP.NET 2.0 as it doeswhen running on ASP.NET 1.1. Support for ASP.NET 2.0 is Windows SharePoint Services SP2 does not includeintegration with the new ASP.NET 2.0 Web Part framework. This means that if you deploy a Web Part built inASP.NET 2.0 to a virtual server running Windows SharePoint Services SP2, this Web Part will function as a Webform control.

ASP.NET 2.0 restricts the permissions of pages, Web Parts, and controls to run with minimal privileges. Forexample, code from assemblies in the global assembly cache (GAC) which previously ran with full trust will now runwith minimal privileges. This lockdown is incompatible with Windows SharePoint Services and will require you to usethe stsadm.exe utility to upgrade the web.config settings in order for Windows SharePoint Services to functionproperly.

For more information refer to the configuration section of the Windows SharePoint Services Administrator Guide andthe Knowledge Base article 894903: You receive a "The Windows SharePoint Services virtual server has not beenconfigured for use with ASP.NET 2.0.xxxxx.0" error message.

Support for 64-bit editions.To run Windows SharePoint Services SP2 on the 64-bit editions of Windows Server 2003 , you must run IIS in32-bit emulation mode.

For information about configuring IIS for 32-bit emulation mode, see Configuring IIS for 32bit emulation mode in Preparing your Front-end Web Servers for Windows SharePoint Services.

When you install Windows SharePoint Services SP2 on 64-bit versions of Windows Server 2003, you can chooseeither the Typical option (which installs WMSDE SP4 on the server in which you are installing Windows SharePointServices) or you can choose to use a Microsoft SQL Server 2000 database.



http://go.microsoft.com/fwlink/?linkid=42660

http://go.microsoft.com/fwlink/?linkid=42660

Show All

Introducing the AdministrationTools for Windows SharePointServicesMicrosoft Windows SharePoint Services includes tools to help you manage the Web sites you create. You canmanage Windows SharePoint Services locally by using Central Administration pages (which are created duringinstallation) or by using the stsadm.exe command-line interface. Remote administration requires using the CentralAdministration HTML pages.

NoteÂ Â When the Central Administration virtual server and site is created, it is assigned a random port numberbetween 1023 and 32767. To access the Central Administration site remotely, you must know this port number. Youcan use the stsadm.exe command line utility to view or change the administration port number.

HTML Administration PagesWindows SharePoint Services includes HTML Administration pages to help manage your Web sites and servers.You can use these forms on the local computer or from a remote computer connected to either the Internet orintranet. You must have the proper administrator rights to use HTML Administration pages.

For Windows SharePoint Services, there are two types of administration pages: Central Administration pages Site Administration and Site Settings pages

Central Administration PagesThe Central Administration pages allow you to manage settings for your server farm, Web server, and virtual servers.These pages are created during Windows SharePoint Services setup. By default, a newly created virtual serverinherits settings from defaults set on the Central Administration pages. You can change these default settings andspecify what settings to use for each extended virtual server. You must be either a member of the local administratorsgroup for the server computer or a member of the SharePoint administrators group to be able to use the CentralAdministration pages. For more information about the SharePoint administrators group, see Managing the SharePointAdministration Group.

Accessing SharePoint Central Administration Locally

To access to the Central Administration pages on the local computer, click Start point to Administrative Tools, andthen click SharePoint Central Administration.

Accessing SharePoint Central Administration remotely

From the browser on a remote computer, type the Uniform Resource Locator (URL) and port number, whereserver_name is the name of your front-end Web server and port is the port number of your central administrationsite. For example, http://server_name:port.

NoteÂ Â If you will be managing Windows SharePoint Services remotely over the Internet you should consider usingWindows SharePoint Services Administrator's Guide Página 12 de 382

SSL encryption.

Site Administration and Site Settings PagesIn addition to the Central Administration pages, which control settings for each server and virtual server, there areadministration pages that control settings for each Web site. You can perform some administrative actions from theSite Settings page, and you can link from there to the Site Administration page. You must have administrator rights tothe Web site to perform administrative actions on the Site Settings and Site Administration pages.

From the Site Settings and Site Administration pages, you can perform tasks such as: Manage users and site groups.

You can add or remove users, edit site groups, and change a user's site group membership. For moreinformation, see Managing Users and Cross-Site Groups and Managing Site Groups and Permissions.

Create or delete subsites.

You can add a subsites or manage the existing subsites to your Web site. For more information, see CreatingSites and Subsites.

Change anonymous access.

If anonymous access is available for the virtual server that contains your Web site, you can control whether ornot it is enabled for your Web site. For more information, see Managing Site Groups and Permissions.

Change regional settings.

You can change the locale, time zone, sort order, and time format to use for your Web site. For moreinformation, see Language Considerations.

Manage Web discussions and alerts.

You can view all Web discussion and user alerts for your Web site and delete any that are no longer needed.For more information, see Managing Web Discussions and Managing Alerts.

Note that if you are managing a subsite, the administration tasks available on the Site Administration page for thesubsite are a subset of those available for top-level Web site.

The Site Settings and Site Administration pages are stored in the _layouts directory of the Web site. You can navigateto the Site Settings pages by using any of the following methods:

In your Web site, to get to Site Settings, click Site Settings. To get to Site Administration, on the SiteSettings page, click Go to Site Administration.

In Microsoft Office FrontPage 2003, on the Tools menu, click Server, and then click AdministrationHome to get to Site Settings.

In Microsoft Internet Explorer, type the URL to the pages.

The path to the Site Settings page looks like this: http://websiteurl/_layouts/lcid/settings.aspx, where lcidrefers to the locale ID (LCID). For example, for U.S. English, the lcid is 1033. The path to the SiteAdministration page in U.S. English looks like this: http://websiteurl/_layouts/1033/webadmin.aspx.

Command-Line AdministrationWindows SharePoint Services includes Stsadm.exe for command-line administration of Windows SharePointServices servers and sites. For 32-bit versions of Windows Server 2003, the stsadm.exe utility is located at thefollowing path: %drive%\program files\common files\microsoft shared\web server extensions\60\bin. For x64-basedversions of Windows Server 2003, the stsadm.exe utility is located at the following path: %drive%\program files(x86)\common files\microsoft shared\web server extensions\60\bin. You must be an administrator on the local


computer to use the Stsadm.exe tool. (The remote command-line tool for SharePoint Team Services from Microsoft,Owsrmadm.exe, is not available.)

The Stsadm.exe tool provides a method for performing the Windows SharePoint Services administration tasks at thecommand line or using batch files or scripts. The stsadm.exe provides access to operations not available using theHTML administration pages, such as changing the administration port. The command-line tool has a more streamlinedinterface than HTML Administration pages, and allows you to perform the same tasks. There are certain operationsand certain parameters which are only available using the stsadm.exe command line utility.

Operations available only from the command line:addalternatedomain enumalternatedomains getadminportaddwppack enumroles getpropertyaddzoneurl enumsites migrateusercreatesiteinnewdb enumsubwebs recalculatestorageuseddeletealternatedomain enumtemplates setadminportdeletewppack enumusers setpropertydeletezoneurl enumwppacks

enumzoneurls

Parameters available only from the command line:-force -overwrite -ssl-globalinstall -propertyname-hh -propertyvalue-newname -servicename

NoteÂ Â For a complete list of the operations you can perform by using the command-line tool, see Command-LineOperations.

The Command-Line Tool Is Not Interactive

Stsadm.exe is not an interactive tool. With Stsadm.exe, you type the operation and parameters all at once. You willnot be prompted to fill in missing parameters while the operation is running. If a required parameter is missing, theoperation fails, and you must type the operation and parameters again.

This behavior allows better flexibility for batching commands, since the tools do not prompt you for information afteryou have submitted a command. If you want a more interactive tool, try using the administrative object model orHTML Administration pages.

Using the Command-Line ToolThe command-line tool provides access to the complete set of Windows SharePoint Services operations. You canuse the stsadm.exe command-line utility from the command line or with batch files or scripts. Stsadm.exe must be runon the server computer itself.

To use the Stsadm.exe tool, you must be a member of the local Administrators group on the server computer. Whenyou invoke Stsadm.exe, you supply an operation and a set of command-line parameters in the form:

-operation OperationName -parameter value

NoteÂ Â If a value you need to use with the command line tool includes a space or a character that is treated asspecial by the command-line interface, such as an ampersand (&), you can enclose the string in quotation marks (").


For example, if the URL to a site is http://my site, you can enter the URL as "http://my site".

Most parameters for the command line also have a short form that you can use instead of the full parameter name. Forexample, the following command sets the configuration database to use Server1_collab on Server1 and specifies thedatabase user name and password to connect with:

stsadm.exe -o setconfigdb -connect -ds Server1 -dn Server1_collab

-du User1 -dp password

The following table explains the command and parameters from this example. For detailed information about eachcommand-line operation and related parameters, see Command-Line Operations and Command-Line Parameters.Command or parameter Definition

-o setconfigdb Creates a connection between Windows SharePointServices and a configuration database.

-connect Specifies that there is an existing configuration database touse.

-ds Server1 Specifies the server name that contains the database touse.

-dn Server1_collab Specifies the database name to use on that server.-du User1 Specifies an administrator user name for the database.-dp password Specifies the password for the user.

Managing Windows SharePoint Services RemotelyWhen you install Windows SharePoint Services, the Central Administration pages are installed to an administrationport. You use these pages on the administration port to manage your server remotely. You can open CentralAdministration pages from any client computer, provided you know the administration port number and log on byusing an account that is a member of the Administrators group on the server. You can use the Site Administrationpages by using an account that is a member of a site group with the Manage Web Site right for that site.

To help secure HTML Administration pages for Windows SharePoint Services, be sure to follow the securityprecautions discussed in this topic.

About Remote Administration and SecurityWhen you manage a server remotely, a wider community of users is given greater access from the Internet to thatWeb server, which creates a security risk. In an unsecured server, an unauthorized person could gain access to Websites based upon Windows SharePoint Services on your server and modify Web site settings â€”even delete Websites. To help prevent such tampering during remote administration and authoring, the following precautions arerecommended:

Require the use of a non-standard HTTP port for accessing the Central Administration pages.

This precaution makes it much more difficult for malicious users to guess the URL of HTML Administrationpages or the remote administration programs. When you install Windows SharePoint Services on theMicrosoft Windows platform, a random non-standard administration port is automatically used for theSharePoint Central Administration pages.

NoteÂ Â You can use Stsadm.exe to retrieve or change this administration port number. Do not use InternetInformation Services to change the administration port, because that can break the shortcut to SharePointCentral Administration pages from the Start menu.

Use IP address mask restrictions to prevent unauthorized computers from gaining access to the


administration port.

If you are exposing the administration virtual server externally to allow remote administration, use secureconnections, and require users to have strong passwords that are frequently updated. Typically, any IPaddresses that are not part of the corporate or data center domain are denied access. For more information,see the Internet Information Services (IIS) 6.0 Help system.

Configure the administration virtual server to require secure connections

In IIS, configure the administration virtual server to use a Secure Socket Layer (SSL). For more information,see Configuring Authentication.

Using HTML Administration Pages RemotelyWhen you install Windows SharePoint Services, the Central Administration pages are installed to an administrationport. You use these pages on the administration port to manage your server remotely. You can open CentralAdministration pages from any client computer, provided you log on by using an account that has administrator accessrights to the server. You can open the Site Administration pages by using an account that has administrator rights tothe Web site.

If you have chosen to use Secure Sockets Layer (SSL) on your administration port, you must use the HTTPSprotocol to navigate to the pages. For more information about configuring SSL, see Configuring Authentication.

Connect to the administration port by using the HTTPS protocol In the Address box of your browser, use the HTTPS protocol and type the Web address to your server's

administration pages, including the server port number.

For example, https://sample.microsoft.com:1439.

After you connect to the remote HTML Administration pages, you can perform any of the administration tasks as ifyou were connected locally.

Changing the Administration PortYou can change the administration port for your server to a port that is easy to remember or that is a standardinstallation port number for your organization. To change the administration port, use the setadminport operation.The setadminport operation takes the port parameter (specifying the new port number).

Changing the administration port can only be done from the command line. You must use the Stsadm.exe tool on theserver computer itself to change the administration port. To change the administration port, use the following syntax:

Stsadm.exe â€“o â€“setadminport â€“port <port>

NoteÂ Â If you are using SSL for your administration port, be sure to use the -ssl parameter with the precedingcommand-line syntax to ensure that the links in HTML Administration work properly. For more information, see Configuring Authentication.

Setting Configuration PropertiesYou can configure several features of Windows SharePoint Services by setting the values of configuration properties.For example, you can set a property to:

Specify whether a secondary contact name is needed when creating sites with Self-Service Site Creation. Specify SMTP server settings.


Specify whether alerts are enabled for a virtual server.

Many properties are included as options in HTML Administration pages for your server or virtual server. Propertiescan also be set from the command line or by using the object model. For a complete list of the properties you can setfrom the command line, see Commandâ€“Line Properties.

Most properties have a default value that is used at site creation time if no other value is specified. These defaultvalues are not enforced in any way, and can be overwritten by changing the value in the HTML Administration pagesor on the command line. Default values are a starting point, they are not enforced or secured.

Using the Command Line to Set PropertiesYou can set configuration property by using the command-line tool Stsadm.exe and the following operations:GetProperty and SetProperty. With these operations, you can query for or set property values directly from thecommand line. Because the properties are available through the command-line tools, you can set configurationproperties and perform other operations by using a batch file.

When you get or set a property, you must specify the level of the Web server to which the property applies: server orvirtual server. You specify the level you want for the property in the syntax of the command. The following table liststhe parameters to use to specify the level of a property.Parameter Scope

<none>Gets or sets the property per server. The property appliesto all virtual servers, sites, and subsites on the servercomputer.

-url Gets or sets the property by virtual server. The propertyapplies to sites and subsites on a single virtual server.

Setting a Property

When you set a property, you must specify the property as a string, although some properties are interpretednumerically. You must also specify the propertyname (-pn) parameter and the propertyvalue (-pv) parameter whenyou set a property. In the following example, the alerts-enabled property is set for the virtual server athttp://servername:

Stsadm.exe â€“o setproperty â€“pn alerts-enabled â€“pv true -url http://servername

The alerts-enabled property specifies whether alerts are turned on or off for a virtual server.

Querying for a Property

You can retrieve the current state of a property by using the GetProperty operation. You specify the propertyname,and the propertyvalue is returned. For example, to see what the alerts-enabled property is currently set to for thevirtual server at http://servername, you type:

Stsadm.exe â€“o getproperty â€“pn alerts-enabled -url http://servername

Properties and HTML AdministrationMost properties that can be set from the command line are also available as options in HTML Administration pages.For example, the alerts-enabled property can be set by turning alerts on or off on the Virtual Server GeneralSettings page. If you are mainly using HTML Administration pages to perform your administration tasks, mostproperties are set for you when you select options on those pages.Windows SharePoint Services Administrator's Guide Página 17 de 382

Related TopicsFor a complete list of the operations you can perform by using the command-line tools, see Command-LineOperations.

For a complete list of the properties that you can set, see Command-Line Properties.

For a complete list of the parameters you can use with operations and properties, see Command-Line Parameters.©2003 Microsoft Corporation. All rights reserved.


Administrator's Guide forMicrosoft Windows SharePointServices Copyright InformationAdministrator's Guide for Microsoft Windows SharePointâ„¢ Services Copyright Information

Information in this document, including URL and other Internet Web site references, is subject to change withoutnotice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses,logos, people, places and events depicted herein are fictitious, and no association with any real company,organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred.Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights undercopyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmittedin any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose,without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights coveringsubject matter in this document. Except as expressly provided in any written license agreement from Microsoft, thefurnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectualproperty.

Â© 2001-2003 Microsoft Corporation. All rights reserved.

Microsoft, MS-DOS, Windows, Windows NT, and SharePoint are either registered trademarks or trademarks ofMicrosoft Corporation in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.


Show All

Hardware and SoftwareRequirementsBefore you install Microsoft Windows SharePoint Services on your Web server, you must first ensure that therequired hardware and software are installed.

This section contains: Web Server Hardware Requirements Web Server Software Requirements Database Requirements Client Software Requirements

Web Server Hardware RequirementsHardware requirements for your Web server vary depending on the platform you are using, edition of the operatingsystem you choose, and whether you are deploying Windows SharePoint Services on a single server or server farm.The following table describes the hardware requirements for the supported operating systems.

Platform Operating system Requirements for single serverdeployment

Requirements for serverfarm deployment

32-bitversion

Microsoft Windows Server 2003,Standard Edition, Enterprise Edition,or Web Edition

NoteÂ Â Web Edition requires a fullversion of Microsoft SQL Server2000 or SQL Server 2005

Same as the requirements for the editionof Windows Server 2003 you are using

1* Pentium III compatibleCPU, 550 MHz or higher* 2 CPUs recommended

512 MB RAM

32-bitversion

Microsoft Windows Server 2003Datacenter Edition

Same as the requirements for MicrosoftWindows Server 2003 DatacenterEdition


1 GB RAM

x64-basedversion

x64-based version of MicrosoftWindows Server 2003, StandardEdition, Enterprise Edition, orDatacenter Edition

NoteÂ Â All x64-based versions ofWindows Server 2003 editionsrequire a full version of MicrosoftSQL Server 2000 or SQL Server2005

Same as the requirements for the 64-bitversion of the edition of Windows Server2003 you are using

1* 64-bit CPU * 2 or more CPUsrecommended

1 GB RAM

Notes Windows SharePoint Services is not supported on Itanium-based versions of Windows Server 2003. You must install Windows 2003 Server and Windows SharePoint Services on a partition formatted using the

NTFS file system.


Web Server Software RequirementsOperating System Requirements

To run Windows SharePoint Services, you must first install one of the Windows Server 2003 editions, listed in theprevious table. The following list describes the components that must be running on the edition of Windows Server2003 you choose for your Web server:

Windows Server 2003 Editionso Microsoft Internet Information Services (IIS) 6.0, running in IIS 6.0 worker process isolation modeo Microsoft ASP.NET version 1.1, Microsoft ASP.NET 2.0, or both

64-bit (x64-based) versions of Windows Server 2003 Editionso IIS 6.0, running in 32-bit emulation mode and IIS 6.0 worker process isolation modeo ASP.NET version 1.1, ASP.NET 2.0, or both

For more information about installing and configuring IIS and ASP.NET, see the Windows Server 2003 familydocumentation and Preparing Web Servers for Windows SharePoint Services.

Internet Browser Requirements

You must install one of the following browsers on your Web server. Microsoft Internet Explorer 5.01 with SP2 or later Microsoft Internet Explorer 5.5 with SP2 or later Microsoft Internet Explorer 6.0 or later Netscape Navigator 6.2 or later Mozilla 1.4 or later Firefox 1.0.4 or later

Database RequirementsIn addition to the operating system and Web server software, you must also have a database installed on your server(or on a separate server) to run Windows SharePoint Services. The following databases are supported:

Microsoft SQL Server 2000 or SQL Server 2005, with the latest service pack Microsoft SQL Server 2000 Enterprise Edition or Microsoft SQL 2005 Enterprise Edition, with the latest

service pack Microsoft SQL Server 2005 Workgroup Edition, with the latest service pack Microsoft SQL Server 2000 Desktop Engine (Windows) (WMSDE)

If you do not have SQL Server 2000 installed on the computer on which you are installing Windows SharePointServices, WMSDE is installed automatically when you install by using the default (Typical) option. If you are using thecommand-line interface to install Windows SharePoint Services, or are using a script to run the installation, you canspecify a database to use that is running on a different computer.

NoteÂ Â Windows Server 2003, Web Edition, and the x64-based version of Windows Server 2003 both requirethe full version of Microsoft SQL Server 2000 or SQL Server 2005 rather than WMSDE.

Client Software RequirementsAny Windows, Macintosh, or UNIX client can use Windows SharePoint Services features, providing the client runsthe following software:

Microsoft Internet Explorer 5.01 with SP2 or later (best results with Microsoft Internet Explorer 5.5 withSP2 or later), Microsoft Internet Explorer 5.2 or later for Macintosh, Netscape Navigator version 6.2 or


later, Mozilla 1.4 or later, or Firefox 1.0.4 or later. A client program, such as Microsoft Office 2003, is required for clients that contribute documents to a Web

site, but is not necessary for browsing. ©2003 Microsoft Corporation. All rights reserved.


ï»¿

Show All

Windows SharePoint ServicesArchitectureThe architecture for SharePoint Team Services from Microsoft is improved and enhanced for Microsoft WindowsSharePoint Services. In Windows SharePoint Services, site settings and information, along with all site content â€”such as all list data, all documents in document libraries, and other page content â€” is now stored in the Microsoft SQL Server computer or Microsoft SQL Server 2000 Desktop Engine (Windows) (WMSDE 20) database. It is nolonger split between the file system and the database. This change was made primarily for the following reasons:

To enable Windows SharePoint Services to perform well in much larger installations. Data in the databasecan be managed transactionally, so that the Web site does not need to be locked whenever a file is saved.

To improve server availability. If you have multiple stateless Web servers in a server farm, when one fails,another can take over without losing access to any content.

To improve the integrity of the stored data. The possibility of conflicts between database and file systeminformation is removed, and the database can be easily backed up.

Furthermore, because the new architecture greatly reduces the dependency on the Microsoft Windows registry andthe Internet Information Services (IIS) metabase for each server that runs Windows SharePoint Services, you cannow create a server farm system with multiple servers and host many more Web sites than you can with SharePointTeam Services.

Windows SharePoint Services ConfigurationsYou can choose between two configurations for Windows SharePoint Services: stand-alone server or server farm. Ifyou anticipate only light usage of your Web sites, you can use the stand-alone server configuration. If you aresupporting Web sites in a large organization or as an Internet service provider (ISP), and anticipate heavy usage and alot of data, you will most likely want to use the server farm configuration.

Stand-alone Server ConfigurationA stand-alone server configuration has the following characteristics:

There is a single server running Windows SharePoint Services. Multiple sites and subsites are grouped in site collections on each virtual server in IIS that is extended with

Windows SharePoint Services. An Internet Server Application Programming Interface (ISAPI) filter mapsincoming Uniform Resource Locator (URL) to specific sites on that virtual server.

Scaling is achieved by adding site collections to an existing virtual server, or by adding subsites to an existingsite collection.

Each virtual server has its own set of content database in SQL Server or WMSDE. The configurationdatabase directs each virtual server to the appropriate content database for a given Web site. The content forthe top-level Web site and any subsites within a site collection is stored in the same content database.

The following diagram illustrates the architecture for the Windows SharePoint Services stand-alone serverconfiguration.

This diagram shows a similar architecture to the one used for SharePoint Team Services, with the exception that alldata is now in the SQL Server database rather than split between the database and the file system.Windows SharePoint Services Administrator's Guide Página 23 de 382

Server Farm ConfigurationA server farm configuration has the following characteristics:

There are multiple separate servers running Windows SharePoint Services and SQL Server. Multiple sites and subsites are grouped in site collections on each virtual server in IIS that is extended with

Windows SharePoint Services. An ISAPI filter maps incoming URLs to specific sites on that virtual server. Each virtual server has its own set of content databases in SQL Server. The configuration database for the

server farm directs each server to the appropriate content database for a given Web site. The content for thetop-level Web site and any subsites within a site collection is stored in the same content database.

Performance and capacity are increased by adding additional servers running Windows SharePoint Servicesand SQL Server.

Scaling is achieved by adding more front-end Web servers (to increase throughput for the existing content),and by adding top-level Web sites and subsites (to support more content).

Load balancing is achieved by using switching and routing hardware, or by using software such as WindowsNetwork Load Balancing Service.

The following diagram illustrates the architecture for the Windows SharePoint Services in a server farm configuration.

In this diagram, you can see the larger effects of the architecture change. Because site information is stored in thecontent databases, you can distribute the load among several front-end Web servers running Windows SharePointServices, and they can all communicate with the appropriate database. So, a request coming from the client can go toany of the front-end Web servers and still be able to connect to the correct Web site data.

In a server farm, each front-end Web server running Windows SharePoint Services can have multiple virtual servers.Each virtual server, in turn, can have multiple site collections, which can have one top-level Web site and multiplesubsites. The following diagram illustrates this hierarchy.

About Virtual ServersA virtual server is a way of breaking up the Web server structure, giving you finer control over settings for particulargroups of Web sites. So, rather than configuring a setting for an entire server, you can configure it for just a virtualserver. You can also configure authentication on a virtual server basis, so that different virtual servers can use differentauthentication methods. If you have some sites that are internal to an organization, and some that are accessible fromthe Internet, you can host them on separate virtual servers and use the appropriate authentication method for eachenvironment.

NoteÂ Â Virtual servers are called Web sites in Internet Information Services (IIS).

Using virtual servers can also allow you to isolate Web sites from one another. You can specify different applicationpools for each virtual server, and be sure that changes made to a site on one virtual server will not accidentally betransferred to another site on a different virtual server. For more information about application pools and processes,see Windows SharePoint Services Security Model or IIS 6.0 Help.

SharePoint Team Services supported approximately 1000 virtual servers per server. Windows SharePoint Servicessupports many fewer virtual servers per front-end Web server (approximately 10). This difference is a result of theuse of ASP.NET, which creates a separate set of compiled DLLs for each virtual server. Because WindowsSharePoint Services uses several large DLLs, it is not practical to have them all in memory at the same time. (Whenyou extend a virtual server, approximately 50 MB of memory is taken up by the base working set of processes,including ASP.NET.) However, because you can host multiple site collections on each virtual server, you should notneed to create as many separate virtual servers in Windows SharePoint Services as were needed in SharePoint Team


Services.

Structuring the URL NamespaceWindows SharePoint Services can be used in a variety of environments, from the small, departmental server to a largeserver farm at an ISP. To suit these environments, Windows SharePoint Services running on an IIS 6.0 platformallows you to set up your URL namespace in several configurations, each of which is based on the type of site youwant to create. Windows SharePoint Services supports the following types of sites:

Domain-named sites

You can create multiple Windows SharePoint Services site collections with a network domain name as theURL, for example, http://mysite or http://mysite.mycorp.com. Use domain-named sites to allow users tocreate short, simple URLs.

Subfolder-named sites

You can also create multiple site collections that are named as subfolders of a domain URL, for example,http://myserver/sites/mysite or http://www.mycorp.com/myOffice/MyGroup/mysite. Use subfolder-namedsites to show the hierarchy of sites in your organization.

You can choose between these types of sites depending on your organization's needs. After you decide which basicsite types you will support, you can choose from the following namespace configurations:

One domain-named site per virtual server

For example, Server1 contains http://site1, http://site2, and so on. Each top-level Web site is a separatevirtual server and has its own database. This scenario allows each site to be isolated for billing or securitypurposes.

Multiple subfolder-named sites per virtual server

For example, Server1 contains the sites http://server1/portal1, http://server1/portal2, http://server1/webapp,and so on. Each virtual server can host multiple sites based on Windows SharePoint Services, and the samevirtual server can also host Web applications. All of the sites for that virtual server can share the same contentdatabase. This allows team Web sites to coexist with portals and other Web applications.

One domain-named site and multiple subfolder-named sites per virtual server

For example, Server1 contains the sites http://portal/teams/site1, http://portal/teams/site2,http://portal/webapp, and so on. The virtual server contains a top-level Web site based on WindowsSharePoint Services. Subfolders of that site can be Web sites based on Windows SharePoint Services, or beused for Web applications. All of the sites based on Windows SharePoint Services for the virtual server sharethe same database.

Two virtual servers hosting the same content (extranet scenario)

For example, Server1 hosts http://portal and Server2 hosts https://portal.company.com. Both of the virtualservers (and they can be on separate server computers) share the same content database, and provide thesame site content to create an intranet and extranet. The two servers can have different security settings in IIS(for example, requiring SSL access on the external site, and anonymous access for internal), but sharecontent. Note that the Office FrontPage 2003 Recalculate hyperlinks feature cannot work in this scenario,because fixing the links for one URL path would break the links for the other.

Multiple domain-named sites per virtual server (large-scale hosting scenario)

For example, Server1 hosts http://user1.company.com, http://user2.company.com, http://user3.company.com,and so on. Each of these sites is a top-level Web site on the same virtual server, but they are mapped todifferent URLs. There can be one or many content databases, depending on the scale.


Communication Between the Client and ServerThe Office FrontPage 2003 client communicates with Windows SharePoint Services using HTTP, the same protocolWeb browsers and Web servers use to communicate. FrontPage implements a remote procedure call mechanism ontop of the HTTP POST request, so that the FrontPage client can request documents, update the Tasks list, add newusers, and so on.

The Web server sees POST requests addressed to the Internet Server Applications Program Interface (ISAPI) filterfor Windows SharePoint Services and directs those requests accordingly. FrontPage correctly communicatesbetween client and server through proxy servers (firewall).

NoteÂ Â FrontPage does not use the HTTP PUT request. As described in the HTTP specification, PUT sends adocument to a Web server; however, few Web servers implement PUT. Therefore, the FrontPage client uses theuniversally implemented HTTP POST request for all communication with Windows SharePoint Services.

Windows SharePoint Services does not follow the "create and then publish" model you may be accustomed to withother Web sites. The moment you create a Web site based on Windows SharePoint Services it is live on the server;you do not need to publish the Web site to another server. You can still edit the Web site in a compatible Web pageeditor, such as Office FrontPage 2003, or add pages and documents to the site, but you do not need to publish yourchanges â€” they take effect immediately when you save the files.

Mapping URLs to Physical PathsWindows SharePoint Services handles the mapping of incoming URLs to the site content in the databases. Whenusing the server farm configuration, multiple sites are stored in each content database. A configuration database keepstrack of which sites are mapped to which content database. The content databases themselves store all site contentand provide the appropriate content when the front-end Web servers request it. In SharePoint Team Services,because site content was stored both in the file system and in the IIS metabase, IIS was responsible for URLmapping.

Because the mapping between a site and the content database is based on the site's URL, two URLs cannot point tothe same site. For example, you cannot use both http://www.server_name.com/site1 and http://www.server_name.com/site2 to point to the same content in the database. You can, however, achieve the same effect by setting uphttp://www.server_name1.com/site1 to redirect to http://www.server_name2.com/site1. The exception to this rule isan intranet/extranet scenario, where you can have two virtual servers map to the same site content with URLs such ashttp://server_name/sites/site_name and http://extranet.company_name.com/sites/site_name. For more informationabout setting up this type of scenario, see Configuring Two Virtual Servers to Host the Same Content.

Handling ASP.NET Pages (ASPX Pages)Windows SharePoint Services uses ASP.NET pages (Active Server Pages (ASP pages) or ASPX pages) for formsand lists. These pages can be customized, and you can add additional ASP.NET pages to run custom solutions on topof Windows SharePoint Services.

ASP.NET pages in the _layouts directory for a SharePoint site run in direct mode, which means they are allowed torun directly. The _layouts directory contains fixed application pages for Windows SharePoint Services, such as theCreate List, Create Field, and Site Settings pages. This directory is considered outside of the Web site, and thesepages are supplied directly by IIS as requested.

ASP.NET pages inside a Web site run in safe mode. In safe mode, the ASP.NET page does not get compiled into aDLL and only a specific set of controls (identified previously as "safe") are allowed to run. You can edit the list of"safe" controls allowed to run in Web sites on a specific virtual server by editing the web.config file for a virtual server.


For more information about customizing or adding ASP.NET pages in Windows SharePoint Services, see theMicrosoft SharePoint Products and Technologies Software Development Kit.



Upgrade ConsiderationsThere are two stages in upgrading from SharePoint Team Services from Microsoft or FrontPage 2002 ServerExtensions from Microsoft to Microsoft Windows SharePoint Services:

First, you back up your existing Web sites using the Microsoft SharePoint Migration Tool and removeSharePoint Team Services or FrontPage 2002 Server Extensions from the virtual servers.

Second, you install Windows SharePoint Services on your server computer or to a new server, and restoreyour Web sites to new locations on the existing server, or to the same locations on a new server.

There is no "upgrade in place" method for upgrading your server or your sites. Because Windows SharePointServices requires Internet Information Services (IIS) to be in IIS 6.0 worker process isolation mode and SharePointTeam Services and FrontPage 2002 Server Extensions work in IIS 5.0 isolation mode, you cannot run both the oldapplications and Windows SharePoint Services at the same time. Your sites are likewise always upgraded by way ofmigration.

You can also choose to upgrade your database from Microsoft SQL Server 2000 Desktop Engine (Windows)(WMSDE) to Microsoft SQL Server, if you find you need more database features or more storage capacity than areprovided with WMSDE.

Considerations for Upgrading a Server fromSharePoint Team Services to Windows SharePointServicesIf you want to upgrade a server from SharePoint Team Services or FrontPage 2002 Server Extensions to WindowsSharePoint Services, consider the following changes:

The architecture has changed considerably. For example, you can now use Windows SharePoint Services ina server farm configuration. Also, all site content is now stored in the content databases instead of on the filesystem, and configuration data for a server or server farm is stored in the configuration database. For moreinformation about the new architecture, see Windows SharePoint Services Architecture.

The security model has changed. For example, you can now grant Windows SharePoint Servicesadministration rights to a specific domain group, in addition to the server's local administrators group. Formore information about the new security model, see Windows SharePoint Services Architecture.

There are many new features, some changed features, and some features that no longer exist in the newversion. For more information about features included in Windows SharePoint Services, see IntroducingWindows SharePoint Services.

In addition to these general changes, several specific issues should be considered when you upgrade your server toWindows SharePoint Services. The following sections describe these areas and help you manage the upgradeprocess.

Upgrading from SharePoint Team Services on Windows 2000 Serverto Windows SharePoint Services on Windows Server 2003Windows SharePoint Services requires that you be running Microsoft Windows Server 2003. If you are runningSharePoint Team Services on Windows 2000 Server, you must upgrade your server to Windows Server 2003 andthen upgrade to Windows SharePoint Services. To upgrade successfully, you must perform the following steps:

1. Use the SharePoint Migration Tool (smigrate.exe) to back up the SharePoint Team Services Web sites. Formore information about backing up Web sites, see Migrating and Upgrading Web Sites.


NoteÂ Â Before you can use the SharePoint Migration Tool to migrate sites from SharePoint Team Servicesto Windows SharePoint Services, you must verify that you are running the update to SharePoint TeamServices that updates it to function better with the SharePoint Migration Tool. To download this update, goto Office XP Web Services Security Patch: KB812708.

2. Remove SharePoint Team Services. For more information about removing SharePoint Team Services, seethe SharePoint Team Services Administrator's Guide on the Microsoft TechNet Web site.

NoteÂ Â When you uninstall SharePoint Team Services, some content may be left on the file system in thevirtual server directory. In Windows SharePoint Services, all content is stored in the content databases, ratherthan on the file system, and so you no longer need this content. Because you have already backed up theWeb sites, you can delete this content from the file system after you uninstall SharePoint Team Services, andbefore you install Windows SharePoint Services. After you install Windows SharePoint Services you canrestore the Web sites, and the content will be added to the content database.

3. Upgrade your server computer to Windows Server 2003, Standard, Enterprise, Datacenter, or Web Edition.For more information about upgrading to Windows Server 2003, see the Windows Server 2003documentation.

NoteÂ Â When you upgrade from Windows 2000 Server to Windows Server 2003, the FrontPage 2002Server Extensions are automatically installed. If you do not need FrontPage 2002 Server Extensions, it isrecommended that you remove them (from the virtual server, and from your computer) before you installWindows SharePoint Services. If you want to run both FrontPage 2002 Server Extensions and WindowsSharePoint Services, you must first remove in FrontPage 2002 Server Extensions from the default Web sitebefore installing Windows SharePoint Services. If the default site contains information that you wish topreserve, use the SharePoint Migration Tool to back up the data before removing FrontPage 2002 ServerExtensions. See Migrating and Upgrading Web Sites for more information.

4. Install and enable ASP.NET. For more information about installing ASP.NET, see the Windows Server 2003documentation.

5. Enable IIS and set it to run in IIS 6.0 worker process isolation mode, and then install Windows SharePointServices. For more information, see Installation Considerations for Windows SharePoint Services andPreparing Front-End Web Servers for Windows SharePoint Services.

6. Use the SharePoint Migration Tool to restore the backed up Web sites.

FrontPage 2002 Server Extensions ConsiderationsYou cannot upgrade in place from FrontPage 2002 Server Extensions to Windows SharePoint Services. To upgradesuccessfully, you must perform the following steps:

1. Use the SharePoint Migration Tool to back up the Web sites based on FrontPage 2002 Server Extensions.For more information about backing up Web sites, see Migrating and Upgrading Web Sites.

2. Remove FrontPage 2002 Server Extensions. For more information, see the SharePoint Team ServicesAdministrator's Guide on the Microsoft TechNet Web site.

3. Install and enable ASP.NET. For more information about installing ASP.NET, see the Windows Server 2003documentation.

4. Enable IIS and set it to run in IIS 6.0 worker process isolation mode, and then install Windows SharePointServices. For more information, see Installation Considerations for Windows SharePoint Services andPreparing Front-End Web Servers for Windows SharePoint Services.

5. Use the SharePoint Migration Tool to restore the backed up Web sites.

Note that certain features from FrontPage 2002 Server Extensions, such as using ASP pages in a Web site andlinking to a database file (such as an .MDB file) to display dynamic database content on a Web page, are notsupported in Windows SharePoint Services and do not work in any Web sites you migrate to the new technology.

Role and Right Considerations






NoteÂ Â Microsoft SharePoint Products and Technologies no longer rely on role-based security for assigning rightsand permissions to users. Instead, SharePoint Products and Technologies use site groups and cross-site groups toassign rights and permissions to users. Site groups are custom security groups that apply to a specific Web site.Cross-site groups are custom security groups that apply to more than one Web site. For more information, seeMicrosoft Windows SharePoint Services Help.

Because the site group names and definitions changed between SharePoint Team Services and Windows SharePointServices, the default site groups for your user accounts change when you upgrade. The new site group assignmentsattempt to preserve the meaning of the previous roles. The following table lists the roles in SharePoint Team Servicesand the new site group assignments that take effect when you upgrade to Windows SharePoint Services.

SharePoint Team Services role name Windows SharePoint Services site groupmembership after upgrade

Administrator AdministratorAdvanced Author Web DesignerAuthor ContributorContributor ReaderBrowser Reader

If you have a custom role that you created in SharePoint Team Services, a site group with the same name is created,and the Windows SharePoint Services rights that correspond to the SharePoint Team Services rights are assigned tothe site group when you upgrade. In some cases, because of changes to how Windows SharePoint Services works,there is no corresponding right. The following table lists the rights mapping between SharePoint Team Services andWindows SharePoint Services.SharePoint Team Services right name Windows SharePoint Services right Author Lists Add Items, Edit Items, and Delete ItemsAuthor Pages View Items, Add ItemsAuthor Web Document Discussions View PagesBorder Web Apply Themes and BordersBrowse View PagesClose Web Document Discussions View PagesConfigure Access Manage Site GroupsCreate Accounts N/ADesign Lists Manage ListsLink Style Sheets Apply Style SheetsManage Lists Manage ListsManage Server Health N/AManage Subweb Create SubsitesManage Usage Analysis View Usage DataManage Web Document Discussions N/AManage Web Subscriptions N/ARecalc Web N/ASet Source Control N/ASubscribe To Document View ItemsTheme Web Apply Themes and BordersView Lists View ItemsView Web Document Discussions View Pages

For a complete list of the rights and site groups available in , see User Rights and Site Groups.


Considerations for Migrating Sites from toWindows SharePoint ServicesYou use the SharePoint Migration Tool to migrate sites from SharePoint Team Services to . The site migrationprocess is optimized for use with standard team Web sites. This means that many types of customizations do notmigrate properly or do not work in a migrated site. Also, because the feature set and architecture have changedsignificantly between or FrontPage 2002 Server Extensions and , several features that you could use in theseenvironments do not work in Windows SharePoint Services.

NoteÂ Â Before you can use the SharePoint Migration Tool to migrate sites from SharePoint Team Services to , youmust verify that you are running the update to that updates SharePoint Team Services 1.0 to function better with theSharePoint Migration Tool. To download this update, go to Office XP Web Services Security Patch: KB812708.

The customizations and features that do not migrate include, but are not limited to, the following items:Type of customization or feature Explanation of migration issues

Customized home pages

Home pages customized by using a Windows SharePointServices-compatible Web page editor such as Microsoft OfficeFrontPage 2003 revert to the standard team Web site homepage. Home pages customized in the browser retain theircustomizations, including views that were added and changesthat were made to the Quick Launch bar.

NoteÂ Â When you migrate a site, the default.htm home pageis replaced with a new page. The original default.htm page isrenamed as default_old.htm.

Customized view and form pages

Most view and form pages customized by using a -compatibleWeb page editor such as Microsoft Office FrontPage 2003revert to standard view and form pages. However, viewscreated with other applications or that include settings notavailable in the SharePoint Team Services browser interface willnot migrate.

Customized link barsLink bars, such as the top link bar, that were customized using a-compatible Web page editor such as Office FrontPage 2003revert to the standard link bars.



Custom script files executed on the server

By default, the ISAPI filter for Windows SharePoint Servicesblocks the use of any script files (such as ASP pages) that areexecuted on the server and are not part of the installation. If youwant to use custom script files with your SharePoint sites, youmust put the script files in a separate virtual directory, andcreate an excluded path for the directory in . This allows IIS tocontrol the directory, rather than Windows SharePoint Services,and allows the ASP pages to run. Note that script files runningon the client are not blocked. For more information aboutcreating an excluded path, see Managing Paths. For moreinformation about ASP pages in , see Windows SharePointServices Architecture. To prevent script files from beingincluded during migration, either add those file extensions to theblocked files list in the destination Windows SharePointServices site, or remove those files from your SharePoint TeamServices site before migrating. See Migrating and UpgradingWeb Sites.

CautionÂ Â Custom script files that are not being executed onthe server can be browsed by users with read access to thefolder where they are stored on the server. Browsing the filescan allow users to discover information such as user names andpasswords contained in the script files, as well as networkpaths.

Custom pages that link to SharePoint lists

The SharePoint Migration Tool does not include an automaticlink fixup tool. After migration, any links that you have createdto point to specific lists are broken. You can update the links torefer to the current list location after migration.

NoteÂ Â If you have a link to a subsite, that link remains, butany links to parent Web sites or other Web sites at the samelevel do not work.

Customizations based on CAML

Customizations made to your site by using the CollaborativeApplication Markup Language (CAML) are not migrated. Youmust re-create these customizations. For more informationabout customizing SharePoint sites programmatically, see theWindows SharePoint Services Software Development Kit.

Files or folders with trailing spacesTrailing spaces at the very end of a filename ("filename.doc ")are not supported in Windows SharePoint Services. You mustchange the file name and then add the file manually to your site.

Unsupported characters

The following characters are not supported in :

/\:*?"<>|#{}%&~ or tab characters and multiple periods.If a file, folder, or URL name in your original site contains oneof these characters, it is replaced with an underscore (_).Multiple periods are replaced with a single period. Additionaldigits may be appended to the file or folder name if there areconflicting renaming changes.


Files with file extensions that are blocked in

A new feature allows server administrators to control whetherspecific file types can be uploaded or downloaded to the server.If a file in your site uses one of these file extensions (forexample, .exe), the file are not migrated to the new site. If youknow that certain file extensions are in a site you want tomigrate, you can temporarily remove those file extensions fromthe list of blocked file extensions while you migrate the site. Formore information about blocked file extensions, see ConfiguringBlocked File Extensions.

Long file and folder names (more than 255characters)

File and folder names longer than 255 characters are notsupported in Windows SharePoint Services. You can renamefiles or folders that have long names before migrating a site, orrename them after migration and add them manually to the newsite.

Lists with too many fields or columns

Lists in can only contain a certain number of fields or columns. Ifa list in your site contains too many fields or columns, it are notmigrated. You must manually re-create the list. Note that thisincludes surveys. The maximum numbers for fields and columnsare:

64 text fields, including the following field types: Singleline of text, Choice, Hyperlink, or Picture.

16 Lookup fields 16 Date and Time fields 16 Yes/No fields 32 Number and Currency fields 32 Multiple lines of text fields

Links with long URLs (more than 255 characters) URLs longer than 255 characters are not supported in . Notethat this character limit is for the URL and description.

User account limits

User account limits are not supported in Windows SharePointServices. If you are using Active Directory account creationmode for user accounts, you can limit the number of users persite by using quotas. For more information, see Configuring SiteCollection Quotas and Locks.

Local user accounts

Local user accounts are only supported if you are using ActiveDirectory account creation mode with , and local user accountsfrom your original site are not automatically created duringmigration. If you are using local accounts, first be sure that theserver you are migrating to is using Active Directory accountcreation mode, and then add the users to the site manually aftermigration. For more information, see Installation Considerationsfor Windows SharePoint Services and Managing Users andCross-Site Groups.

Subscriptions

The subscriptions feature in changed to the Alerts feature for .Users can create alerts in the new site to notify them aboutchanges. To restore subscriptions as alerts, you must be surethat alerts are enabled for the virtual server you are restoring to.Set the number of alerts to unlimited so that the restore does notstop when it reaches a limit. Also note that if a user only set upsubscriptions on the original site and hasn't added information tolists or libraries, his or her subscriptions won't get migrated. Toresolve this problem, the user should create a new item in a listand then delete it. For more information about alerts, see Managing Alerts.


Remote Web discussions and subscriptions

Windows SharePoint Services does not support using a serverrunning Windows SharePoint Services in an intranet to discusscontent on the Internet, nor does it support creating alerts forcontent on the Internet. For example, you cannot usehttp://server1 to create discussion items or alerts forhttp://www.example.com.

Web discussions and subscriptions from unavailableuser accounts

If the user account for a Web discussion or subscription cannotbe determined at restore time, the Web discussion or alert arerestored with the user name of the administrator restoring thesite.

Security from a site based on FrontPage 2002Server Extensions

If the original server is running FrontPage 2002 ServerExtensions, the security information (such as user roles) cannotbe migrated.

Created By/Modified By fields If the original user account is not available on the new serverwhen the site is restored, the Created By and Modified Byfields are set to the account that performed the restore.

Subsites that have the same name as a wildcardinclusion or exclusion

If you have set up included and excluded paths for the serverthat hosts the migrated sites, ensure that the names of thosepaths do not conflict with the names of the sites to be migrated.For example, if you had a subsite named http://server1/sites,and the /sites path on the new server is a wildcard inclusion, thehttp://server1/sites subsite are not migrated. For moreinformation about included and excluded paths, see ManagingPaths.

Theme applied to site

If the original site was based on SharePoint Team Services andhad a theme applied, when you restore the site, you may noticeformatting issues such as the Search box being sized differentlythan it was. To fix these issues, apply a new theme in WindowsSharePoint Services.

Specific file permissions on the file system

If you set access control lists (ACLs) on specific files or foldersin your Web site, those ACLs are not restored, and the files andfolders are accessible to any user with access to your restoredsite.

Currencies

When migrating a site from SharePoint Team Services toWindows SharePoint Services, Windows SharePoint Servicesconverts some obsolete currencies to their modern equivalents.For example, German Deutschmarks are converted to Euros.However, only the format of the currency field is changed. Thevalue for each entry is not altered and must be manuallyconverted using the desired conversion rate.

SharePoint Team Services sites based oncustomized schemas

SharePoint Team Services sites that are based on customizedschema files may not migrate properly to Windows SharePointServices. Even though the Software Development Kit (SDK)documented how to customize schema files for SharePointTeam Services, the Smigrate.exe utility does not supportmigrating SharePoint Team Services sites based on customizedschema files.

For more information about how to migrate Web sites, see Migrating and Upgrading Web Sites.

Considerations for Upgrading from WMSDE toWindows SharePoint Services Administrator's Guide Página 34 de 382

SQL ServerWMSDE has only a small subset of the capabilities available with SQL Server. For example, WMSDE does notinclude tools for backing up and restoring the database, and WMSDE doesn't provide full-text searching of sitecontent as SQL Server does. Also, you cannot create a server farm with multiple back-end database servers if youare using WMSDE. If you are running Windows SharePoint Services, and you originally installed with WMSDE butnow want to take advantage of these capabilities with SQL Server, you can upgrade your databases from WMSDEto SQL Server. For more information about switching to SQL Server, see Migrating from WMSDE to SQL Server.



Performance Implications ofWindows SharePoint ServicesFeaturesServer performance can be affected by many variables; some are predictable, others are not. For example, you can'talways anticipate periods of heavy demand on a week to week basis, but you can usually predict daily periods ofheavy or light use. One way to gain better control of your server's performance is to minimize the performance impactof Microsoft Windows SharePoint Services features on your server.

As with any software, some features of Windows SharePoint Services take up more resources than others. Forexample, features that rely on the Microsoft SharePoint Timer service, such as alerts and usage analysis logprocessing, can have more of an impact on your server performance than other features. This is because features thatuse the SharePoint Timer service are run during specific time ranges, and most of these features sort through manyfiles on each site. By default, the time ranges for SharePoint Timer service jobs are staggered, and set to times whenWeb site usage is typically low. Features that use the SharePoint Timer service tend to have cyclical performanceimpact. When the SharePoint Timer service starts the task, server performance is affected, but after the task has beencompleted, performance returns to normal. Other features can affect server resources for different reasons, but usuallyperformance is impacted when a feature must be run on demand when a user performs a particular action.

NoteÂ Â For more information about the performance impact of specific run-time features or features that do notscale well, see Capacity Planning for Windows SharePoint Services.

By configuring appropriate settings for features, or choosing to disable them, you can control the impact they have onperformance. The following features, because of their reliance on system processes, have a greater impact onperformance than other features in Windows SharePoint Services:

Antivirus protection

When you enable antivirus protection, each file on the server that is uploaded or downloaded is scanned forviruses and potentially cleaned if a virus is found. This process inherently impacts the download and uploadtime for files. You can minimize the performance impact by setting a quicker time out for scanning and byallocating more or fewer threads to the process. For more information about changing antivirus settings, see Configuring Antivirus Protection.

HTML viewing

The HTML viewing service converts files and documents into viewable HTML format. Because this viewinghappens on demand, it can take up a lot of resources. It is recommended that you always use a separateserver to host the HTML viewing service so that the viewing service performance does not impact theperformance of your Web server. For more information about changing HTML Viewer settings, see Managing HTML Viewers.

Usage analysis logging and processing

Usage analysis logging has a fairly low impact on server performance â€” less than 10%. However, usage logprocessing runs separately from the main Windows SharePoint Services process, and is a resource-intensivetask. Log processing relies on the SharePoint Timer service, so one thing you can do to minimize theperformance impact is to schedule log processing for times when you know use of your sites is low. You canalso increase the number of log files to improve logging performance, or decrease the number of log files toimprove log file processing performance. For more information about changing usage analysis settings, see Configuring Usage Analysis.


Site use confirmation and auto-deletion

This feature helps you monitor and delete Web sites that are not being used. It also relies on the SharePointTimer service to check for unused sites, to send e-mail alerts about unused sites to site administrators, and toautomatically delete sites. As with any other feature that uses the SharePoint Timer service, you can configurethe process to run at an appropriate time when your server is less heavily used. Also, because this feature iscontrolled at the virtual server level, you can stagger the times for each virtual server, so that not all virtualservers are being checked for unused sites at the same time. For more information about changing settings forsite use confirmation, see Managing Unused Web Sites.

Alerts

Daily and weekly alerts do not impact performance heavily, but if you have a large number of immediate alertsbeing sent, it can slow your server down. This feature also relies on the SharePoint Timer service, so you canspecify the times for daily and weekly alerts, and you can set a longer interval for immediate alerts (the defaultis every 5 minutes, but you may want to extend it to 15 minutes, for example). You can also limit the numberof alerts each user can sign up for, so that your server is not flooded with alert requests. Also, because alertsare controlled at the virtual server level, you can stagger the time ranges for each virtual server, so that not allvirtual servers are sending alerts at the same time. Keep in mind that the only way to determine the amount ofserver resources being taken up by sending alerts is to monitor your SMTP server for a lot of outboundtraffic. For more information about changing alert settings, see Managing Alerts.



ï»¿

Capacity Planning for WindowsSharePoint ServicesThis topic describes performance and scalability guidelines for Microsoft Windows SharePoint Services. The goal isto provide administrators with the information they need to purchase hardware, choose a server configuration, andmanage the capacity of their Windows SharePoint Services deployments.

There are two kinds of capacity guidelines for Windows SharePoint Services: Throughput â€” The approximate number of transactions per second that a given server configuration for

Windows SharePoint Services can handle. This guideline helps you determine how many simultaneous userscan use a given server resource without negatively affecting performance.

Scale â€” The approximate number of objects that can be created in a given scope, for example, the numberof documents per folder. This guideline helps you determine the server configuration required to host a givennumber of objects.

About Capacity and Throughput GuidelinesThe goal of the throughput testing is to measure the number of transactions per second that a server running WindowsSharePoint Services can handle. The measured throughput is then used to extrapolate the number of simultaneoususers by using a model of typical user behavior.

A rough rule of thumb is that 1 transaction per second maps to 1000 users. This rule of thumb is derived by applyingthe following model for user behavior:

1000 users

10% peak concurrency 100 simultaneous users (10% of 1000)

100 seconds per request per user (36 requests per hour per user) 100 simultaneous users/100 seconds per user per transaction 1 transaction/second

Capacity Testing MethodologyThe Windows SharePoint Services team tests throughput by using automated load generation tools that work inmachine time, not user time. In other words, real user behavior is not modeled in the test lab; server capacity ismeasured using fictitious "super users" who issue requests as fast as the server can respond. This is done to ensurethat weâ€™re measuring the capacity of the server, not the capacity of the load generation tool.

There are two main variables in the throughput testing: Transaction mix â€” The mix of user transactions, such as browse home page, save document, and edit list

item, and so on. Server configuration â€” The configuration, such as a single server or a server farm with two Web servers,

and so on.

About the Transaction Mix


The transaction mix defines the types and frequency of operations seen by the server, such browse home page, editdocument, and so on. This topic contains two different transaction mixes:

Read/write â€” This is the typical SharePoint site operation mix. Most of the load is browsing to pages anddocuments in the site, but there is a substantial amount of list and document authoring as well. For details onthe read/write operation mix, see Tested Read/Write Transaction Mix.

Read only â€” This is the typical load of a reference site where the data on the server is changing very slowly.For this mix, the entire test load is on the home page of the site. The home page is one of the most expensivepages to render, so this is a fairly conservative read-only load.

About the Server Configuration

The server configuration describes how computers are configured to run the site. Windows SharePoint Servicessupports a server farm design where multiple Web servers can be used to serve the same content, as in the followingillustration.

Administrators can add capacity to both the Web server and database server tiers by adding more server computersto the server farm. The total capacity of the server farm depends on the number of Web servers, the number ofdatabase servers, and the ratio of Web servers to database servers.

The following configurations were tested: Single computer â€” One computer running both the Web server and database server. N-by-one server farm â€” One to eight computers running the Web server and a separate computer running

the database server. This covers the most common server farm scenarios. These tests determine the marginalthroughput increase for each additional Web server and the optimum ratio of Web servers to databaseservers. As the test results show, adding Web servers to the server farm adds capacity linearly until the fourthor fifth Web server. Beyond five Web servers for each database server, the system bottleneck becomes thedatabase server. To add even more capacity you need to add a database server to the server farm.

Eight-by-two server farm â€” Eight Web servers and two database servers. This test validates the databasescale out. An 8x2 server farm has roughly twice the total throughput as a 4x1 server farm. Extending the scaleout model to 12x3 and 16x4 becomes a matter of providing sufficient network bandwidth for the server farm.

For the test hardware specifications, see Tested Hardware and Software.

About Throughput to Users

The Windows SharePoint Services performance lab found the peak throughput for each combination of transactionmix and server configuration. The throughput is measured in transactions per second. These transactions-per-secondmeasurements can be converted to the total number of users using a model of typical end-user behavior. Like manyhuman behaviors, there is a broad range of "typical" behavior. The user model for Windows SharePoint Services hastwo variables:

1. Concurrency â€” The maximum percentage of the total user base who will be using the system simultaneously.The Windows SharePoint Services models all use 10% concurrency.

2. Request rate â€” The number of requests per hour an active user generates on average. Windows SharePointServices uses four models for user behavior:o Light â€” 20 requests per hour. An active user will generate a request every 180 seconds. Each response

per second of throughput supports 180 simultaneous users and 1,800 total users.o Typical â€” 36 requests per hour. An active user will generate a request every 100 seconds. Each

response per second of throughput supports 100 simultaneous users and 1,000 total users.o Heavy â€” 60 requests per hour. An active user will generate a request every 60 seconds. Each response

per second of throughput supports 60 simultaneous users and 600 total users.o Extreme â€” 120 requests per hour. An active user will generate a request every 30 seconds. Each

response per second of throughput supports 30 simultaneous users and 300 total users.

Throughput DataWindows SharePoint Services Administrator's Guide Página 39 de 382

The following table shows the throughput results for each transaction mix, server configuration, and user model. Thepeak throughput point is highlighted in bold.

Transactions persecond

TotalusercountLight Typical Heavy Extreme

Configuration Mix Read Mix Read Mix Read Mix Read Mix Read

SingleServer 34 43 61,200 77,400 34,000 43,000 20,400 25,800 10,200 12,900

1 by 1 65 70 117,000 126,000 65,000 70,000 39,000 42,000 19,500 21,0002 by 1 121 132 217,800 237,600 121,000 132,000 72,600 79,200 36,300 39,600 3 by 1 156 194 280,800 349,200 156,000 194,000 93,600 116,400 46,800 58,200 4 by 1 161 256 289,800 460,800 161,000 256,000 96,600 153,600 48,300 76,800 5 by 1 164 279 295,200 502,200 164,000 279,000 98,400 167,400 49,200 83,700 6 by 1 157 278 282,600 500,400 157,000 278,000 94,200 166,800 47,100 83,400 7 by 1 163 280 293,400 504,000 163,000 280,000 97,800 168,000 48,900 84,0008 by 1 153 279 275,400 502,200 153,000 279,000 91,800 167,400 45,900 83,700 8 by 2 - 462 - 831,600 - 462,000 - 277,200 - 138,600

The following chart shows that adding additional Web servers to a single database server farm increases the capacityof the server farm, but only to a certain point. For the read-only transaction mix, the capacity of the server farmincreases steadily for up to four Web servers and stops increasing at six Web servers. For the read/write mix, thecapacity does not increase significantly beyond three Web servers.

Total capacity does not increase because the throughput is now limited by the one database server computer.Extending capacity beyond this point requires adding another database server to the server farm.

The following chart shows that adding an additional database server to the farm can extend the total capacity of thefarm if there are sufficient web servers to handle the load.

About Capacity and Scale GuidelinesThe capacity of Windows SharePoint Services is also affected by scalability (how many objects can be created in agiven scope, such as number of documents per folder). There are very few hard limits in Windows SharePointServices. Most of the scale guidelines are determined by performance. In other words, you can exceed theseguidelines, but you may find the resulting performance to be unacceptable.

One of the most important scale dimensions is site collections per database. This scale dimension depends on thenumber of indexes on the database. As the number of site collections increases, the performance of the systemdegrades as it serves more and more different site collections. As you can see in following chart, there is no hard limitwhere performance becomes unacceptable, but performance does degrades faster beyond 10,000 site collectionsand drops below 100 responses per second beyond 50,000 site collections.

The other scale guidelines are shown in the following table. None of these are hard limits enforced by the system.They are guidelines for designing a server that has good overall performance.

Object Scope Guideline for optimumperformance Comment


Site collections Database 50,000 Total throughput degradesas the number of sitecollections increases.

Web sites Web site 2,000

The interface forenumerating subsites of agiven Web site does notperform well much beyond2,000 subsites.

Web sites Site collection 250,000

You can create a very largetotal number of Web sitesby nesting the subsites. Forexample, 100 sites each with1000 subsites is 100,100Web sites.

Documents Folder 2,000

The interfaces forenumerating documents in afolder do not perform wellbeyond a thousand entries.

Documents Library 2 million You can create very largedocument libraries bynesting folders.

Security principals Web site 2,000

The size of the accesscontrol list is limited to a fewthousand security principals,in other words users andgroups in the Web site.

Users Web site 2 million

You can add millions ofpeople to your Web site byusing Microsoft Windowssecurity groups to managesecurity instead of usingindividual users.

Items List 2,000

The interface forenumerating list items doesnot perform well beyond afew thousand items.

Web Parts Page 100 Pages with more than 100Web Parts are slow torender.

Web Part personalization Page 10,000

Pages with more than a fewthousand userpersonalizations are slow torender.

Lists Web site 2,000

The interface forenumerating lists andlibraries in a Web site doesnot perform well beyond afew thousand entries.


Document size File 50 MB

The file save performancedegrades as the file sizegrows. The default maximumis 50 MB. This maximum isenforced by the system, butyou can change it to anyvalue up to 2 GB (2047MB) if you have appliedWindows SharePointServices Service Pack 1.For more information, see Configuring large filesupport in Installing andUsing Service Packs forWindows SharePointServices.

Tested Read/Write Transaction MixThe following table describes the mix of operations that make up the read/write transaction mix. The WindowsSharePoint Services team counted only meaningful end-user operations in the throughput numbers, but the load on theserver includes supporting transactions as well, such as getting the images, style sheets, and JavaScript files for thehome page.End user operation PercentageGet home page 9.0% Get list page (HTML) 9.0%Get list page (grid) 9.0%Get list form 6.0% Get static document 15.0% Insert list item 1.5% Edit list item 1.5% Delete list item 1.5% Insert document 1.5% Open document for edit 1.5% Save document 1.5% Delete document 1.5% List URLs 1.5% Short term check-out 15.0% Get cached document 15.0% 404 errors 10.0%

NoteÂ Â There are roughly two supporting transactions for each end-user transaction. In other words, the end-useroperations make up about a third of the total transaction load on the server.

Tested Hardware and SoftwareThe following hardware was used to gather the performance and scalability data in this topic.


Web ServersThe Web server computers were Compaq DL360s with two 1 GHz Pentium 3 processors and 1 GB of memory. Thecomputers were running a prerelease version of Microsoft Windows Server 2003, Enterprise Edition, build 3718.

NoteÂ Â The single computer tests were run on Web server hardware.

Database ServersThe database server computers were Compaq DL380s with two 1 GHz Pentium 3 processors and 2 GB of memory.The computers were running Microsoft SQL Server 2000 SP2 and a prerelease version of Windows Server 2003,Enterprise Edition, build 3718.



Language ConsiderationsYou use two methods to control the language settings available for Web sites based on Microsoft WindowsSharePoint Services:

Language template packs

Language template packs allow you to use site templates designed for specific languages. When you create asite based on a site template in a language template pack, the navigation and pages for that site are displayedin that language.

Regional settings

Regional settings allow you to control how dates, times, and lists are displayed in a particular Web site.Regional settings do not control the language used for the navigation or pages in the site. For more informationabout regional settings, see Configuring Regional Settings.

About Languages and LocalesWindows SharePoint Services uses the following terms to describe the language settings that are used for a Web site:

Language ID

The language ID specified when a Web site is created controls the language used in the Web site itself. Forexample, if the site was created in French (language ID 1036), all of the toolbars, navigation bars, list andform pages, and so on, appear in French. If the site was created in Arabic (1025), the text is in Arabic, andthe default left-to-right orientation of the site is change to right-to-left to properly display Arabic text.

By default, Windows SharePoint Services has language packs that contain site templates for many languageIDs. You can install one or more of these language packs to your Web server to support users creating sitesin as many languages as you need. For example, if you have a server running the Japanese version (languageID 1041) of Windows SharePoint Services, you can install a U.S. English (1033) language pack withtemplates that allow your users to create sites configured for U.S. English. New para

Locale ID

The locale ID is specified on the Regional Settings page, and affects how numbers, calendars, sorting, andtime are displayed in the site. For example, if you have a U.S. English language site (language ID 1033), andyou change the locale ID to French (Canada) (locale ID 3084), the Events list and Calendar views reflect theFrench notations for dates, numbers, time, and so on. The locale ID does not affect the orientation of the site.Choosing Arabic (Egypt) (locale ID 3073) does not change the site to right-to-left orientation, but does allowyou to display the Events list with dates in Arabic notation. Each language template has a default locale ID.For example, in the U.S. English (1033) template, the default locale ID is also 1033.

Windows SharePoint Services supports all of the locale IDs supported by the Microsoft Windows Server2003 family, which is a much larger set than the set of language IDs.

For more information about supported language IDs and locale IDs, see Regional and Language Settings.

Customizing Sites to Display Multiple LanguagesWhen you create a site, you choose which language it is displayed in. You cannot display a site in more than onelanguage, or change which language is used. If you need to create a site that can display more than one language, forexample if you needed a site for both English and Spanish speakers, use the following method:


1. Install the language packs that you need (in this example, US English and Spanish) to your server.2. Create sites based on each language pack you need (for example, one site in US English, one in Spanish).3. Customize one of the sites to include the strings you need from the other site.

For example, on the US English site, use a Web page editor compatible with Windows SharePoint Servicesto edit the navigation strings to include both the English strings and the strings from the Spanish site. In thisexample, "Home" would become "Home/Pagina principal".

4. Save the customized site as a site template, if you expect to use it again.

Because Windows SharePoint Services uses Unicode encoding, the strings from all of the languages should displaycorrectly on the site you customize.

Installing Language Template PacksLanguage template packs for Windows SharePoint Services are available as downloadable files from WindowsUpdate. There are language template packs that you can install to support Web sites in many languages. For a list ofsupported languages, see Regional and Language Settings.

To install a language template pack, you simply download it from Windows Update, and then run the setup program.Note that at the end of setup, Internet Information Services (IIS) is automatically restarted. If you are in a server farmenvironment, you must install the language template packs to each front-end Web server in your server farm.

During installation, the site templates are added to the Windows SharePoint Services installation directory, under the\TEMPLATE\LCID directory, where LCID is the locale ID for the language. For more information about where thelanguage template files are stored on the server, see Special Directories and Storage Locations. After installation,server administrators, members of the SharePoint administrators group, and users with the Create Subsites right orthe Use Self-Service Site Creation right can create Web sites based on the language templates by selecting thelanguage on the Create Top-Level Web Site page or the New SharePoint Site page.

If you no longer need a language template pack, you can uninstall it by using Add or Remove Programs in ControlPanel. Uninstalling removes the language template files from the \TEMPLATE\LCID directories.

CautionÂ Â When you uninstall a language template pack, any sites based on that language no longer work. You canreinstall the language template pack to restore the sites.



Show All

Single Server DeploymentThe quickest way to get started with Microsoft Windows SharePoint Services is to install it on a single servercomputer. This allows you to set up a small scale installation to host several Web sites, without performing a lot ofsteps. When you install Windows SharePoint Services on a single server, you can choose between the followingoptions:

By using the Typical option during Setup with default settings, you can install Windows SharePoint Servicesand publish a working Web site (based on WMSDE) in minutes.

When you install Windows SharePoint Services by using the Typical option with default settings, the Setupprogram automatically installs Microsoft SQL Server 2000 Desktop Engine (Windows) (WMSDE) and usesit to create the database for your Web sites. You don't have to perform any other configuration steps tocreate the database. This installation scenario offers you the ability to host several Web sites without a lot ofoverhead.

NoteÂ Â You can also install Windows SharePoint Services using the Typical option and specify the locationof the WMSDE database.

Using the Server Farm option, you can install Windows SharePoint Services to work with an existinginstallation of Microsoft SQL Server 2000 Service Pack 3 or later.

This installation scenario allows you to support a larger set of Web sites. When you use this method, you mustperform additional steps to configure SQL Server and Windows SharePoint Services to work together.Consider using SQL Server instead of WMSDE if you anticipate supporting more than 10 active and largeWeb sites.

You can also use SQL Server on a remote server to handle larger scale installations. For more informationabout installing Windows SharePoint Services with a separate SQL Server computer, see Remote SQLServer Deployment.

NoteÂ Â The database size required for Windows SharePoint Services depends on the number and size of the Websites your server supports.

Preparing the ServerBefore you install and configure Windows SharePoint Services, you must ensure that your Web server meets thehardware and software requirements, is running Internet Information Services (IIS) and ASP.NET, and is properlyconfigured for Windows SharePoint Services.

Hardware and Software RequirementsThe following sections help you review the hardware and software requirements for your front-end Web server.

Web Server Hardware Requirements

Hardware requirements for your Web server vary depending on the platform you are using, edition of the operatingsystem you choose, and whether you are deploying Windows SharePoint Services on a single server or server farm.The following table describes the hardware requirements for the supported operating systems.




32-bitversion





512 MB RAM

32-bitversion




1 GB RAM

x64-basedversion





1 GB RAM


NTFS file system.

Web Server Software Requirements

Before you install and configure Windows SharePoint Services, you must ensure that your front-end Web servermeets the following software requirements.

Operating System Requirements






You must install one of the following browsers on your Web server.


Microsoft Internet Explorer 5.01 with SP2 or later Microsoft Internet Explorer 5.5 with SP2 or later Microsoft Internet Explorer 6.0 or later Netscape Navigator 6.2 or later Mozilla 1.4 or later Firefox 1.0.4 or later

Configuring the Server as a Web ServerFor a complete list of hardware and software requirements, see Hardware and Software Requirements. After youhave verified the hardware and software requirements, you can enable IIS and ASP.NET.

Enable IIS 1. Click Start, point to All Programs, point to Administrative Tools, and then click Manage Your Server. 2. On the Manage Your Server page, click Add or remove a role. 3. In the Preliminary Steps pane, click Next. 4. In the Server Role pane, click Application server (IIS, ASP.NET), and then click Next. 5. In the Application Server Options pane, select the Enable ASP.Net check-box and then click Next.6. In the Summary of Selections pane, click Next.

The wizard installs IIS. This can take several minutes to complete.7. Click Finish.

Verify IIS is properly configured for Windows SharePoint Services1. Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information

Services (IIS) Manager.2. In Internet Information Services (IIS) manager, click the plus sign (+) next to the server name to expand the

tree view, and then right-click the Web Sites folder and select Properties.3. In the Web Sites Properties dialog box, click the Service tab.4. In the Isolation mode section, verify that the Run WWW service in IIS 5.0 isolation mode check box is

cleared, and then click OK.

NoteÂ Â The Run WWW in IIS 5.0 isolation mode check box is only selected if you have upgraded toIIS 6.0 on Microsoft Windows Server 2003 from IIS 5.0 on Windows 2000. New installations of IIS 6.0use IIS 6.0 worker process isolation mode by default.

5. In the left column, click the Web Services Extensions node and verify ASP.NET is allowed and all otherWeb Service Extensions are prohibited.

Security Notes for Windows Server and Windows SharePoint Services

After your front-end Web server is running the required software, it is recommended that you observe the followingsecurity considerations.

Notes To help keep your systems secure, after you have configured your server as an application server (IIS &

ASP.NET), install the latest service packs and patches from Microsoft Windows Update. Windows Server 2003 locks down Internet Explorer security settings by default. This may prevent you from

performing some HTML Administrative tasks. For more information, see Internet Explorer Enhanced Securityand Windows SharePoint Services.

Windows SharePoint Services prior to Service Pack 2 configured IIS to use Integrated WindowsAuthentication (NTLM). Windows SharePoint Services with Service Pack 2 no longer sets the authenticationmethod and allows Kerberos authentication. When using a Configurable security account, additional steps willbe required to set the Service Principal Name (SPN) for the account. For additional information, see Installation Considerations for Windows SharePoint Services.



Installing Windows SharePoint ServicesThis section describes how to install Windows SharePoint Services on Windows Server 2003.

Because you are installing to a single, stand-alone server, you can run the Setup program as is, accepting all thedefaults. During a typical installation, WMSDE is installed as part of the Setup program.

CautionÂ Â During Setup, in a typical installation, Windows SharePoint Services extends the default virtual server(Default Web site in IIS) with Windows SharePoint Services. If you have a Web site running on the default Web sitein IIS, that Web site will be taken over by Windows SharePoint Services during installation. Also, before installingWindows SharePoint Services, verify that FrontPage 2002 Server Extensions from Microsoft are not running on thevirtual server on port 80. If FrontPage 2002 Server Extensions are running on the default virtual server, the virtualserver will not be extended when you install Windows SharePoint Services. (If you upgraded from Windows 2000 toWindows Server 2003, FrontPage 2002 Server Extensions were installed by default to port 80.) For moreinformation, see Installation Considerations for Windows SharePoint Services.

Installing Windows SharePoint Services on Windows Server 2003Windows Server 2003 requires downloading Windows SharePoint Services prior to installation.

There are three types of single server installations of Windows SharePoint Services: Typical installation with default settings Typical installation specifying the location of the WMSDE database Installing Windows SharePoint Services to use SQL Server

NoteÂ Â When Windows SharePoint Services is installed using the typical mode, the default security configurationsetting is Kerberos, with network service as the application pool identity.

Typical installation with default settings1. Download STSV2.exe to your computer.

You can download STSV2.exe from the Microsoft Download Center.2. Run STSV2.exe to extract the installation files.

The installation files will be extracted to the c:\program files\STS2setup_LCID directory (where LCID is thelocale ID for the version of Windows SharePoint Services you extracted.

3. On the End-User License Agreement page, review the terms, select the I accept the terms in the LicenseAgreement check box if you agree to the terms, and then click Next.

4. On the Type of Installation page, click Typical Installation, and then click Next. 5. On the Summary page, click Install.

Setup runs and installs Microsoft Windows SharePoint Services and WMSDE. Proceed to After Installing WindowsSharePoint Services with WMSDE.

Typical installation specifying the location of the WMSDE database

If you want to specify the location in which to install the WMSDE database, you can use the /datadir= option with thesetupsts.exe command line tool during setup.

The syntax is as follows:

setupsts.exe /datadir="path\\"



For example, to install the WMSDE database to the d:\program files\wmsdedata\ directory, you would type thefollowing command:

setupsts.exe /datadir="d:\program files\wmsdedata\\"

Download and install Windows SharePoint Services, specifying the location of the WMSDE database1. Download STSV2.exe to your computer.


The installation files will be extracted to the c:\program files\STS2setup_LCID directory (whereâ€œLCIDâ€• is the local ID for the version of Windows SharePoint Services you extracted.

3. When the Windows SharePoint Services installation starts, click Cancel.4. Click Start, and then click Run. 5. In the Open box, type c:\program files\STS2Setup_<LCID>\setupsts.exe /datadir="<path>\\" (where

"LCID" is the locale ID for the version you installed, and "path" is the path where you want to installWMSDE).

For example, if you installed the US English version of STSV2.exe, then the folder is c:\programfiles\STS2Setup_1033.

6. Click OK.

The Windows SharePoint Services Setup program opens.7. On the End-User License Agreement panel, review the terms, and then select the I accept the terms in

the License Agreement check box, and then click Next.8. On the Type of Installation panel, click Typical Installation, and then click Next. 9. On the Summary panel, click Install.

Setup runs and installs Microsoft Windows SharePoint Services and WMSDE to the specified path. Proceed to AfterInstalling Windows SharePoint Services with WMSDE.

Installing Windows SharePoint Services to use SQL ServerBefore you are ready to install Windows SharePoint Services, you must be sure that SQL Server 2000 is installedwith Service Pack 3 or later and ready to host Windows SharePoint Services data.

If you want to use Windows SharePoint Services with SQL Server 2000 on the same computer, you must takespecific steps to configure your server computer before, during, and after installing Windows SharePoint Services.For example, to set up Windows SharePoint Services, you must run Setup from the command line, using the remotesql=yes property. This topic describes the steps needed to configure a single server running both WindowsSharePoint Services and SQL Server 2000. This topic does not cover using a remote SQL Server computer. Formore information about using SQL Server on a remote computer, see Remote SQL Server Deployment.

Preparing SQL Server

You must configure your SQL Server installation to work with Windows SharePoint Services. For WindowsSharePoint Services to be able to connect to your SQL Server database, it is recommended that you configure theSQL Server database to use Windows authentication.

Enable Windows authentication for SQL Server1. On your server computer, click Start, point to All Programs, point to Microsoft SQL Server, and then



click Enterprise Manager. 2. In Enterprise Manager, click the plus sign (+) next to Microsoft SQL Servers. 3. Click the plus sign (+) next to SQL Server Group. 4. Right-click the SQL Server name, and then click Properties. 5. In the Properties dialog box, click the Security tab. 6. Under Authentication, select Windows only, and then click OK.

If you have used a domain account that does not already have database creation rights in SQL Server, you can givethe account this access using SQL Server Enterprise Manager. This is a one-time-only change. After you havegranted database creation permissions to the account used by the Windows SharePoint Services administration virtualserver, this account can create databases for any subsequent virtual servers.

Grant database creation rights in SQL Server1. On your server computer, click Start, point to All Programs, point to Microsoft SQL Server, and then

click Enterprise Manager. 2. In Enterprise Manager, click the plus sign (+) next to Microsoft SQL Servers, click the plus sign (+) next

to SQL Server Group, and then click the plus sign (+) next to your SQL Server computer. 3. Click the plus sign (+) next to Security, and then right-click Logins, and click New Login. 4. In the Name box, type the account in the form DOMAIN\name. 5. Click the Server Roles tab. 6. In the Server Role list, select the Security Administrators and Database Creators check boxes, and

then click OK.

Running SetupBy default, when you install Windows SharePoint Services, the Setup program installs WMSDE. To use WindowsSharePoint Services with SQL Server, you must install Windows SharePoint Services without installing WMSDE. Todo so, you run the Setup program with the remotesql command-line option. For more information about theremotesql option and other Windows SharePoint Services Setup options, see Command-Line Options forSetupsts.exe. If you prefer, you can also install Windows SharePoint Services without WMSDE by running a quiet,command-line installation, rather than running the full Setup program. For more information about a quiet installation,see Performing a Quiet Installation.

Install Windows SharePoint Services with SQL Server 20001. Download STSV2.exe to your computer.

You can download STSV2.exe from the Microsoft Download Center.2. Run STSV2.exe to extract the installation files.3. When the Windows SharePoint Services installation starts, click Cancel. 4. Click Start, and then click Run. 5. In the Open box, type %drive%\folder\setupsts.exe remotesql=yes (where %drive% is the drive letter in

which SP2 exists and folder is the path to the Setupsts.exe file on your local computer).

For example, if you downloaded the US English version of STSV2.exe to drive c, then the path is c:\programfiles\STS2Setup_1033.

6. Click OK.

The Windows SharePoint Services Setup program opens.7. On the End-User License Agreement page, review the terms, and then select the I accept the terms in the

License Agreement check box, and then click Next. 8. On the Type of Installation page, click Server Farm, and then click Next.9. On the Summary page, verify that only Windows SharePoint Services will be installed, and then click Install. 10.Setup runs and installs Windows SharePoint Services.



Proceed to After Installation.

After Installing Windows SharePoint Services with WMSDEAfter Setup finishes, your default Web site is extended with Windows SharePoint Services. Your browser windowopens to the home page of your new Web site, and you can start adding content right away, or you can customize thesite or set administrative options by using HTML Administration pages. Some actions you can take to get usersworking with your site are:

Adding users to the site (for more information, see Managing Users and Cross-Site Groups). Customizing the home page and other pages in the site (for more information, see Customizing a Web Site

Based on Windows SharePoint Services). Setting up version control (for more information, see Managing Versions and Checking Documents In and

Out).

If you have multiple virtual servers, you can extend additional virtual servers with Windows SharePoint Services. Toextend a virtual server, you use HTML Administration pages. For more information, see Extending Virtual Servers.

NoteÂ Â If you had a previous version of SharePoint Team Services or FrontPage Server Extensions, you will needto upgrade the virtual server, rather than extend it. For more information, see Upgrade Considerations.

After you have used Windows SharePoint Services with WMSDE for some time, you may run into performance orstorage problems, and you may need to move to a more scaled out solution. If you find yourself in this situation, youcan switch to using Microsoft SQL Server 2000 as your database instead of WMSDE. For more information, see Migrating from WMSDE to SQL Server.

After InstallationAfter the Setup process is complete, you can configure your administrative virtual server (including specifying an application pool to use for the virtual server processes), connect to SQL Server, and then configure your virtualservers with Windows SharePoint Services. You perform these steps by using HTML Administration pages.

Configure the administrative virtual server1. On the Configure Administrative Virtual Server page, in the Application Pool section, select Create a new

application pool.

NoteÂ Â You can also use an existing application pool, but any Web application that is using the sameapplication pool can modify the Windows SharePoint Services databases. This is a potential security risk.

2. In the Application pool name box, type the name to use for the new application pool, and then specifywhether to use a predefined or configurable security account for the application pool. o If you selected Predefined, select the security account to use. o If you selected Configurable, type the user name and password to use.

The account you use must have rights to create databases in SQL Server. In other words, this account mustbe a member of the Security Administrators and Database Creators roles in SQL Server.

3. Click OK.

After you configure the administrative virtual server (and grant SQL Server rights to the new application pool account,if necessary), you must restart Internet Information Services (IIS) by typing iisreset on the command line. After IIS isreset, you can click the link on the Application Pool Changed page to continue configuring Windows SharePointServices to work with SQL Server.

Connect to SQL Server1. On the Set Configuration Database Server page, in the Configuration Database section, enter the


NETBIOS name of the server and database name to use. 2. Under Database connection type, select Use Windows integrated authentication (more secure,

recommended). 3. Click OK.

Extending a Virtual Server with Windows SharePoint Services After you set up the connection to SQL Server, you are ready to extend your virtual servers with WindowsSharePoint Services. When you extend a virtual server, Windows SharePoint Services is applied to a virtual serverand a top-level Web site is created. To extend a virtual server, you use HTML Administration pages.

Extend a virtual server with Windows SharePoint Services and connect to SQL Server1. On the SharePoint Central Administration page, click Extend or upgrade virtual server. 2. On the Virtual Server List page, click the name of the virtual server to extend. 3. On the Extend Virtual Server page, in the Provisioning Options section, select Extend and create a

content database. 4. In the Application Pool section, select either Use an existing application pool or Create a new

application pool.

NoteÂ Â It is recommended that you create a new application pool for each virtual server, so that they run inseparate processes. This application pool should use a domain account, but it does not need to have databasecreation rights in SQL Serverâ€” the administration virtual server account will create any databases required.

If you selected Use an existing application pool, select the application pool to use. If you selected Createa new application pool, enter the new application pool name, user name, and password to use.

5. In the Site Owner section, in the Account name box, type the user name for the site owner (in the formatDOMAIN\username if the user name is part of a Windows domain group).

6. In the E-mail address box, type the e-mail address that corresponds to the account. 7. In the Database Information section, select the Use default content database server check box, or type

the database server name and database name to use for a new content database. 8. If you want to specify a path for the URL, in the Custom URL path box, type the path to use.

NoteÂ Â If you are using quotas, you can also specify the quota template to apply in the Quota Settingssection.

9. In the Site Language section, select the language to use. 10.Click OK.

After a few moments, the virtual server is extended and a confirmation page is displayed. You can open the homepage for your new Web site in your browser by using a link on the confirmation page. You can continue to extendother virtual servers or configure Self-Service Site Creation so users can create their own sites. For more informationabout allowing users to create their own Web sites based on Windows SharePoint Services, see ConfiguringSelf-Service Site Creation.



Show All

Remote SQL Server DeploymentIf you plan to host many Web sites using Microsoft Windows SharePoint Services, it is recommended that you useMicrosoft SQL Server on a separate server from your Web server. Using SQL Server on its own server allows youto host all of your databases together and manage them with SQL Server Enterprise management tools. For example,SQL Server provides backup and restore, database management, and full text searching, which are not available inWMSDE. Using SQL Server on its own server also allows your Windows SharePoint Services server to devote itsprocessor, memory, and disk resources to providing pages and files. For more information about SQL Server andWindows SharePoint Services, see Windows SharePoint Services Architecture.

To run SQL Server on a separate server from Windows SharePoint Services, you must take specific steps toconfigure both your Web server and your SQL Server. This topic describes the steps needed to configure one serverrunning Windows SharePoint Services and one server running SQL Server 2000, Service Pack 3 or later, workingtogether across a network connection. This topic does not cover setting up a server farm, with multiple front-end andback-end servers. For more information about setting up a server farm, see Server Farm Scalable HostingDeployment.

Before Installing Windows SharePoint ServicesBefore you are ready to install Windows SharePoint Services, you must be sure that your Web server computermeets certain software and hardware requirements, and can connect to your SQL Server computer. You must alsoconfigure your SQL Server computer to be ready to host Windows SharePoint Services data.

Preparing the Web Server ComputerBefore you install Microsoft Windows SharePoint Services on your front-end Web server, you must first ensure thatthe required hardware and software are installed, is running Internet Information Services (IIS) and ASP.NET, and isproperly configured for Windows SharePoint Services.

Hardware and Software RequirementsThe following sections help you review the hardware and software requirements for your front-end Web server.





32-bitversion





512 MB RAM


32-bitversion




1 GB RAM

x64-basedversion





1 GB RAM


NTFS file system.


Before you install and configure Windows SharePoint Services, you must ensure that each front-end Web servermeets the following software requirements.








For a complete list of hardware and software requirements, see Hardware and Software Requirements.


Configuring the Intranet Server as a Web ServerMicrosoft Internet Information Server (IIS) is not enabled by default in Microsoft Windows Server 2003. To makeyour front-end server into a Web server, you must enable IIS.

Enable IIS1. Click Start, point to All Programs, point to Administrative Tools, and then click Manage Your Server. 2. On the Manage Your Server page, click Add or remove a role. 3. In the Preliminary Steps pane, click Next. 4. In the Server Role pane, click Application server (IIS, ASP.NET), and then click Next. 5. In the Application Server Options pane, select the ASP.Net check-box, and then click Next.6. In the Summary of Selections pane, click Next.


Verify IIS is properly configured for Windows SharePoint Services1. Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information

Services (IIS) Manager. 2. In Internet Information Services (IIS) Manager, click the plus sign (+) next to the server name to expand the

tree view, and then right-click the Web Sites folder and select Properties. 3. In the Web Sites Properties dialog box, click the Service tab. 4. In the Isolation mode section, verify that the Run WWW service in IIS 5.0 isolation mode check box is


NoteÂ Â The Run WWW service in IIS 5.0 isolation mode check box is only selected if you haveupgraded to IIS 6.0 on Windows Server 2003 from IIS 5.0 on Windows 2000. New installations of IIS 6.0use IIS 6.0 worker process isolation mode by default.

5. In the left column, click the Web Services Extensions node and verify ASP.NET is allowed and all otherWeb Service Extensions are prohibited.



Notes To help keep your systems secure, after you have configured your server as an application server (running IIS

and ASP.NET), install the latest service packs and patches from Microsoft Windows Update. Windows Server 2003 locks down Internet Explorer security settings by default. This may prevent you from



Preparing the SQL Server ComputerYou must configure your SQL Server installation to work with Windows SharePoint Services. For WindowsSharePoint Services to be able to connect to your SQL Server database, it is recommended that you configure theSQL Server database to use Windows authentication.



To set up your SQL Server, you must perform the following steps. Install SQL Server 2000, Service Pack 3 or later.

You can use SQL Server 2000 Standard or Enterprise edition with Windows SharePoint Services. Be sureto install the latest service pack for SQL Server 2000. For more information about installing SQL Server, seethe SQL Server 2000 documentation.

Set a secure password for your SQL Server administration account.

You must know both the administrator user account and password to be able to connect between WindowsSharePoint Services on the front-end Web servers and SQL Server on the back-end server. It isrecommended that you set a secure password for the administration account. If you are using IntegratedWindows authentication (recommended), you should use a domain account with permissions to createdatabases in SQL Server. At a minimum you must grant the account Security Administrators and DatabaseCreators roles. If you are using SQL Server authentication, this means that the "sa" account should have asecure password. For more information about setting the administrator user name and password, see theSQL Server 2000 documentation.

Configure the authentication method for connections between the Web servers and SQL Server.

For better security, it is recommended that you use Integrated Windows authentication, rather than SQLServer authentication, for connections between your front-end Web server and the back-end databaseserver. Integrated Windows authentication uses a domain user account to control access to SQL Server,rather than storing credentials in the registry and passing them across the network as in SQL Serverauthentication.

You configure the authentication method for SQL Server by using the SQL Server Enterprise Manager.

NoteÂ Â To use SQL Server Enterprise Manager, you must be a SQL Server database administrator.

Enable Windows authentication for SQL Server1. On your SQL Server computer, click Start, point to All Programs, point to Microsoft SQL Server, and

then click Enterprise Manager. 2. In Enterprise Manager, click the plus sign (+) next to Microsoft SQL Servers. 3. Click the plus sign (+) next to SQL Server Group. 4. Right-click the SQL Server name, and then click Properties. 5. In the Properties dialog box, click the Security tab. 6. Under Authentication, select Windows only, and then click OK.

NoteÂ Â You can also select SQL Server and Windows but it is recommended that you use Windowsauthentication to connect to your SQL Server database.

Grant database creation rights in SQL Server

If you are using a domain account that does not already have database creation rights in SQL Server, you can give theaccount this access in SQL Server Enterprise Manager. This is a one-time only change. After you have granteddatabase creation permissions to the account used by the Windows SharePoint Services administration virtual serverapplication pool, this account can create databases for any subsequent virtual servers.

NoteÂ Â To use SQL Server Enterprise Manager, you must be a SQL Server database administrator.1. On your SQL Server computer, click Start, point to All Programs, point to Microsoft SQL Server, and

then click Enterprise Manager. 2. In Enterprise Manager, click the plus sign (+) next to Microsoft SQL Servers, click the plus sign (+) next

to SQL Server Group, and then click the plus sign (+) next to your SQL Server computer. 3. Click the plus sign (+) next to Security, and then right-click Logins, and click New Login. 4. In the Name box, type the account in the form DOMAIN\name. 5. Click the Server Roles tab on the New Login pane.


6. In the Server Role list, select the Security Administrators and Database Creators check boxes, andthen click OK.

Installing Windows SharePoint ServicesAfter you have prepared the back-end database and front-end Web server, you can install Windows SharePointServices on the front-end Web server. Note that you must install Windows SharePoint Services on each front-endWeb server.

Install Windows SharePoint Services on Windows 2003This section describes how to install Windows SharePoint Services on Windows 2003 using SQL Server 2000 as thedatabase server.


You can download STSV2.exe from the Microsoft Download Center.2. Run STSV2.exe to extract the installation files.3. When the Windows SharePoint Services installation starts, click Cancel. 4. Click Start, and then click Run. 5. In the Open box, type %drive%\folder\setupsts.exe remotesql=yes (where %drive% is the drive letter in

which SP2 exists and folder is the path to the Setupsts.exe file on your local computer).

For example, if you downloaded the US English version of STSV2.exe to drive c, then the path is c:\programfiles\STS2Setup_1033.

6. Click OK.


License Agreement check box, and then click Next. 8. On the Type of Installation page, click Server Farm, and then click Next.9. On the Summary page, verify that only Windows SharePoint Services will be installed, and then click Install.

Setup runs and installs Windows SharePoint Services. When installation is complete, you browser opens theConfigure Administrative Virtual Server page.

10. Choose to either use an existing application pool or create a new application pool. 11.Select either a predefined security account or a configurable security account.12.Choose either NTLM or Kerberos authentication in the Security configuration section.

NoteÂ Â Choosing Kerberos authentication will require additional steps if you are using a domain account.The account must be configured as a Service Principal Name (SPN). You must have domain administratorrights to configure a Service Principal Name (SPN). Refer to the Microsoft Knowledge Base article 832769:How to configure a Windows SharePoint Services virtual server to use Kerberos authentication for additionalinformation.

13.Click OK.14.When the Application Pool Changed page appears, click Start, and then click Run.15.Type iisreset, and then click OK.16.When the command completes, click OK.

The Set Configuration Database Server page appears.17.Type the NETBIOS name of the server running SQL Server 2000.





18.Type the SQL Server database name or click the check box to use an existing configuration data base.19.Select the connection type to use either Integrated Windows or SQL authentication.20.Select the Active Directory Account Creation mode you want to use.

NoteÂ Â This mode cannot be changed at a later time without uninstalling and reinstalling WindowsSharePoint Services. If you are installing Windows SharePoint Services on a domain controller, you cannotselect Active Directory Account Creation mode.

21.Click OK.

The Windows SharePoint Services Central Administration page appears.22.Minimize or close this page and click Finish.

Proceed to Extending a Virtual Server with Windows SharePoint Services.

Extending a Virtual Server with WindowsSharePoint ServicesAfter you set up the connection to your SQL Server computer, you are ready to extend the virtual servers on yourWeb server computer with Windows SharePoint Services. When you extend a virtual server, Windows SharePointServices is applied to a virtual server and a top-level Web site is created. To extend a virtual server, you use HTMLAdministration pages.

Notes Depending on the configuration of your server, you might receive a security alert from Internet Explorer

Enhanced Security Configuration (enabled by default) when you browse to the newly extended site. For moreinformation, see Internet Explorer Enhanced Security and Windows SharePoint Services.

If you had a previous version of SharePoint Team Services or FrontPage Server Extensions, you will need toupgrade the virtual server rather than extend it. For more information, see Upgrade Considerations.

Extend a virtual server with Windows SharePoint Services and connect to a remote SQL Server computer1. On the SharePoint Central Administration page, click Extend or upgrade virtual server. 2. On the Virtual Server List page, click the name of the virtual server to extend. 3. On the Extend Virtual Server page, in the Provisioning Options section, select Extend and create a


application pool.

NoteÂ Â It is recommended that you create a new application pool for each virtual server, so that they run inseparate processes. This application pool should use a domain account, but it does not need to have databasecreation rights in SQL Server â€” the administration virtual server account will create any databases required.

If you selected Use an existing application pool, select the application pool to use. If you selected Createa new application pool, enter the new application pool name, user name, and password to use.

5. In the Site Owner section, in the Account name box, type the user name for the site owner (in the formatDOMAIN\name, if the username is part of a Windows domain group).

6. In the E-mail address box, type the e-mail address that corresponds to the account. 7. In the Database Information section, select the Use default content database server check box, or type

the database server name and database name to use for a new content database. 8. In the Security Configuration section choose either NTLM or Kerberos authentication.

NoteÂ Â Using a domain user account might require additional steps to add a Service Principal Name (SPN)to the account. Information about adding a Service Principal Name (SPN) to a domain user account isavailable in Using Integrated Windows Authentication with Windows SharePoint Services and the Microsoft


Knowledge base article 832769: How to configure a Windows SharePoint Services virtual server to useKerberos authentication.

9. If you want to specify a path for the URL, in the Custom URL path box, type the path to use. 10.If you are using quotas, select a template in the Select a quota template box of the the Quota Settings

section. 11.In the Site Language section, select the language to use. 12.Click OK.

After a few moments, the virtual server is extended and a confirmation page is displayed. You can open the homepage for your new Windows SharePoint Services Web site in your browser by using a link on the confirmation page.

You can continue to extend other virtual servers or configure Self-Service Site Creation so users can create their ownsites. For more information about allowing users to create their own Web sites based on Windows SharePointServices, see Configuring Self-Service Site Creation.





Server Farm Scalable HostingMode DeploymentYou can install and configure Microsoft Windows SharePoint Services to allow your server farm to host severaltop-level sites on the same virtual server using the same IP address. Each top level site has its own content andapplication pools. This configuration is known as scalable hosting mode. The Public DNS is configured to direct eachtop level site to the same IP address of the server configured for scalable hosting mode. Windows SharePointServices filters the inbound http traffic and directs requests to the correct top level site. This is similar to the way IISoperates in Host Header mode.

This topic describes the steps you need to take to configure the servers in your server farm to serve multiple hostnames with Windows SharePoint Services.

NoteÂ Â This is an advanced scenario, meant for experienced server farm administrators and Internet serviceproviders. This is only one of several hosting choices for Windows SharePoint Services. For more information abouthosting choices, see "Structuring the URL Namespace" in Windows SharePoint Services Architecture. For moreinformation about setting up other hosting choices, see the the following topics: Single Server Deployment, RemoteSQL Server Deployment, Configuring Two Virtual Servers to Host the Same Content and Separate Active DirectoryDirectory Service Organization Unit Deployment.

NoteÂ Â Windows SharePoint Services with Service Pack 2 adds support for IP-bound virtual servers. Theadvanced extranet features are not supported in scalable hosting mode. For more information, see What's New inWindows SharePoint Services Service Pack 2.

Preparing the ServersBefore you can install and configure Windows SharePoint Services in your server farm, you must meet the hardwareand software requirements and plan out your server farm configuration. The following sections help you determine theconfiguration to use when deploying a server farm in scalable hosting mode.

Hardware and Software RequirementsTo deploy Windows SharePoint Services in a server farm configuration, you must meet the following criteria on eachfront-end Web server:






32-bitversion





512 MB RAM

32-bitversion




1 GB RAM

x64-basedversion





1 GB RAM


NTFS file system.


Before you install and configure Windows SharePoint Services, you must ensure that each front-end Web server inyour server farm meets the following software requirements.







You must install one of the following browsers on your Web server. Microsoft Internet Explorer 5.01 with SP2 or later Microsoft Internet Explorer 5.5 with SP2 or later


Microsoft Internet Explorer 6.0 or later Netscape Navigator 6.2 or later Mozilla 1.4 or later Firefox 1.0.4 or later

Planning for ScaleWhen you decide to implement a server farm, it is generally because you want to support a large-scale Webenvironment. Achieving scalability depends on a number of factors, each of which must be regulated in its own way.These factors include:

The amount of processing power available for each Web site.

You can manage processing power by ensuring that you have appropriate load balancing up front, and a goodbalance between the number of front-end Web servers and SQL Server back-end servers. A recommendedminimum configuration for a server farm includes three front-end Web servers and two back-end databaseservers.

The amount of disk space available for Web site content and data.

You can manage disk space issues by using quotas to limit Web site size, and by specifying maximum sizes forcontent databases. For more information about using quotas and content databases, see Configuring SiteQuotas and Locks and Managing Content Databases.

Protection from single-box failure.

Using multiple front-end Web servers to serve the same content gives you protection from failure on the frontend. You can use the failover protection included with SQL Server 2000 to help protect your back-endservers. For more information about SQL Server failover protection, see the SQL Server documentation.

The number of sites stored in each content database.

You will get better results by limiting the size of each content database and simply adding more contentdatabases when you add more sites. Smaller content databases make it easier to back up and restore ormove sites. Note that database performance may degrade if you add too many databases. Balance yourneeds for backup and restore performance against those for database performance.

Balancing the load for the front-end Web servers is also part of the scalability equation. Windows SharePointServices supports two methods of load balancing:

Software, such as Network Load Balancing (NLB) services in Windows Server 2003. NLB runs on thefront-end Web servers, and uses the TCP/IP networking protocol to route requests. Because NLB (andother software load balancing solutions) runs on the front-end Web servers, it uses the front-end Web systemresources, trimming the resources you can use for serving Web pages. However, the impact on systemresources is not great, and a software solution can handle up to 32 front-end Web servers.

Hardware, such as a router or switch box. Load balancing hardware uses your network to direct Web sitetraffic between your front-end Web servers. Load balancing hardware is more expensive to set up thansoftware, but does not use any of your front-end Web server resources to run. Windows SharePoint Servicescan be used with any load balancing hardware.

There is a third method of load balancing, round-robin load balancing with Domain Name System (DNS).Round-robin DNS load balancing uses a lot of resources on the front-end Web servers, is slower than either loadbalancing software or hardware, and is not recommended for use with Windows SharePoint Services.

Preparing the Back-End Database ServersTo set up your back-end database servers, you must perform the following steps.

Install SQL Server 2000, Service Pack 3 or later.


You can use SQL Server 2000 Standard or Enterprise edition with Windows SharePoint Services. Be sureto install the latest service pack for SQL Server 2000. For more information about installing SQL Server, seethe SQL Server 2000 documentation.

Set a secure password for your SQL Server administration account.

You must know both the administrator user account and password to be able to connect between WindowsSharePoint Services on the front-end Web servers and SQL Server on the back-end servers. It isrecommended that you set a secure password for the administration account. If you are using IntegratedWindows authentication (recommended), you should use a domain account with permissions to createdatabases in SQL Server. At a minimum you must grant the account Security Administrators and DatabaseCreators roles. If you are using SQL Server authentication, this means that the "sa" account should have asecure password. For more information about setting the administrator user name and password, see theSQL Server 2000 documentation.


For better security in your server farm, it is recommended that you use Integrated Windows authentication,rather than SQL Server authentication, for connections between your front-end Web servers and theback-end database servers. Integrated Windows authentication uses a domain user account to control accessto SQL Server, rather than storing credentials in the registry and passing them across the network as in SQLServer authentication.


NoteÂ Â To use SQL Server Enterprise Manager, you must be a SQL Server database administrator.

Configure authentication for SQL Server1. On the back-end database servers, click Start, point to All Programs, point to Microsoft SQL Server,

and then click Enterprise Manager. 2. Click the plus sign (+) next to Microsoft SQL Servers. 3. Click the plus sign (+) next to SQL Server Group. 4. Right-click the SQL server name, and click Properties. 5. In the Properties dialog box, click the Security tab. 6. Under Authentication, select Windows only, and then click OK.

Preparing the Front-End Web ServersTo prepare your front-end Web servers for Windows SharePoint Services, you must configure them as Web servers,running Internet Information Services (IIS) 6.0 and either ASP.NET 1.1, ASP.NET 2.0, or both, and you must set itto run in IIS 6.0 worker process isolation mode instead of IIS 5.0 isolation mode.

IIS is not enabled by default in Windows Server 2003. To make your front-end servers into Web servers, you mustenable IIS.

Notes The configuration of your server might be different depending on whether this is a upgrade or new installation.

Refer to the Configuring Your Server for Windows SharePoint Services section of the Windows SharePointServices Administrator's Guide.

To configure IIS, you must be an administrator on the local computer.

Enable IIS1. Click Start, point to All Programs, point to Administrative Tools, and then click Manage Your Server. 2. On the Manage Your Server page, click Add or remove a role. 3. In the Preliminary Steps pane, click Next. 4. In the Server Role pane, click Application server (IIS, ASP.NET), and then click Next.


5. In the Application Server Options pane, select the Enable ASP.Net check box, and then click Next.6. In the Summary of Selections pane, click Next.


Verify IIS is properly configured for Windows SharePoint Services

If you have upgraded to IIS 6.0 on Windows Server 2003 from IIS 5.0 on Windows 2000 perform the these stepsto configure your Web server for IIS 6.0 worker process isolation mode.

1. Click Start, point to All Programs, point to Administrative Tools, and then click Internet InformationServices (IIS) Manager.

2. In Internet Information Services manager, click the plus sign (+) next to the server name to expand the treeview, and then right-click the Web Sites folder and select Properties.

3. In the Web Sites Properties dialog box, click the Service tab. 4. In the Isolation mode section, clear the Run WWW service in IIS 5.0 isolation mode check box, and

then click OK.



Notes To keep your systems secure, after you have configured your server as an application server (running IIS and

ASP.NET) you should install the latest service packs and patches from Microsoft Windows Update. Windows Server 2003 locks down Internet Explorer security settings by default. This may prevent you from



Installing Windows SharePoint ServicesAfter you have prepared the back-end database and front-end Web servers, you can install Windows SharePointServices on the front-end Web servers. Note that you must install Windows SharePoint Services on each front-endWeb server.

Install Windows SharePoint Services on Windows Server 2003

You use the following steps to install Windows SharePoint Services with the remote SQL Server option on WindowsServer 2003. To perform these steps for a server farm, it is required that you use the command-line administrationtool, Stsadm.exe. For more information about using Stsadm.exe, see Introducing the Administration Tools forWindows SharePoint Services.

1. Download STSV2.exe to your computer.

You can download STSV2.exe from the Microsoft Download Center.2. Run STSV2.exe to extract the installation files.3. When the Windows SharePoint Services installation starts, click Cancel. 4. Click Start, and then click Run. 5. In the Open box, type c:\folder\setupsts.exe remotesql=yes (where c:\folder is the path to the




Setupsts.exe file on your local computer).

For example, if you installed the US English version of STSV2.exe, then the folder is c:\programfiles\STS2Setup_1033.

6. Click OK.



Setup runs and installs Windows SharePoint Services. When installation is complete, you browser opens theConfigure Administrative Virtual Server page.

10.Select the application pool and security account to use and click OK.

Proceed to Configuring Windows SharePoint Services.

Configuring Windows SharePoint ServicesNow that Windows SharePoint Services is installed on your front-end Web servers, you can now configure WindowsSharePoint Services. Perform the following procedures on each front-end Web server:

Create the administration virtual server and configuration database

You create an administration virtual server on each front-end Web server, but you only need to create theconfiguration database when you configure the first front-end Web server; for subsequent front-end servers,you can simply connect to the same configuration database.

Extend a virtual server

When IIS is installed a Default Web Site is created. By default, this is the virtual server that will be extended. Create sites

Creating sites for users is the final step. You can also enable Self-Service Site Creation so users can createtheir own sites. For more information, see Configuring Self-Service Site Creation.

NoteÂ Â Configuring scalable hosting mode is not supported using HTML administration pages. Create the administration virtual server and configuration database.

You only need to create the configuration database once, when you configure the first front-end Web server;for subsequent front-end servers, you can simply connect to the same configuration database.

Create and extend a virtual server.

When IIS is installed a Default Web Site is created. By default this is the virtual server that will be extended. Create sites.

Creating sites for users is the final step. You can also enable Self-Service Site Creation so users can createtheir own sites. For more information, see Configuring Self-Service Site Creation.

Create the administration virtual server and configuration database

The following steps will use the stsadm.exe command line utility to configure the Administration port and set theconfiguration database. Refer to the command line operations section of the Windows SharePoint ServicesAdministrator's guide for required and optional parameters.

1. Open a command prompt window, and navigate to the \Program Files\Common Files\MicrosoftWindows SharePoint Services Administrator's Guide Página 66 de 382

Shared\Web Server Extensions\60\bin folder. 2. Run the following command to create the administration virtual server: stsadm.exe -o setadminport

-port <port>

[-admapcreatenew] [-admapidname <ID for application pool>]

[-admapiptype <configurableid/NetworkService/LocalService /LocalSystem>]

[-admapidlogin <user account for the application pool>]

[-admapidpwd <password>]

Note that you can use any unused port between 1023 and 32767 for the admin port.3. Run the following command to create the configuration database.

NoteÂ Â Because you use one configuration database for all your virtual servers, you only perform this stepon the first front-end Web server. stsadm.exe -o setconfigdb -ds <database server name>

[-dn sts_config -hh

[-du <database user>] [-dp <password>]

NoteÂ Â If you are using Integrated Windows authentication, you do not need to specify the du or dpparameter.

To connect to the configuration database from subsequent front-end Web servers, use the Set ConfigurationDatabase page in HTML Administration, or the following syntax:

stsadm.exe -o setconfigdb -ds <database server name> -dn sts config -connect

[-du <database user>] [-dp <password>]

NoteÂ Â If you are using Integrated Windows authentication, you do not need to specify the du or dp parameter.

With the administration virtual server and configuration database in place, you can extend the default Web site withWindows SharePoint Services to provide sites for your users. Each front-end Web server needs at least one virtualserver for Web sites.

You can use either the command line or HTML Administration pages to extend the virtual server. The followingsection describes how to extend the virtual server from the command line. For information, see Extending VirtualServers.

Extend the virtual server from the command line1. Open a command prompt window, and navigate to the \Program Files\Common Files\Microsoft

Shared\Web Server Extensions\60\bin folder. 2. Run the following command to extend the virtual server stsadm -o extendvs -url http://

servername

-ds <database server name> -dn <database name> -donotcreatesite

-ownerlogin <DOMAIN\user> -owneremail <email address>

[-du <database user>]

[-dp <password>]

[-ownername <display name>] [-apcreatenew] [-apidname <application pool name>]

[-apidtype <configurableid/NetworkService/LocalService/LocalSystem>]

[-apidlogin <application pool user account>]

[-apidpwd <application pool password>] [-exclusivelyusentlm]

NoteÂ Â The default Web site created during the installation of IIS is configured to use all unassigned IP addresses.You can assign an IP address to the default Web site. When extending the virtual server in scalable hosting mode, youmust use the IP address instead of the servername or the command will fail.

Be sure to use the donotcreatesite parameter when you extend the virtual server. Without this parameter, a site is


automatically created when you extend the virtual server, and the site will not be affiliated with a host name.

Note that the du and dp parameters are not needed if you are using Integrated Windows authentication to connect toSQL Server. It is recommended that you create a new application pool to use for your virtual servers, so that they runin separate processes from the administrative virtual server. Use the same application pool for each server farm virtualserver on each front-end Web server. This application pool should use a domain account, but it does not need tohave database creation rights in SQL Server. The administration virtual server account will create any databasesrequired.

Creating SitesAfter following the steps above, you are ready to create top level sites for your users. This is the last step in theprocess for setting up your server farm; after this step, you can start adding users and managing the sites.

1. Open a command prompt window, and navigate to the \Program Files\Common Files\Microsoft Shared\WebServer Extensions\60\bin folder.

2. Run the following command to create a site: stsadm.exe -o createsite -url http://<http://site1.myserver.com>

-ownerlogin <DOMAIN\user> -owneremail <email address>

[-ownername <display name>]

[-lcid <lcid>]

[-sitetemplate <site template>]

[-title <title>]

[-description <description>]

Repeat this step for every site you want to create.

NoteÂ Â To view a list of sites that have been added, you must access the sites table in the configuration database.You can use Microsoft Excel to import the sites data table.

Optionally, you may want to remove the original top-level Web site for the virtual server. To do so, use the followingcommand line syntax:stsadm.exe -deletesite -url http://servername

Setting up a test environmentIf you are setting up the multiple host names model for your server farm, you need to create the mapping for the sitesyou will create for users. The following example shows one way to set up a test environment with multiple host namedsites. In a real deployment, you would map the host names in the Domain Name System (DNS).

Add host names for the IP address and create sites1. Open the c:\WINNT\system32\drivers\etc\hosts file. 2. Add the IP address for the virtual server that will host your sites, and then add the host names to use. By

default, the IP address assigned to your server will be the IP address you enter into the hosts file. You can getthis IP address by opening a command prompt window and running the IPCONFIG command.

For example, if the IP address of your server is 111.11.111.11, you could add the following entries to thehosts file:

111.11.111.11 site1.myserver.com

111.11.111.11 user2.myserver.com



111.11.111.11 team1.myserver.com

Noteso The IP address must be in the first column and the host name must be separated by at least one space.o For testing purposes, you may have to remove any proxy server setting in Internet Explorer.

3. Save and close the hosts file.

The server must be restarted for the host file to take effect. After restarting the server, you can verify your host fileentries are correct by pinging the host name. If you ping site1.myserver.com, for example, it should return the IPaddress of the server.

Next StepsYour server farm is now set up to serve Windows SharePoint Services Web sites with multiple host names. You canstart adding users and managing sites, or you can perform the following optional but recommended steps:

It is recommended that you help protect your administration virtual server either by using a firewall to blockaccess or by using Secure Sockets Layer (SSL) for the port. For more information, see ConfiguringAuthentication.

As your sites increase in number and size, you will want to be able to add content databases or changeconnections to the content databases. For more information about content databases, see Managing ContentDatabases.



ï»¿

Show All

Configuring Two Virtual Serversto Host the Same ContentYou can install and configure Microsoft Windows SharePoint Services to allow your server farm to provide the samecontent to two sites. In this scenario, the content is shared by the two sites, not duplicated. For example, this type ofconfiguration would be helpful when setting up an intranet and extranet configuration or setting up two or morefront-end Web servers. This topic discusses configuring virtual servers to share content, using an intranet/extranetdeployment as an example, where the first Web server faces the intranet and the second Web server faces theextranet.

ImportantÂ Â This example does not contain explicit information about setting up firewalls or other methods ofsafeguarding data or resources in an extranet. To set up a more secure extranet, follow the guidelines in the InternetInformation Services and Microsoft Windows Server 2003 documentation.

Setting up an intranet/extranet deployment will require configuring both the internal Domain Name System (DNS) andthe public DNS. For information about configuring DNS, search for "DNS" in Windows Server 2003 help.

Deploying your extranet Windows SharePoint Services server behind a reverse proxy server, such as MicrosoftInternet Security and Accelerations Server (ISA) will require additional configuration to ensure proper operation. The What's New in Windows SharePoint Services Service Pack 2 contains information about new features included inWindows SharePoint Services Service Pack 2 that support these advanced configurations.

NoteÂ Â This is only one of several hosting choices for Windows SharePoint Services. For more information abouthosting choices, see "Structuring the URL namespace" in Windows SharePoint Services Architecture.

Planning for ScaleYou can use the same front-end Web server to host both your intranet and extranet virtual servers, or you can splitthem across two separate servers. If you anticipate a heavy load on either your intranet or extranet, it is recommendedthat you use separate front-end Web server for each environment, so that heavy use of your extranet server does notaffect the availability of your intranet server and vice versa.

This topic describes the steps to use separate front-end Web servers for each environment. You can also use multiplefront-end Web server to host both virtual servers, as in a standard server farm, to reduce potential downtime. Formore information about server farms, see Server Farm Scalable Hosting Mode Deployment.

Preparing the ServersBefore installing Windows SharePoint Services, you must first install Windows Server 2003 running MicrosoftInternet Information Services (IIS) and Microsoft ASP.NET on your front-end Web servers and have also installedMicrosoft SQL Server 2000 on one computer. For information about preparing your Front-end Web servers forWindows SharePoint Services, see Preparing Front-end Web Servers for Windows SharePoint Services.

After you have completed the Web server preparation you can set up the back-end database server.


Setting Up the Back-End Database ServerTo set up your database back-end server, you must perform the following steps on either one of your Web servers ora stand-alone server computer.

Install SQL Server 2000, Service Pack 3 or later.

You can use SQL Server 2000 Standard, Enterprise, or Enterprise (64-bit) edition with Windows SharePointServices. For more information about installing SQL Server, see the SQL Server 2000 documentation.

Set a strong password for your SQL Server administration account.

You must know both the administrator user account and password to be able to connect between WindowsSharePoint Services on the front-end Web server and SQL Server on the back-end server. It isrecommended that you set a strong password for the administration account. If you are using WindowsAuthentication (recommended), you should use a domain account with permissions to create databases inSQL Server. If you are using SQL Server authentication, the "sa" account should have a strong password.For more information about setting the administrator username and password, see the SQL Server 2000documentation.


For better security in your server farm, it is recommended that you use Integrated Windows authentication,rather than SQL Server authentication, for connections between your front-end Web server and the databaseback-end servers. Integrated Windows authentication uses a domain account to control access to SQLServer, rather than storing credentials in the registry and passing them across the network as in SQL Serverauthentication.


Configure SQL Server authentication method

You must configure your SQL Server installation to work with Windows SharePoint Services. For WindowsSharePoint Services to be able to connect to your SQL Server database, it is recommended that you configure theSQL Server database to use Windows authentication.

Enable Integrated Windows authentication for SQL Server1. On the server computer running SQL Server 2000, click Start, point to All Programs, point to Microsoft

SQL Server, and then click Enterprise Manager. 2. In Enterprise Manager, click the plus sign (+) next to Microsoft SQL Servers. 3. Click the plus sign (+) next to SQL Server Group. 4. Right-click the SQL Server name, and then click Properties. 5. In the Properties dialog, click the Security tab. 6. Under Authentication, click Windows only, and then click OK.

If you have used a domain account that does not already have database creation rights in SQL Server, you can givethe account this access in SQL Server Enterprise Manager. This is a one-time-only change. After you grant databasecreation permissions to the account used by the Windows SharePoint Services administration virtual server, thisaccount can create databases for any subsequent virtual servers.

Grant database creation rights in SQL Server1. On the server computer running SQL Server 2000, click Start, point to All Programs, point to Microsoft

SQL Server, and then click Enterprise Manager.2. In Enterprise Manager, click the plus sign (+) next to Microsoft SQL Servers.3. Click the plus sign (+) next to SQL Server Group and then click the plus sign (+) next to your SQL Server

computer.4. Click the plus sign (+) next to Security, right-click Logins, and then click New Login.


5. In the Security box, type the account in the form DOMAIN\account.6. Click the Server Roles tab on the SQL Server Login Properties - New Login.7. In the Server Role list, select the Security Administrators and Database Creators check boxes, and

then click OK.

After you have completed setting up your back-end database server, you are now ready to proceed with configuringthe first front-end server.

Configuring the First Front-End ServerTo configure your first front-end Web server, you must perform the following steps.

Create a virtual server and configure the authentication method.

If you are not using the default virtual server in IIS, you must create a new virtual server and map it to the hostname of the server that will provide the content. The simplest way to set up a new virtual server is to use thedefault virtual server in IIS. Whichever method you choose, you must specify the authentication method(Integrated Windows authentication in this case) to use for the virtual server.

Install Windows SharePoint Services by using the server farm option and create the administration virtualserver and configuration database.

You must install Windows SharePoint Services on each front-end Web server. Using the Server Farm optionallows you to install Windows SharePoint Services without also installing Microsoft SQL Server 2000Desktop Engine (Windows) (WMSDE). You must also create the administration virtual server andconfiguration database. You only need to create the configuration database when you configure the firstfront-end Web server; for subsequent front-end servers you simply connect to the configuration and contentdatabases.

Extend the new virtual server.

Before you can create sites, you must extend the new virtual server and create the content database. Whenyou extend the virtual servers on additional front-end Web servers, you connect to the same content databaseso that they provide the same site content.

Creating a New Virtual Server and Configuring AuthenticationWhen IIS is configured and ready to work with SQL Server, you can use the Default Web site or create a new virtualserver to host your sites.

NoteÂ Â The default Web Site is configured to use port 80. Creating a new virtual server will require either changingthe default Web siteâ€™s port to another unused port or adding a host header. If you do not change the port or use ahost header, the new virtual server will be unable to start. For additional information, see the IIS 6.0 Documentation.

Create a virtual server1. Click Start, point to All Programs, point to Administration Tools, and then click Internet Information

Services (IIS) Manager. 2. In the left-hand column, click the plus sign (+) next to the server name you want to add a virtual server to. 3. Right-click the Web Sites folder, point to New, and then click Web site.

The Web Site Create Wizard appears.4. Click Next. 5. In the Description box, type the description of your virtual server, and then click Next. 6. In the Enter the IP address to use for this Web site list, clickAll Unassigned or bind to a specific IP

address in this list.

NoteÂ Â You can create multiple virtual servers by using IIS Host Headers with All Unassigned or, if youWindows SharePoint Services Administrator's Guide Página 72 de 382

are using Windows SharePoint Services SP2, by creating IP-bound virtual servers.

Windows Server 2003 allows multiple IP addresses to be assigned to a single network adapter, if necessary.Note that IP-bound virtual servers are not supported in pre-SP2 versions of Windows SharePoint Services.

7. In the TCP port this Web site should use (Default: 80) box, type the port number to assign to the virtualserver.

8. Click Next. 9. In the Path box, type or browse to the path on your hard disk where the site content will go. 10.If you do not want to allow anonymous access to your virtual server, clear the Allow anonymous access to

this Web site check box. 11.Click Next. 12.On the Web Site Access Permissions page, select the permissions to use, and then click Next.

The default permissions, Read and Run Scripts (such as ASP), are recommended. The Execute (such asISAPI applications or CGI) permission will be added automatically to the appropriate folders by WindowsSharePoint Services.

13. Click Finish.

Now you can configure the authentication method to use for the new virtual server.

Configure the authentication method for the virtual server1. On the first front-end Web server, in Internet Information Services, right-click the virtual server that will

be used for the SharePoint site, and then click Properties. 2. On the Directory Security tab, under Authentication and access control, click Edit. 3. Select the Integrated Windows authentication check box, and clear all other authentication method check

boxes. 4. Click OK to close the Authentication Methods dialog box. 5. Click OK again to close the Properties dialog box.

Installing and Configuring Windows SharePoint Services on the FirstFront-End Web serverYou must install Windows SharePoint Services by using the Server Farm option.

If you are using more than one front-end Web server for your intranet sites, you must install Windows SharePointServices with the Server Farm option on each front-end server. You create the configuration database only oncebecause any additional front-end Web server servers you create will connect to the same configuration database.

Install Windows SharePoint Services with the Server Farm Option1. Download STSV2.exe to your computer.


This will begin the Windows SharePoint Services installation.3. On the End-User License Agreement page, review the terms, and then select the I accept the terms in the


Setup runs and installs Windows SharePoint Services. When the installation completes your browser opens tothe Configure Administrative Virtual Server page.

6. Choose to either use an existing application pool or create a new application pool.7. Select either a predefined security account or a configurable security account.



NoteÂ Â This should be the domain account, configured in SQL Server earlier.8. Choose either NTLM or Kerberos authentication in the Security configuration section.

NoteÂ Â Choosing Kerberos authentication will require additional steps if you are using a domain account asthe application pool identity for the virtual server. The account must be configured as a Service PrincipalName (SPN). You must have domain administrator rights to configure a Service Principal Name (SPN).Refer to the Knowledge Base article 832769: How to configure a Windows SharePoint Services virtualserver to use Kerberos authentication for additional information.

9. Click OK.10.When the Application Pool Changed page appears, click Start, and then click Run.11.Type iisreset, and then click OK.12.When the command completes, click OK.

The Set Configuration Database Server page appears.13.If you are configuring Windows SharePoint Services for scalable hosting mode, do not perform the remaining

steps. Instead, specify the configuration database by using the command line utility, stsadm.exe, with the -hhparameter, as directed in Server Farm Scalable Hosting Mode Deployment. However, if you want to usetraditional IIS hosting mode, complete the remaining steps.

14.Type the NETBIOS name of the server running SQL Server 2000.15.Type the SQL Server database name or click the check box to use an existing configuration data base.16.Select the connection type to use either Integrated Windows or SQL authentication.17.Choose the Active Directory Account Creation mode you want to use.

NoteÂ Â This mode cannot be changed at a later time without uninstalling and reinstalling WindowsSharePoint Services.

18.Click OK.

You will be directed to the Windows SharePoint Services Central Administration page where you can beginconfiguring Windows SharePoint Services. For more information, see Extending the new virtual server.

Extending the New Virtual ServerWith the administration virtual server and configuration database in place, you can extend the virtual server to host theintranet sites. This document uses the HTML Administration pages to extend the virtual server.

Extend the virtual server by using the HTML administration pages1. On the SharePoint Central Administration page click Extend or upgrade virtual server. 2. On the Virtual Server List page, click the name of the virtual server to extend. 3. On the Extend Virtual Server page, in the Provisioning Options section, select Extend and create a

content database. 4. In the Application Pool section, select Create a new application pool.5. In the Application pool name box, type a name for your new application pool. 6. Under Select a security account for this application pool, select Configurable. 7. In the User name box, type the domain account to use for the application pool.

It is recommended that you use a dedicated account for this account, rather than a user's login account. Also,it is recommended that you use the same account for each application pool that hosts the same content.

8. In the Password box, type the password for the account, and then confirm it. 9. In the Security Configuration section, choose either NTLM or Kerberos authentication.

NoteÂ Â Choosing Kerberos authentication will require additional steps if you are using a domain account asthe application pool identity for the virtual server. The account must be configured as a Service PrincipalName (SPN). You must have domain administrator rights to configure a Service Principal Name (SPN).




Refer to the Microsoft Knowledge Base article 832769: How to configure a Windows SharePoint Servicesvirtual server to use Kerberos authentication for additional information.

NoteÂ Â No manual configuration step is needed for Kerberos authentication if network service is used asthe application pool identity

10.In the Site Owner section, in the Account name box, type the user name for the site owner (in the formatDOMAIN\account if the account is part of a Windows domain group).

11.In the E-mail address box, type the e-mail address that corresponds to the account. 12.In the Database Settings section, enter the following database connection information:

o In the Database server box, type the server name for your SQL Server. o In the Database name box, type the name to use for your content database or use the default content

database. 13.If you want to specify a path for the URL, in the Custom URL path box, type the path to use. 14.If you are using quotas, select a template in the Select a quota template box of the Quota Settings


Configuring the Second Front-End ServerTo configure your second front-end Web server, you must perform the following steps.

Create a virtual server and configure the authentication method.

Before you can create sites for your extranet, you must create the virtual server to contain them in IIS, andspecify the authentication method to use (Basic authentication with Secure Sockets Layer in this case).

Install Windows SharePoint Services in the server farm configuration.

You must install Windows SharePoint Services on each front-end Web server. Using the Server Farm optionallows you to install Windows SharePoint Services without also installing Microsoft SQL Server 2000Desktop Engine (Windows) (WMSDE). You must also create an application pool for the extranet sites andconnect to the configuration database after installation.

Extend the virtual server.

Before you can create sites, you must extend the extranet virtual server. The extranet virtual server isconnected to the same content databases as the intranet virtual server, so that they provide the same sitecontent.

NoteÂ Â The default Web Site is configured to use port 80. Creating a new virtual server will require either changingthe default Web site's port to another unused port or adding a host header. If this is not done, the new virtual serverwill not start.

Create a new virtual server1. Click Start, point to All Programs, point to Administration Tools, and then click Internet Information

Services (IIS) Manager. 2. In the left-hand column, click the plus sign (+) next to the server name you want to add a virtual server to. 3. Right-click the Web Sites folder, point to New, and then click Web site.

The Web Site Create Wizard appears.4. Click Next. 5. In the Description box, type the description of your virtual server, and then click Next. 6. In the Enter the IP address to use for this Web site list, click All Unassigned or bind to a specific IP

address in this list.

NoteÂ Â You can create multiple virtual servers by using IIS Host Headers with All Unassigned or, if you




are using Windows SharePoint Services SP2, by creating IP-bound virtual servers.

Windows Server 2003 allows multiple IP addresses to be assigned to a single network adapter, if necessary.Note that IP-bound virtual servers are not supported in pre-SP2 versions of Windows SharePoint Services.

7. In the TCP port this web site should use (Default: 80) box, type the port number to assign to the virtualserver.

8. In the Host Header for this site (Default: None) box, type the header you want to use, and then clickNext.

9. In the Path box, type or browse to the path on your hard disk where the site content will go. 10.Clear the Allow anonymous access to this Web site check box, and then click Next. 11.On the Web Site Access Permissions page, select the permissions to use, and then click Next.

If other users are allowed to contribute to the site, you must select at least the Read, Write, and Browsecheck boxes. If your virtual server allows scripts to be run, you must also select the Run scripts (such asASP) check box. If you want to allow Internet Server Application Programming Interface (ISAPI)applications or Common Gateway Interface (CGI) scripts to be used on your virtual server, you must alsoselect the Execute (such as ISAPI applications or CGI) check box.

12. Click Finish.

Now you can configure the authentication method to use for the extranet virtual server.

Configure the authentication method for the second virtual server1. On the second front-end Web server, in Internet Information Services, right-click the virtual server that

will be used for the extranet site, and then click Properties. 2. On the Directory Security tab, under Authentication and access control, click Edit. 3. Select the Basic authentication check box, and clear all other authentication method check boxes. 4. Click OK to close the Authentication Methods dialog box. 5. On the Directory Security tab, under Secure communications, click Edit. 6. On the Secure Communications dialog box, select the Require secure channel (SSL) check box, and

then click OK. 7. Click OK again to close the Properties dialog box.

NoteÂ Â You must have a certificate before you can enable SSL. For more information about SSL certificates, seethe topics About Certificates and Setting Up SSL on Your Server in IIS 6.0 online Help. For more informationabout IIS authentication methods, see the topic About authentication in IIS 6.0 online Help.

After you have configured the authentication method, you can install Windows SharePoint Services.

Installing and Configuring Windows SharePoint Services on theSecond front-end Web serverYou must install Windows SharePoint Services by using the Server Farm option.

If you are using more than one front-end Web server for your intranet sites, you must install Windows SharePointServices with the Server Farm option on each front-end server. You create the configuration database only oncebecause any additional front-end Web server servers you create will connect to the same configuration database.

Install Windows SharePoint Services with the Server Farm Option 1. Download STSV2.exe to your computer.


This will begin the Windows SharePoint Services installation.



3. On the End-User License Agreement page, review the terms, and then select the I accept the terms in theLicense Agreement check box, and then click Next.

4. On the Type of Installation page, click Server Farm, and then click Next.5. On the Summary page, verify that only Windows SharePoint Services will be installed, and then click Install.

Setup runs and installs Windows SharePoint Services. When the installation completes Internet Explorer willopen to the Configure Administrative Virtual Server page.

6. Choose to either use an existing application pool or create a new application pool.7. Select either a predefined security account or a configurable security account.

NoteÂ Â This should be the domain account, configured in SQL Server earlier.8. Choose either NTLM or Kerberos authentication in the Security configuration section.

NoteÂ Â Choosing Kerberos authentication will require additional steps if you are using a domain account asthe application pool identity for the virtual server. The account must be configured as a Service PrincipalName (SPN). You must have domain administrator rights to configure a Service Principal Name (SPN).Refer to the Knowledge Base article 832769: How to configure a Windows SharePoint Services virtualserver to use Kerberos authentication for additional information.

9. Click OK.10.When the application pool changed page appears, click Start then click Run.11.Type iisreset and then click OK.12.When the command completes, click OK.

The Set Configuration Database Server page appears.

NoteÂ Â In the following steps, you will use the same configuration database, connection type, and accounttype that you used when you setup the intranet on your first front-end Web server.

13.Type the NETBIOS name of the server running SQL Server 2000 that you used when you setup your firstfront-end Web server.

14.Type the name of the configuration database that was created when you setup the first front-end Web server.15.Select the Database connection type to use either Integrated Windows or SQL authentication.

ImportantÂ Â You must use the same authentication type you used on the first front-end Web server.16.Click Connect to the existing configuration database.

Notice that the option to specify the Active Directory Account Creation option is unavailable. Because thissetting was already configured when you created the configuration database it is not necessary to set thisagain.

17.Click OK.

The Windows SharePoint Services Central Administration page opens, where you can begin configuringWindows SharePoint Services. Proceed to Extending the New Virtual Server to extend your virtual server.

Extending the New Virtual ServerWith the administration virtual server and configuration database in place, you can extend the virtual server to hostsites. You can use either the command line or HTML Administration pages to extend the virtual server. However, thisdocument uses the HTML Administration pages to extend the virtual server.

Extend the virtual server by using the HTML administration pages1. Click Start, point to Programs, point to Administration Tools, and then click SharePoint Central

Administration. 2. Click Extend or upgrade virtual server. 3. On the Virtual Server List page, click the virtual server you want to extend.




4. On the Extend Virtual Server page, in the Provisioning Options section, click Extend and map to anothervirtual server.

5. On the Extend and Map to another virtual server page, in the Server Mapping section, in the Hostname or IIS virtual server name box, select the name of the host or virtual server that you want to use.

NoteÂ Â This will be the name of the virtual server on the first front-end Web server.6. In the Application Pool section, select Create a new application pool.7. In the Application pool name box, type a name for your new application pool. 8. Under Select a security account for this application pool, select Configurable. 9. In the User name box, type the domain account to use for the application pool.

It is recommended that you use a dedicated account for this account, rather than a user's login account. Also,it is recommended that you use the same account for each application pool that hosts the same content.

10. In the Password box, type the password for the account, and then confirm it. 11.In the Security Configuration section, choose either NTLM or Kerberos authentication.

NoteÂ Â Choosing Kerberos authentication will require additional steps if you are using a domain account asthe application pool identity for the virtual server. The account must be configured as a Service PrincipalName (SPN). You must have domain administrator rights to configure a Service Principal Name (SPN).Refer to the Microsoft Knowledge Base article 832769: How to configure a Windows SharePoint Servicesvirtual server to use Kerberos authentication for additional information.

NoteÂ Â No manual configuration step is needed for Kerberos authentication if network service is used asthe application pool identity

12.Click Submit.

Creating SitesAfter following the steps above, you are ready to create sites for your users. This is the last step in the process forsetting up your intranet/extranet server farm. After this step, you can start adding users and managing the sites.

Create a site by using the HTML administration pages1. Click Start, point to Administrative Tools, and then click SharePoint Central Administration.2. On the SharePoint Central Administration page, click Create a top-level Web site.3. On the Virtual Server List page, select the virtual server which will host the new site.4. On the Create Top-level Web Site page, in the Web Site Address section, specify the URL and URL path

for the new top level site.5. In the Site Collection Owner section, type the site owner's name and email address.6. In the Secondary Owner section, optionally provide the secondary owner's username and email address.7. In the Quota Template section, optionally select a predefined quota template.8. In the Site Language section, select the language template this site will use.9. Click OK.

Next StepsYour server farm is now set up for serving the same content on both an intranet and extranet. You can start addingusers and managing sites, or you can perform the following optional, but recommended steps:

To allow access to both the intranet and extranet site, the internal and external DNS servers must beconfigured. For more information about designing and configuring DNS, search Windows Server 2003 Helpfor DNS.

Update the servers with the latest service packs and security patches and follow the security best practicesrecommended by Microsoft.

It is recommended that you help protect your administration virtual server by either using a firewall to block




access, or by using Secure Sockets Layer (SSL) for the port. For more information, see ConfiguringAuthentication.

As your sites increase in number and size, you will want to be able to add content databases or changeconnections to the content databases. For more information about content databases, see Managing ContentDatabases.



Separate Active DirectoryDirectory Service OrganizationUnit DeploymentA new feature of Microsoft Windows SharePoint Services is account creation mode for Active Directory directoryservice. This feature replaces the local account creation feature in SharePoint Team Services 1.0 from Microsoft. UseActive Directory account creation mode when it is necessary to create new user accounts rather than using existingdomain accounts. For example, an Internet service provider (ISP) might need the ability to allow SharePoint siteowners the capability to create user accounts or invite users to collaborate on a Web site where existing domainaccounts for those users do not already exist.

In order to run Windows SharePoint Services in Active Directory account creation mode, your Web servers must bemembers of a Microsoft Windows 2000 or Microsoft Windows Server 2003 domain.

NoteÂ Â Active Directory account creation mode is not supported when you install Windows SharePoint Services toa domain controller computer.

NoteÂ Â Prior to Service Pack 2 (SP2), Windows SharePoint Services configured IIS to use Integrated WindowsAuthentication (NTLM). Windows SharePoint Services SP2 no longer sets the authentication method and allowseither NTLM or Kerberos authentication. When using a Configurable security account with Kerberos authentication,additional steps might be required to set the Service Principal Name (SPN) for the account. For additionalinformation, see Installation Considerations for Windows SharePoint Services, What's New In Windows SharePointServices Service Pack 2, and the Microsoft Knowledge base article 832769: How to configure a WindowsSharePoint Services virtual server to use Kerberos authentication.

Hosting Mode OptionsThere are two modes that you can choose from when you install and configure Windows SharePoint Services with aseparate Microsoft Active Directory directory service organizational unit:

Traditional IIS hosting modeÂ Â Uses one virtual server per top-level site. For example,http://www.adatum.com and http://www.adventure-works.com are hosted on two different IIS virtual servers.This is the typical hosting mode for Internet Information Server 6.0 and supports the advanced extranetfeatures in Windows SharePoint Services SP2.

Scalable hosting modeÂ Â An advanced configuration where a single virtual server is configured to hostmany host-named sites. For example, http://site1.adatum.com, http://site2.adatum.com, or any host namemapped to the IP address of the Web server. Advanced extranet features are not supported in this mode.The domain controller must reside on a separate server.

To configure either mode, you perform the following tasks on the domain controller, SQL Server computer, and Webserver in the order listed.

Prepare the domain controller:1. Create a domain controller account for Windows SharePoint Services processes.

NoteÂ Â If you will use Kerberos authentication and the security account is not network service, configurethe accounts as Service Principal Name (SPN).

2. Create an organizational unit (OU) for the user accounts.




3. Delegate permissions to the organizational unit.

Prepare the SQL Server:1. Enable Integrated Windows Authentication for SQL Server.2. Grant database creation rights in SQL Sever.

Prepare the Web server computers:1. Install Windows SharePoint Services with the Server Farm option.2. Create the administration virtual server application pool.3. Create the configuration database and specify the Active Directory account creation mode.

o For traditional IIS hosting, use HTML Administration Pages.o For scalable IIS hosting, use the command line utility stsadm.exe.

4. Specify the e-mail server settings.5. Extend a virtual server.6. Specify the host name for the first site (scalable hosting mode only).7. Create a site.

The steps for preparing the domain controller and SQL Server are the same for either mode. The steps for preparingthe Web server computers differ slightly. When you are using scalable hosting mode you must be sure to use the hhparameter (only available from the command line) when you create the configuration database, which is covered inConfiguring Windows SharePoint Services for Scalable Hosting Mode.

You must have at least one member Web server with SQL Server 2000 Service Pack 3 or later installed and at leastone domain controller to be able to configure Windows SharePoint Services in Active Directory account creationmode following the steps below.

Preparing the Domain ControllerWhether you are planning a smaller installation of Windows SharePoint Services (traditional IIS hosting mode) or alarge server farm (scalable hosting mode), you follow the same steps to prepare your domain controller computer.

Create a domain account for Windows SharePoint Services processes1. On the domain controller, create an account that will be used by Windows SharePoint Services to create new

domain accounts.

For example, create a new account called SharePoint_admin.2. Configure the account such that the password does not need to be changed at the next logon and does not

expire.3. If you will use Kerberos authentication and the security account is not network service, configure the accounts

as Service Principal Name (SPN).

NoteÂ Â Information about configuring a security account as a Service Principal Name (SPN) is available inthe Microsoft Knowledge base article 832769: How to configure a Windows SharePoint Services virtualserver to use Kerberos authentication.

The account must be a member of the Domain Users group, which is the default group for new accounts. For moreinformation about creating an account on your domain controller, see the Windows Server 2003 Help system.

After the domain controller account has been created, you need to define an organizational unit within which WindowsSharePoint Services can create new user accounts. You must use the same organizational unit for all user accounts forWindows SharePoint Services within a server farm.

CautionÂ Â When configuring your server in Active Directory account creation mode, it is recommended that theserver administrator account is not in the same organizational unit as the one used for creating accounts. The




application pool identities associated with each virtual server must have permissions to change account properties inthe defined organizational unit. This configuration allows site collection administrators to have the right to change someproperties (such as the password) in that organizational unit. Because of this, it is strongly recommended that you donot add any accounts in the defined Windows SharePoint Services account creation organizational unit, and onlyallow the accounts that Windows SharePoint Services creates.

Create an organizational unit (OU) for the user accounts1. On your Active Directory server, click Start, point to All Programs, point to Administrative Tools, and

then click Active Directory Users and Computers. 2. Right-click the Active Directory domain name, click New, and then click Organizational Unit. 3. Type a name for the organizational unit.

For example, name the organizational unit "sharepoint_ou" for simplicity.4. Click OK.

NoteÂ Â Windows SharePoint Services also supports nested OUs, such as sharepoint_ou as a child of theparent OU SharePoint.

For more information about creating an organizational unit, see the Windows Server 2003 Help system.

In order for Windows SharePoint Services to have permissions to create accounts in the sharepoint_ou organizationalunit, the domain controller account must have the correct permissions delegated to it.

NoteÂ Â The steps below reflect the user interface for Windows Server 2003 and may vary from a Windows 2000domain controller. For more information about delegating permissions to an organizational unit, see the Help systemfor Windows Server 2003 or Windows 2000.

Delegate permissions to the organizational unit1. On your Active Directory server, click Start, point to All Programs, point to Administrative Tools, and

then click Active Directory Users and Computers.2. Right-click the new organizational unit, and then click Delegate control.3. In the Welcome pane, click Next.4. In the Users and Groups pane, click Add.5. In the Enter the object names to select box, type the user name that you are planning to use for the

administration application pool identity, and then click OK.6. Click Next.7. In the Tasks to Delegate pane, select the Create, delete, and manage user accounts check box and

the Read all user information check box, and then click Next.8. Click Finish.

Preparing SQL ServerYou must configure your SQL Server installation to work with Windows SharePoint Services. For WindowsSharePoint Services to be able to connect to your SQL Server database, it is recommended that you configure theSQL Server database to use Windows authentication.

Enable Windows authentication for SQL Server1. On your server computer, click Start, point to All Programs, point to Microsoft SQL Server, and then

click Enterprise Manager. 2. In Enterprise Manager, click the plus sign (+) next to Microsoft SQL Servers. 3. Click the plus sign (+) next to SQL Server Group. 4. Right-click the SQL Server name, and then click Properties. 5. In the Properties dialog box, click the Security tab. 6. Under Authentication, select Windows only, and then click OK.


If you have used a domain account that does not already have database creation rights in SQL Server, you can givethe account this access using SQL Server Enterprise Manager. This is a one-time-only change. Once you havegranted database creation permissions to the account used by the Windows SharePoint Services administration virtualserver, this account can create databases for any subsequent virtual servers.

Grant database creation rights in SQL Server1. On your server computer, click Start, point to All Programs, point to Microsoft SQL Server, and then


to SQL Server Group, and then click the plus sign (+) next to your SQL Server computer. 3. Click the plus sign (+) next to Security, and then right-click Logins, and click New Login. 4. In the Name box, type the account in the form DOMAIN\name. 5. Click the Server Roles tab. 6. In the Server Role list, select the Security Administrators and Database Creators check boxes, and

then click OK.

Configuring the Web Server ComputersTo use Active Directory account creation mode, you must install Windows SharePoint Services without installingWMSDE. To do so, you use the Server Farm option. Note that the Server Farm option is used even if your SQLServer installation is on the same computer.

NoteÂ Â The following procedures assume that each server on which you are installing Windows SharePointServices is running IIS and ASP.NET. For more information, see Preparing your Front-end Web Servers forWindows SharePoint Services.

Installing Windows SharePoint Services on Windows Server 2003

Perform the following procedure to install Windows SharePoint Services on Windows Server 2003 with SQL Serveras the database.


You can download STSV2.exe from the Microsoft Web site.2. Run STSV2.exe to extract the installation files.

This will begin the Windows SharePoint Services installation.3. On the End-User License Agreement page, review the terms, and then select the I accept the terms in the


Setup installs Windows SharePoint Services. When installation is complete, your browser opens theConfigure Administrative Virtual Server page.

6. Choose to either use an existing application pool or create a new application pool. 7. Select either a predefined security account or a configurable security account.

NoteÂ Â You must use the account you created earlier on the Active Directory domain controller.8. Choose either NTLM or Kerberos authentication in the Security configuration section.

NoteÂ Â Choosing Kerberos authentication will require additional steps if you are using a domain account.The account must be configured as a Service Principal Name (SPN). You must have domain administrator



rights to configure a Service Principal Name (SPN). Refer to the Microsoft Knowledge Base article 832769:How to configure a Windows SharePoint Services virtual server to use Kerberos authentication for additionalinformation.

9. Click OK.10.When the Application Pool Changed page appears, click Start, and then click Run.11.Type iisreset, and then click OK.12.When the command completes, click OK.

NoteÂ Â If you are configuring Windows SharePoint Services for scalable hosting mode, do not performsteps 14 through 20 because scalable hosting mode requires setting the configuration data base using thecommand line utility stsadm.exe. To configure Windows SharePoint Services for scalable hosting mode,proceed to Configuring Windows SharePoint Services for Scalable Hosting Mode. Otherwise, to configureWindows SharePoint Services for Traditional IIS hosting mode, complete steps 14 through 20.

The Set Configuration Database Server page appears.13.Type the NETBIOS name of the server running SQL Server 2000.14.Type the SQL Server database name or click the check box to use an existing configuration data base.15.Select the connection type to use either Integrated Windows or SQL authentication.16.Click Automatically create Active Directory Account for this site.

NoteÂ Â This mode cannot be changed at a later time without uninstalling and reinstalling WindowsSharePoint Services.

17.Enter the Active directory domain and Organizational Unit.18.Click OK.

The Windows SharePoint Services Central Administration page appears.19.Minimize or close this page and click Finish.

Configuring Windows SharePoint Services for Scalable Hosting Mode

To configure Windows SharePoint Services for scalable hosting mode, you must use the stsadm.exe utility at thecommand line. The stsadm.exe utility is available at the following path: %drive%\program files\Microsoft Shared\webserver extensions\60\bin, where %drive% is the drive on which you installed Windows SharePoint Services.

For a complete list of operations and parameters for the stsadm.exe utility, see Command-Line Operations andCommand-Line Parameters.

Create the configuration database and specify Active Directory account creation mode by using thecommand line

When you create the configuration database, you specify that Windows SharePoint Services uses Active Directoryaccount creation mode. If you are using scalable hosting mode, you must also use the hh parameter with thesetconfigdb operation.

To create the configuration database in traditional IIS hosting mode, use the following syntax:Stsadm.exe -o setconfigdb -ds <database server name> -dn <sts_config>

-adcreation -addomain <domain_name> -adou <sharepoint_ou>

NoteÂ Â When using nested OUs the correct syntax to use is:Stsadm.exe -o setconfigdb -ds <server name> -dn <configdatabase>

-adcreation -addomain <DOMAIN\account> -adou <"ChildOU,OU=ParentOU">

For example, if your Child OU is SharepointOU and your Parent OU is Sharepoint, you would use




"SharepointOU,OU=Sharepoint" as the value of the adou parameter.

NoteÂ Â Be sure to use the NETBIOS name of your server for the Active Directory domain, not the fully-qualifieddomain name. For example, use the form server_name_test, not server_name_test.adatum.com.

To create the configuration database in scalable hosting mode, use the following syntax:Stsadm.exe -o setconfigdb -ds <database server name> -dn <sts_config>

-hh -adcreation -addomain <domain_name> -adou <sharepoint_ou>

Specify the e-mail server settings

You must specify an SMTP server to use in order for invitation e-mail to work in Active Directory account creationmode. To specify an e-mail server, you use the email operation.stsadm.exe -o email -outsmtpserver <SMTP server>

-fromaddress <[email protected]> -replytoaddress <[email protected]>

-codepage <codepage>

Extending a virtual server

After you set up the connection to your SQL Server computer, you are ready to extend the virtual servers on yourWeb server computer with Windows SharePoint Services. When you extend a virtual server, Windows SharePointServices is applied to a virtual server and a top-level Web site is created. For either mode, you must extend the virtualserver without creating a site. You use the donotcreatesite parameter with the extendvs operation to extend a virtualserver without creating a site.

Extend a virtual server

To extend the virtual server without creating the default top-level Web site use the following syntax:Stsadm.exe -o extendvs -url <http://server_name.domain>

-ownerlogin <domain\name> -owneremail <[email protected]> -exclusivelyusentlm <yes/no>

[-ds <sqlservername>]

[-dn <sts_content>]

[-donotcreatesite]

[-apcreatenew]

[-apidname <stscontent>]

[-apidtype <configurableid>

[-apidlogin <DOMAIN\account>

[-apidpwd <app pool password>] [-exclusivelyusentlm]

For the apidlogin parameter, enter a domain account in the format DOMAIN\account. It is recommended that youuse a different account than the account you used for the application pool for the administration virtual server.

NoteÂ Â This account must also have the correct permissions delegated to it. This account must be able to create,delete, and manage accounts in the organizational unit for Windows SharePoint Services.

Setting up a test environment

If you are setting up the multiple host names model for your server farm, you need to create the mapping for the sitesyou will create for users. The following example shows one way to set up a test environment with multiple host namedsites. In a real deployment, you would map the host names in the Domain Name System (DNS).

Add host names for the IP address and create sites1. Open the c:\WINNT\system32\drivers\etc\hosts file. 2. Add the IP address for the virtual server that will host your sites, and then add the host names to use. By


default, the IP address assigned to your server will be the IP address you enter into the hosts file. You can getthis IP address by opening a command prompt window and running the IPCONFIG command.

For example, if the IP address of your server is 111.11.111.11, you could add the following entries to thehosts file:


111.11.111.11 user2.myserver.com


111.11.111.11 team1.myserver.com

Noteso The IP address must be in the first column and the host name must be separated by at least one space.o For testing purposes, you may have to remove any proxy server setting in Internet Explorer.

3. Save and close the hosts file.

The server must be restarted for the host file to take effect. After restarting the server, you can verify your host fileentries are correct by pinging the host name. If you ping site1.myserver.com, for example, it should return the IPaddress of the server.

Create a site

You can create a site in either scalable or traditional IIS hosting mode by using the createsite operation with thefollowing syntax:stsadm -o createsite -url <http://www.adatum.com>

-owneremail <[email protected]>

NoteÂ Â In Active Directory account creation mode, the -ownnerlogin parameter is not required. A new account willbe created based on the -owneremail parameter

Be sure to use a valid e-mail address for the owneremail address. This address will be used to send accountcredentials to new users who access the site.



Show All

Installation Considerations forWindows SharePoint ServicesThere are certain choices that you must make either before or during your installation of Microsoft WindowsSharePoint Services. Some of these choices, such as the database type you use, can be changed later without causinga lot of extra work. Other choices, such as the user account mode you will use, cannot be changed unless youuninstall and reinstall Windows SharePoint Services. If you are installing Windows SharePoint Services in a largescale environment, such as a server farm, it is critical that you make the right choices at the very beginning. Be surethat you carefully consider the following before you install Windows SharePoint Services.

NoteÂ Â If you are upgrading from SharePoint Team Services 1.0 from Microsoft, there are additional options toconsider before installing. For more information, see Upgrade Considerations.

Choosing a User Account ModeWhen you install Windows SharePoint Services, you must choose which user account mode you want to use.Windows SharePoint Services can work with either of the following user account modes:

Domain account mode

This mode is used inside organizations to grant users with existing Microsoft Windows domain accountsaccess to Windows SharePoint Services.

Active Directory account creation mode

This mode is used by Internet Service Providers to create unique user accounts for customers in MicrosoftActive Directory directory service. These accounts can then be assigned to groups in Windows SharePointServices to grant customers the appropriate level of access.

You cannot mix user account modes in Windows SharePoint Services. Rather, you must choose only one of the useraccount modes listed above. The difference between these two modes is the method you use to create user accounts.In Domain account mode, you use existing Windows domain user accounts. In Active Directory account creationmode, accounts are automatically created in the Active Directory organizational unit you specify. Regardless of theuser account mode you choose, you use the same methods to manage users of a site. You add them to the site usingtheir existing domain or Active Directory accounts, and then assign them to site groups to give them the rights theyneed to use the site.

After you install Windows SharePoint Services, you cannot change the user account mode. This is because the useraccount you specify during the install process affects how the configuration database for your server or server farm iscreated, and you cannot change user account modes after creating the configuration database.

NoteÂ Â If you use Microsoft SQL Server 2000 Desktop Engine (Windows) (WMSDE) as your database, theconfiguration database is created when you install Windows SharePoint Services. If you use SQL Server 2000 orSQL Server 2005 as your database, the configuration database is created after you install Windows SharePointServices. For more information about user account modes, see Managing Users and Cross-Site Groups.

Notes When you are in Active Directory account creation mode, there are certain administrative tasks that are

unavailable in the HTML Administration pages. For example, you cannot create a top-level Web site, you


cannot enable Self-Service Site Creation, and you cannot add a user to a site from the Central Administrationpages. To perform these actions in Active Directory account creation mode, you must use the command lineor the object model. For more information, see Using the Object Model to Manage Windows SharePointServices.

The Minimum Password Age group policy on the domain controller must be set to 0 days. Failure to do sowill result in users being unable to change their passwords, unless they have administrator rights on the server.For information on setting the Minimum Password Age group policy, see Microsoft Windows Server 2003online help.

Choosing a Database TypeWindows SharePoint Services stores all site data and content, plus server configuration information in a database thatyou specify during setup. Windows SharePoint Services supports the following databases:

Microsoft SQL Server 2000, Service Pack 3 or later or SQL Server 2005

SQL Server includes many tools for managing database processes, such as backup and restore. When usingSQL Server 2000 or SQL Server 2005, you can configure multiple back-end database servers to store asmuch content as you need and balance the load across the database servers.

Microsoft SQL Server 2000 Desktop Engine (Windows) (WMSDE) Service Pack 3 or later

WMSDE has only a small subset of the features available with SQL Server 2000. For example, WMSDEdoes not include tools for backing up and restoring the database, and does not support full text search.

Noteso Windows SharePoint Services, prior to SP2, includes WMSDE with Service Pack 3.o Windows SharePoint Services Service Pack 2 includes WMSDE with Service Pack 4.o Windows Server 2003, Web Edition and x64-based editions of Windows Server 2003 require the full

version of SQL Server 2000 rather than WMSDE.

You choose which type of database to use when you install Windows SharePoint Services. By default, WindowsSharePoint Services installs WMSDE during setup when you use the Typical option. If you have SQL Server, eitheron the same computer or on a separate computer, you can choose the Server Farm option, which does not installWMSDE. Then, after Windows SharePoint Services is installed, you can connect to the SQL Server database tocontinue configuring Windows SharePoint Services.

If you install Windows SharePoint Services on a single server with WMSDE, anticipating only light usage of yourWeb sites, and later find that you require more database power, you can migrate your data to a SQL Serverdatabase.

For more information about changing database types after installation, see Migrating from WMSDE to SQL Server.For more information about databases and architecture, see Windows SharePoint Services Architecture.

Choosing an Authentication Type for SQL ServerIf you choose to use SQL Server with Windows SharePoint Services, you must also choose the authenticationmethod to use for connections between Windows SharePoint Services and the SQL Server database or databases.You can use either Windows authentication or SQL Server authentication for these connections.

Windows authentication is more secure, because it depends on the domain credentials for a MicrosoftInternet Information Services (IIS) application pool to connect to the SQL Server database. The user nameand password are not sent between servers, but are abstracted through the IIS application pool.

NoteÂ Â Using a domain user account might require additional steps to add a Service Principal Name (SPN)to the account. Information about adding a Service Principal Name (SPN) to a domain user account is


available in Using Integrated Windows Authentication with Windows SharePoint Services and the MicrosoftKnowledge base article 832769: How to configure a Windows SharePoint Services virtual server to useKerberos authentication.

SQL Server authentication is less secure than Windows authentication, because the username and passwordfor the database administrator account are sent from server to server in unencrypted format when you connectto the database.

You make the database authentication choice after installation, when you connect to the SQL Server databases forthe first time.

For more information about security, see Windows SharePoint Services Security Model. For more information aboutauthentication methods for SQL Server 2000, see the SQL Server 2000 documentation.

About WMSDE and Authentication TypesWhen you install Windows SharePoint Services with the typical settings, WMSDE is installed to provide databasesupport. Windows SharePoint Services uses the authentication method specified in the IIS metabase, which isIntegrated Windows Authentication, by default. Integrated Windows Authentication contains both Kerberos v5authentication and NTLM authentication methods. The authentication method that is used when Windows SharePointServices connects to WMSDE is determined by the value of the NTAuthenticationProviders metabase property inIIS. If this property is not set (is null) or is set to Negotiate,NTLM then Kerberos authentication is used, otherwiseNTLM is used. For more information about Integrated Windows Authentication, see the Integrated WindowsAuthentication topic in the IIS 6.0 Administrator Guide.

NoteÂ Â In earlier versions (prior to Service Pack 2) installing Windows SharePoint Services would change theauthentication method to NTLM for all virtual servers. Windows SharePoint Services Service Pack 2 no longerchanges the default authentication method to NTLM.

SA Password

During setup, the password for the system administrator (sa) account for WMSDE is set to a random string , which isnot stored by Windows SharePoint Services. If you want to use SQL Server authentication or mixed authenticationfor connecting to the databases in WMSDE and you are going to use the sa account for the connection, you must firstchange the sa password.

NoteÂ Â Integrated Windows authentication is recommended, because it is more secure than mixed authentication.

Because the sa password created during setup is not stored, you cannot log in as the sa account to change thispassword. Instead, you must be authenticated as a member of the system administrator (sysadmin) role for WMSDE.By default, the administrators of the local computer are added to the sysadmin role for WMSDE (which also includesthe sa account), and have full administrative access to WMSDE, including the ability to change the sa password.

CautionÂ Â Be sure that you do not remove the local administrators from this role or you will not be able to changethe sa password. If you remove all users except sa from the sysamin role, without changing the sa password, theWMSDE instance will be unusable.

Choosing an IIS Application Pool ConfigurationInternet Information Services (IIS) 6.0 introduced application pools, which enable you to choose whether to run eachWeb application in a separate application pool (which is served by a worker process), run all applications in the sameshared application pool, or a combination of the two. Each application pool runs using unique security credentials,which enables you to specify the security privileges that are granted to all applications running in a particularapplication pool. Another benefit of application pools, is that if an application fails while running in a separate




application pool, the crashed application does not affect other applications that are also running in other pools.

Windows SharePoint Services supports the new application pool model in IIS 6.0. When you configure your serveror your server farm, you can choose from the following options:

One application pool for the administrative virtual server

The administrative virtual server must always have its own, separate application pool. If a domain account isused with SQL Server, the account must also be configured with Security Administrator and DatabaseCreator roles in SQL Server.

Shared application pools for all virtual servers hosting Web sites

You can choose to use the same application pool for all other virtual servers you use in Windows SharePointServices. If you do so, however, you lose the ability to set security individually for each virtual server. Youalso lose the failure protection measures that running each application in a separate application pool helps toprovide. For example, applications running on one virtual server can potentially read or write data fromanother virtual server's application, and if one virtual server fails, all virtual servers in the shared applicationpool will fail.

Separate application pools for each virtual server hosting Web sites

With separate application pools for each virtual server, you gain the ability to set security individually for eachvirtual server and the failure protection measures described earlier. If one virtual server fails, it does not affectthe others. And no application running in a separate application pool can read another application's data if theapplication is on another virtual server. However, separate application pools create more complexity in serveradministration, since unique domain accounts must be created and maintained for each application pool.

Shared application pools for all virtual servers hosting the same Web sites

In a server farm environment, you can also choose to use the same application pool accounts for any virtualservers that are hosting the same Web sites. For example, if your server farm has three IIS servers, each ofwhich has at least one virtual server that hosts the same Web site (for example, http://www.contoso.com/site),you can use the same application pool security account for all of the virtual servers hosting that site. This way,you only need to remember one set of credentials for that group of Web sites, and you can perform tasksacross a set of virtual servers in your server farm.

NoteÂ Â If you choose this configuration, you must be sure to use a domain account for the application poolsecurity account. Using a domain account for the application pool security account requires additional steps toensure that a Service Principal Name (SPN) is added to the account. Information about adding a ServicePrincipal Name (SPN) to a domain user account is available in Using Integrated Windows Authentication withWindows SharePoint Services and the Microsoft Knowledge base article 832769: How to configure aWindows SharePoint Services virtual server to use Kerberos authentication.

About Security for Application Pools AccountsApplication pools in IIS 6.0 can be configured to use predefined security accounts or configurable security accounts.

Predefined security accounts (Network Service, Local Service, Local system) are configured to useKerberos authentication.

A configurable (domain account) can be used if the predefined security accounts do not provide the securitycontrols required.

NoteÂ Â Configuring a domain account requires additional steps to add a Service Principal Name (SPN) to theaccount. Information about adding a Service Principal Name (SPN) to a domain user account is available in UsingIntegrated Windows Authentication with Windows SharePoint Services and the Microsoft Knowledge base article832769: How to configure a Windows SharePoint Services virtual server to use Kerberos authentication.

Each virtual server can be configured to support either Kerberos or NTLM authentication by setting theWindows SharePoint Services Administrator's Guide Página 90 de 382




NTAuthenticationProviders property in the IIS 6.0 metabase. Virtual servers extended with Windows SharePointServices inherit their authentication methods from IIS. By default, the NTAuthenticationProviders property is not setin the metabase, which means that authentication defaults to Kerberos authentication.

Earlier versions of Windows SharePoint Services (prior to Service Pack 2) set the NTAuthenticationProvidersproperty in the IIS metabase to NTLM when creating the SharePoint Central Administration virtual server or whenextending a virtual server with Windows SharePoint Services. This meant that existing sites which relied on Kerberosauthentication would no longer work after Windows SharePoint Services was installed.

Windows SharePoint Services Service Pack 2 allows you to select either Kerberos authentication or NTLMauthentication when extending a virtual server with Windows SharePoint Services. If NTLM is not selected then nochanges are made to the IIS metabase and Kerberos authentication is used. If the IIS 6.0 metabase had previouslybeen modified to NTLM, the NTAuthenticationProviders property in the metabase will need to be changed toNegotiate,NTLM for Kerberos authentication to be used.

You can set the NTAuthenticationProviders property for a virtual server either from the SharePoint CentralAdministration or the stsadm.exe command-line utility. A new optional parameter <-exclusivelyusentlm> is availablefor use with stsadm.exe. If this optional parameter is not used, the virtual server is not modified and retains the originalauthentication configuration.

Notes After a virtual server has been extended from the SharePoint Central Administration page you must use the

IIS command line utility, adsutil.vbs, to modify the NTAuthenticationProviders Metabase property in IIS.Instructions for doing this can be found in the Microsoft Knowledge base article 832769: How to configure aWindows SharePoint Services virtual server to use Kerberos authentication.

Additional information about Command Line Operations can be found in the Reference section of theWindows SharePoint Services Administrators Guide.

If you want to use Kerberos authentication, you must perform additional steps to configure a Service Principal Name(SPN). For more information about viewing and changing the NTAuthenticationProviders property in the IIS 6.0metabase and configuring a Service Principal Name (SPN), see Using Integrated Windows Authentication withWindows SharePoint Services and the Microsoft Knowledge base article 832769: How to configure a WindowsSharePoint Services virtual server to use Kerberos authentication.

Installing Windows SharePoint Services onx64-Based Operating SystemsWindows SharePoint Services SP2 has been certified to run on x64-based versions of Windows Server 2003.Installing Windows SharePoint Services SP2 is similar to installing on 32-bit versions, with the following exceptions:

IIS must be configured for 32-bit emulation mode, either at the time of installation or at a later time by usingthe adsutil.vbs IIS administration utility from the command line.

x64-based editions supports both Typical installation as well as server farm installations. Applications requiring ASP.NET 1.1 will require downloading, installing, and configuring IIS.

For the download location of ASP.NET 1.1, see Installation Points for Windows SharePoint Services.

NoteÂ Â Windows SharePoint Services is not supported on Itanium-based versions of Windows Server2003.

Verifying that FrontPage 2002 Server ExtensionsAre Not Running on Port 80Windows SharePoint Services Administrator's Guide Página 91 de 382





If you are installing Windows SharePoint Services with the default (Typical) option, verify that FrontPage 2002Server Extensions from Microsoft are not installed and running on the default virtual server on port 80 before youinstall. Otherwise, the virtual server will not be extended when you install Windows SharePoint Services.

NoteÂ Â If you upgraded from Windows 2000 to Windows Server 2003, FrontPage 2002 Server Extensions wereinstalled by default to port 80.

If FrontPage 2002 Server Extensions are using port 80, and you are using the site on that virtual server, you mustback up the site to preserve your data, and then unextend the virtual server by using Microsoft SharePointAdministrator before installing Windows SharePoint Services. After installation, you can restore the site to adifferent virtual server to continue using FrontPage 2002 Server Extensions, or to the same virtual server to upgrade itto Windows SharePoint Services. If you are not using the site, you can simply unextend the virtual server, and theninstall Windows SharePoint Services. For more information about backing up and restoring Web sites, see Migratingand Upgrading Web Sites.

Related TopicsFor more information about installing Windows SharePoint Services, see the following topics:

Preparing your Front-end Web Servers for Windows SharePoint Services Single Server Deployment Remote SQL Server Deployment Server Farm Scalable Hosting Mode Deployment Configuring Two Virtual Servers to Host the Same Content Separate Active Directory Directory Service Organization Unit Deployment Performing a Quiet Installation



Installation Points for WindowsSharePoint ServicesThis topic helps you find the installation points and update locations for features and components of WindowsSharePoint Services and other products and technologies that work with Microsoft Windows SharePoint Services.

Installation Points for Administrators of WindowsSharePoint ServicesThe following table lists the components of Windows SharePoint Services and related Microsoft offerings that anadministrator of Windows SharePoint Services may want to install. The table includes the Web download locations,as well as the location for any updates (hotfixes, service packs, and so on), and information about CD availability.Component Web download location CD availability Update location

Windows SharePointServices Microsoft Download Center

Yes, on the MicrosoftOffice SharePoint PortalServer 2003 CD

Critical and security fixeswill be on MicrosoftWindows Update and theMicrosoft Download Center. Other updates will be onthe download center.

Windows SharePointServices Language Packs Microsoft Download Center No None

SharePoint Migration Tool(smigrate.exe)

Included with WindowsSharePoint Services or Microsoft Windows Update

No

Microsoft Windows Update*

See note following this table

Virus Scanner See the partner list on the Microsoft Web site No

Updates to the core virusscanning code in WindowsSharePoint Services will beposted to MicrosoftWindows Update.

Microsoft SQL Server2000

No download available forthe full product Yes Microsoft SQL Server

download centerMicrosoft SQL Server2000 Desktop Engine(Windows) (WMSDE)

Included with WindowsSharePoint Services No

Microsoft SQL Serverdownload center orMicrosoft Windows Update

Internet InformationServices (IIS) version 6.0

Included with WindowsServer 2003

Yes, on Windows Server2003 CD

Microsoft Download Centeror Microsoft WindowsUpdate

ASP.NET (Microsoft .NETFramework version1.1.4322 or later)

Microsoft Download Center

Yes, included withMicrosoft .NET FrameworkCD or Microsoft WindowsServer Family

Microsoft Windows Update

Microsoft Exchange Server2000 or later (for use withe-mail-enabled documentlibraries)

No Yes Microsoft ExchangeDownloads
























NoteÂ Â To find the SharePoint Migration tool on the Windows Update site, click Windows Update Catalog.Click Find updates for Microsoft Windows operation systems. In the Operating system list, click WindowsServer 2003 family. In the Language list, click the language you need, and then click Search. The SharePointMigration tool is available in the Recommended Updates, if it is not already installed.

Installation Points for Client ApplicationsCompatible With Windows SharePoint ServicesSome features of Windows SharePoint Services work best when a compatible client application is installed. Thefollowing table lists some of the client applications that work with Windows SharePoint Services, and the downloadlocations, update locations, and CD availability for each.Component Web download location CD availability Update locationMicrosoft Office 2003, asuite of productivityapplications compatible withWindows SharePointServices

No Yes Microsoft Office OnlineWeb site

Microsoft Office InfoPath2003, an XML forms editorcompatible with WindowsSharePoint Services


Microsoft Office FrontPage2003, a Web page editorcompatible with WindowsSharePoint Services

Also includes MicrosoftOffice Picture Library, animage editor compatiblewith Windows SharePointServices


Microsoft WindowsMessenger 4.6 or later orMSN Messenger 4.6 orlater (for use with onlinepresence features inWindows SharePointServices)

Microsoft WindowsMessenger: MicrosoftDownload Center

MSN Messenger: MicrosoftDownload Center

No

Microsoft WindowsMessenger: MicrosoftWindows Update

MSN Messenger: MSNMessenger Web site

Installation Points for Complimentary ServerApplicationsIf your organization uses the client applications in the previous table, you may want to install the following applications.Component Web download location CD availability Update location


http://r.office.microsoft.com/r/rlidAWSContentRedir?AssetID=ES790020011033&CTT=11&Origin=HA011608521033


http://r.office.microsoft.com/r/rlidAWSContentRedir?AssetID=FX010857921033&CTT=11&Origin=HA011608521033












Microsoft Office HTMLViewer Service

Microsoft Download Centeror the Microsoft OfficeResource Kit Web site

Yes, included as part of theMicrosoft Office 2003Editions Resource Kit bookand CD. To order a copy,see the Microsoft LearningWeb Site.

Microsoft Office OnlineWeb site or MicrosoftOffice Resource Kit Website

Office 2003 Add-in: WebParts and Components Microsoft Download Center

Yes, included withMicrosoft Office SharePointPortal Server 2003 CD

Microsoft Office OnlineWeb site








http://r.office.microsoft.com/r/rlidAWSContentRedir?AssetID=CD010958081033&CTT=11&Origin=HA011608521033








Show All

Preparing Front-End WebServers for Windows SharePointServicesBefore installing Microsoft Windows SharePoint Services, you must perform the following tasks:

Verify your server meets the hardware and software requirments. Enable Microsoft Internet Information Services (IIS) Verify that IIS is properly configured for Windows SharePoint Services. If you are installing Windows SharePoint Services on an x64-based edition of Microsoft Windows Server

2003, you must configure IIS for 32-bit emulation mode.

If you are using a Server Farm configuration, you must perform these steps on each front-end Web server.

NoteÂ Â To perform these tasks, you must be an administrator on the local computer.

Hardware and Software RequirementsBefore you install Microsoft Windows SharePoint Services on your Web server, you must first ensure that yourfront-end Web server meets the hardware and software requirements.





32-bitversion





512 MB RAM

32-bitversion




1 GB RAM


x64-basedversion





1 GB RAM


NTFS file system.


Before you install and configure Windows SharePoint Services, you must ensure that each front-end Web servermeets the following software requirements.








For a complete list of hardware and software requirements, see Hardware and Software Requirements. After youhave verified the hardware and software requirements, you can enable IIS and ASP.NET.

Enable IIS

IIS is not enabled by default in Windows Server 2003. To make your front-end servers into Web servers, you mustenable IIS. To enable IIS you use Manage Your Server to add the Application Server (IIS, ASP.NET) role. If youare preparing Web front-end servers for a Server Farm deployment, the following steps must to be performed onWindows SharePoint Services Administrator's Guide Página 97 de 382

each front-end web server. 1. Click Start, point to All Programs, point to Administrative Tools, and then click Manage Your Server. 2. On the Manage Your Server page, click Add or remove a role. 3. In the Preliminary Steps pane, click Next. 4. In the Server Role pane, click Application server (IIS, ASP.NET), and then click Next. 5. In the Application Server Options pane, select the ASP.Net check-box, and then click Next.6. In the Summary of Selections pane, click Next.


Verify IIS is properly configured for Windows SharePoint Services

Perform the following steps to ensure that IIS is configured for IIS 6.0 worker process isolation mode, rather than IIS5.0 isolation mode.

1. Click Start, point to All Programs, point to Administrative Tools, and then click Internet InformationServices (IIS) Manager.

2. In Internet Information Services (IIS) Manager, click the plus sign (+) next to the server name to expand thetree view, and then right-click the Web Sites folder and select Properties.

3. In the Web Sites Properties dialog box, click the Service tab. 4. In the Isolation mode section, verify that the Run WWW service in IIS 5.0 isolation mode check box is


NoteÂ Â The Run WWW service in IIS 5.0 isolation mode check box is only selected if you haveupgraded to IIS 6.0 on Windows Server 2003 from IIS 5.0 on Windows 2000. New installations of IIS 6.0use IIS 6.0 worker process isolation mode by default.

5. In the left-hand column, click the Web Services Extensions node and verify ASP.NET is allowed and allother Web Service Extensions are prohibited.

Configuring IIS for 32-Bit Emulation ModeIf you are installing IIS on Windows Server 2003 x64-based editions, IIS must be configured to run in 32 bitemulation mode. Perform the following procedure on each front-end Web server running an x64-based edition ofWindows Server 2003.

Configure Internet Information Services (IIS) for 32-bit mode1. Click Start, and then click Run.2. In the Open box, type cmd, and then click OK.3. In the command prompt window, navigate to the %drive%:\Inetpub\Adminscripts folder, where %drive% is

the drive in which Windows Server 2003 is installed.4. In the Adminscripts folder, type the following command:

cscript adsutil.vbs set w3svc/AppPools/Enable32bitAppOnWin64 1

NoteÂ Â The value "1" for Enable32bitAppOnWin64 specifies 32-bit mode, whereas the value "0" specifies64-bit mode.

5. Press ENTER.6. Type iisreset and then press ENTER.7. Close the command prompt window.

Security Notes for Windows Server and WindowsSharePoint ServicesWindows SharePoint Services Administrator's Guide Página 98 de 382

After each front-end Web server is running the required software, it is recommended that you observe the followingsecurity considerations.

Notes To help keep your systems secure, after you have configured your server as an application server by

configuring IIS and ASP.NET, install the latest service packs and patches from Microsoft Windows Update. Windows Server 2003 locks down Internet Explorer security settings by default. This may prevent you from



Next StepsYour front-end Web server is now prepared for Windows SharePoint Services. The following topics provide theadditional steps to install Windows SharePoint Services in a variety of deployment configurations.

Single Server Deployment Remote SQL Server Deployment Server Farm Scalable Hosting Mode Deployment Configuring Two Virtual Servers to Host the Same Content Separate Active Directory Directory Service Organization Unit Deployment




Show All

Performing a Quiet InstallationYou might prefer to install Microsoft Windows SharePoint Services without any user intervention. During a quiet (orunattended) installation, the user is never prompted to supply information and never sees any messages. You canperform a quiet installation from the command line. You can run a quiet installation by itself or as part of a script fordistribution across several servers. Any output from the Setupsts.exe program is stored in the log file in the Tempdirectory of the Microsoft Windows volume.

To perform the unattended installation, use the Setupsts.exe command with the /q command-line option. There areseveral variations of the /q option that you can use. The following table lists and explains the quiet installation optionsavailable for Windows SharePoint Services.Quiet installation option Description

q or qn Run Setupsts.exe in quiet mode (unattended setup with nouser intervention).

qb Run Setupsts.exe in basic mode (limited userintervention). Includes a progress bar.

qf Run Setupsts.exe in full mode (user must fill in optionsduring setup). This is the default option.

qr Run Setupsts.exe in reduced mode. Displays reduced UIduring installation.

qn+Run Setupsts.exe in quiet mode (unattended setup with nouser intervention). Displays a Setup complete dialog boxat the end of the installation.

qb+

Run Setupsts.exe in basic mode (limited userintervention). Includes a progress bar and a Setupcomplete dialog box at the end of the installation. If youcancel the installation, the dialog box is not displayed.

qb-Run Setupsts.exe in basic mode (limited userintervention). Does not display a Setup complete dialogbox.

For more information about the options and properties you can use with Setupsts.exe, see Command-Line Optionsfor Setupsts.exe.

Performing a Quiet Installation with WMSDEIf you want to perform a quiet installation of Windows SharePoint Services with Microsoft SQL Server 2000Desktop Engine (Windows) (Microsoft SQL Server 2000 Desktop Engine (Windows) (WMSDE 20)), you can runSetupsts.exe with any of the above command-line options. For example, if you wanted to install Windows SharePointServices with WMSDE and see a progress bar and completion dialog box, you would type: setupsts.exe /qb+

Performing a Quiet Installation with SQL ServerIf you want to use Microsoft SQL Server instead of WMSDE, you must use the remotesql=yes property when youperform a quiet installation. You can use any of the quiet installation options in combination with the remotesql=yes


property. For example, to perform a quiet installation with no user interface options of Windows SharePoint Servicesto use with an existing SQL Server computer installation or a remote computer running SQL Server, you would type:setupsts.exe remotesql=yes /q

When you perform a quiet installation with the remotesql=yes parameter, you must perform some additionalconfiguration steps after setup before Windows SharePoint Services is ready to use. For more information, see Remote SQL Server Deployment.



Show All

Extending Virtual ServersMicrosoft Windows SharePoint Services uses virtual servers to host Web sites on your server. The process ofapplying Windows SharePoint Services to a virtual server is called extending. You must extend a virtual server withWindows SharePoint Services before you can create a Web site based on Windows SharePoint Services. When youinstall Windows SharePoint Services on a single server by using the Typical option, your default virtual server isextended automatically and a Web site is created. If you are installing Windows SharePoint Services in a morecomplex environment (for example, hosting multiple sites on a single server, or many sites in a server farm), you mustextend each virtual server individually. To extend a new virtual server, you must perform the following steps:

1. Create the virtual server in Internet Information Services (IIS). 2. If necessary, connect to the configuration database for the server farm. 3. Extend the virtual server using HTML Administration pages or the command line.

NoteÂ Â To complete this procedure, you must be logged on as a member of the Administrators group on the localcomputer, or you must be logged on using an account that is both a member of the SharePoint administrators groupand that has been granted permissions to administer IIS.

How Does Extending a Virtual Server Interact withthe Databases?Windows SharePoint Services relies on databases to store all data for a virtual server, including both configurationsettings and site content. When you extend a virtual server and configure a site, you interact with two differentdatabases:

Configuration database

The configuration database maintains connections between servers and content databases, stores serversettings, and identifies which content is to be provided by which virtual servers. There is one configurationdatabase per stand-alone server or per server farm. For more information about the configuration database,see Managing the Configuration Database.

Content database

Content databases store data from the sites: both site management data, such as user names and permissions,and content, such as list data and documents from document libraries. You can create as many contentdatabases as you need to support the Web sites on your servers. For a departmental server, you may needonly one content database. For a server farm, you may need thousands. For a Web site that is available tomembers both behind and outside of a firewall (an extranet), you may have one content database linked totwo virtual servers, each with a very different Uniform Resource Locator (URL). For more information aboutcontent databases, see Managing Content Databases.

Before you extend the first virtual server on a server computer, you must create or connect to a configurationdatabase; subsequent virtual servers do not have to be separately registered with the configuration database. Whenyou extend a virtual server, you choose whether to create a new content database or map to an existing virtual server.

Creating a New Virtual Server in InternetInformation Services (IIS)


If you are adding a new virtual server to an existing server, you must create the virtual server first. This means creatinga folder on your hard disk (usually under the \Inetpub folder) to store the virtual server's files, and then adding thevirtual server in Internet Information Services (IIS).

Create a virtual server1. Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information

Services (IIS) Manager. 2. Click the plus sign (+) next to the server name you want to add a virtual server to. 3. Right-click the Web Sites folder, point to New, and then click Web site. 4. In the Web Site Creation Wizard, click Next. 5. In the Description box, type the description of your virtual server, and then click Next. 6. In the Enter the IP address to use for this Web site drop-down list, select All Unassigned or select the

IP address you want to use for this virtual server.

Noteso Windows SharePoint Services SP2 adds the ability to create IP-bound virtual servers using static IP

addresses.o You can create multiple virtual servers by using IIS Host Headers with All Unassigned.

7. In the TCP port this Web site should use (Default: 80) box, type the port number to assign to the virtualserver.

You do not need to assign a host header, because the hosting is being handled through Windows SharePointServices.

8. Click Next. 9. In the Path box, type or browse to the path on your hard disk where the site content will go. 10.If you do not want to allow anonymous access to your virtual server, clear the Allow anonymous access to

this Web site check box. 11.Click Next. 12.On the Web Site Access Permissions screen, select the permissions to use, and then click Next.

The default permissions, Read and Run Scripts (such as ASP), are recommended. The Execute (such asISAPI applications or CGI) permission will be added automatically to the appropriate folders by WindowsSharePoint Services.

13. Click Finish.

For more information about creating new Web sites on servers running the Windows Server 2003 family, see the Adding Sites topic in the Help system for Internet Information Services.

Connecting to a Configuration Database (ServerFarm Only)If you are adding a server to a server farm, and provisioning the first virtual server for that server, you must connect tothe configuration database for your server farm before you can extend the virtual server. To connect to a configurationdatabase, use the Set Configuration Database Server page. For more information, see Managing the ConfigurationDatabase. After you have connected to the configuration database, you can extend the virtual server.

Extending a Virtual Server that is AlreadyRunning Microsoft FrontPage 2002 ServerExtensions


If you have an existing virtual server running FrontPage 2002 Server Extensions that you would like to upgrade toWindows SharePoint Services, you must uninstall FrontPage Server Extensions and then extend the virtual server. Ifyou wish to preserve the content from your FrontPage 2002 Server Extensions-based site, use the smigrate.exe toolto migrate the content to your new Windows SharePoint Services-based site before uninstalling. For information onsmigrate, see "Migrating and Upgrading Web Sites" in the Windows SharePoint Services Administrator's Guide.

Remove FrontPage Server Extensions (if installed)1. Click Start, and then click Run.2. In the Run window, type cmd and then click OK.3. Change to the directory where FrontPage Server Extensions are installed. For example:

cd ..\..\program files\common files\microsoft shared\web server extensions\50\bin 4. Type the owsadm.exe command to uninstall FrontPage Server Extensions:

owsadm.exe -o fulluninstall -p <port number> Where "<port number>" represents the port number used by the virtual server running FrontPage ServerExtensions.

Extending a Virtual ServerGenerally, you extend a virtual server because you need to add more capacity to your server, whether that server is adepartmental server or one of many in your server farm. More capacity can mean either more space for Web sitecontent or more connections to existing Web sites. For example, if you have a site with a lot of visitors, you can haveseveral virtual servers hosting the same content to increase the number of concurrent users you can support andbalance the load for your servers. You can extend a virtual server to do one of the following:

Contain new content

If you need to provide space for users to create new Web sites, you can extend a new virtual server tocontain new content. Note that you can also add space for users by adding more site collections or newcontent databases to an existing virtual server. For more information about creating site collections, see Creating Sites and Subsites. For more information about content databases, see Managing ContentDatabases.

Map to existing content

If you want your new virtual server to point to a Web site that is already in use, either to allow for moreconnections to a site or to allow more than one URL to point to a site, you can map your new virtual server toan existing virtual server. The new virtual server connects to the same content databases as the existing virtualserver, and they both host the same content. You can choose from the list of all virtual servers that currentlyexist on the server (in a single-server setting), or in the server farm. This list is generated by querying theconfiguration database, which is why you must be connected to the configuration database before you canextend a virtual server.

When you extend and map to an existing virtual server, all of the configuration data about the existing virtualserver is applied to the new virtual server. Any managed paths are also applied. This means that if you havevirtual server A that contains the paths /teams, /sites, and /users, when you extend virtual server B and map tovirtual server A, virtual server B now also has the /teams, /sites, and /users paths. A user can be directed toeither virtual server A or B and see the same content. For more information about URLs in WindowsSharePoint Services, see Windows SharePoint Services Architecture.

When you extend a virtual server, you must supply the following information: The application pool to use for the virtual server and either a predefined local service, local system, network

service, or configurable security account. The user account and e-mail address for the owner of the default top-level Web site for the virtual server.


The content database to use for storing data for sites on the virtual server. Choose either NTLM or Kerberos authentication.

Noteso In earlier versions (prior to Service Pack 2) installing Windows SharePoint Services would change the

authentication method to NTLM for all virtual servers. This meant that existing sites which relied onKerberos authentication would no longer work after Windows SharePoint Services was installed.Windows SharePoint Services Service Pack 2 no longer changes the default authentication method toNTLM; rather, Kerberos is used by default. For additional information, see Installation Considerations forWindows SharePoint Services.

o Using a domain user account as the application pool identity for the virtual server might require additionalsteps to add a Service Principal Name (SPN) to the account. Information about adding a ServicePrincipal Name (SPN) to a domain user account is available in Using Integrated Windows Authenticationwith Windows SharePoint Services and the Microsoft Knowledge base article 832769: How to configurea Windows SharePoint Services virtual server to use Kerberos authentication.

Which URL to use for your top-level Web site (optional). The default is to create the top-level Web site atthe root of the virtual server, but you can specify a custom URL path instead.

Which quota template to apply, if you are using quota on your server (optional). The language to use for the default top-level Web site (select from the set of Windows SharePoint Services

languages installed on your server). Which site template to apply to the top-level Web site (optional). On the command line, you can specify

which template to apply to the top-level Web site in the same command that you use to extend the virtualserver. You can choose the template from HTML Administration pages as well, but you must navigate to thesite to do so.

After you extend the virtual server, you can specify default settings for top-level Web sites created under that virtualserver. For more information, see Configuring Virtual Servers.

The following sections show you how to extend a virtual server using HTML Administration pages or the commandline. You can use either method to extend a virtual server and map to an existing virtual server or create a contentdatabase.

NoteÂ Â You can also extend a virtual server by using a script during a quiet installation. For more information, seePerforming a Quiet Installation.

Extending a Virtual Server by Using HTML Administration PagesIf you are adding a new virtual server on a stand-alone server, or the first virtual server for a server farm, you need tocreate a place to store the content your Web site users will create. This means that when you extend your virtualserver, you need to create a content database.

Extend and create a content database by using HTML Administration pages1. Click Start, point to Administrative Tools, and click SharePoint Central Administration.2. On the SharePoint Central Administration page, click Extend or upgrade virtual server. 3. On the Virtual Server List page, click the name of the virtual server to extend. 4. On the Extend Virtual Server page, in the Provisioning Options section, select Extend and create a


application pool.

Noteso When using Windows SharePoint Services with Office SharePoint Portal Server 2003, re-use the

MSSharePointPortalServerAppPool application pool created by Office SharePoint Portal Server2003. This application pool can be managed by clicking on Configure Server Farm Account Settings




in SharePoint Portal Server Central Administration. o In most other installations, it is recommended that you create a new application pool for each virtual

server, so that they run in separate processes. This application pool should use a domain account (whichmay require setting the Service Principal Name (SPN), if using Kerberos authentication), but it does notneed database creation rights in SQL Server computer because the administration virtual server accountcreates any databases required.

6.

If you selected Use an existing application pool, select the application pool to use. If you selected Createa new application pool, enter the new application pool name.

7. In the security account section, choose either predefined or configurable.

If you choose configurable, you must supply a DOMAIN\account and password. 8. In the Site Owner section, in the User name box, type the user name for the site owner (in the format

DOMAIN\username if the username is part of a Windows domain group). 9. In the E-mail box, type the e-mail address that corresponds to the account. 10.In the Database Information section, enter the following database connection information or select the Use

default content database server check box:o In the Database server box, type the NETBIOS name of your server computer. o In the Database name box, type the name to use for your content database. o In the Security Configuration section choose either NTLM or Kerberos authentication.

Using a domain user account as the application pool identity for the virtual server might require additionalsteps to add a Service Principal Name (SPN) to the account. Information about adding a ServicePrincipal Name (SPN) to a domain user account is available in Using Integrated Windows Authenticationwith Windows SharePoint Services and the Microsoft Knowledge base article 832769: How to configurea Windows SharePoint Services virtual server to use Kerberos authentication.

11. If you want to specify a path for the URL, in the Custom URL path box, type the path to use. 12.If you are using quotas, select a template in the Select a quota template box of the Quota Settings


After a short time, the virtual server is extended and the browser displays a confirmation page that the virtual serverwas successfully extended. This confirmation page displays the URL for the SharePoint site. You can click the URLand start working with the new Windows SharePoint Services site or click OK to navigate to the the Virtual ServerSettings page, where you can configure default settings for new top-level Web sites.

When you map to an existing virtual server, you do not need to create a top-level Web site. After you extend thevirtual server, the virtual server hosts the existing sites in the database.

Extend and map to an existing virtual server by using HTML Administration pages1. Click Start, point to Administrative Tools, and then click SharePoint Central Administration. 2. Click Extend or upgrade virtual server. 3. On the Virtual Server List page, click the virtual server you want to extend. 4. On the Extend Virtual Server page, in the Provisioning Options section, click Extend and map to another

virtual server. 5. On the Extend and Map to Another Virtual Server page, in the Server Mapping section, select the name of

the host or virtual server that you want to use from the Host name or IIS virtual server name drop-downlist.

6. In the Application Pool section, select Use an existing application pool and select the application pool touse from the drop-down list.

Noteso If the same application pool used to extend the first virtual server in the farm is not used when extending




and mapping to an existing virtual server, additional steps are required to manually add permissions inSQL Server 2000.

o When using Windows SharePoint Services with Office SharePoint Portal Server 2003, re-use the MSSharePointPortalServerAppPool application pool created by Office SharePoint Portal Server2003. This application pool can be managed by clicking Configure Server Farm Account Settings inSharePoint Portal Server Central Administration.

o In most other installations, it is recommended that you create a new application pool for each virtualserver, so that they run in separate processes. This application pool should use a domain account (whichmay require setting the Service Principal Name (SPN), if using Kerberos authentication), but it does notneed to have database creation rights in SQL Server computer because the administration virtual serveraccount creates any databases required.

7. In the Security Configuration section, choose either NTLM or Kerberos authentication.

NoteÂ Â When you map one virtual server to another virtual server, the security configuration is separate foreach virtual server, regardless of whether the application pool identities are the same or different for the twovirtual servers. Put another way, you do not need to use the same authentication type for this virtual server asused for the virtual server being mapped to.

8. Click OK.

The virtual server is extended and can now provide the same content as the other virtual server. You can add a newtop-level Web site to your new virtual server if you need to, and it will also be hosted by the virtual server that youmapped to.

Extending a Virtual Server from the Command LineYou can extend virtual servers from the command line by using the extendvs operation. The extendvs operationallows you to extend a virtual server and either map to an existing virtual server or create a new content database,specify the language for the top-level Web site, and specify a template to use for the top-level Web site. The extendvs operation takes the following required parameters: url, ownerlogin, owneremail and the followingoptional parameters: ownername, databaseserver (ds), databaseuser (du), databasepassword (dp),databasename (dn), lcid, sitetemplate, donotcreatesite, apcreatenew, apidname, apidtype, apidlogin, apidpwd,and exclusivelyusentlm.

The lcid parameter allows you to specify a language to use for the default top-level Web site. For example, to specifyU.S. English as the language to use, you would type -lcid 1033 on the command line. If you do not specify a localeID (LCID) using the lcid parameter, the language of the server is used for the default top-level Web site.

The donotcreatesite parameter allows you to extend a virtual server and create a content database without atop-level Web site. Use this parameter when you are setting up a server farm and hosting sites with URLs likehttp://server_name/site1, http://server_name/site2, and so on. (To use this site naming scheme, you must create awildcard inclusion for the path under which you create the sites. For more information about inclusions, see ManagingPaths.)

The sitetemplate parameter allows you to extend a virtual server, create a top-level Web site, and apply a sitetemplate to the top-level Web site during site creation. If you do not use the sitetemplate parameter, the site ownercan choose a site template when he or she first browses to the site.

To extend a virtual server and use the default content database server and default application pool, use the followingsyntax:

Stsadm -o extendvs -url <url> -ownerlogin DOMAIN\username -owneremail

[email protected] [-ownername <full name>] [-exclusivelyusentlm]

To extend a virtual server, specify a content database name and server, and create a new application pool, use the


following syntax:

stsadm -o extendvs -url <url> -ownerlogin DOMAIN\user -owneremail

[email protected] [-exclusivelyusentlm] [-ownername <full name>] -ds <database server

name>

[-du <database user name> -dp <password>] [-dn <database name>]

[-lcid <lcid>] [-sitetemplate sts] [-apcreatenew] [-apidname <application pool name>]


[-apidlogin <DOMAIN\name>] [-apidpwd <application pool password>]

Note that the -du and -dp parameters are not needed if you are using Windows authentication to connect to the SQLServer databases.

If you are in a server farm environment, you can use the extendvsinwebfarm operation. The extendvsinwebfarmoperation uses the following syntax:

stsadm -o extendvsinwebfarm -url <url> -vsname <virtualservername>

[-apcreatenew] [-apidname <application pool id>]


[-apidlogin <app pool user account>]

[-apidpwd <app pool password>] [-exclusivelyusentlm]

Related TopicsFor more information about the extendvs and extendvsinwebfarm operations, see Command-Line Operations.

After you have extended a virtual server, you can configure settings for the virtual server. For more information, see Configuring Virtual Servers.

As your organization's use of Windows SharePoint Services grows, you may find that you need additional databasecapacity for your site content. You can create additional content databases to store site data. For more information,see Managing Content Databases.



Installing and Using Service Packsfor Windows SharePoint ServicesService packs are intended to help you keep your installation up to date with the latest security enhancements,product feature enhancements, and fixes for common problems. The following service packs have been released forMicrosoft Windows SharePoint Services:

Windows SharePoint Services Service Pack 1 (SP1) - September 2004 Windows SharePoint Services Service Pack 2 (SP2) - September 2005

Installing and Using Windows SharePoint ServicesService Pack 1Windows SharePoint Services SP1 includes fixes for several issues, including the following:

Formatted text moved after plain text after relinking form. When you relink a form in your WindowsSharePoint Services Web site that contains rich text, all formatted text is moved from its original position toafter the plain text.

Cannot search past or future events in your Windows SharePoint Services Web site. When you try search forevents in your Windows SharePoint Services Web site, past and future events are not found. The searchresults include only the next event.

Cannot add a Web Part to your online Web Part gallery. When you try to add a Web Part to your onlineWeb Part gallery, the Web Part is not added. This issue may occur when the file name of the Web Partcontains international or language-specific characters.

Error 403.1 when creating Web site in Windows Server 2003. When you try to create a new WindowsSharePoint Services Web site on a computer running Microsoft Windows Server 2003, you receive thefollowing error message: HTTP Error 403.1 - Forbidden: Execute access is denied. Internet InformationServices (IIS).

Oldest item always listed first in discussion board. When you try to sort items in Threaded view in adiscussion board, the oldest item is always listed first.

Links at root of Web site are broken after restoring Microsoft SQL Server database. When you restore yourSQL Server database to your Windows SharePoint Services Web site, links contained at the root of yourWeb site are broken.

Language of template pack does not appear in Select Language list. After you install a language-specificWindows SharePoint Services template pack, the language of the pack does not appear in the SelectLanguage list of the Sites and Workplaces page.

Cannot upload large files to your Windows SharePoint Services Web site. When you try to upload a large fileto your Windows SharePoint Services Web site, you may receive an error message.

NoteÂ Â Windows SharePoint Services SP1 also includes several security updates that are not included in this list.

For a complete list of fixes included in Windows SharePoint Services SP1, see the Microsoft Knowledge Base articlenumber 841876.

Install Windows SharePoint Services Service Pack 1

CautionÂ Â Before you apply the service pack, you should back up your Windows SharePoint Servicesenvironment. For more information about creating a backup, see Backup and Restore Options for WindowsSharePoint Services.



If you already have Windows SharePoint Services installed, do one of the following: Use Microsoft Windows Update to update your Web server (recommended).

Windows Update scans your computer and provides you with a tailored selection of updates that apply onlyto the items on your computer.

Download Windows SharePoint Services SP1 from the Microsoft Download Center Web site, and then runthe Service Pack executable on a server that is running the original version of Windows SharePoint Services.

NoteÂ Â If you are running a server farm configuration, you must install the Service Pack to each front-endWeb server. For more information, see the Microsoft Knowledge Base article KB 875358: You must updateall the Web servers in a Web farm that is running Windows SharePoint Services.

If you do not yet have Windows SharePoint Services installed, download the current version of Windows SharePointServices from the Microsoft Download Center Web site, which includes the updates from Service Pack 1.

Configuring Large File SupportThe biggest change included in Windows SharePoint Services SP1 is the support for uploading large files. By default,the maximum size for uploading files is set to 50 MB. If you need to be able to upload larger files (such as when youuse smigrate.exe to migrate a site between servers), you can change this setting to any value up to 2 GB (2047 MB).

To configure large file support you must increase the default upload size in SharePoint Central Administration. Youmay also need to perform the following additional actions (depending on your hardware configuration):

Tune the Microsoft Internet Information Services (IIS) connection timeout setting.

The default timeout for connections in IIS is 120 seconds (2 minutes). Depending on your maximum file sizeand how long it takes for the file to be uploaded, you may not need to change this setting. If, however, IIS istiming out when you upload large files, you can change this property to ensure that larger files can beuploaded successfully.

Increase the default chunk size for large files.

The large-file-chunk-size property sets the amount of data that can be read from server running SQLServer at one time. If you have a file that is greater than your chunk size (such as 70 MB when the chunk sizeis set to 5 MB), the file would be read in 14 chunks (70 / 5). The chunk size is not related to the maximumupload file size. The chunk size simply specifies the amount of data that can be read from a file at one time. Bydefault, the large-file-chunk-size property is set to 5 MB. If you notice performance or scale problems on theclient or server, then you may need to tune this setting to get the performance you are targeting. Note that ifyou raise the chunk size too high, the files might use up too much front-end memory and you may need tolower this setting.

Increase the maximum size limit for Web Parts.

By default, the maximum size limit for a Web Part is 1 MB. If you need to accomodate large Web Parts, youcan change this setting in the web.config file for your server or servers running Windows SharePoint Services.

Increase the maximum upload size1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central

Administration. 2. Under Virtual Server Configuration, click Configure virtual server settings.3. On the Virtual Server List page, click the virtual server you want to change.4. On the Virtual Server Settings page, under Virtual Server Management, click Virtual server general

settings.5. Under Maximum upload size, type the maximum file size (in MB) that you want to allow to be uploaded. 6. Click OK.







If IIS is timing out when you upload large files, you can configure the Connection timeout setting in IIS to allow morethan the default 120 seconds (2 minutes).

Tune the IIS connection timeout1. Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information

Services (IIS) Manager. 2. Right-click the virtual server you want to configure, and then click Properties. 3. Click the Web Site tab.4. In the Connections section, in the Connection timeout box, type the number of seconds you want IIS to

wait before timing out. 5. Click OK.

Increase the default chunk size for large files

The largeâ€“fileâ€“chunkâ€“size property must be set from the command line. This property is configured for a serveror server farm, and cannot be configured for an individual virtual server. To set this property, use the following syntax:Stsadm.exe â€“o setproperty â€“pn largeâ€“fileâ€“chunkâ€“size â€“pv <size in bytes>.

After making a change to this property, you must restart IIS. You can restart IIS by typing iisreset on the commandline.

Increase the maximum limit for Web Parts

This change is required only when working with large Web Parts. The maximum limit for Web Parts is set to 1048576bytes by default.

1. On your server computer running Windows SharePoint Services, open Notepad.2. In Notepad, navigate to the %HomeDrive%\Inetpub\wwwroot folder and open the web.config file.3. Locate the PropertySize attribute in the configuration\SharePoint\WebPartLimits element. 4. Change the PropertySize attribute to the maximum size you need. 5. Save and close the web.config file.

Large file support limitations

The following features do not support files larger than 50 MB: Virus checking. Picture libraries. Streaming files. Client-side restoration of smigrate backup files (limited to 2 GB). The manifest files for an smigrate backup

cannot be larger than 2 GB. Site templates (limit of 10 MB per site template, including content).

Installing Windows SharePoint Services ServicePack 2Microsoft Windows SharePoint Services Service Pack 2 (SP2) contains stability and performance improvements.Some of the fixes included with SP2 have been previously released as separate updates. This service pack contains allprevious updates, including those in Windows SharePoint Services SP1.

Windows SharePoint Services SP2 adds the following functionality to Windows SharePoint Services SP1: Support for IP-bound virtual servers Support for advanced extranet configurations Kerberos authentication enabled by default Support for ASP.NET 2.0


Support for Windows 64-bit implementations

For more information about the new functionality listed above, see What's New in Windows SharePoint ServicesService Pack 2.

List of issues this service pack fixes: Windows SharePoint Services 2003 SP2 fixes the issues that are described in the Microsoft Knowledge

Base article number 906336.

Security bulletins that are associated with this service pack: Windows SharePoint Services 2003 SP2 is associated with security bulletin KB 887981: MS05-006:

Vulnerability in Windows SharePoint Services and SharePoint Team Services could allow cross-site scriptingand spoofing attacks.

Installing and Using Windows SharePoint Services Service Pack 2The known issue during installing of SP2 is:

When you try to install Windows SharePoint Services SP2 on a Microsoft Windows Server 2003 forItanium-based computer, you receive an error message. For more information about this issue, see MicrosoftKnowledge Base article KB 906896: Error message when installing Windows SharePoint Services onItanium-based computers.

Install Windows SharePoint Services Service Pack 2

CautionÂ Â Before you apply the service pack, you should back up your Windows SharePoint Servicesenvironment. For more information about creating a backup, see Backup and Restore Options for WindowsSharePoint Services.

If you already have Windows SharePoint Services installed, do one of the following: Use Microsoft Windows Update to update your Web server (recommended).

Windows Update scans your computer and provides you with a tailored selection of updates that apply onlyto the items on your computer.

Download Windows SharePoint Services SP2 from the Microsoft Download Center Web site, and then runthe Service Pack executable on a server that is running the original version of Windows SharePoint Services.

NoteÂ Â If you are running a server farm configuration, you must install the Service Pack to each front-endWeb server. For more information, see the Microsoft Knowledge Base article KB 875358: You must updateall the Web servers in a Web farm that is running Windows SharePoint Services.

If you do not yet have Windows SharePoint Services installed, download the current version of Windows SharePointServices from the Microsoft Download Center Web site, which includes the updates from Service Pack 2.














Allowing Web Applications toCoexist with Windows SharePointServicesYou can install Microsoft Windows SharePoint Services on a server or server farm that is running other Webapplications such as Outlook Web Access for Microsoft Exchange Server. Installing Windows SharePoint Servicesadds a filter that intercepts all HTTP requests, effectively blocking access to other applications. Windows SharePointServices allows you to manage which paths are controlled by Windows SharePoint Services and which paths aremanaged by other applications. SharePoint Central Administration allows you to exclude the paths controlled by theother Web applications from the paths that Windows SharePoint Services controls.

NoteÂ Â Windows SharePoint Services SP2 no longer changes the default authentication to NTLM for theapplication pool security account. You now may use either Kerberos authentication or NTLM for the securityaccount. For more information, see What's New in Windows SharePoint Services Service Pack 2.

When you extend a virtual server by using Windows SharePoint Services, Windows SharePoint Servicesautomatically intercepts all requests to access that virtual server. If the virtual server also hosts one or more Webapplications that are independent of Windows SharePoint Services, the requests sent to these Web applications willnot get through.

To solve this problem, you must configure an excluded path for the virtual server on the server that is runningWindows SharePoint Services. The excluded path tells the server that is running Windows SharePoint Services not tointercept the request to access the virtual server and to let Microsoft Internet Information Services (IIS) handle therequest instead.

Create an excluded path for a virtual server1. On the Start menu, point to Administrative Tools, and then click SharePoint Central Administration. 2. In the Virtual Server Configuration section, click Configure virtual server settings. 3. On the Virtual Server List page, click the virtual server that you want to create the excluded paths for. 4. In the Virtual Server Management section, click Define managed paths. 5. In the Add a New Path section, type the path that you want to exclude in the Path box. 6. Click Excluded Path, and then click OK.

In some situations, you must do more than just create the excluded path. Some Web applications might require thatyou change the Web.config file for the server that is running Windows SharePoint Services. Consult thedocumentation for the Web application; if there is nothing in the documentation about the Web.config file, try creatingthe excluded path first. If you get an error message such as "HTTP 404 - Page cannot be found" or "A Web Part onthis Smartpage cannot be displayed because it is not registered on this site as a safe Web Part," change theWeb.config file. If your Web application still does not work, contact Microsoft Support.

Change the Web.config file1. On the server that is hosting the Web page that you want to configure, locate the path that you excluded

earlier. The path will be similar to the following:

<Drive>:\inetpub\wwwroot\<Excluded_Path>2. Save a backup copy of the Web.config file as Web2.config.3. Copy the code provided at the end of this topic.4. Open the Web.config file. Locate the <system.web>; tag, and then paste the code you copied after it.


5. Save the Web.config file.6. Install the HTTP module from the Microsoft Knowledge Base article How to enable an ASP.Net application

to run on a SharePoint virtual server.

After you install the module, include a reference to the module in the Web.config file for your ASP.NETapplication that resides under an excluded path of the Windows SharePoint Services virtual server.

NoteÂ Â You do not have to include a reference to the module in the Web.config file that WindowsSharePoint Services uses at the root of the virtual server. In the Web.config file, locate the entries under <httpModules> in the <system.web> section, and then add thefollowing code after the last entry: <add name="ValidatePathModule"

type="Microsoft.Web.ValidatePathModule, Microsoft.Web.ValidatePathModule,

Version=1.0.0.0, Culture=neutral, PublicKeyToken=eba19824f86fdadd"/>

7. Save the Web.config file.

Information in this topic was derived from the Microsoft Knowledge Base article How to enable an ASP.Netapplication to run on a SharePoint virtual server. Refer to that article for the latest information about troubleshootingissues with ASP.NET Web applications and Windows SharePoint Services. For more information about excludedpaths in Windows SharePoint Services, see Managing Paths.

Begin copying the code at the next line of text.



<httpHandlers>

<add verb="*" path="*.aspx"

type="System.Web.UI.PageHandlerFactory, System.Web, Version=1.0.5000.0,

Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />

</httpHandlers>



<trust level="Full" originUrl="" />



<httpModules>

<add name="Session"

type="System.Web.SessionState.SessionStateModule"/>

<add name="FormsAuthentication"

type="System.Web.Security.FormsAuthenticationModule"/>

<add name="PassportAuthentication"

type="System.Web.Security.PassportAuthenticationModule"/>

<add name="UrlAuthorization"

type="System.Web.Security.UrlAuthorizationModule"/>

<add name="FileAuthorization"

type="System.Web.Security.FileAuthorizationModule"/>

</httpModules>








<pages enableSessionState="true" enableViewState="true"

enableViewStateMac="true" validateRequest="false" />



Show All

Uninstalling Windows SharePointServicesThere are different degrees to which you can uninstall Microsoft Windows SharePoint Services. Depending on yourneeds, you can choose from the following options:

Remove Windows SharePoint Services from a virtual server and preserve the site content.

You can choose to remove Windows SharePoint Services, but keep the site content in the content databases.This allows you to extend the virtual server again later and reconnect to the site content. If you leave thecontent databases intact, you can reconnect to them, from the same virtual server or from a different virtualserver, and continue hosting the site content using the same Uniform Resource Locator (URL). Use thismethod to temporarily remove and then restore a virtual server, or to change which virtual servers are hostingwhich content in a server farm setting.

Remove Windows SharePoint Services from a virtual server and delete the site content.

You can choose to remove Windows SharePoint Services and delete the site content in the database. Usethis method to remove a virtual server permanently, but continue using Windows SharePoint Services on othervirtual servers. For example, use this method if you are finished with a project and no longer need theassociated Web sites.

CautionÂ Â When you use this method, you cannot reconnect to the site content later. If you choose todelete the content databases, you are permanently deleting the site content, and cannot recover the site dataexcept from a backup.

Uninstall Windows SharePoint Services completely from a server.

You can choose to uninstall Windows SharePoint Services by using the Add/Remove Programs controlpanel. This method does not delete site content. You can reinstall and reconnect to the site content. Use thismethod to repair an installation or to remove a Web front-end server from a server farm.

All of these methods leave the virtual server or server in a clean state, ready to be used for other Web sites orapplications; however, each method affects the content and configuration database in a different way. The followingtable explains what happens when you use each of these remove or uninstall methods.Method What happens to the databases Actions during removal


Remove and preserve content

The content databases associated withthe virtual server remain untouched.You can reconnect to the sitecontent.

The entry for the virtual server remainsin the configuration database.

The Windows SharePoint Services Internet Server ApplicationProgramming Interface (ISAPI) filteris uninstalled, and the virtualdirectories for Windows SharePointServices are removed from the virtualserver.

Any physical directories created byWindows SharePoint Services underthe physical home directory of thevirtual server are removed.

The Port section in the registry forthe virtual server is removed. Thismeans that any managed paths andany URL mapping are removed.

Remove and delete content

The content databases are deleted.You cannot reconnect to the sitecontent.

The entry for the virtual server isremoved from the configurationdatabase.

The Windows SharePoint ServicesISAPI filter is uninstalled, and thevirtual directories for WindowsSharePoint Services are removedfrom the virtual server.

Any physical directories created byWindows SharePoint Services underthe physical home directory of thevirtual server are removed.

The Port section in the registry forthe virtual server is removed. Thismeans that any managed paths andany URL mapping are removed.

Uninstall

The content and configurationdatabases associated with the serverremain untouched. You can reinstallWindows SharePoint Services laterand reconnect to databases. If you donot want to reconnect, you can deletethe databases by using the Microsoft SQL Server computer or MicrosoftSQL Server 2000 Desktop Engine(Windows) (Microsoft SQL Server2000 Desktop Engine (Windows)(WMSDE 20)) databaseadministration tools.

Windows SharePoint Services isremoved from any virtual servers.

The Windows SharePoint Servicesadministration virtual server isremoved.

The Windows SharePoint ServicesDLL files are removed from theinstallation directory.

Removing Windows SharePoint Services from aVirtual ServerYou can remove Windows SharePoint Services from a virtual server by using HTML Administration or the commandline administration tool. Both of these tools allow you to either preserve or delete content when you remove WindowsSharePoint Services.


Removing Windows SharePoint Services from a Virtual Server byUsing HTML AdministrationTo remove Windows SharePoint Services from a virtual server by using HTML Administration, you use the RemoveWindows SharePoint Services from Virtual Server page.

Remove Windows SharePoint Services from a virtual server1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central

Administration. 2. On the Central Administration page, under Virtual Server Configuration, click Configure virtual server

settings. 3. On the Virtual Server List page, select the virtual server you want to configure. 4. On the Virtual Server Settings page, under Virtual Server Management, click Remove Windows

SharePoint Services from Virtual Server. 5. On the Remove Windows SharePoint Services from Virtual Server page, select one of the following:

o Remove without deleting content databases

This removes only the Windows SharePoint Services folders from the virtual server â€” the contentdatabase remains intact, so you can reconnect to it later using the same virtual server or a different one.

o Remove and delete content databases

This both removes the Windows SharePoint Services folders from the virtual server and deletes thecontent database. You will not be able to reconstruct the sites previously stored on that virtual serverunless you have a backup.

6. Click OK.

Removing Windows SharePoint Services from a Virtual Server byUsing the Command LineYou can use the unextendvs operation with the Stsadm.exe command line utility to remove Windows SharePointServices from a virtual server. The unextendvs operation takes the -url parameter and the optional -deletecontentparameter. When you use unextendvs without the -deletecontent parameter, it leaves the content databases inplace, so that you can reconnect to the content for a virtual server. When you include the -deletecontent parameter,the content databases are removed and the virtual server is removed from the configuration database.

For example, to remove Windows SharePoint Services from a virtual server, but preserve the content databases, usethe unextendvs operation with syntax like the following:

stsadm -o unextendvs -url http://servername

To remove Windows SharePoint Services from a virtual server and remove the content databases permanently, usethe unextendvs operation with syntax like the following:

stsadm -o unextendvs -url http://servername -deletecontent

When you use the unextendvs operation with the -deletecontent parameter, you cannot reconnect to the site contentlater.

Uninstalling Windows SharePoint Services from


the Server Computer

NoteÂ Â You must be an administrator on the server computer to uninstall Windows SharePoint Services.

If you want to remove Windows SharePoint Services from a server computer entirely, you can uninstall by using the Add or Remove Programs control panel. Uninstalling Windows SharePoint Services does not remove any chainedproducts that were installed, such as WMSDE. You must uninstall these programs separately.

Uninstall Windows SharePoint Services1. On the server computer, click Start, click Control Panel, and then click Add or Remove Programs. 2. Select Windows SharePoint Services, and then click Remove.

When you use the Add or Remove Programs control panel to remove Windows SharePoint Services from a server,it calls a command-line operation, stsadm -o uninstall, to perform the task. The uninstall operation does notremove any chained products that were installed. The uninstall operation takes the optional -deletecontentparameter. When uninstall is used without the -deletecontent parameter, it leaves the content and configurationdatabases in place, so that Windows SharePoint Services can be reinstalled, and you can reconnect to the databasesand continue hosting sites. When the -deletecontent parameter is used, the content and configuration databases areremoved, and you cannot recover the site content.



Show All

Windows SharePoint ServicesSecurity ModelMicrosoft Windows SharePoint Services includes or takes advantage of the following elements that interact with andaffect your security for Web site content:

User authenticationÂ Â The process used to validate the user account that is attempting to gain access to aWeb site or network resource. You manage security using Microsoft Windows NT users and security groups(DOMAIN\user and DOMAIN\security group). You cannot use distribution lists to control access to contentin Windows SharePoint Services, because distribution lists are not used for authentication in Windows.

SharePoint administrators groupÂ Â A Microsoft Windows user group authorized to performadministrative tasks for Windows SharePoint Services.

Site groupsÂ Â A means of controlling the rights assigned to particular users or groups in a Web site basedon Windows SharePoint Services. There is a pre-defined list of site groups for each Web site(Administrators, Web Designers, and so on). To grant a user access to a Web site, you assign that user to asite group.

Windows SharePoint Services also uses cross-site groups. Cross-site groups are a group of users that can beassigned to a site group on any Web site in a site collection. There are no cross-site groups defined by defaultin Windows SharePoint Services.

Administrative port securityÂ Â A means of controlling access to the administrative port for WindowsSharePoint Services. Help secure the administrative port by using Secure Sockets Layer (SSL) security or byconfiguring the firewall to not allow external access to the administration port, or both.

Microsoft SQL Server computer connection securityÂ Â A way to help secure your data. Use eitherIntegrated Windows authentication or SQL Server authentication to connect you to your configurationdatabase and content database.

Firewall protectionÂ Â A firewall helps protect your data from exposure to other people and organizationson the Internet. Windows SharePoint Services can work inside or through your organization's firewall.

User AuthenticationUser authentication for Windows SharePoint Services is based on Internet Information Services (IIS) authenticationmethods. Windows SharePoint Services can be used with the following forms of user authentication:

Anonymous authentication Basic authentication Integrated Windows authentication Certificates authentication (SSL)

You choose the authentication method you want to use when you set up your Web server. You cannot change theauthentication method by using the Windows SharePoint Services administration tools; you must use the InternetInformation Services administration tool for your server computer to change the authentication method. For moreinformation about setting an authentication method, see Configuring Authentication.

NoteÂ Â For more information about IIS authentication methods, see the topic About authentication in IIS 6.0Help.

Anonymous AuthenticationWindows SharePoint Services Administrator's Guide Página 120 de 382

Anonymous authentication provides access to users who do not have Windows NT server accounts on the servercomputer (for example, Web site visitors). IIS creates the anonymous account for Web services, which is oftennamed IUSR_computername. When IIS receives an anonymous request, it impersonates the anonymous account.

You can enable or disable anonymous access in IIS for a particular virtual server, and enable or disable anonymousaccess for a site on that virtual server by using HTML Administration pages. Anonymous access must be enabled inIIS before you can enable it for a Web site on that virtual server. For more information about configuring anonymousaccess for a site, see Managing Site Groups and Permissions.

Basic AuthenticationBasic authentication is an authentication protocol supported by most Web servers and browsers. Although Basicauthentication transmits user names and passwords in easily decoded clear text, it has some advantages over moresecure authentication methods, in that it works through a proxy server firewall and ensures that a Web site isaccessible by almost any Web browser. If you use Basic authentication in combination with Secure Sockets Layer(SSL) security, you can help protect the user names and passwords, making your user information more secure.

Integrated Windows AuthenticationIntegrated Windows authentication (also known as Windows NT Challenge Response) encrypts user names andpasswords in a multiple transaction interaction between client and server, thus making this method more secure thanBasic authentication. Disadvantages are that this method cannot be performed through a proxy server firewall, andsome Web browsers (most notably, Netscape Navigator) do not support it. You can, however, enable both thismethod and Basic authentication at the same time, and most Web browsers will select the most secure option (forexample, if both Basic and Integrated Windows authentication are enabled, Microsoft Internet Explorer will tryIntegrated Windows authentication first).

Certificates Authentication (SSL)Certificate authentication (also known as Secure Sockets Layer (SSL) security) provides communications privacy,authentication, and message integrity for a TCP/IP connection. By using the SSL protocol, clients and servers cancommunicate in a way that prevents eavesdropping, tampering, or message forgery. With Windows SharePointServices, SSL helps secure authoring across firewalls and allows more secure remote administration of WindowsSharePoint Services. You can also specify that SSL be used when opening any Web site based on WindowsSharePoint Services.

The SharePoint Administrators GroupTo install Windows SharePoint Services, you must be a member of the local administrators group on the servercomputer. This group also gives users the permissions needed to control settings on the Central Administration pages,and to run the command-line tool Stsadm.exe. You can also identify a specific domain group to allow administrativeaccess to Windows SharePoint Services, in addition to the local administrators group. You can add users to thisgroup rather than to the local administrators group, to separate administrative access to Windows SharePointServices from administrative access to the local server computer.

Members of the SharePoint administrators group do not have access to the IIS metabase, so they cannot perform thefollowing actions for Windows SharePoint Services:

Extend virtual servers (they can, however, create top-level Web site or change settings for a virtual server). Manage paths. Change the SharePoint administrators group. Change the configuration database settings. Use the Stsadm.exe command-line tool.


Members of the SharePoint administrators group can perform any other administrative action using the HTMLAdministration pages or object model for Windows SharePoint Services.

Members of both the SharePoint administrators group and the local administrators group have rights to view andmanage all sites created on their servers. This means that a server administrator can read documents or list items,change survey settings, delete a site, or perform any action on a site that the site administrator can perform.

Windows SharePoint Services Site GroupsWindows SharePoint Services includes site group to help you assign particular rights to users and cross-site groups.With site groups, you do not have to control the file and folder permissions separately, or worry about keeping yourlocal groups synchronized with your list of Web users. You use site groups to give users permissions on your Website, and use Windows SharePoint Services administration tools to add new users directly.

In effect, user management is delegated from server administrators to the site owners and administrators. Siteadministrators control site access and, by default, have rights to add, delete, or change site group membership forusers. Inside an organization, this typically means that site administrators can select users from the list of theorganization's users, and grant them access to varying degrees. For example, if the Web site is for members of aparticular workgroup to share documents and information, the site administrator adds members of that workgroup tothe site and assigns them to the Contributor site group, so that they can add documents and update lists.

In an ISP or extranet environment, a site owner can add new users and create accounts in an Active Directory group,using separate user lists for each site collections. The site administrator adds the users to the Web site and WindowsSharePoint Services automatically adds the users to the Active Directory directory service.

Members of the Administrator site group for a top-level Web site can control more options than administrators of a subsites. Administrators of a top-level Web site can perform actions such as enabling or disabling Web documentdiscussions or alerts, viewing usage and quota data, and changing anonymous access settings.

NoteÂ Â The owner and secondary owner of a top-level Web site may be members of the Administrator site groupfor their site, but they are also identified separately in the configuration database as site collection owners. This ownerflag can only be changed by using the Manage Site Collection Owners page in Central Administration or by using the siteowner operation with Stsadm.exe. If you remove an owner from the Administrator site group for the site, theowner retains the owner flag in the database, and can still perform site collection administration tasks.

For more information about user accounts and Active Directory account creation mode, see Managing Users andCross-Site Groups. For more information about site groups, see Managing Site Groups and Permissions.

Securing the Administrative PortIf a malicious user can gain access to your administrative port, he or she can potentially block other users fromaccessing their sites, or can change or delete content from the sites, or even completely disable your Web server.When you install Windows SharePoint Services, the administration port is assigned to a random port number. It isimportant to restrict access to the Windows SharePoint Services administration port, and you can do so by using thefollowing methods:

Use Secure Sockets Layer (SSL) encryption.

If you want to be able to manage Windows SharePoint Services across an Internet connection, use SSL toprovide more secure communication between a client machine and the server, even across the Internet. Touse SSL, you must first configure SSL in IIS, and then use the command line to configure WindowsSharePoint Services. Note that when you use SSL, the Uniform Resource Locator (URL) for SharePointCentral Administration changes from http:// to https://. For more information about configuring SSL, see Configuring Authentication.


Use a firewall or IIS to restrict external access to certain domains.

You can use the settings for your firewall to block access to the administrative port altogether (if you don'tneed to allow administration over the Internet), or to restrict access to the administrative port to certaindomains. Use the stsadm -o setadminport operation to set each server in your server farm to the same portnumber, and configure the firewall to help protect that port on all servers. Alternatively, you can use the IPand name restrictions feature in IIS to restrict access to specific domains (you must set this for each virtualserver that you want to restrict access to). For more information about helping to protect a port in IIS, seethe Securing Your Site with IP Address Restrictions topic in the IIS Help system.

Use the SharePoint administrators group to restrict internal access.

Use the SharePoint administrators group to control which users can access SharePoint CentralAdministration. Only the domain group you specify, and local administrators, can then access theadministrative port. Limit the local administrator access to only a few computer operators.

Use Integrated Windows authentication instead of Basic authentication.

When you use Integrated Windows authentication, you avoid having passwords sent in clear text, as canhappen when Basic authentication is used. Basic authentication is less secure because it uses clear text.

Disable anonymous access.

Allowing anonymous access makes your server inherently less secure. If anonymous users can get access toyour server, they can change settings or content, and their actions cannot be traced to a real user account.Anonymous access is disabled by default for the administration port.

Securing SQL Server ConnectionsIf you are using SQL Server instead of Microsoft SQL Server 2000 Desktop Engine (Windows) (WMSDE) for yourdatabases, you can choose between the following two security methods for your interactions between WindowsSharePoint Services and SQL Server:

Integrated Windows authentication â€”Connect to SQL Server using an IIS application pool. This method isthe more secure option, and is the default authentication type for Windows SharePoint Services installationswith SQL Server.

Note that if you are using SQL Server on a separate server from the server running Windows SharePointServices, you must use a domain account (or the Local System or Network Service account) as the IISapplication pool account. If you are using a local account, it will not be able to access the SQL Servercomputer. For the administration virtual server, the IIS application pool account must also have rights tocreate new databases in SQL Server. In other words, this account must be a member of the SecurityAdministrators and Database Creators roles in SQL Server. If you use Local System or Network Service,you must grant the SQL Server privileges to the machine account for the Web server computer. Applicationpool accounts for other virtual servers do not need database creation rights; they rely on the administrationvirtual server to create databases.

SQL Server authentication â€”Connect to SQL Server using credentials you type in Windows SharePointServices administrative controls.

About Integrated Windows AuthenticationWindows SharePoint Services uses the authentication method specified in the IIS metabase, which is IntegratedWindows Authentication, by default. Integrated Windows Authentication contains both Kerberos v5 authenticationand NTLM authentication methods. New in SP2, the authentication method that is used when Windows SharePointServices connects to the database is determined by the value of the NTAuthenticationProviders metabase property inIIS. If this property is not set (is null) or is set to Negotiate,NTLM, Kerberos authentication is used; otherwiseNTLM is used. For more information about Integrated Windows Authentication, see the Integrated Windows


Authentication topic in the IIS 6.0 Administrator Guide.

Notes In earlier versions (prior to Service Pack 2) installing Windows SharePoint Services changed the

authentication method to NTLM for all virtual servers. This meant that existing sites that relied on Kerberosauthentication no longer worked after Windows SharePoint Services was installed. Windows SharePointServices Service Pack 2 no longer changes the default authentication method to NTLM. For additionalinformation, see Installation Considerations for Windows SharePoint Services.

Using a domain user account might require additional steps to add a Service Principal Name (SPN) to theaccount. Information about adding a Service Principal Name (SPN) to a domain user account is available in Using Integrated Windows Authentication with Windows SharePoint Services and the Microsoft Knowledgebase article 832769: How to configure a Windows SharePoint Services virtual server to use Kerberosauthentication.

With Integrated Windows authentication, you use the IIS application credentials and the IIS application process(called an application pool) to connect to the database. The credentials are stored securely in the IIS metabase withother IIS worker processes. When Windows SharePoint Services connects to the SQL Server database, it runsunder its usual process, and uses the IIS process for the connection. This configuration can require a few more stepsin a server farm environment on occasion. For example, if your domain has a policy requiring frequent passwordresets, you must remember to change the password in IIS for every server computer in your server farm.

You can have a single process for all of your virtual servers, or you can isolate each virtual server with its ownapplication pool. Using separate processes is more secure. For example, if you have a custom script running for onevirtual server, it could potentially be written to access pages in another virtual server if they are sharing an applicationpool. If they have separate application pools, the script is unable to authenticate for the database across virtualservers.

About SQL Server AuthenticationSQL Server authentication uses an administrator account and password (often the default sa account) stored in theSQL Server database to connect between Windows SharePoint Services and the databases. This same user nameand password are used for all updates to the databases, no matter which server (in a server farm) or virtual server(server farm or single server) requests the update. Also, when you use SQL Server authentication, the password forthe administrator account is sent over the network, and can potentially be detected by malicious users. It isrecommended that you use Integrated Windows authentication for connections between Windows SharePointServices and the SQL Server databases.

CautionÂ Â When you use SQL Server authentication, the user name and password you specify is available to allmembers of the STS_WPG group, which may include accounts associated with other applications on your server.

About FirewallsWindows SharePoint Services supports connectivity through firewalls. Depending on your configuration, you mustmake sure your firewall is open for the standard HTTP ports 80 and 443. When using a firewall, you must configureyour Web sites with Basic authentication because Integrated Windows authentication cannot pass through a firewall.

Related TopicsFor more information about site groups in Windows SharePoint Services, see Managing Site Groups and Permissionsand Managing Users and Cross-Site Groups.





Security Considerations forServer and Site ConfigurationsWhen you host content on a Web service, you must make decisions about how best to protect the content fromunauthorized users, and to what degree the content needs to be protected. The decisions you make influence the wayyou configure your servers and sites. There are pros and cons to each configuration, and your organization'srequirements for security will always be different than another organization's requirements.

Microsoft Windows SharePoint Services, like most other Web services, supports multiple configurations, each ofwhich has different trade-offs in functionality, performance, ease of deployment, and security. This topic discusseseight specific ways of deploying content with Windows SharePoint Services, and lists each method's pros and consfrom a security standpoint. Choose the configuration that best meets the needs of your data and your organization.

Regardless of which deployment you choose, implementing security best practices takes precedence over yourdeployment choice. Installing the latest service packs, patches and stopping or removing unused services are the firststeps in securing your deployment. Additional information for securing servers is available in the Windows Server2003 Security Guide.

1. Physical Isolation: Separate NetworksThe most secure way of deploying Windows SharePoint Services content is to isolate the content from all untrustedusers. You can do this by removing all network cables between untrused clients and the server running WindowsSharePoint Services or by creating a separate physical network dedicated to the Windows SharePoint Servicescontent.

This option has obvious drawbacks in functionality and ease of deployment. Users will not be able to use their existingnetwork credentials to authenticate on the server running Windows SharePoint Services and creating multiplephysically isolated networks is a costly deployment option.

2. Physical Isolation: Separate Server ComputersThe next most secure way to deploy Windows SharePoint Services content is to put each site on its own servercomputer. This helps mitigate a security exploit on one site that grants the attacker control of the server computerfrom being used to attack other sites based on Windows SharePoint Services.

Again, this option has serious drawbacks for ease and cost of deployment. Each new Windows SharePoint Servicessite requires a new server computer. This is a waste of server resources if the sites cannot keep the server computersbusy all the time, and it is an administrative drain to manage multiple server computers.

3. Process Isolation: Separate Application PoolsThe next most secure way to deploy Windows SharePoint Services is to put each site in its own application pool onthe same server computer. Application pools in Internet Information Services (IIS) provide a way for multiple sites torun on the same server computer but still have their own worker processes. This mitigates an exploit on one site whichallows the attacker to inject code onto the server from attacking other sites. Each site has its own worker process andidentity which prevents two processes from interacting.




While this configuration is easier to deploy than separate server computers, deploying Windows SharePoint Servicessites using separate application pools still has significant performance and deployment issues. Because eachapplication pool has its own process, you cannot deploy more than 10 to 20 Windows SharePoint Services sites on aserver by using different application pools. The memory overhead of each application pool is about 30 to 50 MB.Beyond ten to twenty sites, the server will run out of memory to hold all the site processes.

4. Logical Isolation: Separate Virtual ServersThe next most secure way to deploy Windows SharePoint Services is to put each site into its own virtual server with aunique domain name but using the same application pool. This method gives each site its own domain name, whichhelps prevent cross-site scripting attacks.

However this method still suffers from the scalability limitations of multiple virtual servers. Each ASP.NET pagegenerates a separate DLL for each virtual server, even if the source file of the ASP.NET pages is the same. Theseparate DLLs consume memory and will prevent more than 100 Windows SharePoint Services sites from running onthe same server.

5. Logical Isolation: Separate Host HeadersWindows SharePoint Services also supports hosting multiple domain-named sites in a single virtual server. This iscalled host header mode because Windows SharePoint Services uses the host header or domain name to resolve thedifferent sites. This scales much better than separate virtual servers and still helps prevent cross-site scripting attacksbetween two Windows SharePoint Services sites. Windows SharePoint Services can host up to two million sites perserver computer in host header mode.

The downside of this configuration is in the additional deployment costs. In this configuration, each site requires aseparate DNS entry in the domain controller.

6. SharePoint Site Isolation: Separate SiteCollectionsWindows SharePoint Services also supports hosting multiple site collections using the same virtual server and thesame domain name. Site collections can be scaled out across multiple database servers for additional storage capacityand throughput. The upside of this configuration is scalability and ease of deployment. Windows SharePoint Servicescan host up to 2 million sites in a single domain. Creating a site collection does not require any DNS entry and can beeasily automated and delegated to end-users. Windows SharePoint Services includes Self-Service Site Creation sousers can even create their own sites.

However, while Windows SharePoint Services enforces security on the site, the sites are still vulnerable to cross-sitescripting attacks from other sites within the domain.

7. SharePoint Site Isolation: Separate SitesWindows SharePoint Services also supports multiple subsites and workspace sites within a single site collection.Windows SharePoint Services can host up to 250,000 subsites within a given site if the subsites are organized intofolders of no more than 1000 subsites each.

The upside of this configuration is seamless navigation around the site collection. There is no built-in navigation fromone site collection to another, but there is navigation from one subsite to another within a site collection.


The downside is reduced scalability - because all sites must be stored in the same content database, it is difficult toincrease either storage capacity or throughput. Also, as with site collections, separate sites are vulnerable to cross-sitescripting attacks from other sites within the domain.

8. SharePoint Site Isolation: Separate ListsFinally, Windows SharePoint Services supports list- and library-level security. You can deploy content in a single siteusing separate lists and document libraries for different content. The upside of this configuration is seamless navigationaround the site and global visibility of all objects. Users will be able to see that a library exists, even if they have nopermission to read documents inside the library.

However, this is the least secure way to deploy Windows SharePoint Services content. The content is vulnerable tocross-security scripting attacks. Users in parent sites can also delete or deny access to content in subsites.

For more information about list-level security, see the Windows SharePoint Services Help system.

Other Security IssuesIn addition to the eight deployment configurations list above, there are two other security issues worth mentioning thatapply to all configurations: secure sockets layer and anonymous access.

Secure Sockets Layer (SSL)

All of the deployment configurations above are vulnerable to network sniffing attacks unless thecommunication between the client and server is encrypted. Windows SharePoint Services supports thestandard IIS SSL functionality to encrypt content between client and server. There is a substantialperformance penalty for using SSL, but it the only way to protect data from hackers who can monitor thenetwork. When using basic authentication, SSL is highly recommended because basic authentication sendsuser names and passwords over the network and SSL protects that data.

Anonymous Access

Windows SharePoint Services supports anonymous access, but it is disabled by default. Any server thatallows anonymous access is more vulnerable than a server that requires authentication. Anonymous sites canbe attacked by anyone. Servers that require authentication can only be attacked by users who have somepermission on the network.

Related TopicsFor more information about Windows SharePoint Services architecture, including server farms, virtual servers,application pools, site collections, and sites, see the following topics:

Windows SharePoint Services Architecture Installation Considerations for Windows SharePoint Services Creating Sites and Subsites

For information about SSL and anonymous access in Windows SharePoint Services, see the following topics: Configuring Authentication Windows SharePoint Services Security Model

For more information about installing Windows SharePoint Services, see the following topics: Single Server Deployment Remote SQL Server Deployment Server Farm Scalable Hosting Mode Deployment


Configuring Two Virtual Servers to Host the Same Content Separate Active Directory Directory Service Organization Unit Deployment



Internet Explorer EnhancedSecurity and Windows SharePointServicesBy default, Microsoft Windows Server 2003 provides a set of security settings called Internet Explorer EnhancedSecurity Configuration. These settings limit the types of content that a user at the server computer can view usingMicrosoft Internet Explorer, except for sites listed in the Local intranet and Trusted sites zones. For example, bydefault, scripting on Internet pages won't run. The goal of these settings is to help ensure that a local user on acomputer that is also running as a server will not download a virus or other harmful files from the Internet and infectthe server. Internet Explorer Enhanced Security Configuration doesn't affect remote users viewing content on theserver, only users running Internet Explorer on the server computer itself. For more information about InternetExplorer Enhanced Security Configuration, see Help in Windows Server 2003.

Using Internet Explorer Enhanced Security Configuration on a Web server running Microsoft Windows SharePointServices prevents some code that is necessary for viewing site pages or HTML administration pages from running.Again, remote users with proper access rights can still view the pages correctly, but a user running Internet Exploreron the server computer will be unable to view or manage the site. Note also that the user at the server computer willbe unable to view and manage a remote SharePoint site, because of the security settings.

You can use one or more of the following workarounds to ensure that Windows SharePoint Services works properlyin your environment.

Browse to Your SharePoint Site as http:// localhostFor basic installations, simply running Windows SharePoint Services by using the default host name localhost willallow you to view the pages. However, this is not a good option for more complex installations, such as hostheader-based sites or server farms. Note that the SharePoint Central Administration link uses the localhost hostname method. For more information about this option, see Help in Windows Server 2003.

Add the SharePoint Sites to the List of LocalIntranet SitesA more time-consuming but potentially more secure solution is for a server administrator to add the URLs of all virtualservers that are being hosted to the Internet Explorer Local intranet zone. In a server farm, the administrator mustalso add the URLs of all domain-named sites to the list of local intranet sites. For example, if a server farm is hostingthe sites http://site1 and http://site2, both "site1" and "site2" need to be added to the list of local intranet sites.Additionally, the name of each front-end Web server that is a member of the server farm needs to be added to the listof local intranet sites. For example, if you have a server farm that has two servers running SQL Server named sql1and sql2, and three front-end Web servers named it1, it2, and it3, then it1, it2, and it3 need to be added to the list ofintranet sites. It is important to note that all these server names and domain-named sites need to be added to the list oflocal intranet sites on each front-end Web server. For more information about adding to the list of local intranet sites,see Help in Internet Explorer.

Uninstall Internet Explorer Enhanced SecurityWindows SharePoint Services Administrator's Guide Página 129 de 382

ConfigurationIf you are not concerned about users working locally at the Web server, an administrator can uninstall InternetExplorer Enhanced Security Configuration by opening Control Panel, clicking Add or Remove Programs, and thenclicking Add/Remove Windows Components. This option is good for host header-based sites or server farms,because it requires less time spent configuring each server's settings. For more information about this option, see Helpin Windows Server 2003.

CautionÂ Â Uninstalling this feature greatly increases the "attack surface" presented by Internet Explorer. Removingthe Internet Explorer Enhanced Security feature could compromise the server by allowing malicious code to beexecuted. Uninstalling this feature does not remove the Internet Explorer security enhancements included with ServicePack 1, including Pop-up Blocker, Manage add-ons, Local Machine Zone Lockdown, and download prompt. Foradditional information about this feature, see the Windows Server 2003 Service Pack 1 Product Overview Guide.

NoteÂ Â Windows Server 2003 Service Pack 1 includes new administrative templates that enable Group Policymanagement of Internet Explorer. These settings might override any changes made locally, which means that youmight be unable to uninstall Internet Explorer Enhanced Security Configuration.




Show All

Configuring AuthenticationYou configure authentication for Web sites based on Microsoft Windows SharePoint Services by configuringauthentication methods in Internet Information Services (IIS). Windows SharePoint Services uses the authenticationmethod you specify for a virtual server in IIS to control authentication for all top-level Web site and subsites of thatvirtual server. Windows SharePoint Services works with the following authentication methods in IIS:

Anonymous authentication Basic authentication Integrated Windows authentication Certificates authentication (SSL)

You can change authentication methods for virtual servers hosting Web sites based on Windows SharePoint Services,and you can change the authentication method used for the SharePoint Central Administration site. You can alsoenable Secure Sockets Layer (SSL) security in IIS to help protect your sites or the administration port for yourserver.

Changing Authentication MethodsEach virtual server can use a different authentication method in Internet Information Services (IIS). You can evenenable multiple authentication methods if you are using the same Web site content in more than one environment. Forexample, if you have a Web site that is primarily for internal use within your organization, you would most likelychoose Integrated Windows authentication. If, however, your use of the site changes, and you must allow yourorganization's members to access the site externally through a firewall, you might also want to enable Basicauthentication.

NoteÂ Â Basic authentication is less secure than Integrated Windows authentication. For this scenario it isrecommended that you use Basic authentication with SSL to help make your environment more secure.

When you change authentication methods in IIS, you do not need to change any settings in Windows SharePointServices. For example, if you decide to use Integrated Windows authentication instead of Basic authentication, youmake the change only in IIS.

Change authentication methods1. Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information

Services (IIS) Manager. 2. Click the plus sign (+) next to the server name that contains the virtual server you want to change.3. Click the plus sign (+) next to Web sites. 4. Right-click the virtual server, and then click Properties. 5. On the Directory Security tab, under Authentication and access control, click Edit. 6. Select the check boxes for the authentication methods you want to enable, and clear the check boxes for the

authentication methods you want to disable. 7. Click OK to close the Authentication Methods dialog box. 8. Click OK again to close the Properties dialog box.

NoteÂ Â For more information about IIS authentication methods, see the topic About Authentication in IIS 6.0Help.

Enabling Secure Sockets Layer (SSL)Windows SharePoint Services Administrator's Guide Página 131 de 382

To enable SSL for a virtual server hosting Web sites based on Windows SharePoint Services, you can simply turn onSSL in IIS. If you want to use SSL for the SharePoint Central Administration virtual server, you must also use the setadminport command-line operation to enable SSL in Windows SharePoint Services.

Enabling SSL in IISYou can enable SSL for a virtual server by using Internet Information Services (IIS) Manager. Note that you musthave a certificate before you can enable SSL. For more information about SSL certificates, see the topics AboutCertificates and Setting Up SSL on Your Server in IIS 6.0 Help.

Enable SSL in IIS1. Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information

Services (IIS) Manager. 2. Click the plus sign (+) next to the server name that contains the virtual server you want to change. 3. Click the plus sign (+) next to Web sites.4. Right-click the virtual server, and then click Properties. 5. On the Directory Security tab, under Secure communications, click Edit. 6. In the Secure Communications dialog box, select the Require secure channel (SSL) check box, and then

click OK. 7. Click OK again to close the Properties dialog box.

Enabling SSL for the SharePoint Central Administration PagesAfter you have enabled SSL for the SharePoint Central Administration virtual server in IIS, you must use thecommand line to configure Windows SharePoint Services to use SSL. Perform the following steps to configureWindows SharePoint Services to use SSL for the Central Administration pages.

Enable SSL for the SharePoint Central Administration pages1. If you have a server farm, you must set all of the servers in your server farm to use the same administration

port by using syntax similar to the following:stsadm.exe â€“o setadminport â€“p 443

Replace the port number in the example syntax with the port number you want to use for remoteadministration. Run this command on each Web front-end server in your server farm. Note that this step is forserver farms only; you do not need to change the administration port if you are running Windows SharePointServices on a single server.

2. Configure the administration pages to use SSL by using syntax similar to the following:stsadm.exe â€“o setadminport â€“ssl

If you have a server farm, you must run this command on each Web front-end server in your server farm.

NoteÂ Â If you want a more secure administration port, it is recommended that you also use your firewall or the IISIP and domain restrictions feature to restrict access to the administration port. With either the firewall or IP anddomain restrictions, you can specify that requests from unauthorized IP addresses or network domain names beignored. For more information about configuring IP and domain restrictions in IIS, see the IIS Help system. For moreinformation about configuring your firewall to reject unauthorized requests, see the documentation for your firewall.

Related TopicsFor more information about authentication methods or SSL, see "Windows SharePoint Services Security Model" inthe Windows SharePoint Services Administrator's Guide.Windows SharePoint Services Administrator's Guide Página 132 de 382

For more information about using command-line operations such as setadminport, see Command-Line Operations.©2003 Microsoft Corporation. All rights reserved.


Using Integrated WindowsAuthentication with WindowsSharePoint ServicesMicrosoft Integrated Windows Authentication supports two protocols to provide challenge/response authentication:

NTLMÂ Â A secure protocol based on encrypting user names and passwords before sending them overthe network. NTLM is required in networks where the server will get requests from legacy clients that do notsupport Kerberos authentication.

KerberosÂ Â A protocol based upon ticketing. In this scheme a user must first provide a valid user nameand password to an authentication server. This server grants the user a ticket, which can then be used on thenetwork for requesting other network resources. To use this scheme, both the client and server must have atrusted connection to the domain Key Distribution Center and be compatible with Microsoft Active Directorydirectory services.

Kerberos also provides a method for creating trust relationships between network domains. These trust relationshipscan be transitive, mono-directional, or bidirectional. For more information on Kerberos authentication, see MicrosoftInternet Information Services (IIS) documentation in Windows Server 2003.

Both NTLM and Kerberos enhance security by encrypting user names and passwords before sending them over thenetwork. By default, virtual servers extended with a version of Windows SharePoint Services earlier than WindowsSharePoint Services Service Pack 2 enabled NTLM authentication by default because it is compatible with moreclients. Windows SharePoint Services Service Pack 2 and later do not automatically enable NTLM authentication.However, if you choose to use Kerberos authentication, and the application pool account used by WindowsSharePoint Services on the virtual server is not the default Network Service, you must complete these steps:

Configure a service principal name for the application pool identity used by the virtual server runningWindows SharePoint Services

Configure trust for delegation for Web Parts that access remote resources Additionally, if the virtual server was extended with a version of Windows SharePoint Services earlier than

Windows SharePoint Services Service Pack 2, you must edit the IIS metabase to enable both NTLM andKerberos authentication.

Configure a service principal name for theapplication pool identityNoteÂ Â You must be a domain administrator to complete the steps in this section.

If the application pool identity for the Windows SharePoint Services site is configured to use a built-in securityprincipal (such as NT Authority\Network Service or NT Authority\Local System), you do not have to perform thisstep. The built-in accounts are automatically configured to work with Kerberos authentication. However, if you use aremote Microsoft SQL Server database it is not recommended that you use a built-in security principal or an accountsuch as domain/computername$.

If you use a remote server running Microsoft SQL Server 2000 and you want to use NT Authority\Network Serviceas the domain account, you must add the Domain\ComputerName$ entry and configure it with Database Creatorsand Security Administrators permissions. Doing so allows Windows SharePoint Services to connect to the remoteSQL Server computer to create the configuration and content databases.


If the application pool identity is a domain user account, you must configure an service principal name (SPN) for thataccount. To configure an SPN for the domain user account, follow these steps:

1. Download and install the Setspn.exe command-line tool from the Setspn.exe download page.2. Use the Setspn.exe tool to add an SPN for the domain account. To do this, type the following line at the

command prompt:

setspn -A HTTP/ServerName Domain\UserNamewhere ServerName is the fully qualified domain name (FQDN) of the server, Domain is the name of thedomain, and UserName is the name of the domain user account.

Configure trust for delegation for Web Parts thataccess remote resourcesNoteÂ Â You must be a domain administrator to complete the steps in this section.

You do not have to follow these extra steps if you do not have Web Parts that are accessing remote resources.

If you are developing Web Parts for Windows SharePoint Services that access remote resources, you must follow thesteps that are listed in the "Configure a Service Principal Name for the Domain User Account" section and configureboth the computer and the application pool account to be trusted for delegation as described in the following sections.

Configure the IIS server to be trusted for delegation

NoteÂ Â You must be a domain administrator to complete the steps in this section.1. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.2. In the left pane, click Computers.3. In the right pane, right-click the name of the IIS server, and then click Properties.4. Click the General tab, click to turn on Trust computer for delegation, and then click OK.

Configure the application pool domain account for trusted delegation1. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.2. In the left pane, click Users.3. In the right pane, right-click the name of the user account used by the application pool, and then click

Properties.4. Click the Account tab, under Account Options, click to turn on Account is trusted for delegation, and

then click OK.

Edit the IIS metabaseYou can edit the IIS metabase by using Microsoft Notepad or a script. The script method is the preferred method ifyou are updating multiple servers. The following sections tell you how to use both methods.

Edit the IIS metabase by using Notepad

NoteÂ Â You only need to complete this step on virtual servers that were extended with a version of WindowsSharePoint Services prior to Service Pack 2.

1. On the server running Windows SharePoint Services, Click Start, point to All Programs, point toAccessories, and then click Notepad.

2. Click File, click Open, and then open the file %Systemroot%\System32\Inetsrv\Metabase.xml, where%Systemroot% is the path and folder name where Microsoft Windows is installed.

3. In the <IIsWebServer> section, locate the line:



NTAuthenticationProviders="NTLM"4. Change the line to:

NTAuthenticationProviders="Negotiate,NTLM"5. Click File and then click Save. 6. Click File and then click Exit. 7. Restart IIS:

1. Click Start, and then click Run. 2. In the Run window, type cmd, and then click OK.3. At the command prompt, type iisreset, and then press Enter4. Type exit, and then press Enter to close Command Prompt window.

Edit the IIS metabase by using scripts

NoteÂ Â You only need to complete this step on virtual servers that were extended with a version of WindowsSharePoint Services prior to Service Pack 2.

1. Click Start, and then click Run. 2. In the Run window, type cmd, and then click OK.3. Change to the Inetpub\Adminscripts folder, type:

cd Drive:\inetpub\adminscriptswhere Drive is the drive where Windows is installed

4. Type the command:

cscript adsutil.vbs get w3svc/xx/NTAuthenticationProviders where xx is the virtual server ID number. The virtual server ID of the Default Web site in IIS is 1. If the virtualserver has been extended with Windows SharePoint Services, the following string is returned:

ntauthenticationproviders: (STRING) "NTLM"5. To enable Kerberos on the virtual server, type:

cscript adsutil.vbs set w3svc/xx/NTAuthenticationProviders "Negotiate,NTLM" where xx is the virtual server ID number.

6. Restart IIS:1. Click Start, and then click Run. 2. In the Run window, type cmd, and then click OK.3. At the command prompt, type iisreset, and then press Enter4. Type exit, and then press Enter to close Command Prompt window.



Show All

Managing the SharePointAdministration GroupTwo sets of users are allowed to perform administrative functions for Microsoft Windows SharePoint Services:members of the administrators group for the local server computer and members of the SharePoint administrationgroup. The SharePoint administration group is a Microsoft Windows domain group that is registered with WindowsSharePoint Services. Members of this domain group can perform Central Administration tasks without having to begiven administrator rights to the local server computer. This is particularly useful in a server farm, because you cangrant rights across the server farm, rather than individually for each computer in the server farm. This is also useful forapplications that call into the administrative object model for Windows SharePoint Services. If the application processcan be configured to run as a member of the SharePoint administration group, it can create new sites, modify quotavalues for sites, and so on.

Members of the Administrators group on the local server computer have full control of all applications running on thatserver, including Internet Information Services (IIS), Microsoft SQL Server, Microsoft ASP.NET, and WindowsSharePoint Services. These administrators can perform any task on that server, including all administration tasks forWindows SharePoint Services, such as controlling administrative functions, configuring settings at the server or virtualserver level, and creating or changing sites and lists.

Members of the SharePoint administration group can perform SharePoint Central Administration tasks, but do nothave access to the file system of the server or the IIS metabase, so they cannot perform actions on other applicationsrunning on the server, such as IIS, Microsoft SQL Server, ASP.NET, and so on. Specifically, members of theSharePoint administration group cannot perform the following actions for Windows SharePoint Services:

Extend virtual servers (they can, however, create top-level Web site or change settings for a virtual server). Remove Windows SharePoint Services from a virtual server. Manage paths. Change the SharePoint administration group. Change the configuration database settings. Set the default content database server or manage the content databases. Enable full-text searching. Configure the SharePoint Central Administration virtual server. Use the Stsadm.exe command-line tool.

Members of the SharePoint administration group can perform any other administrative action using the HTMLAdministration pages or object model for Windows SharePoint Services. For example, members of the group canview and manage all sites created on their servers. This means that a member of the SharePoint administration groupcan read documents or list items, change survey settings, delete a site, or perform any action on a site that the siteadministrator can perform.

NoteÂ Â To manage the SharePoint administration group, you must be a member of the Administrators group of thelocal server computer.

Specify the SharePoint administration group1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central

Administration. 2. Under Security Configuration, click Set SharePoint administration group. 3. In the Group account name box, type the domain group you want to allow to administer Windows

SharePoint Services. Windows SharePoint Services Administrator's Guide Página 137 de 382

DAVID

Resaltado

DAVID

Resaltado

DAVID

Resaltado

DAVID

Resaltado

DAVID

Resaltado

DAVID

Resaltado

DAVID

Resaltado

DAVID

Resaltado

DAVID

Resaltado

DAVID

Resaltado

4. Click OK.

Changing the Group or Changing Group MembershipYou can only register one domain group as the SharePoint administration group, so if you want to include othermembers, you must add them to the group using the user and group management tools for your domain. If you wantto change which group is registered, you can follow the steps to specify a group and specify a different domain group.When you specify a new group, the old group's rights are removed, and the members of that group can no longermanage the servers running Windows SharePoint Services.



Show All

Managing Users and Cross-SiteGroupsEvery Web site has users, and part of your job as administrator is to make sure the users of a Web site have theappropriate rights to use the site. To grant access to a site, users must be added to the site (either individually or aspart of a cross site group) and assigned to a site group. In Microsoft Windows SharePoint Services, users andcross-site groups can be added by using one of two modes:

Domain account mode â€” Used inside organizations to grant access to users and groups with existingdomain accounts

Active Directory account creation mode â€” Used by Internet service providers to create unique accounts forcustomers

You determine which mode to use when you first install and configure Windows SharePoint Services, and you cannotswitch between modes later. Whichever mode you use, you can add users and cross-site groups to your site by usingeither the command-line tool or HTML Administration pages for your Web site.

NoteÂ Â Mixing account modes is not supported. You must choose either domain account mode or ActiveDirectory account creation mode. Some organizations may need to be able manage accounts for both internalemployees (in the organizationâ€™s Active Directory directory service) and external customers (not inorganizationâ€™s Active Directory directory service). In these cases, one option is to choose domain account mode,use a separate forest for the external users, and then configure the external forest to trust the internal domain foradding internal users.

About Domain Account ModeIf you are using Windows SharePoint Services inside an organization that uses Microsoft Windows domain accounts,you can use domain account mode for user and cross-site group accounts. With domain account mode, you addusers and cross-site groups to your site using their existing domain account information, including their account namesand e-mail addresses. And you can add Windows NT domain groups to your site, which is not possible in ActiveDirectory account creation mode. Domain account mode is the standard mode for Windows SharePoint Services.Note that you can use Active Directory directory service to manage domain accounts â€” the difference between themodes is the type of account you use and when they are created, not the tool you use to manage them.

About Active Directory Account Creation ModeIf you host Web sites based on Windows SharePoint Services for customers on the World Wide Web, you canconfigure Windows SharePoint Services to automatically create Active Directory accounts for new users andcross-site groups. You must enable Active Directory account creation mode when you first configure WindowsSharePoint Services. When you use Active Directory account creation mode, you cannot use pre-existing domainaccounts; instead, new accounts are created whenever you add users.

Creating users and cross-site groups with Active Directory account creation mode is the same as creating users withdomain account mode, except that you only enter the e-mail address or group name, not a domain account, whenadding the user or cross-site group to a site. Windows SharePoint Services checks Active Directory to see if anaccount with that e-mail address or group name already exists. If the user or cross-site group already has an account


in Active Directory, the account is used. If the user or cross-site group is new, an account is created for them inActive Directory, using the Windows SharePoint Services credentials, and they are notified of their account name andpassword through e-mail.

Notes When you are in Active Directory account creation mode, there are certain administrative tasks that are

unavailable in the HTML Administration pages. For example, you cannot create a top-level Web site, youcannot enable Self-Service Site Creation, and you cannot add a user to a site from the Central Administrationpages. To perform these actions in Active Directory account creation mode, you must use the command lineor the object model. For more information, see Using the Object Model to Manage Windows SharePointServices.

The Minimum Password Age group policy on the domain controller must be set to 0 days. Failure to do sowill result in users being unable to change their passwords, unless they have administrator rights on the server.For information on setting the Minimum Password Age group policy, see Microsoft Windows 2003 Serveronline help.

Using HTML Administration Pages to ManageUsers and Cross-site GroupsThe steps for adding users and cross-site groups are the same, no matter which account mode you are using. Usingeither method, you can manage users and cross-site groups from the Site Settings page for your Web site.

To manage users and cross-site groups, you follow the Manage users link on the Site Settings page to the ManageUsers page. By using this page, you can view a list of users and cross-site groups, check which site group a user orcross-site group is assigned to, add new users and cross-site groups, delete users and cross-site groups, or assignusers and cross-site groups to site groups. When you add new users or cross-site groups, you also have the option tosend an e-mail message to them, inviting them to use the site. You can even include a custom message in the invitatione-mail message. For example, you can describe your site and what it should be used for, or add a personal messageto the default e-mail invitation.

NoteÂ Â If you do not see the Manage users link on your Site Settings page, you are probably in a subsites thatuses the permission settings of a higher-level Web site of the server or virtual server. To work with user accounts andpermissions, either go to the parent-level Web site, or change to using unique permissions for the subsite. For moreinformation about subsite permissions, see Managing Site Groups and Permissions.

If you want to view which site groups a user is a member of, you use the Manage Users page.

View site group membership for a user or cross-site group On the Web site you want to manage, click Site Settings. On the Site Settings page, under Administration, click Manage users.

The users and cross-site groups added to the Web site and the site groups they are a member of aredisplayed on the Manage Users page.

From the Manage Users page, you can change which site group a user or cross-site group is a member of.

Change site group membership for a user or cross-site group1. On the Manage Users page, select the check box next to the user or cross-site group name you want to

change. 2. Click Edit Site Group of Selected Users. 3. In the Site Group Membership area, select the site group you want the user or cross-site group to be a

member of. 4. Click OK.


You can also add new users and cross-site groups to your site from the Manage Users page.

Add a new user or cross-site group1. On the Manage Users page, click Add Users. 2. In the Step 1: Choose Users section specify the users that you would like to add, separated by semicolons.

You can enter:o E-mail addresses (for example, [email protected]) o User names (for example, DOMAIN\user_name) o Microsoft Active Directory directory service security group names (for example,

DOMAIN\security_group_name) o Domain group names (for example, DOMAIN\group_name)o Cross-site group names (for example, Accounting)

Noteso When running Windows SharePoint Services in a server farm, you cannot add local accounts.o Local accounts must exist before you attempt to add them. Windows SharePoint Services does not

create local accounts like SharePoint Team Services 1.0 does.o When using Active Directory account creation mode, you cannot add local accounts or security groups.

3. In the Step 2: Choose Permissions section, select the site group that the user or group will belong to, andthen click Next.

4. In the Step 3: Confirm Users section, verify the e-mail addresses, user names, and display names. 5. In the Step 4: Send E-mail section, if you want to send an invitation, select Send the following e-mail to

let these users know they've been added, and type the subject and body text information to send in thee-mail message.

6. Click Finish.

You can delete users or cross-site groups from all site groups by using the Manage Users page. Note that this doesnot delete the user or cross-site group account, but does remove all rights to the Web site.

Add all users from an e-mail distribution list

NoteÂ Â To complete the steps in this section you must have a Windows SharePoint Services-compatible addressbook program such as Microsoft Office Outlook 2003 installed on the computer you are running.

1. On the Web site you want to manage, click Site Settings.2. On the Site Settings page, in the Administration section, click Manage Users. 3. On the Manage Users page, click Add Users. 4. In the Step 1: Choose Users section, click Address Book.5. Select the distribution list you want to add from the address book.

NoteÂ Â You can add only distribution lists that reside on the same e-mail server as your current e-mailaccount. For example, in Office Outlook 2003 the names of distribution lists that reside on the same e-mailserver appear in bold text. The list of users from the distribution list appears in the Users field.

6. In the Step 2: Choose Permissions section, select the site group to which you want to add the members ofthe distribution list, and then click Next.

7. In the Step 3: Confirm Users section, verify the e-mail addresses, user names, and display names. 8. In the Step 4: Send E-mail section, if you want to send an invitation, select Send the following e-mail to

let these users know they've been added, and type the subject and body text information to send in thee-mail message.

9. Click Finish.

NoteÂ Â Adding or removing users from the e-mail distribution list will not add or remove them from the site. Youmust manually add or remove users from the site after changing your distribution list membership.


Delete a user or cross-site group from all site groups1. On the Manage Users page, select the check box next to the user or cross-site group you want to delete. 2. Click Remove Selected Users.3. On the confirmation message that appears, click OK to remove the users.

Managing Users in a Site CollectionEvery Web site with unique permissions has a Manage Users page that the site's administrator can use to add, modify,or delete users. In addition to this page, the top-level Web site in a Web site collection also includes a page thatserver administrators or the site collection administrator can use to view and delete users. This page lists all users forthe site collection, including the users of the top-level Web site and users of any subsites in the site collection. Whenyou remove a user from this list, the user is removed from all sites and subsites in the site collection.

Remove a user from a top-level Web site1. On the top-level Web site, click Site Settings. 2. Under Administration, click Go to Site Administration. 3. On the Top-Level Site Administration page, under Site Collection Administration, click View site

collection user information. 4. Select the check box next to the user you want to remove, and then click Remove Selected Users.

Managing Users from SharePoint CentralAdministrationIf you are an administrator on the server computer or a member of the SharePoint administrators group, you mayhave administrative rights to change settings on the Site Settings page for any individual site on your server. Whathappens when a top-level Web site owner leaves your organization, or a user must be added to or removed from asite that you do not have administrative rights for? The SharePoint Central Administration page includes a link formanaging users for sites even if the administrator does not have rights to the site. You can add users or cross-sitegroups, remove users or cross-site groups, change site group membership, and change owners, without having to bean administrator on a specific site. You do, however, need to know the Uniform Resource Locator (URL) for the site,and the specific user name that you want to change.

Change the owner of a site collection1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central

Administration. 2. On the SharePoint Central Administration page, under Security Configuration, click Manage site

collection owners. 3. On the Manage Site Collection Owners page, in the Site URL box, type the URL to the site, and then click

View.

The information for the current site owner and secondary owner is automatically filled in on the page whenyou click View.

4. In the Site Owner section, in the User name box, type the account name for the new owner. 5. If you have a new secondary contact name, type the account name in the Secondary Owner section. 6. Click OK.

If you are an administrator on the server computer, and need to change the owner of a site that you do not haveadministrative access to, you can make the change from the SharePoint Central Administration page.

Add a new site user or group1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central

Administration.


2. On the SharePoint Central Administration page, in the Security Configuration section, click Manage Website users.

3. On the Manage Web Site Users page, in the Site URL box, type the URL to the site, and then click View. 4. In the Add a User section, specify the users that you would like to add, separated by semicolons. You can

enter:o E-mail addresses (for example, [email protected]) o User names (for example, DOMAIN\name) o Microsoft Active Directory directory service security group names (for example,

DOMAIN\security_group_name) o Domain group names (for example, DOMAIN\group_name)o Cross-site group names (for example, Accounting)

Noteso When running Windows SharePoint Services in a server farm, you cannot add local accounts.o Local accounts must exist before you attempt to add them. Windows SharePoint Services does not

create local accounts like SharePoint Team Services 1.0 does.o When using Active Directory account creation mode, you cannot add local accounts or security groups.

5. In the Display name box, type the full name. 6. In the E-mail address box, type the e-mail address. 7. In the Site group box, select a site group to which to add the user or group, and then click Add User.

You can also delete a user or change a user's site group membership from this page.

Delete a site user or change site group membership1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central

Administration. 2. On the SharePoint Central Administration page, under Security, click Manage Web site users. 3. On the Manage Web Site Users page, in the Site URL box, type the URL to the site, and then click View. 4. In the Change Existing User section, in the Account name box, type the user account you want to change

or delete, and then click View user. 5. To change site group membership, select the check box for the site group you want the user to be a member

of, and then click Update. 6. To remove the user from all site groups, click Delete User.

Using the Command Line to Manage UsersYou can add a user account to your site by using the adduser operation. The adduser operation takes the url,userlogin, useremail, username, and role parameters, plus the optional parameter siteadmin. You use thesiteadmin parameter to specify that the user is the site collection administrator or owner of the site collection. Notethat if you are using Active Directory account creation mode, you do not need to specify the userlogin parameter;you would use the useremail parameter to identify the user instead.

For example, to add User1 as an administrator for http://server1/site1 in domain account mode, you would type:

stsadm.exe -o adduser â€“url http://server1/site1

â€“userlogin DOMAIN1\User1 -useremail [email protected]

-username "User 1" -role administrator

You use the deleteuser operation to remove users from a site. The deleteuser operation takes the url anduserlogin parameters. To remove User1 from http://server1/site1, you would type:

stsadm.exe -o deleteuser â€“url http://server1/site1

â€“userlogin DOMAIN1\User1


You can assign a user to a site group from the command line by using the userrole operation. The userroleoperation takes the url, userlogin, role, and add or delete parameters. For example, to add the user User1 to theContributor site group for site http://server1/site1, you would type:

stsadm.exe -o userrole â€“url http://server1/site1 â€“userlogin DOMAIN1\User1

-role contributor -add

Note that this does not remove the user from any site groups they were previously members of.

Related TopicsFor information about creating, editing, or deleting site groups and controlling Web site permissions, see ManagingSite Groups and Permissions.

For more information about security, see Windows SharePoint Services Security Model.

With Windows SharePoint Services, you can set quota and determine how many new user accounts can be createdfor each virtual server. For more information about setting quotas, see Configuring Site Collection Quotas and Locks.



Show All

Managing Site Groups andPermissionsWhen you set up a Web site, you need a way to specify who has access to it. For a typical Internet site, you probablywant everyone who comes to the site to be able to view your content, but you don't want them to be able to changethat content. For a company intranet site, you may want a few people controlling the structure of the site, but manymore people who can add new content, or participate in group calendars or surveys. For an extranet, you want tocarefully control which people can view the site at all. Generally, access to Web sites is controlled by combining useraccounts with some sort of permissions structure that controls the specific actions users can perform.

Microsoft Windows SharePoint Services provides the ability to control site access through the following means: Site groups

site groups let you specify which of your users can perform specific actions in your site. For example, a userwho is a member of the Contributor site group can add content to Windows SharePoint Services lists, such asthe Task list, or a document library.

Anonymous access control

You can enable anonymous access to allow users to contribute anonymously to lists and surveys, or to viewpages anonymously. Most Internet Web sites allow anonymous viewing of the site, but may ask forauthentication when someone wants to edit the site or buy an item on a shopping site.

NoteÂ Â You can also grant access to "all authenticated users" to allow all members of your domain toaccess a Web site, without having to enable anonymous access.

Per-list permissions

You can manage permissions more finely by setting unique permissions on a per-list basis. For example, if youhave a document library containing sensitive financial data for the next fiscal year, you can restrict access tothat list so that only the appropriate users can view it. Per-list permissions override site-wide permissions forthe lists.

Subsite permissions

subsites can either use the same permissions as the parent Web site (inheriting both the site groups and usersavailable on the parent Web site), or use unique permissions (so you can create your own user accounts andadd them to site groups).

Site creation rights

There are two rights that control whether users can create top-level Web site, subsites, or workspaces: UseSelf-Service Site Creation and Create Subsites.

Defining Site GroupsWindows SharePoint Services uses site groups to manage site-wide security. Each user is a member of at least onesite group. Each site group possesses corresponding rights. Rights are actions that users can perform, such as Manage Lists. With Windows SharePoint Services, you can use the following default site groups: Guest, Reader,Contributor, Web Designer, and Administrator. In addition, Windows SharePoint Services allows you to edit therights assigned to a site group, create a new site group, or delete an unused site group. You manage site groups in


Windows SharePoint Services with either HTML Administration pages or the command-line administration tool. Notethat you cannot change the rights assigned to the Guest and Administrator site groups, and you cannot assign usersdirectly to the Guest site group.

NoteÂ Â It is possible to add user accounts to a Web site without assigning them to a site group. For example, if youare creating new user accounts for the Web site, you can create the user accounts and then assign the users to sitegroups later. You can also remove a member from all site groups. However, a user who is not assigned to a sitegroup has no access to the Web site.

Windows SharePoint Services includes the following site groups by default: Guest â€”Has limited rights to view pages and specific page elements. This site group is used for giving users

access to a particular page, or list, without granting them rights to view the entire site. Users cannot beexplicitly added to the Guest site group, rather users who are given access to lists or document libraries byway of per-list permissions are automatically added to the Guest site group. The Guest site group cannot becustomized or deleted.

Reader â€”Has rights to view items, view pages, and create a top-level Web site using Self-Service SiteCreation. Readers can only read a site; they cannot add content. Note that when a reader creates a site usingSelf-Service Site Creation, he or she becomes the site owner and a member of the Administrator site groupfor the new site. This does not affect the user's site group membership for any other site.

Contributor â€”Has Reader rights, plus rights to add, edit, and delete items, browse directories, managepersonal views, add or remove personal Web Parts, update personal Web Parts, and create cross site group.Contributors cannot create new lists or document libraries, but they can add content to existing lists anddocument libraries.

Web Designer â€”Has Contributor rights, plus rights to cancel check-out, manage lists, add and customizepages, define and apply themes and borders, and apply style sheets. Web Designers can modify the structureof the site and create new lists or document libraries.

Administrator â€”Has all rights from other site groups, plus rights to manage site groups, manage listpermissions, create sites and Workspaces sites, and view usage analysis data. The Administrator site groupcannot be customized or deleted, and there must always be at least one member of the Administrator sitegroup. Members of the Administrator site group always have access to, or can grant themselves access to,any item in the Web site.

NoteÂ Â The owner and secondary owner of a site collection are members of the Administrator site groupfor their site, but they are also identified separately in the configuration database as site collection owners. Thisowner flag can only be changed by using the Manage Site Collection Owners page in Central Administrationor by using the siteowner operation with Stsadm.exe. If you remove an owner from the Administrator sitegroup for the site, the owner retains the owner flag in the database, and can still perform Web siteadministrative tasks.

These site groups are defined per Web site. Users assigned to the Administrator site group are administrators onlyfor a particular Web site. To perform any administrative tasks that affect settings for all Web sites and virtual serverson the server computer, a user must be an administrator for the server computer (also known as a local machineadministrator) or a member of the SharePoint administrators group, rather than a member of a site's Administrator sitegroup.

For a complete list of user rights and to see which are included in each site group by default, see User Rights and SiteGroups.

Customizing Rights for Site GroupsYou can create a new site group or customize an existing site group (except for the Guest and Administrator sitegroups, which cannot be customized) to include only the rights you want. For example, if you want only the WebDesigners to be able to edit lists on the site, you can remove the Edit Items right from the Contributor site group.


Some rights depend on other rights. You must be able to view items before you can edit items. If a right is deletedfrom a site group, any rights dependent on that right are also deleted. For example, when the View Items right isdeleted, the Add Items, Edit Items, and Delete Items rights are also deleted. In the same way, if you add a rightthat requires another right, the required right is also added. So, if you grant the Edit Items right to a user, the ViewItems right is granted automatically.

NoteÂ Â For more information about dependencies in user rights, see User Rights and Site Groups.

Security and User RightsUser rights grant users the ability to perform certain actions on a Web site, and restrict other users from performingthose actions. Some rights do not completely restrict certain actions. The Apply Themes and Borders and ApplyStyle Sheets rights allow users to make changes to an entire Web site. Any user with the Add and CustomizePages right, however, can perform the same changes on a page-by-page basis in the actual HTML code. Be awarethat if you give a user the Add and Customize Pages right (by assigning them to a site group that contains the right),you are also giving them the ability to change the theme, border, and style sheets for individual pages in your Web site.

When you assign rights to site groups, be sure that you assign the appropriate rights, and do not unintentionally allowmembers of the site group to perform more actions that you want on your Web site. Conversely, be sure thatmembers of the site group are not unintentionally restricted from performing the actions they need to perform.

Using HTML Administration Pages to Manage SiteGroupsYou can manage site groups from the Site Administration page for your Web site. To manage site groups, follow the Manage site groups link on the Site Administration page to the Manage Site Groups page. On this page, you canview a list of site groups, change which rights are included in a site group, add a new site group, or delete a site group.

View a list of site groups1. On the Site Settings page for your Web site, under Administration, click Go to Site Administration. 2. On the Site Administration page, under Users and Permissions, click Manage site groups.

The site groups available for the Web site are displayed on the Manage Site Groups page.

You can add new site groups for use on your site from the Manage Site Groups page.

Add a new site group1. On the Manage Site Groups page, click Add a Site Group. 2. In the Site Group Name and Description area, type the name and description for your new site group. 3. In the Rights area, select the rights you want to include in the new site group. 4. Click Create Site Group.

You can create a new site group based on an existing site group, and even copy the members of the existing sitegroup into your new site group.

Copy an existing site group1. On the Manage Site Groups page, click the site group you want to copy. 2. On the Members of "Site group name" page, click Edit Site Group Permissions. 3. On the Edit Site Group "Site group name" page, click Copy Site Group. 4. On the Copy the Site Group "Site group name" page, in the Site Group Name and Description area, type

the name and description for your new site group. 5. If you want to copy the users from the existing site group into your new site group, select the Copy users


from "site group name" check box. 6. In the Rights area, select any additional rights that you want the site group to contain, and clear any rights

that you do not want the site group to contain. 7. Click Create Site Group.

You can also edit an existing site group to change the rights assigned to that site group.

Edit an existing site group1. On the Manage Site Groups page, click the site group you want to change. 2. On the Members of "Site group name" page, click Edit Site Group Permissions. 3. On the Edit Site Group "Site group name" page, select the rights you want to include and clear any rights that

you do not want. 4. Click OK.

If you find that a site group is not used, you can delete the site group.

Delete an existing site group1. On the Manage Site Groups page, select the check box next to the site group you want to delete. 2. Click Delete Selected Site Groups.

Using the Command Line to View Site GroupsYou can view the list of site groups from the command line in Windows SharePoint Services by using the enumrolesoperation. This operation takes the -url parameter, and then simply lists the names of the site groups for that UniformResource Locator (URL), so you can use the correct site group name when assigning permissions to users. Forexample, to view the list of site groups for a site at http://myserver/site1, you would type the following command:

stsadm -o enumroles -url http://myserver/site1

Assigning Per-List PermissionsWindows SharePoint Services provides the ability to control permissions on a per-list basis. If you have sensitiveinformation stored in a list, and you do not want to expose the information to all members of your site, you can setpermissions for just that list to control which users can view, edit, or add items to that list. You can grant permissionsto a list or document library to individual users, to groups of users, or to a site group. Per-list permissions work forany list or document library in a Web site based on Windows SharePoint Services (for example, Announcements,Tasks, Shared Documents, and so on).

List permissions can be changed by any user who has the Manage List Permissions right (by default, included inthe Administrator site group) or Full Control permissions for that list. By default, all members of a Web site (all usersassigned to a site group, except for the Guest site group) have access to all lists and document libraries on that Website. Each site group has a predefined level of permissions for all lists and document libraries. The default listpermissions are:

View items (given to the Reader site group by default) View, insert, edit, delete items (given to the Contributor site group by default) View, insert, edit, delete items; change list settings (given to the Web Designer site group by default) View, insert, edit, delete items; change list settings; change list security

In addition, you can set advanced permissions, which allows you to grant any of the following rights for a user or sitegroup:

Manage Lists (given to the Web Designer site group by default) Manage List Permissions


Manage Personal Views (given to the Contributor site group by default) Cancel Check-Out (applies only to document libraries; given to the Web Designer site group by default) Add List Items, Edit List Items, and Delete List Items (given to the Contributor site group by default) View List Items (given to the Reader site group by default)

NoteÂ Â Members of the Administrator site group always have the highest level of permissions for all lists anddocument libraries. You cannot change list or document library permissions for the Administrator site group. Also, anysite group that has the View List Items right (such as Reader) can continue to see the list name, description, numberof items, and time when the list was last modified, even though they cannot view the list contents directly.

To control permissions for a list, go to the list itself or to the Customize "Listname" page for the list.

View permissions for a list1. Navigate to the list, and then in the left pane, click Modify settings and columns. 2. On the Customize "Listname" page, in the General Settings section, click Change permissions for this

<list/document library>.

The Change Permissions:"Listname" page displays the users and groups that have access to the list, andshows the permissions level each user or group is assigned.

You can change the list permissions for all members of a particular site group by modifying that site group'spermissions.

Change list permissions for a particular site group1. Navigate to the list, and then in the left pane, click Modify settings and columns. 2. On the Customize "Listname" page, in the General Settings section, click Change permissions for this

<list/document library>. 3. Select the check box next to the site group you want to change.

For example, click the check box next to Web Designer to change the permissions for all members of theWeb Designer site group.

4. Click Edit Permissions of Selected Users. 5. In the Choose Permissions section, select the level of permissions to allow, and then click OK.

You can also grant permissions to individual users, or to user groups, instead of to all members of a site group.Remember that when you grant a user or group permissions to a specific list in your site, they are added to the Guestsite group if they are not already members of the site. Note that members of the Guest site group cannot navigate to apage within the site unless you give them the exact page URL.

Assign list permissions to a specific user or group1. Navigate to the list, and then in the left pane, click Modify settings and columns. 2. On the Customize "Listname" page, in the General Settings section, click Change permissions for this

<list/document library>. 3. On the list toolbar, click Add Users. 4. In the Step 1: Choose Users section, in the Users area, in the text box, type the network domain name or

e-mail address for the user or group you want to assign permissions. 5. In the Step 2: Choose Permissions section, under Permissions, select the level of permissions for the user

or group, and then click Next. 6. In the Step 3: Confirm Users section, verify that the e-mail address, user name, and display name for the

user or group are correct. 7. If you want to notify the user or group of their permissions with an e-mail message, in the Step 4: Send

E-Mail section, select the Send the following e-mail to let these users know they've been added checkbox, and fill in the text you want to send.

8. Click Finish.


If you want to restrict your list to a specific set of users, you must both grant access to the individual users and removeaccess from other site members.

Remove list permissions for a user, group, or site group1. Navigate to the list, and then in the left pane, click Modify settings and columns. 2. On the Customize "Listname" page, in the General Settings section, click Change permissions for this

<list/document library>. 3. Select the check box next to the site group, user, or group you want to remove permissions for, and then

click Remove Selected Users.

If you no longer want to use unique permissions for a particular list, you can reset the permissions to use the Website's general permissions.

Reset permissions to the default state1. Navigate to the list, and then in the left pane, click Modify settings and columns. 2. On the Customize "Listname" page, in the General Settings section, click Change permissions for this

<list/document library>. 3. Click Inherit permissions from the parent Web site. 4. Click OK to change to inherited permissions.

NoteÂ Â The Inherit permissions from the parent Web site link does not appear unless the list permissions havealready been customized.

Controlling Access for All Authenticated UsersIf you want all authenticated users of your intranet to be able to access your Web site, rather than adding each userindividually or in groups, you can configure your site to allow all users on your network rights to use the site. You canalso specify which site group (either Reader or Contributor) to assign to all authenticated users.

Allow all authenticated users rights to a top-level Web site1. On your site, click Site Settings. 2. Under Administration, click Go to Site Administration. 3. On the Site Administration page, under Users and Permissions, click Manage anonymous access. 4. In the All Authenticated Users section, under Allow all authenticated users to access site, select Yes. 5. Under Assign these users to the following site group, select a site group. 6. Click OK.

Controlling Anonymous Access to a Web SiteIf you want users to be able to contribute to your site anonymously, you can configure your site to allow anonymousaccess. Anonymous access is used to allow users to browse sites without authenticating (a standard Internetscenario), respond anonymously to surveys, or even contribute to a list or document library anonymously.

Anonymous access relies on the anonymous user account on your Web server. This account is created andmaintained by your Web server (Internet Information Services (IIS)), not by Windows SharePoint Services. On IIS,the anonymous user account is usually IUSR_ComputerName. When you enable anonymous access in WindowsSharePoint Services, you are enabling that user account for your Web site.

Enabling Anonymous AccessAnonymous access is disabled by default, and is controlled at the site level. If you want to allow anonymous access(such as for an Internet site, where you want visitors to be able to browse without authenticating), you must enable


anonymous access by assigning rights to the anonymous user. To enable anonymous access, you must first be surethat IIS is configured to allow anonymous access, and then on the Site Administration pages for your Web site, youcan enable anonymous access.

Allow anonymous access for a virtual server in Internet Information Services1. Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information

Services (IIS) Manager. 2. Right-click the virtual server you want to enable anonymous access for, and then click Properties. 3. Click the Directory Security tab. 4. In the Authentication and access control section, click Edit.

The Authentication Methods dialog box appears.5. Select the Enable anonymous access check box. 6. Click OK to close the Authentication Methods dialog box. 7. Click OK to close the Properties dialog box.

You may need to restart IIS for this change to take effect. After anonymous access has been turned on for the virtualserver in IIS, you can enable anonymous access for a specific top-level Web site.

Enable anonymous access for a top-level Web site1. On your site, click Site Settings. 2. Under Administration, click Go to Site Administration. 3. On the Site Administration page, under Users and Permissions, click Manage anonymous access. 4. In the Anonymous Access section, select a level of access to allow:

o Entire Web siteo Lists and librarieso Nothing

5. Click OK.

Per-List Permissions and Anonymous AccessYou can control anonymous access for your entire site by using the Manage Anonymous Access page, or you cancontrol anonymous access for specific lists by using the per-list permissions feature. If anonymous access is disabledfor your site, it cannot be enabled for a particular list in the site.

Enable anonymous access for a list1. Verify that anonymous access is enabled for your site. 2. Navigate to the list, and then in the left pane, click Modify settings and columns. 3. On the Customize "Listname" page, in the General Settings section, click Change permissions for this

<list/document library>.4. In the Action pane, click Change anonymous access.5. On the Change Anonymous Access Settings page, click the check box for the level of permissions that you

want to grant to anonymous users.

NoteÂ Â If Internet Information Services (IIS) is not configured to allow anonymous access, these checkboxes are unavailable.

6. Click OK.

Creating Unique Permissions for a SubsiteWhen you create a subsite, you can choose whether to inherit the permissions from the parent Web site or to createunique permissions for your subsite. Depending on your choice, you get different results:

If you choose unique permissions, the default site groups are created (Guest, Reader, Contributor, Web


Designer), but are not populated. The Administrator site group is also created, and the subsite creator isassigned to this site group. You can add users to the subsite and assign them to site groups, and they will havepermissions only on your subsite, not on the parent Web site.

If you choose to inherit permissions, all of the security from the parent Web site is used for the subsite, withthe exception of per-list permissions. If you add a user to a list, the user is added to the parent Web site.

Switching to a Different Permissions ModelIf you set up your subsite with unique permissions, but find that you need to share permissions with your parent Website instead, you can switch to inherited permissions. There are some drawbacks to making this switch, however, suchas:

Switching from unique to inherited permissions is not reversible. The users and site groups from your subsiteare deleted when you switch to inherited, and your subsite reverts to the permissions set for the parent Website.

Items that have per-list permissions set lose those permissions. All lists revert to the site-wide permissions.

You can also switch from using inherited permissions to using unique permissions. In this case, the transition is simpler.The current permissions are duplicated when you switch, and the link to the parent Web site's permissions structure isbroken. From that point on any changes you make to the permissions affect only the subsite. When you switch frominherited to unique permissions, per-list permission settings remain intact.

NoteÂ Â Switching between permissions models can create some strange scenarios. For example, any user who hasthe Create Subsites right can create a subsite. By default this right is included only in the Administrator site group,but if you assign it to another site group, members of that group can create subsites with unique permissions andbecome administrators of the new subsites. If such a user then chooses to switch to using the parent Web site'spermissions, the user will no longer be an administrator of the subsite.

You use the Site Administration page for your subsite to switch to a different permissions model.

Set unique permissions by using HTML Administration pages1. On the subsite, click Site Settings. 2. Under Administration, click Go to Site Administration. 3. On the Site Administration page, under Users and Permissions, click Manage permission inheritance. 4. In the Permissions section, select Use unique permissions. 5. Click OK.

If you want to return to using the same permissions as the parent Web site, you can also change back by using HTMLAdministration pages.

Return to the parent Web site's permissions1. On the subsite, click Site Settings. 2. Under Administration, click Go to Site Administration.3. On the Site Administration page, under Users and Permissions, click Manage permission inheritance. 4. In the Permissions section, select Use the same permissions as the parent site. 5. Click OK. 6. Click OK to verify the change of permissions.

Managing Site Creation RightsBy default, when Self-Service Site Creation is enabled, all members of the Reader, Contributor, Web Designer, andAdministrator site groups have the Use Self-Service Site Creation right. They can use this right to create atop-level Web site on a virtual server from the Create Web Site page. Another right, the Create Subsites right, isavailable to members of the Administrator site group by default. This right allows the user to create a subsite or a


Workspace site from the Create page or the Manage Sites and Workspaces page.

You control which users have the Use Self-Service Site Creation right by changing the rights in a site group. Youcan control which users have the ability to create sites and Workspace sites by changing which site groups have the Create Subsites right, or by using the Configure Site and Workspace Creation page in Site Settings. You must bea member of the Administrator site group for a site to control these rights.

Specify which users can create subsites1. On a site, click Site Settings.2. On the Site Settings page, click Configure site and workspace creation.3. On the Configure Site and Workspace Creation page, select the check boxes next to the site groups you

want to be able to create subsites.4. Click OK.

Related TopicsFor information about assigning users to site groups, see Managing Users and Cross-Site Groups.

For more information about security, see Windows SharePoint Services Security Model.

For more information about Self-Service Site Creation, see Configuring Self-Service Site Creation.©2003 Microsoft Corporation. All rights reserved.


Show All

Controlling User Rights andAssigning TasksAs a server administrator, you have control over which actions users can perform for sites on your server, such asadding users to a Web site. You control their actions by controlling their rights. With Microsoft Windows SharePointServices, you control rights in the following ways:

Limit the rights available for any site group on the virtual server.

You use a rights mask to specify which rights can be included in site groups. Allow anonymous access.

You can determine whether anonymous users can use a particular Web site. Assign rights to customized site groups, and include users in those site groups.

You can include a specific right, such as Manage Lists, in a custom site group for users. Allow users to request access.

You can determine whether users can request access to a site, list, or document library.

Limiting Available RightsAs an administrator, if you want to allow or limit certain actions your users perform, you can disable or enable theassociated right on the virtual server. For example, if you do not want users to be able to add pages to a Web site,you can disable the Add and Customize Pages right. When you disable a right on a virtual server, it cannot beassigned to any site group and, as a result, cannot be granted to any user of a site on the virtual server. Note that if auser already has a right, and you disable that right, the right is also disabled for that user.

Use the Manage User Rights for Virtual Server page in the Virtual Server Settings pages to specify which rights areavailable for site groups per virtual server.

Limit the rights for a virtual server1. On your server computer, click Start, point to All Programs, point to Administrative Tools, and then

click SharePoint Central Adminsitration. 2. On the SharePoint Central Administration page, under Virtual Server Configuration, click Configure

virtual server settings. 3. On the Virtual Server List page, select the virtual server you want to affect. 4. Under Security Settings, click Manage user rights for virtual server. 5. Select the check boxes next to the rights you want to enable, and clear the check boxes next to those rights

you want to disable.

You can select all rights by selecting the Select All check box. You can clear all rights by clearing the SelectAll check box.

6. Click OK.

Allowing Anonymous AccessWindows SharePoint Services Administrator's Guide Página 154 de 382

You can control anonymous access at the virtual server level and at the Web site level. At the virtual server level, youcan enable or disable anonymous access in IIS. For more information about configuring anonymous access in InternetInformation Services (IIS), see Configuring Authentication.

If you have enabled anonymous access for a virtual server, you can configure anonymous access for each Web site onthat virtual server. To do so, you use the Site Administration page for the Web site.

Change anonymous access for a Web site1. On your site, click Site Settings. 2. Under Administration, click Go to Site Administration. 3. Under Users and Permissions, click Manage anonymous access. 4. To enable or disable anonymous access to the site, in the Anonymous Access section, under Anonymous

users can access, select one of the following:o Entire Web siteo Lists and librarieso Nothing

5. Click OK.

Assigning Administration TasksIf you manage multiple Web sites or virtual servers, you may find that performing tasks such as adding users,managing subsites, or managing check-in and check-out for each virtual server or Web site can become burdensomeâ€” especially if you manage more than five Web sites. With Windows SharePoint Services, you can use site groupsand rights to assign such administrative tasks to trusted users and keep server-level administrator tasks (such as extending a new virtual server or setting defaults) to yourself.

By default, a user who is a member of the Administrator site group can: Manage the Web site Create subsites. Manage list permissions. Manage site groups. View usage data.

By default, a user who is a member of the Web Designer site group can: Add and customize pages. Manage lists. Theme a site, add borders, and link style sheets. Cancel check-outs.

If you want a user, such as a Contributor, to be able to perform a single Administrator or Web Designer task, you caneither assign them to the Administrator or Web Designer site group, or assign them to another site group that has theuser right needed to perform the task.

Although the simplest way to delegate Administrator or Web Designer rights is to make a user a member of theAdministrator or Web Designer site group, this potentially allows the user more access than you intended. If you wantto delegate only a few tasks or limit tasks, assign only the necessary user rights. To do this, create a custom site groupwith the necessary rights, or edit an existing site group to contain those rights.

For example, if you want a user to be able to approve items before they are added to lists, create a Moderator sitegroup, add the Manage Lists right to that site group, and then assign the user to the site group.

NoteÂ Â Users can be members of more than one site group, so you do not need to remove their old site groupmembership before adding them to a new one. Neither do you have to replicate all of their existing rights in the newsite group. So, Joe User can be a member of both the Contributor and Moderator site groups at the same time.Windows SharePoint Services Administrator's Guide Página 155 de 382

The following table lists some tasks you may want to delegate, as well as the user rights required to perform thosetasks.Task to delegate User right requiredAdding users to the site Manage Site GroupsChanging user site groups Manage Site GroupsAdding, editing, or removing lists Manage ListsApproving items to be added to a list Manage ListsCreating, deleting, or merging subsites Create SubsitesAdding ASP, ASPx, or HTML pages to a site Add and Customize PagesBreak a document check-out or force a check-in Cancel Check-Out

Allowing Users to Request AccessYou determine whether users can request access to a site collection, list, or document library by configuring settingsfor that site collection, list, or document library. If the request access feature is enabled, when users attempt toperform an action (such as create a page or add an item to a list) for which they do not have permission, they see apage that allows them to request access to the site. When they fill in the request form and click Send Request, theirrequest is sent as an e-mail message to the e-mail address you specified when you configured the feature. Therecipient of the e-mail message can then use the links in the e-mail message to grant access to that user or change therequest access settings.

If you have configured an SMTP server in SharePoint Central Administration, by default the request access feature isenabled for site collections and the reply-to address is set to the e-mail address of the user who entered the SMTPserver name. If you want to use a different e-mail address, you can specify a different individual or group e-mailaccount to receive access requests. Note that request for access is configurable only for subsites with uniquepermissions. Subsites with inherited permissions also inherit the request access settings from the parent site and the Manage Access Requests link is not displayed on the Site Administration page for those sites.

ImportantÂ Â You must be a site collection administrator to change request access settings for a site collection.

If you are a site collection administrator, you can allow users to request access to the sites in your site collection fromthe Top-level Site Administration page.

Configure access requests for a site collection1. On the Top-level Site Administration page for your site collection, under Users and Permissions, click

Manage access requests.2. Select the Allow requests for access check box to enable access requests, or clear the check box to

disable requests.3. If you enabled requests, in the Send all requests for access to the following e-mail address box, type the

e-mail address to use for requests.

You can specify an individual or group e-mail address, but be sure that the address is monitored, and that theindividual or members of the group are site collection administrators.

4. Click OK.

You can allow users to request access to a particular list or document library by changing settings for that list. Ifaccess request is enabled for a site collection, by default it is enabled for all lists in that site collection. If accessrequest is disabled for the site collection, you cannot enable it for a specific list. You cannot configure a separatee-mail address to use for access requests at the list level â€” requests are automatically sent to the e-mail addressspecified on the Manage Request Access page for the site collection.


ImportantÂ Â You must be a member of the Web Designer or Administrator site groups for a site to change requestaccess settings for a list.

Configure access requests for a list or document library1. Browse to the list, and then in the Actions list, click Modify settings and columns.2. Under General Settings, click Change permissions for this list/document library.3. On the Change Permissions: List_Name page, on theActions list, click Manage request access.4. Select or clear the Allow requests for access check box to enable or disable requests.5. Click OK.

Related TopicsFor information about creating, editing, and deleting site groups, see "Managing Site Groups and Permissions" in theWindows SharePoint Services Administrator's Guide.

For the complete list of rights available in Windows SharePoint Services, see User Rights and Site Groups.©2003 Microsoft Corporation. All rights reserved.


Show All

Specifying Central AdministrationSettingsAfter you have installed Microsoft Windows SharePoint Services on your Web server and created the configurationdatabase for your server or server farm, you can begin configuring settings for your server. You can configure settingsfrom the SharePoint Central Administration page for your server. This page controls settings for a particular server ina server farm, and also contains links to other servers in the server farm, so that you can configure settings for thoseservers as well. You can also manage the list of servers in your server farm from the SharePoint CentralAdministration pages. To use the SharePoint Central Administration pages, you must be logged on either as a memberof the Administrators group of the local server, or as a member of the SharePoint administrators group. Most of thesesettings can also be controlled from the command line, using the Stsadm.exe tool. For more information about theoperations available with Stsadm.exe, see Command-Line Operations.

To set up Windows SharePoint Services and Microsoft SQL Server 2000 you must be a member of theAdministrators group on the computer running Windows SharePoint Services and on the computer running SQLServer. To use SQL Server Enterprise Manager you must be a member of the db_owner role in SQL Server. Toconfigure Microsoft Internet Information Services, you must be a member of the Administrators group on the localcomputer.

The following actions can be taken from the SharePoint Central Administration page: extend or upgrade a virtual server. For more information, see Extending Virtual Servers. Create a site collection or delete a top-level Web site. For more information, see Creating Sites and Subsites

. Link to the virtual server settings pages. For more information, see Configuring Virtual Servers. Set the administrative group for Windows SharePoint Services. For more information, see Windows

SharePoint Services Security Model. Manage site owners and users. For more information, see Managing Users and Cross-Site Groups. Manage blocked file types. For more information, see Configuring Blocked File Extensions. Configure antivirus settings. For more information, see Configuring Antivirus Protection. Configure e-mail server settings. These settings can also be controlled at the virtual server level. For more

information, see Configuring E-Mail Settings. Manage the list of servers in your server farm. For more information, see Managing a Server Farm Running

Windows SharePoint Services. Set the default content databases server. For more information, see Managing Content Databases. Set the configuration database server. For more information, see Managing the Configuration Database. Specify HTML viewer settings. These settings can also be controlled at the virtual server level. For more

information, see Managing HTML Viewers. Configure the virtual server for SharePoint Central Administration. For more information, see Changing the

Application Pool Identity for the Administration Virtual Server. Configure full-text search. For more information, see Managing and Customizing Search. Configure usage analysis processing. For more information, see Configuring Usage Analysis. Manage quota and locks. For more information, see Configuring Site Collection Quotas and Locks. Configure data retrieval service settings. For more information, see Configuring Data Retrieval Services.

To configure settings and perform administration tasks for a server running Windows SharePoint Services, you use theSharePoint Central Administration page in HTML Administration.

Open the SharePoint Central Administration pageWindows SharePoint Services Administrator's Guide Página 158 de 382

Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint CentralAdministration.



Show All

Configuring Virtual ServersAfter you have installed Microsoft Windows SharePoint Services and extend a virtual server, you can configuresettings for the virtual server. The following options can be set at the virtual server level and affect all sites on thatvirtual server:

Self-Service Site Creation settings

Enable or disable Self-Service Site Creation. When enabled, this option allows users to create sites on theirown. For more information, see Configuring Self-Service Site Creation.

Site use confirmation and auto-deletion settings

Determine whether to require confirmation of site use, or whether to automatically delete unused Web sites.For more information, see Managing Unused Web Sites.

User right settings

Specify which rights to make available to users of sites on your virtual server. For more information, seeManaging Site Groups and Permissions.

Web Part Page security settings

Specify whether users can create connections between Web Parts in a Web site, and whether the MicrosoftOffice 2003 Web Part gallery is available. For more information, see Managing Web Parts on Virtual Servers.

Virtual server general settings

Configure settings to use as defaults for all sites that are created on your virtual server. For more information,see "Specifying General Settings for a Virtual Server" below.

E-mail settings

Specify the outbound e-mail server to use, and the e-mail addresses to use when sending e-mail from theserver. E-mail settings can also be configured at the server level, and used as the default settings. For moreinformation, see Configuring E-Mail Settings.

In addition, you can perform the following administrative tasks from the virtual server level: Manage content databases

You can create or delete content databases, or change the capacity settings for a particular content database.For more information, see content databases.

Remove Windows SharePoint Services from the virtual server

You can remove Windows SharePoint Services either permanently or temporarily. For more information, see"Uninstalling Windows SharePoint Services" in the Windows SharePoint Services Administrator's Guide.

Define managed paths

You can add or remove included and excluded paths to control which areas of the Uniform Resource Locator(URL) namespace are managed by Windows SharePoint Services. For more information, see ManagingPaths.

Create a top-level Web site or delete a site collection

You can create a new top-level Web site or delete an existing site collection. For more information, see"Creating Sites and Subsites" in the Windows SharePoint Services Administrator's Guide.


To configure settings and perform administration tasks for a virtual server, use the Virtual Server Settings page inHTML Administration.

Open the Virtual Server Settings page1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central

Administration. 2. Under Virtual Server Configuration, click Configure virtual server settings. 3. On the Virtual Server List page, click the name of the virtual server you want to configure.

Specifying General Settings for a Virtual ServerThe Virtual Server General Settings page contains several options that apply to any sites that you create for the virtualserver. When you configure a setting for a virtual server, it takes priority over settings applied on specific sites of thatvirtual server. For example, if you disable alert for a virtual server, no site or subsites can use alerts. However, if youenable alerts on the virtual server, each top-level Web site can either enable or disable alerts for that Web site and itssubsites. For more information about how each setting is treated at different levels, see the specific topic for thatsetting.

You can configure the following settings on the Virtual Server General Settings page: Time zone to use for the virtual server

Select a time zone to use for all sites created on this virtual server. Default quota template for sites created under the virtual server

Specify the default quota template to use. When you create a top-level Web site, you can create it using thedefault template or a different template. For more information about quota, see Configuring Site CollectionQuotas and Locks.

Person Name Smart Tag and presence settings

Enable or disable presence information for site members. For more information, see Configuring OnlinePresence Settings.

Maximum upload size

Specify the maximum file size to allow when files are uploaded to a Web site on this virtual server. The defaultvalue is 50 MB, but this can be changed to any value up to 2 GB (2047 MB), if you have applied WindowsSharePoint Services Service Pack 1. For more information, see Configuring large file support in Installingand Using Service Packs for Windows SharePoint Services.

Alert settings

Enable or disable alerts for all sites under the virtual server, and configure default settings for alerts. For moreinformation about alerts, see Managing Alerts.

Web page security validation

Enable or disable security validation for Web site pages, and specify how long to wait before the validationexpires for a given page.

Sending user names and passwords in e-mail

Specify whether user names and passwords are sent in e-mail messages to new users. This setting is used forActive Directory user account creation mode only.

E-mail enabled document libraries

Enable or disable e-mail-enabled document libraries, and specify the public folder path for e-mail attachmentsand how frequently to check for new attachments. For more information, see Configuring E-Mail-Enabled


Document Libraries. Event handlers

Enable or disable event handlers. For more information, see Binding to a Document Library Event Handler.

Specify general settings for a virtual server1. On the Virtual Server Settings page, under Virtual Server Management, click Virtual server general

settings. 2. In the Default Time Zone section, select the time zone to use for all sites and subsites under the virtual

server. 3. In the Default Quota Template section, select the quota template to use as a default for sites.

If there are no templates, you can create a template by using the Manage Quota Templates page. Note thatwhen you specify a default template for the virtual server, you can still select a different template when youcreate a site.

4. In the Person Name Smart Tag and Presence Settings section, select Yes or No next to EnablePerson Name smart tag and Online Status for members to show that information for all sites under thevirtual server.

5. In the Maximum Upload Size section, type the maximum file size to allow. 6. In the Alerts section, specify settings for alerts:

o Select On or Off to enable or disable alerts for all sites under this virtual server. o If you choose to enable alerts, and want to limit the number of alerts that users can create, under

Maximum number of alerts that a user can create, select Unlimited, or type the number of alerts toallow.

o If you choose to enable alerts, specify the times to send immediate, daily, or weekly alerts. 7. In the Web Page Security Validation section, specify the following settings:

o Select On or Off to enable or disable Web Page Security Validation.o To set the expiration time, select After, and then type the length of time to wait before the validations

expire, or select Never to keep the validations from expiring.8. In the Send User Name and Password in E-Mail section, select Yes or No to control this option.9. In the E-Mail Enabled Document Libraries section, specify the following options:

o Next to Document libraries on this virtual server can accept e-mail attachments, select Yes or No.

o In the Public folder server name and root path box, type the name of the Microsoft Exchange serverand the path to the root folder for Exchange public folders on that server.

o If you choose to enable e-mail attachments, specify the frequency and times to check for e-mailattachments in the public folder.

10.In the Event Handlers section, select On or Off to enable or disable event handlers. 11.Click OK.



ï»¿

Show All

Creating Sites and SubsitesYou can use top-level Web site and subsites to divide site content into distinct, separately manageable sites. Top-levelWeb sites can have multiple subsites, and subsites can also have multiple subsites, down as many levels as your usersneed. The entire structure of a top-level Web site and all of its subsites is called a Web site collection. The followingdiagram shows this hierarchy of sites and subsites.

This hierarchy allows your users to have a main working site for the entire team, plus individual working sites orshared sites for side projects. Top-level Web sites and subsites allow different levels of control over the features andsettings for sites.

The administrator of a site collection can control settings and features for both the top-level Web site and any subsitesbeneath it. For example, an administrator of a site collection can:

Add, delete, or change user permissions. View usage statistics. Change regional settings. Manage Web Part and template galleries. Manage Web discussions and alert. Change the site name and description, theme, and home page organization. Configure settings, such as regional settings, for the top-level Web site and all subsites.

The administrator of a subsite can control settings and features only for that subsite, and the administrator of the nextsubsite down can control settings and features for only that subsite. For example, an administrator of a subsite can:

Add, delete, or change user permissions, if unique permissions have been set. For more information, see Managing Site Groups and Permissions.

View usage analysis data. Change regional settings. Manage Web discussions and alerts. Change the site name and description, theme, and home page organization.

Allowing Users to Create Their Own Top-LevelWeb Sites and SubsitesDepending on the amount of customization and control you want to allow your users, you can let them create eithertop-level Web sites or subsites. The Self-Service Site Creation feature gives users the ability to create top-level Websites on their own. For more information, see Configuring Self-Service Site Creation.

Users can also create subsites of any site for which they have the Create Subsites rights. The Create Subsites rightis included in the Administrator site group by default, so any member of the Administrator site group for a site cancreate a subsite of that site. You can assign this right to other site groups by using the Manage Site and WorkspaceCreation page. For more information about managing site and workspace creation, see Managing Site Groups andPermissions.

Creating Top-Level Web Sites for UsersWindows SharePoint Services Administrator's Guide Página 163 de 382

You can give users the ability to create their own top-level Web sites by enabling Self-Service Site Creation. If youwant to control top-level Web site creation yourself, however, you can disable Self-Service Site Creation and createtop-level Web sites on your users' behalf from SharePoint Central Administration. To create a top-level Web siteoutside of Self-Service Site Creation, you must be an administrator of the local machine on which the site will resideor a member of the SharePoint administrators group.

NoteÂ Â When you are running a server farm with multiple host names or are in Active Directory account creationmode, you cannot create a top-level Web site from SharePoint Central Administration. To perform this action inActive Directory account creation mode, you must use the command line or object model. For more information, see Using the Object Model to Manage Windows SharePoint Services.

Create a top-level Web site from SharePoint Central Administration1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central

Administration. 2. Under Virtual Server Configuration, click Create a top-level Web site. 3. On the Virtual Server List page, click the virtual server under which you want to create the top-level Web

site. 4. To create a site under a predefined Uniform Resource Locator (URL) path for the virtual server, on the

Create Top-level Web Site page, select Create site under this URL; in the Site name box, type the namefor the top-level Web site; and then in the URL path box, select the path to use.

The name and URL path are combined with the server name to create the full URL to the site. For example,on http://servername, if you create a top-level Web site at the /sites URL path, and use Site001 as the name,the full path to the new top-level Web site is http://servername/sites/site001.

5. To create a site at a predefined URL path, select Create site at this URL, and then in the URL path box,select the URL to use for the top-level Web site.

The site is created at the top level of the URL path you select. For example, on http://servername, if youselect /portal as the path, the site is created at http://servername/portal.

6. In the Site Collection Owner section, type the user name (in the form DOMAIN\username) and e-mailaddress (in the form [email protected]) for the user who will be the site owner and administrator.

7. If you want to identify a user as the secondary owner of the new top-level Web site (recommended), in the Secondary Owner section, type the user name and e-mail address for a secondary owner and administratorof the new site.

8. If you are using quota, in the Quota Template section, select a quota template to use. 9. In the Site Language section, select the language to use for the top-level Web site. 10.Click OK.

The site owner can select a template for the site when first browsing to the URL, or you can browse to the URL onthe confirmation page and select one yourself. You must alert the site owner and secondary owner when you havecreated the site with the URL. They are not notified automatically when you create a site.

Creating SubsitesYou can create a subsite of a current site by using the Manage Sites and Workspaces page.

Create a subsite1. On a site, click Site Settings.2. Under Administration, click Manage sites and workspaces.3. On the Manage Sites and Workspaces page, click Create.4. On the New SharePoint Site page, in the Title and Description section, type the title and description for the

new subsite.5. In the URL name box, type the URL for your subsite.6. In the User Permissions section, select either Use same permissions as parent site or Use unique


permissions.

Select Use same permissions as parent site if you want to share users with the parent site, or Use uniquepermissions if you want to maintain a separate list of users for your subsite. For more information, seeManaging Site Groups and Permissions.

7. In the Language section, select the language to use.8. Click Create.9. On the Template Selection page, select a template to use, and then click OK.

Creating Sites and Subsites from the CommandLineIf you are an administrator of the server computer, you can also create sites and subsites by using the Stsadm.execommand-line tool. To create a top-level Web site, use the createsite operation. To create a subsite, use thecreateweb operation.

NoteÂ Â You can also use the createsiteinnewdb operation to create a top-level Web site and a new contentdatabases at the same time. For more information about this operation, see Command-Line Operations.

The createsite operation takes the following required parameters: url, ownerlogin, owneremail, and the followingoptional parameters: ownername, lcid, sitetemplate, title, description, and quota. For example, to create atop-level Web site called site1 on http://server_name/sites, you would use syntax similar to the following:

stsadm.exe -o createsite -url http://server_name/sites/site1

-ownerlogin <DOMAIN\user> -owneremail <[email protected]>

-ownername <display name>

The createweb operation requires the url parameter and takes the following optional parameters: lcid, sitetemplate,title, description, convert, and unique (used to specify unique permissions for the subsite). To create a subsitecalled subsite1 under the site you just created, you would use syntax similar to the following:

stsadm.exe -o createweb -url http://server_name/sites/site1/subsite1

For more information about using the createsite and createweb operations, see Command-Line Operations.©2003 Microsoft Corporation. All rights reserved.


Show All

Configuring E-Mail SettingsMicrosoft Windows SharePoint Services sends alerts and other administration messages by using an SMTP mailserver. You can specify which SMTP server to use and set the e-mail address to use for sending alerts and receivingreplies for all sites by using the SharePoint Central Administration e-mail settings. You can also specify differentsettings for a specific virtual server. At either level, you can specify the following settings: outbound SMTP server,from address, reply-to address, and character set.

About Character Sets and E-MailWhen you configure e-mail settings, one of the settings you specify is the character set (also called "codepage") to usein e-mail messages. The default character set is 65001 (Unicode UTF-8), a standard character set that works well formost languages. You can choose a specific language code to apply instead, such as 1256 (Arabic (Windows)), but beaware that changing to a specific language code may cause the e-mail messages to be unreadable to clients of otherlanguage codes, for example, 1252 (Western European (Windows)).

Configuring an SMTP Server in InternetInformation ServicesIf you want to use an SMTP server in Internet Information Services (IIS) to send outbound e-mail messages fromWindows SharePoint Services, you must configure the SMTP server to allow anonymous access and to allow e-mailmessages to be relayed. Note that the SMTP server you use must have Internet access to be able to send messagesto external e-mail addresses.

NoteÂ Â The SMTP service for IIS is not installed by default. If you want to use the SMTP service that comes withIIS and have not installed the SMTP service, or you do not see the default SMTP virtual server in IIS, you must installthe SMTP service manually. For more information about installing, configuring, and managing the SMTP service, seethe Help system for Internet Information Services (IIS) Manager.

To complete this procedure, you must be logged on as a member of the Administrators group on the local computer,or you must be logged on using an account that is both a member of the SharePoint administrators group and that hasbeen granted permissions to administer IIS.

Configure an SMTP server in IIS for use with Windows SharePoint Services1. Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information

Services (IIS) Manager.2. Click the plus sign (+) next to the server name that contains the SMTP server you want to configure.3. Right-click the SMTP virtual server you want to configure, and then click Properties.4. On the Access tab, under Access control, click Authentication.5. In the Authentication dialog box, under Select acceptable authentication methods for this resource,

verify that Anonymous access is selected.6. Click OK.7. On the Access tab, under Relay restrictions, click Relay.8. Under Select which computer may relay through this virtual server, select Only the list below.9. Under Computers, click Add.10.In the Computer dialog box, select Single computer, and then, in the IP address box, type the IP address

for your front-end Web server or single server running Windows SharePoint Services.


11.Click OK to close the Computer dialog box.12.Repeat steps 9 through 11 for any additional front-end Web servers in your server farm.

NoteÂ Â You do not need to add the IP addresses for the back-end database servers in your server farm. 13.Click OK to close the Relay Restrictions dialog box.14.Click OK to close the Properties dialog box.

Using HTML Administration to Configure E-MailSettings for Windows SharePoint ServicesYou use the Configure Default E-mail Server Settings page to specify e-mail settings for your server.

Specify e-mail settings for a server or server farm1. On the SharePoint Central Administration page, under Server Configuration, click Configure default

e-mail server settings. 2. In the Outbound SMTP server box, type the name of the SMTP mail server to use for sending messages. 3. In the From e-mail address box, type the e-mail address to send e-mail messages from.

This address appears in the From box of any e-mail messages from the server. No e-mail messages are sentto this address, so you can use an unmonitored e-mail address if you want.

4. In the Reply-to e-mail address box, type the e-mail address that users can reply to.

If a user replies to an e-mail message from the server, it will be sent to this address. You should use anaddress that is monitored for the reply-to address.

5. In the Character set box, select the character set to use. 6. Click OK.

You can also specify e-mail settings for a particular virtual server. The virtual server settings override the settingsspecified on the SharePoint Central Administration pages. Use these steps when you want a virtual server to use adifferent SMTP server for alerts than the one specified in the server settings.

Specify e-mail settings for a virtual server1. On the SharePoint Central Administration page, under Virtual Server Configuration, click Configure

virtual server settings. 2. On the Virtual Server List page, click the name of the virtual server you want to configure. 3. Under Virtual Server Management, click Virtual server e-mail settings. 4. In the Mail Settings section, in the Outbound SMTP server box, type the name of the SMTP mail server

to use for sending messages. 5. In the From address box, type the e-mail address to send e-mail messages from.

This address appears in the From box of any e-mail messages from the server. No e-mail messages are sentto this address, so you can use an unmonitored e-mail address if you want.

6. In the Reply-to address box, type the e-mail address that users can reply to.

If a user replies to an e-mail message from the server, it will be sent to this address. You should use anaddress that is monitored for the reply-to address.

7. In the Character set box, select the character set to use. 8. Click OK.

Using the Command Line to Configure E-MailSettings for Windows SharePoint ServicesWindows SharePoint Services Administrator's Guide Página 167 de 382

You can also configure e-mail settings from the command line, by using the email operation with Stsadm.exe. Theemail operation takes the following required parameters: outsmtpserver (the out-going SMTP server), fromaddress(the e-mail address to send messages from â€” can be an unmonitored address), replytoaddress (the e-mail addressto send replies to â€” must be a monitored address), and codepage (the codepage to use).

In addition, you can use the optional url parameter to specify settings for a particular virtual server.

NoteÂ Â The valid codepages are listed on the Configure Default E-mail Server Settings page in SharePoint CentralAdministration, in the Character set box. To specify a codepage on the command line, use the number for thecharacter set, rather than the full name. For example, use the number 65001 to specify the codepage for 65001(Unicode UTF-8).

The email operation uses the following syntax:

stsadm.exe -o email -outsmtpserver <smtp server>

-fromaddress <from address> -replytoaddress <reply-to address>

-codepage <codepage> [-url <url>]

For example, to configure the e-mail settings to use the server \\SMTPServer, and to use [email protected] asboth the from and reply-to address, you would use syntax similar to the following.

stsadm.exe -o email -outsmtpserver SMTPServer

-fromaddress [email protected]

-replytoaddress [email protected]

-codepage 65001

To set the http://myserver virtual server to use codepage 65001, you would use syntax similar to the following.

stsadm.exe -o email -outsmtpserver SMTPServer

-fromaddress [email protected] -replytoaddress [email protected]

-codepage 65001 -url http://server_name



Configuring E-Mail-EnabledDocument LibrariesMicrosoft Windows SharePoint Services includes the ability to link a document library with a public folder based onMicrosoft Exchange 2000 or later. Any documents attached to messages in the public folder can be automaticallyinserted into the document library, and the document library displays the document, plus the From address, thesubject line, and the date and time that the attachment was inserted into the document library. Note that the body textof the e-mail message is not preserved. It remains in the public folder, but is not transferred to the document library.

A user can simply send e-mail to the public folder, with an attached document, and the document will be automaticallyadded to the correct document library on a SharePoint site. For example, if you were using an XML template to storeinvoice information, a user could fill out the XML invoice and send it in-email to the public folder. The XML filewould then be posted to the document library and would be available for rolling up into larger reports on invoices, orfor easy retrieval.

About E-Mail and Document Library SecurityThis feature relies on e-mail to transport documents, and it uses the same security rules as all e-mail messages. Beforeenabling this feature, you should be aware of the following issues and vulnerabilities:

Because e-mail messages can cross firewalls, external users can use this method to send documents to aninternal SharePoint site. This is useful for many scenarios, such as sending expense reports in from the field,but can also open your site up to unwanted junk e-mail messages. For information about controlling junke-mail messages in public folders, see the Exchange 2000 documentation.

Because e-mail messages can carry documents with viruses, you might end up with a virus-laden document onyour site. However, documents inserted into a document library from e-mail attachments can be scanned forviruses like any other documents in document libraries. For more information about virus scanning inWindows SharePoint Services, see Configuring Antivirus Protection.

Because e-mail addresses can be spoofed, the From address is preserved in the document properties anddisplayed in the document library. Trust the From address as much or as little as you trust other e-mailaddresses.

To allow this feature to work, the document libraries allow anonymous insertions from e-mail attachments.You cannot control who has rights to add attached documents to this document library. However, you cancontrol who can add documents directly to the document library, and you can control who has rights to postto the public folder by using the Exchange user management tools.

As with any public folder or document library, there is the possibility that a malicious user could add so manydocuments that the site or server's storage capacity is filled, thus blocking other users from accessing the siteor server. Be sure to control the list of users with access to the public folder, and consider using quotas tocontrol the size of the site. For more information about quotas, see "Configuring Site Quotas and Locks" inthe Windows SharePoint Services Administrator's Guide.

This feature adheres to the blocked file extension rules for a document library. Any documents with file extensions thatare blocked at the server level are also blocked from being added to an e-mail-enabled document library. Forexample, if you have a file with an .exe file extension, and you send it to the public folder, it will not be transferred tothe document library. For more information about blocked file types, see Configuring Blocked File Extensions.

How It WorksThe Microsoft SharePoint Timer service controls when the public folder is checked for new attached documents.


When the SharePoint Timer service event runs, the service checks the public folder for new documents and insertsthem into the document library. The SharePoint Timer service simply inserts documents. It does not update,overwrite, or delete documents. If the same document is added to the public folder more than once, it will also appearmore than once in the document library. However, each document in the document library will have a unique file name(which is automatically generated by adding numbers, such as "1", to the end of the file name, so that filename.docwhen added again becomes filename1.doc).

You can use this feature with any document library, or any list based on a document library template such as a customdocument library, except picture library, which is not supported. The data sent to the document library along with thedocument is fixed. Any additional fields (even required fields) that you specify in the document library properties areignored when documents are inserted.

Managing the Public FolderYou must configure the Exchange public folder to work with Windows SharePoint Services before you can enablethis feature. And after you configure the feature, you must continue to perform the public folder administration tasksfrom within Exchange.

To use this feature, you must use the Exchange 2000 administration tools to: Create the public folder. Grant read access to the appropriate Windows SharePoint Services application pool accounts. If you are

using one account for all virtual servers, grant access to that account. If you are using separate accounts foreach virtual server, you must grant the virtual server accounts access to the appropriate public folders.

If you prefer not to grant access to the application pool accounts, you can instead give the anonymous useraccount access to read the public folder. This is a less secure method than granting access to the applicationpool account.

Determine which e-mail distribution list to allow to post to the public folder, and grant that list appropriateaccess to the public folder.

Create an e-mail address for the public folder and enable the public folder to receive e-mail messages. Continue to manage the public folder and the access to the public folder.

For more information about managing public folders and managing user access in Exchange 2000, see the MicrosoftExchange 2000 documentation.

Enabling E-Mail Access to Document LibrariesTo enable this feature, you must be a local server administrator or a member of the SharePoint administrators group.You enable or disable this feature by selecting options on the Virtual Server General Settings page. After you haveenabled this feature for a virtual server, any administrator of a site on that virtual server can enable the feature for adocument library in his or her site.

Configure a virtual server to allow e-mail-enabled document libraries1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central

Administration. 2. Under Virtual Server Configuration, click Configure virtual server settings. 3. On the Virtual Server List page, select the virtual server you want to use. 4. On the Virtual Server Settings page, under Virtual Server Management, click Virtual server general

settings.5. In the E-Mail-Enabled Document Libraries section, next to Document libraries on this virtual server

can accept e-mail attachments, click Yes.6. In the Public folder server and root path box, type the path to the root folder on the Exchange server that

hosts public folders.Windows SharePoint Services Administrator's Guide Página 170 de 382

NoteÂ Â You must specify the server name for the public folder server, not the fully-qualified domain name.For example, use http://server_name/public, not http://server_name.domain.company_name.com/public.

7. Under Check for new e-mail in the public folder, specify how frequently the public folders are checked forattachments by selecting one of the following:o Every ___ minutes

Type the number of minutes to wait before checking again.o Hourly between ___ and ___ minutes past the hour

Type the times between which you want to check. For example, between 10 and 20 past the hour wouldspecify that the public folder is checked at a random time between 1:10 and 1:20, 2:10 and 2:20, and soon. Specifying the range allows each Web server to process e-mail attachments at different times withinthe range, so that all of the front-end Web servers in a server farm do not check the Exchange server atthe same time.

o Daily between ___ and ___

Type the times between which to process daily e-mail attachments.

The default value is hourly, between 0 and 59 minutes past the hour.8. Click OK.

If this feature has been enabled at the virtual server level, any administrator (or other user with the Manage ListsPermissions right) of any site on that virtual server can configure a document library to link to a public folder.

Configure a document library to allow e-mail insertion1. Navigate to the document library you want to use.2. Under Actions, click Modify settings and columns.3. Under General Settings, click Change advanced settings.4. On the Document Library Advanced Settings: Library name page, under E-Mail Settings, in the Public

folder address box, type the path to the Exchange public folder you want to link to.

This path is relative to the path specified on the Virtual Server General Settings page. For example, if thevirtual server has http://server_name/public as the root path for public folders, and the full path to the folder ishttp://server_name/public/folder_name, you would type /folder_name in the Public folder address box.

5. Click OK.©2003 Microsoft Corporation. All rights reserved.


Show All

Configuring Online PresenceSettingsOnline presence allows users of your site to see if other users are online and send instant messages to them. To useonline presence, your users must have Microsoft Office 2003 installed, must be running Microsoft WindowsMessenger version 4.6 or later or MSN Messenger version 4.6 or later on their client computers, and they must havevalid accounts with the .NET Messenger or Microsoft Exchange Instant Messaging service. Note that the e-mailaddress for the instant messaging account must be compatible with the e-mail address for the user account inWindows SharePoint Services.

To see presence information for people with .NET Passport accounts, the e-mail address for the messenger contactmust be the same as the e-mail address for the user account in Windows SharePoint Services. To see presenceinformation for people with Exchange Instant Messaging service accounts, the user name must be the same, althoughthe address may vary (for example, [email protected] for the e-mail address, and [email protected] the instant messaging address), depending on your organization's Exchange configuration. For best results, it isrecommended that users use their primary SMTP address for both instant messaging and their user account inWindows SharePoint Services. For more information about configuring Exchange Instant Messaging for yourorganization, see the Microsoft Exchange 2000 documentation.

The Office 2003 installation includes an ActiveX control that allows Microsoft Windows SharePoint Services torender online status for site users. This control checks the e-mail address on record for the user and directs a query tothe presence server for that client to see if they are online. The ActiveX control does not store online information ore-mail addresses; it simply directs queries from the site to the e-mail address and renders the appropriate status.

You can enable or disable online presence information at the virtual server level. When you enable online presence fora virtual server, it is enabled for all sites and subsites of that virtual server.

Enable online presence for a virtual server1. On the SharePoint Central Administration page, under Virtual Server Configuration, click Configure

virtual server settings. 2. On the Virtual Server List page, click the name of the virtual server you want to configure. 3. Under Virtual Server Management, click Virtual server general settings. 4. In the Person Name Smart Tag and Presence Settings section, next to Enable Person Name smart tag

and Online Status for members, select Yes. 5. Click OK.



Show All

Configuring Site CollectionQuotas and LocksIf you are using Microsoft Windows SharePoint Services in a large environment, such as at an Internet ServiceProvider (ISP) or in a large intranet, you need to be able to maintain control over your server resources and carefullymonitor areas such as storage space and site security. You must be able to ensure that one site collection cannot useso many resources that other site collections can no longer function. Windows SharePoint Services allows you tospecify quota for site collections, so that you can manage your site and server resources. You can set quota limits forthe following items:

Storage

When you set a quota limit for storage, you can set two values: a warning value and a maximum value. Whena site collection passes the warning limit, an e-mail message is sent to the site administrator and ownernotifying them that their site collection is near to their storage quota. E-mail messages are sent daily until thestorage level drops below the warning level. When a site collection meets the maximum limit, another e-mailmessage is sent to the owner and administrator, and no new content can be added to the site collection. Notethat before e-mail messages can be sent, you must configure the e-mail server settings and be running theMicrosoft SharePoint Timer service. For more information, see Configuring E-Mail Settings and SchedulingTimed Jobs.

NoteÂ Â The size of the data reported by quotas does not necessarily match the size of the storage in thedatabase. This is because the quota feature estimates storage figures for empty sites in the site collection (sitesthat contain no user content) and includes those figures in the quota, as well as the actual storage from thedatabase. The estimated size of an empty site includes the real size of the template pages for WindowsSharePoint Services, such as the forms pages and pages in the _layouts directory, which are not normallycounted, since there is only one copy of these pages for all sites. Although each site has a unique URL to thepages, the site does not have a unique instance of the page.

Users

In Active Directory account creation mode, you have the ability to limit the number of users that are added toMicrosoft Active Directory directory service from any single SharePoint site collection. When you set a quotafor user accounts, you specify a maximum limit only. When the maximum number of users for a site collectionhas been reached, no additional user accounts can be added unless one or more user accounts are deletedfrom the site collection.

You can create multiple sets of quotas, called quota template, and use them in different areas or your server farm, orto suit different users. For example, in an ISP setting, you could have the following quota templates:

Free â€”Applied to free or demo site collections, restricts users to 10 MB of storage and five users. Standard â€”Applied to monthly-fee site collections, allows site owners up to 25 MB of storage and 50

registered users. Premium â€”Applied to extranet site collections for large corporate customers, allows organizations up to 10

GB of storage and unlimited user accounts.

You must be an administrator of the local server computer or a member of the SharePoint administrators group to beable to manage quotas and quota templates.

Enabling QuotasWindows SharePoint Services Administrator's Guide Página 173 de 382

The quota feature is disabled by default in Windows SharePoint Services â€”there are no default quota values ortemplates. To enable quotas, you use the following methods:

To use quotas for your server or server farm, you create a quota template. To use quotas for a particular virtual server, you assign a default quota template to that virtual server. To use quotas for a particular site collection, you assign a quota template to the site collection when you

create the site collection. To use a set of quota values for a single site collection only, you can apply specific quota limits to the site

collection itself, independent of any quota template.

You can reverse your decision to use quotas at any point in the hierarchy. For example, applying a default quotatemplate to a virtual server does not mean that all site collections under that virtual server must use the quota limits â€”it only means that they can. Settings that you apply to a single site collection can be cleared if you no longer want touse quotas.

About Quota TemplatesQuota templates and the settings specified in them are stored in the configuration database for your server or serverfarm. Quota values apply to site collections and are applied when you create a site collection. You can specify adefault template to use for all site collections created on a virtual server, for example, or you can specify the templateto use when you create the site collection. The values listed in the quota template are copied into the database for thesite collection and are referenced from there.

If you change the values for a quota template, those changes apply only to new site collections created by using thattemplate, not to existing site collections. To update the quota values for large numbers of existing site collections, youcan use the object model or an SQL query. For details on using the object model, see the SPSite object in theWindows SharePoint Services Software Development Kit. You can run queries similar to the following against yourcontent databases to update quota values:

To update the storage quota:Update sites set diskquota=<new storage amount> where<search criteria>

To update the number of users quota:Update sites set userquota=<new # users limit> where<search criteria>

For the where <search criteria> clause, it is recommended that you use "QuotaTemplateId=<ID for themodified quota template>". To find a quota template ID, check the database for a site collection that uses thequota template, and then make a note of the template ID. You can also use the current value for the diskquotaor userquota to locate the site collections that need to be updated; however, this method does not restrict theupdate to site collections based on the changed quota template.

To update all site collections that use a quota template, you must run the query for all content databases in the serverfarm.

When you delete a quota template, the template is removed from the configuration database, but any site collectionscreated using that template retain the quota values. If you want to remove quotas from all site collections using aparticular quota template, you must use the object model or perform an SQL query. For more information about usingthe Windows SharePoint Services object model, see the Windows SharePoint Services Software Development Kit.

Managing Quota TemplatesYou manage quota templates from the SharePoint Central Administration pages for your server or server farm. Youcan create or delete templates or change the values in the templates.

Create a quota template


1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint CentralAdministration.

2. On the Central Administration page, under Component Configuration, click Manage quotas and locks. 3. On the Manage Quotas and Locks page, click Manage Quota Templates. 4. On the Manage Quota Templates page, in the Template name area, select Create a new quota template. 5. In the Template to start from box, select a template to base your new template on. 6. In the New template name box, type the name to use for your new quota template. 7. In the Storage Limit Values section, select the Limit site storage to a maximum of: ___ MB check box,

and then type the amount of storage to allow at a maximum.8. Select the Send warning e-mail when site storage reaches ___ MB check box, and then type the amount

of storage to allow before sending a warning e-mail message. 9. In the Invited User Limits section, select the Limit invited users to a maximum of: ___ users, and then

type the number of users to allow.

NoteÂ Â The user limit option is available only in Active Directory account creation mode.10. Click OK.

When you click OK, the new template is added to the list of available templates, and the page is refreshed.

You can delete a quota template if you change your quota structures. However, remember that deleting a quotatemplate will not delete quota values from site collections that were created using the quota template. If you want toremove quotas from all site collections using a particular quota template, you must use the object model or perform aSQL query.

Delete a quota template1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central

Administration. 2. On the Central Administration page, under Component Configuration, click Manage quotas and locks. 3. On the Manage Quotas and Locks page, click Manage Quota Templates. 4. On the Manage Quota Templates page, in the Template name area, select Edit an existing template. 5. In the Template to modify box, select the quota template you want to delete. 6. Click Delete.

When you click OK, the template is removed from the list of available templates, and the page is refreshed.

You can change individual quota values in a template. The new values apply only to new site collections created usingthe quota template. The changed values are not applied to existing site collections unless you use the object model toupdate the values in the database.

Change an existing quota template1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central

Administration. 2. On the Central Administration page, under Component Configuration, click Manage quotas and locks. 3. On the Manage Quotas and Locks page, click Manage Quota Templates. 4. On the Manage Quota Templates page, in the Template name area, select Edit an existing template. 5. In the Template to modify box, select the quota template you want to change. 6. Update the options you want to change, and then click OK.

When you click OK, the template is updated, and the page is refreshed.

Specifying a Quota Template for a Virtual ServerWhen you extend a new virtual server, you can specify a quota template to use as the default quota template for thatvirtual server on the Extend and Create Content Database page. Any new site collections that you create under theWindows SharePoint Services Administrator's Guide Página 175 de 382

virtual server will automatically use the values in the default quota template. You can change the default quota templatefor a virtual server from the Virtual Server Settings page. Keep in mind that changing the default quota template doesnot change quota values for existing site collections. Only newly created site collections will use the new quotatemplate.

Change the default quota template for a virtual server1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central


settings. 3. On the Virtual Server List page, select the name of the virtual server you want to change. 4. Under Virtual Server Management, click Virtual server general settings. 5. In the Default Quota Template section, select the quota template to use as the default template when new

site collections are created. 6. Click OK.

Specifying Quota Values for a Specific SiteCollectionIf you want to specify a different set of limits for a particular site collection, you can do so. Specifying quota values fora single site collection is an easy way to turn on quotas on a site collection basis. Similarly, if you need to make anexception to a quota template for a particular site collection, you can change the quota value for just that sitecollection. Keep in mind, however, that it is possible to lock a site collection simply by changing the quota value. Ifyou already have quotas set for a particular site collection, and want to update the value, be sure to check the sitecollection's current quota levels before making the change. For example, suppose the current quota level for sitestorage is 25 MB, and a site collection has 21 MB. If you change the value to 20 MB, the site collection will belocked as soon as you save the change. To prevent locking a site collection accidentally, be sure to check the currentstorage or invited user count for the site collection before making a change to the quota values.

If you do not know what the existing quota values are for a site collection, you can use the SharePoint CentralAdministration page to view the current values and the current data (storage used and number of users) for the sitecollection.

View current quota values and data for a site collection1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central

Administration. 2. On the Central Administration page, under Component Configuration, click Manage quotas and locks. 3. On the Manage Quotas and Locks page, click Manage site collection quotas and locks. 4. In the Select a Top-level Web Site section, type the URL in the Enter the top-level Web site URL box,

and then click View Data. 5. In the Site Quota Information section, view the settings listed to see the quota settings and current values.

To view the current data for a site collection, you can also use the Site Collection Usage Summary page for thetop-level Web site.

View quota data for a site collection1. On the site collection you want to view data for, click Site Settings. 2. Under Administration, click Go to Site Administration. 3. Under Site Collection Administration, click View site collection usage summary.

After you have checked the site collection quota data, you can change the quota values for a site collection. Note thatthis action does not change the quota template, and the change does not affect any site collection except the sitecollection you specify.Windows SharePoint Services Administrator's Guide Página 176 de 382

Change quota values for a site collection1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central

Administration. 2. On the Central Administration page, under Component Configuration, click Manage quotas and locks. 3. On the Manage Quotas and Locks page, click Manage site collection quotas and locks. 4. In the URL of Top-level Web Site section, type the URL in the Enter the top-level Web site URL box,

and then click View Data. 5. In the Site Quota Information section, change the Limit storage to a maximum of __ MB amount, Send

warning e-mail when site storage reaches __ MB amount, or Limit invited users to a maximum ofamount setting.

NoteÂ Â The user limit option is available only in Active Directory account creation mode.6. Click OK.

Removing Users for QuotasIn Active Directory account creation mode, you can set quota limits for the number of users allowed for a sitecollection. If this quota is exceeded, no more users can be added to any site within the site collection until a user hasbeen removed from the site collection or the quota limit is changed. To have any effect on the user quota, users mustbe removed at the site collection level. Removing users from individual sites does not affect the quota, and does notallow you to add more users.

To remove users from a site collection, you use the Manage Site Collection Users page in Site Administration.

To remove site collection users1. On the Site Settings page, in the Administration section, click Go to Site Administration.2. In the Site Collection Administration section, click View site collection user information.3. Click the box next to the users that you want to delete, and then click Remove Selected Users.

NoteÂ Â You must be a member of a site group with the Manage Web Site right to perform this action.This right is included by default in the Administrators site group.

Managing LocksYou can use locks to stop site collections from exceeding your storage quota limits, and to block all users fromaccessing a site collection if necessary. Site collections are locked to block new content automatically when theyexceed the maximum storage quota. You can also lock a site collection manually to block all access, if, for example, itis in violation of your site use policies. Depending on the type of lock, the result of a locked site collection is different:

When a site collection is locked for exceeding a storage quota limit, users who attempt to upload newcontent see a disk full error.

When a site collection is locked manually to block all access, users who attempt to view a site in the sitecollection will see an access denied message. When a site collection is locked manually to block new content,users who attempt to add content see a disk full error.

Site collections can be unlocked by different methods, depending on the reason for the lock. Site administrators canunlock site collections by themselves if the site collection is locked for exceeding quota limits. Only a serveradministrator can clear a manual lock. The following table lists the lock reasons and methods for unlocking sitecollections.

Lock reason Server administrator action tounlock Site administrator action to unlock


Storage limit exceeded Change the quota value. Delete excess site content ordocuments.

Manual lock by server administrator Clear the Adding content preventedor No access lock. None.

If you need to lock a site collection and deny all users access to it, either temporarily or permanently, you do so byusing the Manage Site Collection Quotas and Locks page.

Lock a site collection manually1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central


and then click View Data. 5. In the Site Lock Information section, select Adding content prevented or No access. 6.

If you lock a site collection with Adding content prevented or No access, you must type an explanation inthe Additional lock information box.

7. Click OK.

When a site collection has been locked manually, you can unlock it by using the Manage Site Collection Quotas andLocks page.

Unlock a site collection1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central


and then click View Data. 5. In the Site Lock Information section, select Not locked, and then click OK.

Related TopicsQuota data is captured along with the usage analysis data for a site collection. For more information about the usageanalysis process, see Configuring Usage Analysis.



Show All

Configuring Self-Service SiteCreationMicrosoft Windows SharePoint Services allows members of the Administrator site group to create subsites off oftheir Web sites. These subsites can be fully-functioning SharePoint sites, complete with a home page, documentlibraries, and so on, and they can even have their own unique permissions. Self-Service Site Creation is a featurewhich is enabled by administrators and allows users to create their own top-level Web site. The user does not needadministrator permissions on the server or virtual server, only permissions on the Web site where Self-Service SiteCreation is hosted. The user simply enters some basic information and the new top-level Web site is created with theuser as the owner and administrator. When you enable Self-Service Site Creation, you free yourself from having tocreate top-level Web sites on demand for your users â€”they can do it themselves.

You turn on Self-Service Site Creation from the Configure Self-Service Site Creation page for the virtual server youwant to enable. When you turn on Self-Service Site Creation, an announcement is added to the home page of thetop-level Web sites on that virtual server, with a link to the signup page (Scsignup.aspx). Users can click the link to goto the signup page and create their sites. This announcement is set to never expire but if the Announcements list islong, or is removed from the home page of your site, the announcement may not appear. If you want to ensure thatthe link always appears on the home page, you can customize the home page in a Web page editor compatible withWindows SharePoint Services to include the link in a prominent position, such as the top link bar.

NoteÂ Â When you are in Active Directory account creation mode, or are using host headers for your virtualservers, you cannot enable Self-Service Site Creation from SharePoint Central Administration. To perform this actionin Active Directory account creation mode, you must use the command line or the object model. For moreinformation, see Using the Object Model to Manage Windows SharePoint Services.

Security and Self-Service Site CreationSelf-Service Site Creation allows users to create and manage their own top-level Web sites automatically. Thiscapability can obviously affect the security for your Web server running Windows SharePoint Services. Self-ServiceSite Creation is disabled by default â€”you must turn on the feature to use it. You enable Self-Service Site Creationfor a single virtual server at a time. If you want to use it on all virtual servers in your server farm, you must enable it forevery virtual server individually.

The Administration pages for Self-Service Site Creation are part of the virtual server administration pages, which canonly be accessed by local computer administrators or members of the SharePoint administrators group. Access to thesignup page follows the same security rules as other Web site pages. By default, the Use Self-Service SiteCreation right is included in all site groups except the Guest site group, and gives users access to the signup page andthe ability to use Self-Service Site Creation to create their own top-level Web sites.

Note that because Self-Service Site Creation simply creates new top-level Web sites on an existing virtual server, anynew sites automatically conform to the virtual server's quota settings, unused Web site notification settings, and otheradministrative policies.

Managed Paths and Self-Service Site CreationBy default, when you install Windows SharePoint Services, a Uniform Resource Locator (URL) path called /sites is


added to your virtual server. When you enable Self-Service Site Creation, that path is the default path for sites thatyour users create. For example, a user can create "MyTeamSite" under /sites on Server 1. Using the defaults, the pathfor this site would be similar to the following: http://server/sites/MyTeamSite. You can use the default /sites path forusers' Self-Service Site Creation sites, or you can create additional paths. You specify which URL paths are availablefor users to create sites under by adding managed paths. If you do add more URL paths for Self-Service SiteCreation to use, when users go to the Scsignup.aspx page, they see a drop-down box listing the various pathsavailable, and they can choose which path to create their site under. For more information about defining a URL path,see Managing Paths.

Enabling Self-Service Site CreationYou can use either HTML Administration pages or the command-line tool to enable and configure Self-Service SiteCreation. Either method allows you to turn Self-Service Site Creation on or off, and allows you to specify requiredinformation for each site.

Configuring Self-Service Site Creation from HTML AdministrationPagesTo enable Self-Service Site Creation for a virtual server, use the Configure Self-Service Site Creation page for thatvirtual server.

Enable Self-Service Site Creation1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central

Administration. 2. On the SharePoint Central Administration page, under Virtual Server Configuration, click Configure

virtual server settings. 3. On the Virtual Server List page, click the virtual server to enable. 4. On the Virtual Server Settings page, under Automated Web Site Collection Management, click

Configure Self-Service Site Creation. 5. In the Enable Self-Service Site Creation section, next to Self-Service Site Creation is, select On. 6. If you want to require two contact names for each site, select the Require secondary contact check box.

Requiring a secondary contact is highly recommended if you are using site use confirmation and have enabledautomatic Web site deletion. For more information, see Managing Unused Web Sites.

7. Click OK.

To disable Self-Service Site Creation, go to the Configure Self-Service Site Creation page; next to Self-Service SiteCreation is, select Off, and then click OK.

Configuring Self-Service Site Creation from theCommand LineYou use the enablessc operation to enable and configure Self-Service Site Creation from the command line. Theenablessc operation requires the URL parameter, and optionally takes the requiresecondarycontact parameter. Forexample, to enable Self-Service Site Creation for a server called MyServer and require two contact names for eachsite, you would use syntax like the following:

stsadm -o enablessc -url http://MyServer -requiresecondarycontact

You can disable Self-Service Site Creation by using the disablessc operation. The disablessc operation takes onlythe URL parameter. So, to disable Self-Service Site Creation for MyServer, the syntax would be:Windows SharePoint Services Administrator's Guide Página 180 de 382

stsadm -o disablessc -url http://MyServer

Related TopicsFor more information about using command-line operations, see Command-Line Operations.



Show All

Managing and CustomizingSearchMicrosoft Windows SharePoint Services enables users to search all Web site content on your server or server farmâ€” a broader search capability than offered in SharePoint Team Services 1.0. In that version, searching wasimplemented using Internet Information Services (IIS) catalogs and limited to documents on the file system; userswere not able to search through lists, such as tasks and contacts, or through discussion board items. Because all siteinformation (including documents) is now stored in a database, the search model has been changed to allow searchingof all site content.

Search features are only available for Windows SharePoint Services with Microsoft SQL Server 2000. If you arerunning Microsoft SQL Server 2000 Desktop Engine (Windows) (Microsoft SQL Server 2000 Desktop Engine(Windows) (WMSDE 20)) for your database, no search features are available. If you want to allow full-textsearching on your Web sites, you must upgrade to SQL Server 2000.

Understanding Search in Windows SharePointServices Search is available per server or server farm. This means that search is either turned on or off for all top-level Website and subsites in your server farm or server. If search has not been enabled, the search links will not appear in theWeb sites in your server farm or server.

Search can query most lists and all document libraries on your site. Search cannot query lists of lists (such as theQuick Launch bar) or surveys. Users can search the entire site or a single list within the site (for example, to searchfor a particular contact in the Contacts list).

Searching with SQL Server 2000If you are using SQL Server 2000, you can enable full-text searching for your Web sites. SQL Server 2000 full-textsearching is a good solution for searching Windows SharePoint Services Web sites in small or medium organizations;however, SQL Server 2000 full-text search does not scale well to large server farm. Search catalogs can use up to40 percent of the hard disk space that data uses. There is a hard limit of 256 search catalogs per server; plus you willencounter performance issues when you reach 1 million rows in the search catalog table. If you are running a largeserver farm, it is not advisable to offer search features for all of the Web sites in your server farm. Consider addingsearch for premium customers if you are an Internet service provider (ISP) or Application service provider (ASP), orfor only a limited number of sites if you are hosting Web sites based on Windows SharePoint Services inside a largeorganization.

SQL Server 2000 full-text search supports only one language for each database. If you are supporting WindowsSharePoint Services Web sites in several languages and you want to enable full-text search in those languages,consider hosting each language on a separate virtual server with a separate database per language.

SQL Server 2000 uses language resources packages with full-text search catalogs. The following list includes thelanguages for which language resources are available:

Neutral Dutch


English (UK) English (US) French German Italian Japanese Korean Simplified Chinese Spanish (Modern Sort) - Spain Swedish Traditional Chinese Thai

The neutral language resources package is provided for use with languages not on this list. For more information aboutSQL Server, full-text searching, and languages, see the SQL Server 2000 documentation.

When you enable full-text search in Windows SharePoint Services, a new, empty catalog is created by default andnamed ix_databasename. Content is added to this catalog as it is added to your new Web site. Aside from enablingand disabling full-text search, any search management or monitoring must be done from within SQL Server 2000 withthe SQL Server administration tools. For more information about managing full-text search in SQL Server 2000, see"Administering Full-Text Features Using SQL Enterprise Manager" in the SQL Server Books Online system.

About Searching FeaturesWhen you search SharePoint sites by using SQL Server full-text searching, the search is performed by using a FREETEXT statement. Using FREETEXT allows searching by intent â€” all terms are stemmed, so that the querylooks for all inflectional forms of each query term. For example, if you query for "swim", the query also returns resultsincluding "swam", "swum", "swimming", and so on.

The following table lists and describes the searching features available when you use SQL Server full-text searching.Search targets Searched with SQL Server?List items YesDocuments YesLists YesBoolean searches (AND, OR, Near, NOT) No

File types other than .doc, .xls, .ppt, .txt, and .htm Not by default. You can install customized SQL Serversearch filters to search other file types.

Searching for subsite content on a top-level Web site No. You must go to the subsite to perform the search.Non-text list fields (such as currency, number, lookup,Yes/No) No

Attachments to lists NoFile properties used by Office 2003 documents (such as"Author" and "Company") No

Survey lists NoHidden lists NoSite administrators, site groups, users, or cross-sitegroups No

External Web sites, file shares, documents NoNarrowing search results by searching through previousresults No


Displaying the total number of items matching a searchstring No

Enabling SearchYou must enable search before your site members can use it. If you want to enable SQL Server 2000 searching, youmust install the full-text searching feature for SQL Server 2000 and then enable search in Windows SharePointServices.

NoteÂ Â Full-text searching is enabled by default when you install Windows SharePoint Services using theremotesql=yes property.

Enabling Search for SQL Server 2000To use search with Windows SharePoint Services and SQL Server 2000, you must have full-text searching installedon your SQL Server computer. Full-text searching is usually installed by default, but if it is not installed on your server,you can install it easily with the SQL Server Setup tools.

Install full-text searching with SQL Server 2000

NoteÂ Â You must be a member of the Administrators group on the computer running SQL Server to install full-textsearching with SQL Server 2000.

1. On your SQL Server computer, run the SQL Server 2000 Setup program. 2. On the setup screen, click SQL Server 2000 Components, and then click Install Database Server.

The Microsoft SQL Server 2000 Installation Wizard opens.3. On the Welcome screen, click Next. 4. On the Computer Name screen, select the computer type, and then click Next. 5. On the Installation Selection panel, select Upgrade, remove, or add components to an existing

instance of SQL Server, and then click Next. 6. On the Instance Name panel, clear the Default check box, and then in the Instance Name box, select

your SQL Server instance for Windows SharePoint Services and click Next. 7. Select Add components to your existing installation, and then click Next. 8. On the Select Components panel, in the Sub-Components list, select Full-Text Search, and then click

Next. 9. Click Next again to begin the installation. 10.Click Finish.

Enabling Search in Windows SharePoint ServicesAfter you have configured SQL Server 2000 to support full-text searching, you are ready to enable search forWindows SharePoint Services.

Enable search for Windows SharePoint Services1. On your server computer running Windows SharePoint Services, click Start, point to All Programs, point

to Administrative Tools, and then click SharePoint Central Administration. 2. Under Component Configuration, click Configure full-text search. 3. In the Search Settings section, select the Enable full-text search and index component check box. 4. Click OK.



Configuring Regional SettingsEvery Web site (both top-level Web sites and subsites) based on Microsoft Windows SharePoint Services can becustomized to use specific regional settings that apply to the users of your site. You can specify the following regionalsettings:

Locale

Controls how numbers and dates are displayed in the site. Sort order

Controls the sort orders used for lists and libraries. Time zone

Controls the time zone for the Web site.

NoteÂ Â You cannot configure a client's view to see document information in their time zone if it is differentthan the site's time zone. For example, if you have a site set to Eastern Time (US and Canada), and a user inAmsterdam adds a document at 1:00 PM (or 13:00) local time, the document properties show that it wasadded at 7:00 AM Eastern Time. If this is a problem for your site, you may want to consider creating apersonalizable Web Part to show all documents and list items in a specific time zone. For example, the WebPart could list all document libraries and lists in the site, and then the user could select which document libraryor list to display and the time zone to display it in, and then they would see the data from that document libraryor list converted to their time zone. For more information about creating custom Web Parts, see the WindowsSharePoint Services Software Development Kit.

Time format

Specifies whether to display times in 12-hour or 24-hour format.

To specify the locale ID for a site, you can use either HTML Administration pages or the command line. To changethe sort order, time zone, or time format for a site, you must use HTML Administration pages. For more informationabout language settings in Windows SharePoint Services, see Language Considerations.

Changing Regional Settings in HTMLAdministration PagesYou can change the locale ID, sort order, time zone, and time format for an individual site by using the RegionalSettings page in the Site Administration pages.

Server administrators and members of the SharePoint administrators group can also specify a default time zone to usefor all sites on a virtual server. For more information, see Configuring Virtual Servers.

Change the regional settings for a site1. On the site, click Site Settings.2. On the Site Settings page, under Administration, click Go to Site Administration.3. On the Site Administration page, under Management and Statistics, click Change regional settings.4. On the Regional Settings page, select the settings to use, and then click OK.

Specifying Locale IDs on the Command LineWindows SharePoint Services Administrator's Guide Página 185 de 382

When you extend a virtual server, create a new top-level Web site, or create a new subsite from the command line,you can specify the locale ID to use. The extendvs, createsite, createsiteinnewdb, and createweb operations allaccept the lcid parameter. To enter a locale ID in any of these operations, you type the numerical value for the locale(such as 1033 for U.S. English or 1036 for French/France). For example, to create a new subsite and use the Frenchlocale ID for France, you would use the following syntax:stsadm.exe -o createweb -url http://server_name/site1/subsite1 -lcid 1036

All of these operations take several other parameters. For more information about these operations, see Command-Line Operations.



Show All

Configuring Usage AnalysisUsage analysis allows you to track how Web sites on your server are being used. You configure the settings forprocessing the usage log by using commands in HTML Administration pages. From the SharePoint CentralAdministration page, you can control:

Whether or not to log usage data.

usage analysis is not enabled by default. If you want to use the usage analysis features for your server, youmust enable the usage analysis logging process. Log files are created daily to track usage information. Whenthe log file is processed, a flag is added to indicate that is has been processed. If you do not want to trackusage analysis data and you want to conserve disk space, you can turn off data logging for usage analysis.

Where the log files are stored and how many log files to create.

By default, the log files are in %windir%\system32\LogFiles\STS. Inside this folder is a folder for every virtualserver, and under those folders, folders for each day. You can specify any other location you prefer. You canspecify that up to 30 log files are created.

NoteÂ Â If you choose a different log file location, you must be sure to give the STS_WPG user groupRead, Write, and Update permissions to the directory. Without these permissions, the usage log files cannotbe created or updated. For more information about setting permissions for a directory, see the MicrosoftWindows Help system.

Whether or not to process the usage logs and when to do so.

By default, the log files are set to be processed every day at 1:00 A.M. You can schedule the usage log to beprocessed at a more convenient downtime for your Web sites. If your Web sites are primarily used by internalemployees, for example, you might schedule the log to be processed at night, when demand on the sites islower than during working hours. If you have multiple servers, you can stagger the processing. For example,you can configure the processing to start at midnight, and stagger it by 15 minutes, so that server1 starts at12:00, server2 starts at 12:15, server3 at 12:30, and so on.

In Microsoft Windows SharePoint Services, usage analysis data is gathered from the front-end Web servers andcollected into temporary files. When the daily log processing takes place, the data is merged into the contentdatabases on the back-end servers. Usage data is collected for an entire site collection on a server at a time. Eventhough the data is logged and stored for an entire site collection, when you view the data in HTML Administrationpages, you can see only the data for a particular Web site or subsites, not for the entire site collection.

NoteÂ Â Although you can see the total number of hits for a site collection on the Site Collection Usage Summarypage, for detailed information you must use the Site Usage Report page for the individual site or subsite.For more information about the type of data gathered in the usage analysis logs and how to view the usage analysisreports, see Analyzing Web Site Usage.

Usage data is stored for 31 months. Daily information is stored for 31 days. The log files will not be deleted, evenafter processing. Note that usage analysis processes rely on the Microsoft SharePoint Timer service to manage thetiming of log processing. For more information about the SharePoint Timer service, see Scheduling Timed Jobs.

NoteÂ Â Because usage analysis processing runs only once a day, when you enable usage analysis processing, youwill not see any data until the next day. Log processing is only done for a single day's worth of data. If you turn off thelog processing for a week but leave the data logging turned on, the next time you turn on processing, it will onlyprocess one day's worth of log files. The log files for all of the days before that will remain unprocessed.


You control settings for usage analysis processing from the SharePoint Central Administration page. You must be anadministrator of the local server computer or a member of the SharePoint administrators group to configure usageanalysis settings.

NoteÂ Â When you configure usage analysis processing for a server, it takes effect for any existing virtual servers. Ifyou later add a virtual server, you must configure usage analysis processing again to enable usage analysis for the newvirtual server.

Configure usage analysis processing for a server1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central

Administration. 2. Under Component Configuration, click Configure usage analysis processing. 3. In the Logging Settings section, select the Enable logging check box. 4. In the Log file location box, type the location to store the log file.

The default location for the log file is c:\Windows\system32\LogFiles\STS.5. In the Number of log files to create box, type a number between 1 and 30.

In general, you should use a number that is one to three times the number of database servers in your serverfarm, with a maximum number of 30 log files.

6. In the Processing Settings section, select the Enable usage analysis processing check box. 7. Under Run processing between these times daily, specify the range of times to start the usage analysis log

processing. In the Start box, select the earliest time of day to begin running log processing. In the End box,select the latest time to begin running log processing.

8. Click OK.

Related TopicsFor more information about viewing usage reports, see Analyzing Web Site Usage.

For more information about configuring and viewing quota information, see Configuring Site Collection Quotas andLocks.



Configuring Antivirus ProtectionMicrosoft Windows SharePoint Services now allows you to help protect your users from uploading or downloadingfiles that contain viruses. When you have installed an antivirus scanner that is compatible with Windows SharePointServices, you can enable the antivirus protection feature for your server. When you enable the antivirus protectionfeature, files are checked for viruses when a user adds a document to a document library or list, or when a user viewsa document in a document library or list. If a virus is found, the scanner attempts to clean the file, or if the file cannotbe cleaned, blocks the file from being added or viewed.

NoteÂ Â If a file is uploaded, and is later identified as containing a virus, users will not be able to open the file. In thissituation, however, users may still be able to save the file locally and open it from their computer.

You enable and configure antivirus protection at the server level. When enabled, antivirus protection is available for alldocument libraries on all sites and subsites on your server, or for all servers in your server farm. You can use HTMLAdministration pages or the command line tool to configure antivirus protection.

You must install Windows SharePoint Services-compatible antivirus software on any server computer runningWindows SharePoint Services before you can enable antivirus protection in Windows SharePoint Services. If you arein a server farm configuration, antivirus software must be installed on every Web front-end server in the server farm.Consult your antivirus software vendor to find out whether they offer a virus scanner for use with WindowsSharePoint Services and for information about installing the virus scanner. Or, for a list of antivirus software vendorsthat support antivirus protection for Windows SharePoint Services, see the Windows SharePoint Services PartnersSite.

Using HTML Administration Pages to Configure Antivirus SettingsYou use the Configure Antivirus Settings page in the SharePoint Central Administration pages to enable and configureantivirus protection.

Enable antivirus protection for your server or server farm1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central

Administration. 2. On the SharePoint Central Administration page, under Security Configuration, click Configure antivirus

settings. 3. Select the Scan documents on upload check box.4. Select the Scan documents on download check box. 5. If desired, select the Attempt to clean infected documents check box.6. If you want to allow users to save infected files locally, select the Allow users to download infected

documents check box.

NoteÂ Â This option is disabled by default to prevent users from saving potentially infected files to their clientcomputers.

7. In the Time out scanning after ___ seconds box, type the number of seconds to allow before timing outthe scanning process.

The default time is 300 seconds, or 5 minutes. This should be enough time to allow the antivirus processes tofinish without affecting performance. The default time is recommended, but you can adjust this time if you areexperiencing performance issues.

8. In the Allow scanner to use up to ___ threads box, type the number of threads to allow the scanningprocess to take up.




By default, the number of threads is set to 5, which should be sufficient for even a large number of sites. Thedefault number of threads is recommended, but you can adjust the number of threads if you are experiencingperformance issues.

9. Click OK.

Using the Command Line to Configure Antivirus SettingsYou can also configure antivirus protection by setting properties on the command line. To set a property, you use theStsadm.exe tool with the setproperty operation. The following properties are available for use in configuring antivirusprotection.Property name Description Values

avallowdownloadSpecifies whether users can downloadinfected documents to their clientcomputers.

yes/no

avcleaningenabled Specifies whether antivirus cleaning isenabled or disabled. yes/no

avdownloadscanenabled Specifies whether documents arescanned on download. yes/no

avnumberofthreads Specifies the number of threads to usefor antivirus processes.

A numerical value, the number ofthreads to use.

avtimeout Specifies how long to wait beforetiming out an antivirus process. A numerical value, in seconds.

avuploadscanenabled Specifies whether documents arescanned on upload. yes/no

The following example shows the syntax to use when setting an antivirus property:

stsadm.exe -o setproperty -pn <property name> -pv <property value>

For example, to set the avtimeout property to 200, you would use the following syntax:

stsadm.exe -o setproperty -pn avtimeout -pv 200

For more information about setting properties using the command line, see "Introducing the Administration Tools forWindows SharePoint Services" in the Windows SharePoint Services Administrator's Guide.



Configuring Data RetrievalServicesA data retrieval service implements a new data-binding technology that enables data consumers and data sources tocommunicate with each other through SOAP and XML. Data retrieval services are XML Web services that returnXML data from different data sources. A data retrieval service is installed and runs on a server extended withMicrosoft Windows SharePoint Services. Windows SharePoint Services comes with a default set of data retrievalservices for working with data in SharePoint lists, OLEDB, and XML data sources. Client applications anddata-bound Web Parts, such as the Spreadsheet Web Part, can use a data retrieval service to query the data sourcesupported by the particular data source.

NoteÂ Â If your data retrieval service is attempting to connect to a remote Microsoft SQL Server database that isconfigured to use Microsoft Windows authentication, the server with the data retrieval service, the remote serverrunning SQL Server, and the client initially making the request against the data retrieval service must be usingKerberos authentication. For more information about setting up Kerberos authentication, see the Help system forInternet Information Services (IIS) 6.0.

Configuring Data Retrieval Services from HTMLAdministrationYou can enable or disable data retrieval services and configure settings for data retrieval services for an entire serveror server farm by using the SharePoint Central Administration page.

Enable data retrieval services and configure settings for a server or server farm1. On the SharePoint Central Administration page, under Component Configuration, click Configure data

retrieval services settings. 2. On the Data Retrieval Services Settings page, in the Enable Data Retrieval Services section, select

Enable these data retrieval services.3. In the Limit Response Size section, in the Response size limit box, specify the size, in kilobytes (KB), to

use as the upper size limit for responses from the data retrieval services.4. To allow updatable queries, in the Update Support section, select the Enable update query support check

box.5. In the Data Source Time-out section, in the Request time-out box, specify the length of time to allow the

data retrieval service to respond before timing out, in seconds.6. Click OK.

You can also use HTML Administration pages to specify settings for a particular virtual server.

Enable data retrieval services and configure settings for a virtual server1. On the SharePoint Central Administration page, under Virtual Server Configuration, click Configure

virtual server settings.2. On the Virtual Server List page, click the name of the virtual server that you want to configure.3. On the Virtual Server Settings page, under Component Configuration, click Configure data retrieval

service settings. 4. On the Data Retrieval Service Settings page, in the Customize Virtual Server section, clear the Inherit the

global settings check box to specify different settings for the virtual server.5. In the Enable Data Retrieval Services section, select Enable these data retrieval services.6. In the Limit Response Size section, in the Response size limit box, specify the size, in kilobytes (KB), to


use as the upper size limit for responses from the data retrieval services.7. To allow updatable queries, in the Update Support section, select the Enable update query support check

box.8. In the Data Source Time-out section, in the Request time-out box, specify the length of time to allow the

data retrieval service to respond before timing out, in seconds.9. Click OK.

Configuring Data Retrieval Services from theCommand LineIf you are using a third-party data retrieval service, you can register a service by using the command line. Registerthese services by using Stsadm.exe with the binddrservice and removedrservice operations. The binddrserviceand removedrservice operations register individual data retrieval services for specific settings. When you register aservice, it appears on the HTML Administration pages under the appropriate setting. For each operation, you specifythe following required parameters: servicename and setting. The setting parameter takes any of the followingvalues: enabled, responsesize, timeout, update.

For example, to register a data retrieval service called Service1 to the list of services that an administrator may enableor disable, you would use the following syntax:

stsadm.exe -o binddrservice -servicename Service1 -setting enabled

And to remove Service1 from the list of services that may allow data updates, you would use the following syntax:

stsadm.exe -o removedrservice -servicename Service1 -setting update

For more information about command-line operations, see Command-Line Operations.©2003 Microsoft Corporation. All rights reserved.


Show All

Configuring Blocked FileExtensionsMicrosoft Windows SharePoint Services provides the ability to restrict certain kinds of files from being uploaded orretrieved, based on the file extension. For example, a file with the .exe file extension could potentially contain codethat runs on client computers when it is downloaded. Because it has the .exe file extension, the file can be run ondemand when it is downloaded. If files with the .exe file extension are blocked, users can neither upload nordownload a file with the .exe extension, and potentially dangerous content in the .exe file cannot be downloaded. Thisfeature does not prevent all exploits based on file types, nor is it designed to do so.

By default, several standard file extensions are blocked, including any file extensions that are treated as executablefiles by Windows Explorer. Files with curly braces { or } are also blocked automatically. The file extensions blockedby default are:File extension File type.ade Microsoft Access project extension.adp Microsoft Access project.app Application file.bas Microsoft Visual Basic class module.bat Batch file.chm Compiled HTML Help file.class Java class file.cmd Microsoft Windows NT Command Script.com Microsoft MS-DOS program.cpl Control Panel extension.crt Security certificate.dll Windows dynamic link library.exe Excutable program.fxp Microsoft Visual FoxPro compiled program.hlp Help file.hta HTML application .ins Internet Naming Service.isp Internet Communication settings.jse JScript Encoded Script file.lnk Shortcut.mda Microsoft Access add-in program.mdb Microsoft Access program.mde Microsoft Access MDE database.mdt Microsoft Access data file.mdw Microsoft Access workgroup.mdz Microsoft Access wizard program.msc Microsoft Common Console Document.msi Microsoft Windows Installer packageWindows SharePoint Services Administrator's Guide Página 193 de 382

.msp Windows Installer update

.mst Visual Test source files

.ops Microsoft Office profile settings file

.pcd Photo CD image or Microsoft Visual Test compiled script

.pif Shortcut to MS-DOS program

.prf System file

.prg Program source file

.reg Registration entries

.scf Windows Explorer command file

.scr Screen saver

.sct Windows Script Component

.shb Windows shortcut

.shs Shell Scrap Object

.url Uniform Resource Locator (Internet shortcut)

.vb Visual Basic Scripting Edition (VBScript) file

.vbe VBScript Encoded Script file

.vbs VBScript file

.wsc Windows Script Component

.wsf Windows Script file

.wsh Windows Script Host Settings file

The list of file extensions is controlled for the entire server or server farm and is recorded in the configuration database. Because the list of blocked file types is maintained by file extension, all files that use a file extension on the list cannotbe uploaded or downloaded, irrespective of the file's intended use. If .asp is on the list of extensions to block, thefeature blocks all .asp files on the server, even if they're used to support Web site features on another server in theserver farm. If a file ends in a period (.), the preceding characters are checked against the list of blocked fileextensions as well. For example, if .exe is on the list of blocked file extensions, a file called "filename.exe." is alsoblocked. The following list shows different ways of representing the same file, all of which are blocked if the .htaextension is on the list of blocked file extensions:

filename.hta filename.hta. filename.hta.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B} filename.hta::$DATA

You can determine which files are blocked for Web sites on your servers by modifying the list of blocked fileextensions. You can block additional file extensions (up to 1024 file types) by adding them to the list in the SharePointCentral Administration pages, or remove a block by deleting the file extension from the list. When you change the listof file extensions, the change affects both new files being added to a Web site and files already posted to a Web site.For example, if a document library contains a .doc file, and you add the .doc file extension to the list of blocked fileextensions, users will no longer be able to open the .doc file in the document library. Users will be able to rename ordelete a file with a blocked file extension, but will not be able to perform any other actions.

Add or remove a file type from the list of blocked file extensions1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central

Administration. 2. On the SharePoint Central Administration page, under Security Configuration, click Manage blocked file

types. 3. On the Manage List of Blocked File Types page, perform one of the following actions:

o To add a file type, click in the list and type the extension. o To delete a file type, delete the file extension from the list.


4. Click OK. ©2003 Microsoft Corporation. All rights reserved.


Show All

Scheduling Timed JobsSeveral features of Microsoft Windows SharePoint Services rely on scheduled background processes. For example,to be able to review usage analysis information, you must first gather the information, preferably when your site is notbeing heavily used. With Windows SharePoint Services, you can schedule the following operations to occurautomatically at specific times.Operation Frequency ScopeProcessing the usage analysis log files Daily Web serverSending alert notifications Immediately, daily, or weekly Content databaseChecking for and automaticallydeleting unused Web sites Daily, weekly, or monthly Content database

Checking for and automatically addinge-mail attachments from a specificpublic folder to a specific documentlibrary

Every few minutes, hourly, or daily Content database

Scheduled times apply to all Web sites on a particular virtual server. The scope determines how the job is run. If a jobis scoped to the Web server level, it is run for each Web server computer, independently of any other Web serversthat might be hosting the same content. If an operation is scoped to the content database level, it is run once for thecontent database, which means once for the each content database in the entire server or server farm.

The Microsoft SharePoint Timer service, a background utility, handles scheduled jobs in Windows SharePointServices. This utility is installed to your Web server when you set up Windows SharePoint Services. The SharePointTimer service relies on the Gregorian calendar for scheduling. For every job you schedule, you must specify abeginning time for that job based on a 24-hour clock. You specify the time in local time versus an offset fromUniversal Coordinated Time (UCT), and the time is stored in that format as well.

The dates used by the SharePoint Timer service are not stored in context. This means that you cannot schedule jobsto run every X days/weeks/months/years, where X is greater than 1. So, while you can schedule jobs to run everyday, every week, or every month, you cannot schedule a process for every two days, and so on. Neither can youschedule jobs for relative days in a month, such as the third Monday of every month.

When you schedule a timed job, you schedule the beginning time for the job. For example, you can schedule a job tobe run daily, beginning between 1:00 A.M. and 2:00 A.M. You always schedule jobs to begin within a time range,rather than at a specific time. This allows the SharePoint Timer service to be run at a random time in that range, sothat not every server in a server farm is running the scheduled job at the same time. For example, if you set usageanalysis processing to be done during the range 1:00 A.M. to 2:00 A.M., each front-end Web server startsprocessing usage analysis sometime between 1:00 and 2:00 A.M.

Using HTML Administration Pages to Schedule JobsYou can schedule timed jobs by using HTML Administration pages. To schedule a timed job, go to the page thatcontains the settings for the job you want to schedule, and then select the day, date, month, year, and time that youwant the job performed. For example, if you want to schedule usage analysis processing to be performed daily at3:00 A.M., you would use the Configure Usage Analysis Processing page to specify the time to run the logprocessing. For more information about scheduling specific timed jobs by using HTML Administration pages, see thefollowing topics:

Managing Alerts


Configuring Usage Analysis Managing Unused Web Sites Configuring E-Mail-Enabled Document Libraries

Using Command-Line Properties to Schedule JobsYou can also set properties on the command line to schedule timed jobs. Alert and site use confirmation jobs canboth be scheduled by using command-line properties. You use the setproperty operation with Stsadm.exe toschedule timed jobs. The setproperty operation takes the propertyname and propertyvalue parameters, as well asthe -url parameter. For a timed job, the propertyvalue parameter is the frequency and time when you want the job tobe performed.

When you schedule a job from the command line, you use one of the following formats to specify the frequency andtime:Job frequency Example time formatImmediate "every 5 minutes between 0 and 59"Daily "daily between 22:00:00 and 06:00:00"

Weekly "weekly between Fri 22:00:00 and Mon 06:00:00" or"weekly at Sat 0:00:00"

For example, to schedule a job to be processed daily between midnight and 1:00 A.M., you would specify the propertyvalue parameter as:-pv "daily between 0:00:00 and 01:00:00"

For more information about scheduling timed jobs from the command-line, see Command-Line Properties.

Restarting the SharePoint Timer ServiceIf you need to restart the SharePoint Timer service on a Web server computer, you can do so by using the Servicescontrol panel.

NoteÂ Â To restart the SharePoint Timer service you need to be a member of the local computer's Administratorsgroup or you need to have been granted permissions to manage services on the local computer.

Restart the SharePoint Timer service1. Click Start, point to All Programs, point to Administrative Tools, and then click Services.2. In the Services (Local) pane, right-click SharePoint Timer Service, and then click Restart.



Show All

Managing Sites and SubsitesWeb sites in Microsoft Windows SharePoint Services are organized into site collections. Each site collection has atop-level Web site. This top-level Web site can have multiple subsites, and each subsite can have multiple subsites.Because sites are nested in a hierarchy within the site collection, it can be challenging to manage them all.

NoteÂ Â Local server administrators and members of the SharePoint administrators group can perform any task thata site collection administrator can perform for a site collection.

You can use two methods to manage sites and subsites: HTML Administration pages

When you use HTML Administration pages to manage sites in a site collection, be aware that some featuresare only available from the top-level Web site. These features include managing site collection galleries,viewing storage space allocation, viewing the site heirarchy, and listing all users in the site collection.

Command-line administration

If you use the command line to manage sites in a site collection, the levels are not as important, because youcan always specify the full Uniform Resource Locator (URL) path for a site you want to manage, and you canadjust the URL to list sites and subsites at any level in the site collection. However, you must be a member ofthe administrators group for the local server computer to use the command-line tools.

Managing Sites and Subsites by Using HTMLAdministration PagesYou can use the HTML Administration pages to view a list of subsites within a site collection or for a particularsubsite. You can also use HTML Administration pages to delete a site or subsite. Depending on your administrativeaccess level, you can perform different actions.

Members of the local server's administrator group and members of the SharePoint administrators group candelete a site collection from SharePoint Central Administration. Site collection administrators can also delete asite collection by using the Top-Level Site Administration page. Deleting the site collection deletes thetop-level Web site in that site collection, as well as any subsites.

Members of the site collection administrators group can view a list of all subsites below the top-level Web sitein that site collection from the View Site Hierarchy page. They can delete a specific subsite in the sitecollection or the entire site collection by navigating from the View Site Hiearchy page to the SiteAdministration page for the subsite or top-level Web site (to delete a site collection).

Members of the Administrator site group for a subsite can only see the immediate subsites below their subsite.They can delete the subsites they see, provided that the subsites have no subsites beneath them.

Viewing SubsitesIf you are a member of the Administrator site group for a site, you can view a list of subsites from the Manage Sitesand Workspaces page in Site Settings. This list displays only the immediate set of subsites for the current site (onelevel down).

View the list of immediate subsites for a site1. On the site, click Site Settings. 2. On the Site Settings page, under Administration, click Manage sites and workspaces.


If you are a site collection administrator, you can see the full list of subsites for the site collection (any subsites of thetop-level Web site, plus any of their subsites) by using the View Site Hierarchy page in Site Administration.

View the entire list of subsites within a site collection1. On the top-level Web site for the site collection, click Site Settings. 2. On the Site Settings page, under Administration, click Go to Site Administration.3. Under Site Collection Administration, click View site hierarchy.

Deleting a Site CollectionIf you are an administrator of the local server computer on which a site resides or a member of the SharePointadministrators group, you can use the Delete Site Collection page in the Central Administration or Virtual ServerAdministration pages to delete a site collection (a top-level Web site and any subsites beneath it).

CautionÂ Â When you delete a top-level Web site, you also delete any subsites beneath it. Before you delete a site,be sure to verify that there are no subsites beneath it, or that you no longer need the subsites beneath it. You cannotrecover a subsite unless you have a backup version of the subsite. For more information about backing up a site, see"Backing Up and Restoring Databases by Using the SQL Server 2000 Tools" in the Windows SharePoint ServicesAdministrator's Guide.

Delete a site collection from SharePoint Central Administration1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central

Administration. 2. On the Central Administration page, under Virtual Server Configuration, click Delete site collection. 3. In the URL of the site to delete box, type the full URL to the site.4. Click OK.

If you are the owner of or a site collection administrator for a top-level Web site, you can delete the top-level Website by using the Delete This Site page in the Site Administration pages.

Delete a site collection from Site Administration1. On the subsite, click Site Settings. 2. On the Site Settings page, under Administration, click Go to Site Administration.3. Under Management and Statistics, click Delete this site. 4. On the confirmation page, click Delete.

Deleting a SubsiteDepending on your administrative access level, you can use different methods to delete a subsite:

If you are a member of the Administrator site group for the subsite you want to delete, you can use the DeleteThis Site page in Site Administration.

If you are a member of the Administrator site group for the site one level up from the subsite you want todelete, you can use the Manage Sites and Workspaces page in Site Settings for your subsite.

CautionÂ Â You cannot recover a subsite unless you have a backup version of the subsite. For more informationabout backing up a site, see "Backing Up and Restoring Databases by Using the SQL Server 2000 Tools" in theWindows SharePoint Services Administrator's Guide.

Delete a subsite using the Delete This Site page1. On the subsite, click Site Settings. 2. On the Site Settings page, under Administration, click Go to Site Administration.3. Under Management and Statistics, click Delete this site.


4. On the confirmation page, click Delete.

To delete a subsite from the Manage Sites and Workspaces page, you must use the Site Settings page for the siteimmediately above the subsite you want to delete.

Delete a subsite using the Manage Sites and Workspaces page1. On the site above the subsite you want to delete, click Site Settings. 2. On the Site Settings page, under Administration, click Manage Sites and Workspaces.3. On the Manage Sites and Workspaces page, next to the subsite you want to delete, click the Delete icon. 4. On the confirmation page, click Delete.

Managing Sites and Subsites from the CommandLineYou can use the following operations with the Stsadm.exe command-line tool to manage sites and subsites.Operation Descriptionenumsites Lists all top-level Web sites for a specific virtual server.

enumsubwebs Lists all subsites of a specific top-level Web site orsubsite.

renameweb Renames a subsite.

deletesite Deletes a top-level Web site and any subsites beneath thetop-level Web site.

deleteweb Deletes a subsite. If the subsite contains other subsites, anerror will be returned, and the subsite will not be deleted.

You can also use the following operations to manage sites and subsites: createsite, creatsiteinnewdb, andcreateweb. For more information, see "Creating Sites and Subsites" in the Windows SharePoint ServicesAdministrator's Guide.

The enumsites and enumsubwebs operations take the url parameter. Their syntax is simple, just the operation andURL, as in the following examples:stsadm.exe -o enumsites -url <URL>stsadm.exe -o enumsubwebs -url <URL>

The enumsites and enumsubwebs operations provide the list of sites and subsites as XML text. For example, a listof sites generated by running enumsites would look like:<Sites Count="2">

<Site URL="http://site_name1" Owner="DOMAIN\userA"/>

<Site URL="http://site_name2" Owner="DOMAIN\userB"/>

</Sites>

The deletesite and deleteweb operations also take only the url parameter and follow the same syntax:stsadm.exe -o deletesite -url <URL>stsadm.exe -o deleteweb -url <URL>

The renameweb operation takes the url and newname parameters. The syntax for renameweb is as follows:stsadm.exe -o renameweb -url <URL> -newname <new subsite name>

For more information about using the command-line operations, see Command-Line Operations.

Related TopicsPart of managing sites and subsites is creating sites when you need to. For more information, see "Creating Sites andSubsites" in the Windows SharePoint Services Administrator's Guide.Windows SharePoint Services Administrator's Guide Página 200 de 382

You can also delete unused sites automatically. For more information, see Managing Unused Web Sites.©2003 Microsoft Corporation. All rights reserved.


Show All

Managing PathsWhen you extend a virtual server, create a top-level Web site, or configure Self-Service Site Creation, you may alsoneed to define managed paths. Managed paths allow you to perform two important tasks:

Indicate which pieces of the Uniform Resource Locator (URL) namespace are controlled by MicrosoftWindows SharePoint Services.

Many organizations installing Windows SharePoint Services already have a Web server or server farm in use,and must be able to identify areas of the existing URL namespace that should not be managed by WindowsSharePoint Services. For example, if you have a Web application on your Web server already, and you installWindows SharePoint Services, you need a way to tell Windows SharePoint Services not to attempt tocontrol content in or settings for that path.

Specify paths to use for Self-Service Site Creation.

You can restrict Self-Service Site Creation users to specific paths when they create sites. By default, the path/sites is created and added as a path for Self-Service Site Creation users when you enable Self-Service SiteCreation. You can create other paths for Self-Service Site Creation users, or remove the /sites path when youmanage paths.

There are two categories of paths you can manage: included and excluded paths. An included path indicates thatWindows SharePoint Services manages that path. An excluded path indicates that the path is managed by a differentapplication, and that Windows SharePoint Services should leave it alone. Included paths can be further broken downinto the following two types:

Explicit inclusions â€”Includes only the specific path you set. Use explicit inclusions, for example, if you wantWindows SharePoint Services to manage a specific path, such as /portal, but not any possible sites below it,such as /portal/webapp.

Wildcard inclusions â€”Includes any sites below the path you set, so you don't have to add them individually.This is the type of inclusion to use for Self-Service Site Creation, when you want users to be able to createtop-level Web sites underneath a specific path, such as /sites.

NoteÂ Â Web server performance declines linearly with the number of inclusions and exclusions. You can minimizethe performance impact by using wildcard inclusions rather than many explicit inclusions, and by putting as manyexcluded applications under the same excluded path as possible.

The following table lists example URLs and explains the types of paths.Path type Example URL Path name Comments

Explicit inclusion http://server1/site1 /site1Identifies the Web site at/site1 as a WindowsSharePoint Services site.

Wildcard inclusion http://server1/sites/* /sites/*Identifies all sites below the/sites/ path as WindowsSharePoint Services sites.

Exclusion http://server1/webapp /webapp

Indicates that the /webappdirectory is not handled byWindows SharePointServices.


Top-level Web site explicitinclusion http://server1 /

Indicates an explicit inclusionfor the top-level Web site.Only the top-level Web siteis a Windows SharePointServices site, not any othersites below the top-levelWeb site.

Top-level Web site wildcardinclusion http://server1 /*

Indicates a wildcardinclusion for the top level ofthe virtual server. Everydirectory under the specifiedpath is a WindowsSharePoint Servicestop-level Web site.

Included and excluded paths are used only for directories, not pages in a Web site, and they are recursive (forexample, if you exclude /mango, Windows SharePoint Services will ignore any URL beginning with /mango/ or equalto /mango). Exclusions take precedence over inclusions, so if you accidentally set a particular path to be both includedand excluded, the path will be excluded. Inclusions are evaluated by length; longer URLs are checked before shorterURLs, so an inclusion for http://server1/sites/teams will be evaluated before an inclusion for http://server1/teams.

You can manage paths by using either HTML Administration pages or the command line.

Managing Paths by Using HTML AdministrationPagesTo include or exclude a new path, use the Define Managed Paths page for the virtual server that contains the path.

Add a new path1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central


settings. 3. On the Virtual Server List page, select the virtual server you want to configure. 4. On the Virtual Server Settings page, under Virtual Server Management, click Define managed paths. 5. In the Add a New Path section, in the Path box, type the path to add. 6. Select Excluded path or Included path. If you select Included path, select a type (wildcard or explicit) in

the Type box. 7. Click OK.

If you change how you use the URL namespace, and no longer need a path to be included or excluded, you canremove the path.

Remove a path1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central


settings. 3. On the Virtual Server List page, select the virtual server you want to configure. 4. On the Virtual Server Settings page, under Virtual Server Management, click Define Managed Paths. 5. Under Included Paths or Excluded Paths, select the check box next to the path you want to remove, and

then click Remove selected paths.


Managing Paths from the Command LineYou can use the addpath and deletepath operations to manage paths on the command line. Both operations take the-url and -type parameters. The -type parameter has three values: exclusion, explicitinclusion, andwildcardinclusion. For example, to add a new wildcard inclusion to manage all sites at the top level of http://server1,you would use syntax like the following:

stsadm -o addpath -url http://server1/ -type wildcardinclusion

You can also remove an included or excluded path by using the command line. For example, to remove an exclusionfor the site at http://server1/hrweb/webapp, you would use syntax like the following:

stsadm -o deletepath -url http://server1/hrweb/webapp

Related TopicsFor more information about how managed paths affect extending a virtual server, creating sites, or allowing users tocreate sites by using Self-Service Site Creation, see Extending Virtual Servers, Creating Sites and Subsites, andConfiguring Self-Service Site Creation.



Show All

Managing the ConfigurationDatabaseMicrosoft Windows SharePoint Services uses a database to store configuration and site mapping information for yourserver computer, the virtual servers on your server computer, and for servers in a server farm. This database is calledthe configuration database. You need one configuration database for your server farm, whether your server farm isone server computer with everything on it, or several server computers.

If you install Windows SharePoint Services on a single server using Microsoft SQL Server 2000 Desktop Engine(Windows) (WMSDE), the configuration database is created for you.

Installing Windows SharePoint Services in a server farm environment, or on a server running Microsoft SQL Server,does not create the configuration database. The installation ends by opening the Configure Administrative VirtualServer page. You can use this page to configure the SharePoint Central Administration virtual server and select theconfiguration database. You may also use the command line utility stsadm.exe to perform these tasks.

Using HTML Administration to Create or Connectto a Configuration DatabaseWhen you install Windows SharePoint Services without installing WMSDE, the setup program ends by openingCentral Administration and displaying a page where you specify the application pool to use for administration tasks.After you specify the application pool, the security account and NTLM or Kerberos authentication for the SecurityConfiguration, you are taken to the Set Configuration Database Server page where you specify whether to useexisting domain accounts or use Active Directory directory service to create user accounts, and create theconfiguration database. For more information about account types, see "Managing Users and Cross-Site Groups" inthe Windows SharePoint Services Administrator's Guide.

Create a configuration database after setting up Windows SharePoint Services

When Setup finishes, you are taken to the Configure Administrative Virtual Server page.1. In the Application Pool section, select Use an existing application pool or Create a new application

pool.o If you selected Use an existing application pool, select the application pool to use.o If you selected Create a new application pool, under Application pool name, type a name for the

application pool, and under Select a security account for this application pool, select eitherpredefined or configurable.

NotesPredefined security accounts (network service, local service, local system) are configured to workwith Kerberos authentication.If you select Configurable, and the Security Configuration is set to Kerberos authentication, youmust configure the account as a Service Principal Name (SPN). Be sure to specify an account that isa member of the Security Administrators and Database Creators roles for the SQL Serverdatabase. For more information, refer to the Microsoft Knowledge base article 832769: How toconfigure a Windows SharePoint Services virtual server to use Kerberos authentication.It is recommended that you use a dedicated account for this account, rather than a user's logon




account. Also, it is recommended that you use the same account for each application pool that hoststhe same content.

2. Once the above steps have been completed, click OK.

You will see the Application Pool Changed page which prompts you to restart IIS.3. To restart Internet Information Services (IIS) from a command prompt, type iisreset which will stop and

restart IIS.4. After IIS has been restarted, on the Application Pool Changed page, click OK. 5. On the Set Configuration Database Server page, in the Configuration Database section, enter the server

name and database name to use. 6. Under Database connection type, select Use Windows authentication (more secure, recommended)

or Use SQL authentication (less secure). 7.

If you selected Use SQL authentication (less secure), you must also type the database account user nameand password.

8. If you selected Use Windows authentication, select one of the following options:o If the user accounts you want to use for your site already exist in the Active Directory directory service,

select Users already have domain accounts. Do not create active directory accounts.o If you want Windows SharePoint Services to automatically create user accounts in the Active Directory

directory service, select Automatically create active directory accounts for users of this site.

NoteÂ Â For Windows SharePoint Services to automatically create accounts, the application pools musthave proper permissions on the Active Directory directory service. For more information, seeâ€œPreparing the Domain Controllerâ€• in Separate Active Directory Directory Service OrganizationUnit Deployment.

9.

If you selected Automatically create active directory accounts for users of this site, you must fill in theActive Directory Domain and Organization Unit information.

10. Click OK.

If you already have a configuration database for your server farm, you can use the Set Configuration Database Serverpage to connect to the existing configuration database. You must connect to the configuration database whenever youadd a server to a server farm, and before you can extend any virtual servers on that server.

Connect to a configuration database1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central

Administration. 2. Under Server Configuration, click Set configuration database server. 3. In the Configuration Database section, enter the server name and database name for the existing

configuration database. 4. Under Database connection type, select Use Windows authentication (recommended security level)

or Use SQL authentication (less secure). 5.

If you selected Use SQL authentication (less secure), type the database account user name andpassword.

6. Select the Connect to existing configuration database check box. 7. Click OK.

Using the Command Line to Create or Connect to aConfiguration DatabaseWindows SharePoint Services Administrator's Guide Página 206 de 382

You use the same operation on the command line to create or connect to a configuration database. The setconfigdboperation allows you to perform either action, depending on the parameters you include. The setconfigdb operationtakes the following required parameters: databaseserver (ds), databaseuser (du), and databasepassword (dp).(Note that the -du and -dp parameters are only required if you are using SQL Server authentication; they are not usedwith Windows authentication.) In addition, you can use the following optional parameters: connect, databasename(dn), and hh, which specifies that you are in server farm mode.

To create a new configuration database and specify a name for the database, you would use the following syntax:

stsadm -o setconfigdb -ds <database server> -dn <database name>

-du <database user> -dp <database user password> -hh

For example, to create a new configuration database called "config1" at http://mydomain, on the Sql_02 databaseserver, using Windows authentication, you would type:

stsadm -o setconfigdb -ds mydomain -dn config1

To connect to an existing configuration database, you would use syntax similar to the following:

stsadm -o setconfigdb -connect -ds <database server>

-dn <database name> -du <database user>

-dp <database user password>

Related TopicsAfter you have set up the configuration database, you can begin extending virtual servers. For more information, see Extending Virtual Servers.

For more information about using the setconfigdb operation, see Command-Line Operations.©2003 Microsoft Corporation. All rights reserved.


Show All

Managing Content DatabasesMicrosoft Windows SharePoint Services uses a database to store and manage site content. Just as each virtual servercan host multiple top-level Web site, each virtual server can rely on multiple content databases to store site content. Ifyou are running Windows SharePoint Services on a single server, hosting just a few sites, you can probably use thesame content database for all of your sites. If you want to add capacity in a server farm, you will most likely needseveral content databases to store site data for each virtual server.

To make it easier to manage site content for large server farms, you can also set a limit on how many top-level Websites can store content in a content database. You can specify a warning limit and a maximum limit for the number ofsites. When a warning limit or maximum limit is reached, an event is logged in the server's NT Event Log, so you cantake action. When a maximum limit is reached, no more sites can be created using that content database.

When you create a new site, the databases are queried and the new site's content is added to the database which hasthe most available space. For example, suppose your virtual server has three content databases, all set to warn youwhen they reach 2000 sites, with a maximum of 2025 sites. When the first content database reaches 2000 sites, anevent is logged. When it reached 2025 sites, no more sites can be created in that database. When you are close to thelimit on two out of three of the content databases, and you know that you'll need to host more than 2000 additionalsites, it is time to create another content database.

You can specify any number of sites for the warning and maximum number of sites. To determine an appropriatenumber for your situation, divide the amount of available disk space on the database server by the estimated size foreach site (plus a buffer). If you are using quota, divide the disk space by the disk space quota (plus a buffer).

A buffer allows the number of sites to grow beyond the warning level, but not exceed your disk space. The size of thebuffer is up to you, but make sure to provide enough space for growth, so that you don't exceed the maximumnumber before you can react to a warning event. When the maximum number is reached, no more sites can becreated in that content database. Be sure to create a buffer large enough so that your users can continue to createsites as required, without having to constantly create new content databases.

Content databases are created and managed at the virtual server level. When you create a new content database (orwhen you extend a virtual server), you specify the database connection settings for the content database. You canupdate these settings if, for example, the database server name changes.

You can create or delete content databases, and specify settings such as the database server to use for the contentand how many top-level Web sites to allow per content database in a server farm setting, by using pages in HTMLAdministration. In HTML Administration, you can view the full list of content databases for your virtual server, andsee the current, warning and maximum level of sites for the content database at a glance.

Managing Content Databases by Using HTMLAdministrationYou can specify a default server to store content databases for all of your virtual servers. This allows you to create anew content database when you extend a virtual server, without having to specify a location or supply the user nameand password.

Specify a default content database server1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central


Administration. 2. On the Central Administration page, under Server Configuration, click Set default content database

server. 3. In the Content Database Server section, fill in the database server name.

If you are using Microsoft SQL Server computer authentication, you must also supply the administratoraccount user name and password.

4. Click OK.

You can create multiple content databases for each virtual server. There are two situations in which you create a newcontent database: when you extend a new virtual server, and when your other content databases are getting full. Youuse a different method to create the content databases in each of these cases.

In most cases, you create a content database when you extend a virtual server. For information about extending avirtual server and creating a content database, see Extending Virtual Servers.

When you extend a virtual server, the warning level is set to 9,000 sites, and the maximum is set to 15,000 sites. Tochange this after the virtual server is extended, you use the Manage Content Databases page. You can also createadditional content databases by using this page.

Create a new content database for a virtual server1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central


settings. 3. On the Virtual Server List page, click the virtual server you want to configure. 4. On the Virtual Server Settings page, under Virtual Server Management, click Manage content

databases. 5. On the Manage Content Databases page, under Content Databases, click Add a content database. 6. In the Database Information section, select either Use default content database server or Specify

database server settings.

If you select Specify database server settings, fill in the database server name and database name. If youare using SQL Server authentication, you must also supply the administrator account user name andpassword.

7. In the Database Capacity Settings section, type a number in the Number of sites before a warningevent is generated box.

8. Type a number in the Maximum number of sites that can be created in this database box. 9. Click OK.

You can also change database connection settings and warning and maximum site levels for a content database.

Change settings for a content database1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central


settings. 3. On the Virtual Server List page, select the virtual server you want to configure. 4. On the Virtual Server Settings page, under Virtual Server Management, click Manage content

databases. 5. On the Manage Content Databases page, under Content Databases, click the database you want to

change. 6. To change database status, in the Database Status box, select Ready or Offline. 7. To change the number of sites allowed for a content database, in the Database Capacity Settings section,

enter a new warning and maximum number. Windows SharePoint Services Administrator's Guide Página 209 de 382

8. Click OK.

If you want to remove a content database, you do so from the Manage Content Databases page as well. Note thatwhen you remove a content database, the site data stored in that database is not deleted. You can reconnect to thecontent database later to restore the sites.

Remove a content database1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central



databases. 5. On the Manage Content Databases page, under Content Databases, select the database you want to

change. 6. On the Manage Content Database Settings page, in the Remove Content Database section, select the

Remove content database check box. 7. Click OK.

You can reconnect to a content database that you have removed by adding it again. To reconnect to an existingcontent database, you need to use the same database server and database name. There are additional steps if you arereconnecting to a content database after restoring the database to a new server farm. For more information, see"Backing Up and Restoring Databases by Using the SQL Server 2000 Tools" in the Windows SharePoint ServicesAdministrator's Guide.



Show All

Managing Versions and CheckingDocuments In and OutMicrosoft Windows SharePoint Services gives users the ability to keep versions of documents, and to checkdocuments in and out.

About Document VersioningDocument versioning allows you to keep multiple versions of a document. If a change needs to be reversed, you canrestore the previous version and continue working. A Version History command is included on the drop-down listusers see when they click the arrow next to a document name and on the toolbar in the Edit Properties page for thedocument. The Version History command is also available in client applications compatible with WindowsSharePoint Services, such as Microsoft Office Word 2003, Microsoft Office Excel 2003, and Microsoft OfficePowerPoint 2003. When the user clicks Version History, a list of the previous versions of the document appears.The user can open an old version, restore a version (replacing the current version), or delete an old version.

When versioning is enabled, versions are automatically created whenever a user updates a document in a documentlibrary. Versions are created in the following situations:

When a user checks out a file, makes changes, and checks the file back in. When a user opens a file, makes changes, and then saves the file for the first time.

NoteÂ Â If the user saves the file again, without closing the file, a new version is not created. If the usercloses the application he or she is using to edit the file, and then opens it and saves the file again, anotherversion is created.

When a user restores and old version of a file (and does not check it out). When a user uploads a file that already exists, in which case the current file becomes an old version.

Members of the Administrator and Web Designer site groups for a site can determine whether document versioning isenabled for a particular document library. To enable document versioning, you use the settings page for that documentlibrary.

Enable versioning for a document library1. Navigate to the list, and on the left link bar, click Modify settings and columns. 2. On the Customize "Document Library" page, click Change general settings. 3. On the Document Library Settings page, in the Document Versions section, under Create a version each

time you edit a file in this document library?, click Yes.4. Click OK.

About Checking Documents In and OutChecking documents in and out allows users to obtain exclusive write access to a document, eliminating the need tomerge changes from multiple authors. When a user checks a document out, that user is the only user who can savechanges to the document. Other users can read the document, but they cannot make changes. The user who has thedocument checked out can update the document, and see the latest version of the document, but other users will notsee the updates until the document has been checked back in. Members of the Administrator and Web Designer sitegroups (or members of any site group with the Cancel Check-out rights) for a site can override a document


check-out if necessary, and force the document to be checked in with the previous version.

To force a document to be checked in, you use the same command as the user would use to check in a documentnormally.

Cancel a check-out and return to the previous version1. Navigate to the document, click the down arrow next to the document's title, and then click Check In. 2. On the Check In page, select Discard changes and undo check out, and then click OK.3. On the confirmation message that appears, click OK to check in the document.



Show All

Managing Web DiscussionsWeb sites based on Microsoft Windows SharePoint Services include Web discussion, a special collaboration featurethat allows users to communicate with each other on the World Wide Web. Web discussions are threadeddiscussions that allow users to collaborate on HTML documents or on any document that can be opened with abrowser (such as .htm, .xls, .doc, and .ppt files) on a server running Windows SharePoint Services. Users can addand view discussion items located within documents, or general discussion items located in the discussion pane.

About Web DiscussionsUsers can participate in discussions about documents created in word processing, spreadsheet, and presentationprograms compatible with Windows SharePoint Services, such as Microsoft Word, Microsoft Excel, and MicrosoftPowerPoint, as well as any HTML or Rich Text Format (RTF) file. The threaded discussions are maintained in the content databases for the site.

To participate in a discussion, users click the Discuss button on the Microsoft Internet Explorer toolbar, or in aspreadsheet, word processing, or presentation program compatible with Windows SharePoint Services; or click the Web Discussions command (Online Collaboration submenu on the Tools menu). If the document is stored in adocument library, you can also use the Discuss option on the Edit menu for the document. All user discussion itemsare displayed in a shared document that users can view either in the original application or in Internet Explorer.

Because discussion items are stored separately from the shared document, users can modify the document withoutaffecting the collaborative discussion. This separation also allows multiple users to create and edit discussion itemssimultaneously. Users can also add discussion items to read-only documents.

By using the Web Discussions toolbar, users can view Web discussions, search for discussion items, or filterdiscussions by author or by date and time. Inline discussions print as part of the document, while discussions in adiscussion pane print on a separate page when the document is printed. Users can view discussions offline, but theycannot add to them offline.

Editing Discussion ItemsThe logon authentication account identifies a user, and depending on the site group assigned to a user, the user hasdifferent rights for working with discussion items in a document library or list. For example, in a document library, auser with View Items rights can only view other users' discussion items but cannot contribute to the discussion.Whereas a user with Add Items, Edit Items, and Delete Items rights can participate in discussions, and can alsoedit or remove other users' discussion items.

With Windows SharePoint Services, and with the appropriate user rights, you can perform the following actions on anexisting discussion item:

Reply â€” Append your discussion item to another user's discussion item. Edit â€” Change your own or another user's discussion item. Delete â€” Delete your own or another user's discussion item. Close â€” Mark a discussion item as closed. Close Item and Replies â€” Mark a discussion item and any replies as closed. Activate â€” Restore a discussion item after it has been closed.

A user must have the correct rights to view, edit, reply to, or delete a discussion comment in a site. The following


table explains the rights required to work with discussion comments within different environments in a Web site:

Action Right Required (WebSite Page)

Right Required(Document orAttachment)

Right Required (ListView and Form pages)

View discussions View Pages View Items View ItemsInsert a discussion Add and Customize Pages Add Items Manage ListsEdit a discussion Edit Items Edit Items Manage ListsDelete a discussion Delete Items Delete Items Manage ListsClose a discussion Add and Customize Pages Manage Lists Manage ListsClose an item and replies Add and Customize Pages Manage Lists Manage ListsActivate a discussion Add and Customize Pages Manage Lists Manage Lists

For more information about which site groups include these rights, see User Rights and Site Groups.

Anyone with rights to view discussions (from View items on up) can close his or her own discussion items. Whendiscussions are marked closed, they are not deleted from the database, and therefore there is no risk of losingimportant information. If the discussion is needed again, it can be restored by using the Activate command.

Modifying Documents That Contain Discussion ThreadsBecause discussion items are not stored in the document, users can modify the document independently from anydiscussions they create.

The following table explains how a modification to a document can affect threaded discussions in a document.When a document is modified in this way The discussion data is affected this wayThe change is made in an area without a discussion itemattached. Inline and general discussions are not affected.

The change is made in an area with a discussion itemattached.

Inline discussions attached to modified text are moved tothe General discussions area and marked as"mismatched." General discussions are not affected.

The entire document is moved, renamed, or deleted. All inline and general discussions are lost.

Managing Web DiscussionsYou can view and delete discussion threads on your discussion server. To manage discussion threads, you use theManage Discussions page in the Site Administration pages for your site or subsite.

Manage Web discussion threads1. On the site, click Site Settings.2. On the Site Settings page, under Administration, click Go to Site Administration.3. On the Site Administration page, under Management and Statistics, click Manage Web discussions,

and then do any of the following: o To see all discussion threads associated with your site, click All Web discussions, and then click

Update. o To see discussion threads filtered by a particular Uniform Resource Locator (URL), type a path in the

Web discussions in folder http://server_name/ box, and then click Update. o To view a particular discussion thread, click the URL for the thread. o To delete a particular discussion thread, select the check box next to the thread, and then click Delete. o To delete all discussion threads on your site, click Delete all discussions.



Show All

Managing AlertsBecause Web sites based on Microsoft Windows SharePoint Services are meant to help groups of users worktogether, they tend to grow quickly and change often. Keeping up with these changes can be difficult for users,especially if they aren't checking on the site every day. To help users stay in touch with changes on a site, WindowsSharePoint Services includes a feature called Alerts, an e-mail notification service. When documents, lists, or items ina list on a server running Windows SharePoint Services are created, modified, or deleted, users who sign up for alertsreceive messages informing them that changes have been made.

NoteÂ Â In SharePoint Team Services 1.0 from Microsoft, alerts were called Web subscriptions, but thefunctionality has not changed significantly.

Users can create alerts to track items within a site, such as: Lists â€” Users are notified of changes to the list, such as when an item is added, deleted, or changed in a

list. List items â€” Users are notified of changes to a particular item in a list. Document libraries â€” Users are notified of changes to the document library, such as when a document is

added, deleted, or changed in a document library or when Web discussion are added, changed, deleted,closed, or activated for a document.

Documents â€” Users are notified of changes in a particular document or when Web discussions are added,changed, deleted, closed, or activated for a document.

ImportantÂ Â Before alerts can work for a particular site, the e-mail server settings must be configured at the serveror virtual server level. For more information, see Configuring E-Mail Settings.

When a user creates an alert for one of these items, he or she can specify what types of events will trigger an alert.Alerts can be generated whenever a document or list item is added, updated, or deleted in a document library or list,or when a Web discussion on a document or list changes. A user can specify one of these events, or select all of themto be notified whenever anything changes on the list, list item, document, or document library they want to track.

Users also have the ability to decide how often they want to receive alerts: immediately, daily, or weekly. Immediatealerts are sent as individual e-mail messages, and daily or weekly alerts are combined into summary messages for theentire Web site.

Users can change their alerts by using the My alerts on this site link on the Site Settings page of their Web site.

NoteÂ Â A user must have the View Items rights (included in the Contributor site group by default) to sign up foralerts.

Customizing the Message Text for AlertsFor Windows SharePoint Services, you can customize the contents of the alert messages. Keep in mind that whileyou can alter the contents of the message, there is still no mechanism for identifying and extracting exact text changeswithin a document or list item. You can, however, customize the text in the message and re-order, add, and removefields from the message.

NoteÂ Â You must be an administrator on the local server computer to edit the XML templates for WindowsSharePoint Services.


The message text for immediate, daily, and weekly alerts is based on content in a series of XML templates on theserver computer. To customize the message text, you must edit the XML templates that contain the message text. Thetemplates are stored on the front-end Web server at \\Program Files\Common Files\Microsoft Shared\Web ServerExtensions\60\Template\LCID\XML, where LCID is the locale ID. The templates that contain message text for alertsare described in the following table.Template name Description Text and fields may include

notifsitehdr.xml The header text used for each e-mailalert

Header information (such as site Uniform Resource Locator (URL)),message title information (such asDaily or Weekly Summary), and iteminformation.

notiflisthdr.xml The list header text Summary information for daily orweekly changes to a list.

notifitem.xml The event information

Body text for e-mail messages,including the text and placeholders "item in list has been changed byname at time."

notifsiteftr.xml The footer text used for each e-mailalert

Footer information, including the string"Click here to manage alert settings."

CautionÂ Â Editing any of the XML templates for Windows SharePoint Services can break the templates and,consequently, break the mechanism for sending alerts. Be sure to edit only the message text in the template and keepa backup copy of the original templates in case you need to revert to the originals. For more information aboutcustomizing XML templates, see the Windows SharePoint Services Software Development Kit.

You can edit the XML templates to include any of the following tags:Tag DescriptionSiteUrl The full URL to the site.SiteName The name of the site.

SiteLanguage The locale ID (LCID) for the language used in the site.For example, 1033 for U.S. English.

AlertFrequency Immediate (0), Daily (1), or Weekly (2).ListUrl The full URL to the list.ListName The name of the list.ItemUrl The full URL to the item.ItemName The name of the item.

EventType

ItemAdded (1), Item Modified (2), Item Deleted (4),DiscussionAdded (16), Discussion Modified (32),Discussion Deleted (64), Discussion Closed (128),Discussion Activated (256).

ModifiedBy The name of the user who modified an item.TimeLastModified The time the item was last modified.

MySubsUrl The full URL to the My Alerts on this Site page in SiteSettings.

NoteÂ Â In the XML templates, you use numerical values instead of text to specify frequency and event types. So, ifyou want to set the AlertFrequency to weekly, you would use the value 2 in the template, rather than typing "weekly."

You can use any XML editing tool, such as Notepad, to edit the templates. Keep in mind that any changes you maketo this message text are used for all alert messages sent to all users of your server. If you are in a server farmenvironment, you must edit the templates on each server in the server farm, or copy the edited templates to eachWindows SharePoint Services Administrator's Guide Página 216 de 382

server in the server farm. You must be an administrator of the local server computer to edit the XML templates forWindows SharePoint Services.

Configuring and Managing AlertsYou can view alerts for a Web site or subsite and delete alerts that are no longer needed.

If you are a server administrator or a member of the SharePoint administrators group, you can also use SharePointCentral Administration pages to configure settings for alerts, such as the following:

View alert settings. Turn alerts on or off. Specify how many alerts users can create.

You can also use the Stsadm.exe command-line tool to configure alert settings if you are a server administrator. Usingthe command line, you can:

Turn alerts on or off. Specify how many alerts users can create.

Alerts use the Windows SharePoint Services e-mail settings to send alert items. When you configure alert settings, besure that you also double-check the e-mail settings for your virtual server. For more information, see ConfiguringE-Mail Settings.

ImportantÂ Â When you remove a user from a Web site, site group, or cross-site group after he or she has createdalerts, you must manually delete any alerts that he or she has set up. This is also true for any lists or libraries whereyou change security settings to limit access. If a user has set up alerts for the list or library, he or she will continue toreceive them after you change the security settings. It is important to delete these alerts to prevent unauthorized usersfrom having access to site and user information.

Managing Alerts for a Web SiteYou can use HTML Administration pages to view and delete alerts on your site. To manage alerts, you use theManage User Alerts page in the Site Administration pages.

Manage alerts1. On the Site Settings page for the Web site, under Administration, click Go to Site Administration. 2. Under Management and Statistics, click Manage user alerts. 3. On the Manage User Alerts page, select a user name in the Display alerts for ___ box, and then click

Update. 4. To delete an alert, select the check box next to the alert, and then click Delete Selected Alerts.

Configuring Alerts for a Virtual ServerYou can also change alert settings for a virtual server. Changes you make on the virtual server affect all Web sitesunder that virtual server. To change settings for a virtual server, you use commands on the Virtual Server Settingspage. You must be a member of the SharePoint administrators group or an administrator of the local computer tochange virtual server settings.

Configure alerts for a virtual server1. On the server that contains the virtual server, click Start, point to All Programs, point to Administrative

Tools, and then click SharePoint Central Administration. 2. On the Central Administration page, under Virtual Server Configuration, click Configure virtual server

settings. 3. On the Virtual Server List page, click the virtual server you want to configure.


4. On the Virtual Server Settings page, under Virtual Server Management, click Virtual server generalsettings.

5. In the Alerts section, next to Alerts on this server are, click On or Off. 6. Under Maximum number of alerts that a user can create, specify whether users can have a limited or

unlimited number of alerts.o If you want to limit the number of alerts users can create, specify the number of alerts a user can create. o If you want users to be able to create as many alerts as they like, select Unlimited number.

7. Click OK.

Using the Command Line to Configure AlertsYou can manage alerts from the command line by using the GetProperty and SetProperty operations withStsadm.exe. You can set the following properties to configure how alerts work.Property Descriptionalerts-enabled Turn alerts on or off.

alerts-limited Specify whether users are limited to a specific number ofalerts.

alerts-maximum Specify the maximum number of alerts users can create.

job-immediate-alerts Specify how often to check for immediate alerts (inminutes).

job-daily-alerts Specify the time of day (using a 24-hour clock) to sendout daily alerts.

job-weekly-alerts Specify the day of the week and time of day (using a24-hour clock) to send out weekly alerts.

The following example shows the syntax to use to turn off alerts:

stsadm.exe -o setproperty -url <url> -pn alerts-enabled

-pv false

Related TopicsFor more information about using the administration tools or setting properties on the command line, see "Introducingthe Administration Tools for Windows SharePoint Services" in the Windows SharePoint Services Administrator'sGuide and Command-Line Properties.

The Alerts feature relies on the e-mail settings and timer service settings you configured for your server or virtualserver. For more information about configuring e-mail settings, see Configuring E-Mail Settings. For more informationabout Microsoft SharePoint Timer Services, see Scheduling Timed Jobs.



Managing HTML ViewersIncluded with Microsoft Windows SharePoint Services is the ability to connect to an HTML viewing server. TheHTML viewing server provides support for users who want to view the content of files on the Windows SharePointServices Web site, but do not have Microsoft Word, Microsoft Excel, or Microsoft PowerPoint from MicrosoftOffice 97, or a later release of Office, installed on their local computer. Even users who only have a Web browser(Microsoft Internet Explorer or Netscape Navigator) can view content by having the native Office file formatconverted to HTML automatically. Although there is a slight delay while the transformation takes place, the convertedfile is extremely close to the WYSIWYG formatting of the original. In addition to making files available for viewing byusers, administrators can use a batch process mode of HTML viewing to convert the contents of entire folders toHTML.

NoteÂ Â By default, the HTML viewing service supports only the following document types: .doc, .xls, .ppt, and.pps.

Transformation of a supported document can take between 1 and 30 seconds, depending on the complexity and sizeof the document as well as the speed and available resources of the dedicated computer. To provide for this abilityand assure a fast response time, it is recommended that you dedicate a separate computer to this service.

After the server is set up, it can be managed through the Configure HTML Viewer page in the SharePoint CentralAdministration pages. For more information about setting up an HTML viewing server, see the Microsoft OfficeHTML Viewer Service for Windows SharePoint Services white paper on the Microsoft Office Resource Kit Website.

Configure Windows SharePoint Services to use the HTML Viewer1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central

Administration. 2. Under Server Configuration, click Configure HTML Viewer. 3. Select the Allow HTML Viewing check box.4. In the Path to HTML Viewer Server box, type the full URL to the server hosting the HTML Viewer.5. In the Maximum cache size box, type the maximum size to allow for the HTML viewing cache.6. In the Maximum file size box, type the maximum file size to view.7. In the Timeout length box, type the length of time to wait before ending an HTML Viewer process.8. Click OK.




Managing Meeting WorkspaceSitesA Meeting Workspace site is a Microsoft Windows SharePoint Services subsite that is designed for centralizing allthe information and materials for one or more meetings. Although some management tasks are specific to workspacesites, most of the tasks that you do for other types of SharePoint sites also apply to Meeting Workspace sites.

Enabling or Disabling Creation of MeetingWorkspace SitesBy default, only users who are members of the Administrator site group are allowed to create, rename, or deleteMeeting Workspace sites. As an administrator, you can enable or disable permissions to create workspace sites for agroup of users. When you enable the creation of workspace sites, you give the Create Subsites right to the selectedusers or cross-site groups on the virtual server. This right allows users to create a subsite or a workspace site from theCreate page, from the Manage Sites and Workspaces page, or from an events list under an existing SharePoint site.After the workspace site is created, no Meeting Workspace sites or other subsites can be created under the newMeeting Workspace site.

After you enable users to create workspace sites on the Windows SharePoint Services server, you can also allowusers to create Meeting Workspace sites from your organization's calendaring and e-mail application. The applicationthat you use must be compatible with Windows SharePoint Services, such as Microsoft Office Outlook 2003. Thisintegration allows convenient collaboration and information sharing. To enable or disable the Meeting Workspacefeature for the calendaring and e-mail application, use group policies for that application.

TemplatesWindows SharePoint Services includes five Meeting Workspace site templates: Basic Meeting Workspace, BlankMeeting Workspace, Decision Meeting Workspace, Social Meeting Workspace, and Multipage MeetingWorkspace. Workspace sites that the user creates from these templates have a different site definition ID than sitesbased on the Team Site template. As with other SharePoint templates, you can create new Meeting Workspace siteor list templates for your users by saving an existing site or list as a site or list template. You can add new sitetemplates to the central template gallery or the site collection template gallery, and you can add custom list templatesto the site collection template gallery.

Accounts and Server PermissionsA Meeting Workspace site can either use the same permissions as the parent Web site (inheriting both the site groupsand existing user accounts available on the parent Web site), or it can use unique permissions (so site administratorscan create their own user accounts and add them to site groups). To use the same permissions as the parent Web site,a user who is a member of the local administrator group on the server or a user who is a member of the Administratorsite group on the parent site must give the Meeting Workspace users permissions on the parent Web site.

If you need to create new user accounts, instead of using existing domain accounts, use Active Directory accountcreation mode. For example, an Internet service provider (ISP) may need to allow SharePoint site owners to createuser accounts or invite users to collaborate on a Web site where existing domain accounts for those users do notalready exist.


Related TopicsFor more information about viewing, creating, and deleting sites and site collections, see Managing Sites and Subsites.

For more information about defining and customizing site groups and their rights, see Managing Site Groups andPermissions.

For more information about rights, allowing anonymous access, and assigning administration tasks, see ControllingUser Rights and Assigning Tasks.

For more information about configuring Windows SharePoint Services with a separate Microsoft Active Directorydirectory service, see Separate Active Directory Directory Service Organization Unit Deployment.

For more information about site and list templates and the template gallery, see Working with Templates.



Managing a Server Farm RunningWindows SharePoint ServicesMicrosoft Windows SharePoint Services was designed to be useful in large server farms, supporting hundreds orthousands of SharePoint sites and millions of users. When you manage a server farm environment for WindowsSharePoint Services, you need to make certain choices about configuring your environment, and you need to beaware of how Windows SharePoint Services works in that environment. This topic explains those choices, anddescribes how to work with Windows SharePoint Services in a large-scale, server farm environment.

About Front-End Web ServersIn a server farm environment, the front-end Web servers contain only the files and settings required to route requestsfrom clients to the appropriate sites in the database. Unlike in SharePoint Team Services 1.0 from Microsoft, they donot contain site data.

All site content and all configuration data is shared for all front-end Web servers in a server farm. To get the bestperformance and the best protection against hardware failure, you should configure Windows SharePoint Servicesidentically on all the front-end Web servers in your server farm.

The exceptions to this rule are those cases where data must be stored or pulled from Internet Information Services(IIS). For example:

Usage analysis data is collected for each front-end Web server individually. You can view usage analysisreports for each site. The data for these reports is compiled from the information collected from each server inyour server farm. For more information about usage analysis, see Configuring Usage Analysis and AnalyzingWeb Site Usage.

Some settings used for virtual servers in IIS, such as whether anonymous access is allowed for the virtualserver, are stored in the IIS metadata on the server itself.

It is strongly recommended that you use the same application pool accounts across all of the front-end Web servers inyour server farm. For example, on server1, virtual_server1 hosts http://site1. On server2, virtual_server1 hosts thesame site. When you use the same application pool for virtual_server1 on both servers, you can be sure that theapplication pool always has the appropriate permissions to perform the Windows SharePoint Services administrationtasks.

Replicating Configuration SettingsMost changes to configuration settings in Windows SharePoint Services are replicated automatically, without requiringsoftware such as Microsoft Application Center. For example, when you change the e-mail server for WindowsSharePoint Services, you do so either from the SharePoint Central Administration pages or the command-line tool,Stsadm.exe. You make this change only once, and the change is entered into the configuration database andautomatically applied to all servers in the server farm.

Some configuration processes must be performed individually on each front-end Web server. These processesinclude:

Installing Windows SharePoint Services.

You must install Windows SharePoint Services directly to any server computers that you want to include asfront-end Web servers in your server farm.


Extending a virtual server with Windows SharePoint Services.

Although this task is performed from either the SharePoint Central Administration pages or the command line,it adds files to the virtual server directory on the front-end Web server itself.

Windows SharePoint Services uses the SharePoint Central Administration virtual server on each front-end Webserver to keep configuration data synchronized. To make automatic replication of other configuration settings workbest, you should ensure that:

The SharePoint Central Administration virtual server for each front-end Web server is directly accessed byadministrators, and not solely by a virtual Internet Protocol (IP) address.

If you are using hardware load balancing, the routers or switches you use in a multi-host environment areconfigured so that command-line operations work. For example, if you are using a virtual IP environment forthe SharePoint Central Administration virtual server, you must be sure that each front-end Web server canping every other front-end Web server.

Choosing a Load BalancerTo make the most of your server farm environment, you need some method of balancing the client requests across allof the front-end Web servers in your server farm. Windows SharePoint Services works with most of the standardload balancing methods available. Some methods work better, or scale up better than others. You can use any of thefollowing methods with Windows SharePoint Services:

Software solutions, such as Network Load Balancing

Network Load Balancing is included with Microsoft Windows Server 2003. This method is inexpensive, butoffers only limited scalability. For more information about Network Load Balancing, see your WindowsServer 2003 documentation.

Software configuration solutions, such as using the domain name system to route requests

You can configure your domain name system (DNS) to create a basic load balancing system. For moreinformation about DNS, see your Windows Server 2003 documentation.

Hardware load balancing

You can also purchase load balancing hardware, such as a router, to distribute requests. The hardwaremethod is more expensive, but it is also the most scalable method and it provides the best use of yourfront-end Web server resources.

You do not need to perform any configuration steps to make Windows SharePoint Services work with any of theseload balancing methods. Simply set up the load balancing method in your server farm, and either install or continueusing Windows SharePoint Services.

Managing the List of Servers in a Server FarmIn a server farm environment, you may frequently need to perform the same action across several front-end Webservers in your server farm. To make performing actions on multiple servers easier, the SharePoint CentralAdministration page includes a link to the Manage Web Server List page â€” which lists all of the servers in yourserver farm. All servers running Windows SharePoint Services that are registered with the server farm are listed onthis page. From this page, you can navigate to another server and continue managing or configuring WindowsSharePoint Services for your servers.

Switch to the SharePoint Central Administration page for a different server1. On the SharePoint Central Administration page for your server farm, under Server Configuration, click

Manage Web server list.2. On the Manage Web Server List page, click the name of the server you want to manage.


If you need to remove a server from your server farm (either temporarily or permanently), you can do so from theManage Web Server List page. Removing a server from this list does not uninstall Windows SharePoint Services onthat server, or make any sites on that server inaccessible. It simply removes it from the server farm, and because youare in a server farm, all sites are still accessible from other front-end Web servers in the server farm.

Remove a server from the list1. On the SharePoint Central Administration page for your server farm, under Server Configuration, click

Manage Web server list.2. On the Manage Web Server List page, next to the server name you want to remove, click Remove.3. Click OK to remove the server.

Cleaning Up Old Logging DataWhen you run Windows SharePoint Services, several processes generate log files that reside on the front-end Webservers in your server farm. To ensure that your servers are running as efficiently as possible, you should periodicallydelete this old data. The following table lists the types of log files used by servers running Windows SharePointServices and where these types of log files are stored on the front-end Web servers.Log file type LocationUsage analysis logs %Windows%\system32\LogFiles\STS

Stsadm.exe logs The %temp% directory for the user account runningStsadm.exe.

Smigrate.exe logs The %temp% directory for the user account runningSmigrate.exe.

Windows SharePoint Services setup logs %Windows%\Temp

IIS logs

%Windows%\system32\LogFiles\Virtual_Server_ID

Where Virtual_Server_ID is the IIS ID for the virtualserver, such as W3SVC1 for the default virtual server.

W3wp.exe logs

%Windows%\Temp\w3wpApplication_Pool_ID

Where Application_Pool_ID is the ID for the applicationpool, such as StsAdminAppPool for the defaultSharePoint Central Administration application pool.

For more information about the IIS and W3wp.exe logs, see the About Logging Site Activity topic in the IIS Helpsystem.



Show All

About Web PartsA Web Part is a Microsoft ASP.NET server control that serves a particular purpose, such as displaying data from aspreadsheet or streaming stock quotations from an online Web service. Web Parts are inserted in Web Part zones onWeb Part Pages. Web Part zones are containers for Web Parts that group and organize Web Parts and provide a setof properties that configure the Web Parts in that zone. Web Part Pages consolidate data and Web content throughWeb Part zones to create dynamic information portals.

NoteÂ Â Web Parts can be inserted outside of Web Part Zones. However, Web Parts outside of Web Part Zoneshave reduced functionality.

Web Part Pages can be built into site templates in Microsoft Windows SharePoint Services to implement dynamic,data-driven sites. Users interacting with a site can create Web Part Pages and add Web Parts. Users can connectWeb Parts so that one Web Part can be driven by data from another. Web Part zones and part-to-part connectionsare exposed in the Windows SharePoint Services user interface, allowing users to build dynamic Web applicationsmade up of Web Parts without having to write any code.

Windows SharePoint Services includes a default set of Web Parts that users can immediately use to customize theirsites. For example, the Web Parts available with Windows SharePoint Services include:

Content Editor Web Part â€” Displays unstructured Web content, such as text or images. Image Web Part â€” Displays a picture. Form Web Part â€” Lets users add an HTML form. Contacts â€” Lets users display their Contacts list on a Web Part Page.

Web Parts are made available to users from Web Part galleries, which are collections of Web Parts. Depending onhow you configure the server, users can add Web Parts from any of the following galleries:

The Web Part Page gallery â€” A collection of Web Parts that are available to a specific Web Part Page butare currently inactive. Closing a Web Part on a page moves it to this gallery. Each Web Part Page has its ownWeb Part Page gallery.

The site collection Web Part gallery â€” The most central Web Part gallery for a work group. This gallery istypically managed by the site administrator of the site collection, who decides which Web Parts are availableand safe for the team's sites. By default, the gallery name is the name of the site, such as "Our Team Site WebPart Gallery." There is only one site collection gallery for each site collection. For information about managinga site collection Web Part Gallery, see Managing a Site Collection Web Part Gallery.

The virtual server Web Part gallery â€” The central gallery available to all sites on a server or server farm.When an administrator installs a custom Web Part, the Web Part is available to users from this gallery. Forinformation about installing custom Web Parts, see Managing Web Parts on Virtual Servers.

The online Web Part gallery â€” A set of Web Parts that are available over a Web service. This permits manyservers to share access to a common, centrally maintained collection of Web Parts. You can optionally makeone online gallery available to your site users. By default, SharePoint sites connect to the online gallery thatMicrosoft maintains at http://r.office.microsoft.com/r/hlidAwsGallery. For information about managing anonline gallery, see Managing Web Parts on Virtual Servers.

Custom Web Part packages are distributed to server administrators as cabinet (.cab) files. You use the command-linetool Stsadm.exe to add Web Parts from a Web Part package (in cabinet file format) to one or more virtual servers.Stsadm.exe installs Web Part executable code in the Bin directory of each virtual server or in the global assemblycache (GAC). Any resources used by an assembly are installed in the \wpresources folder for assemblies installed inBin directories, or \_wpresources for assemblies installed in the GAC. Web Part definition (.dwp) files are installed inthe virtual server Web Part gallery.


NoteÂ Â On a server farm, you should install custom Web Parts identically on each front-end Web server. Use theSharePoint Configuration Analyzer utility to check each virtual server's Web Part configuration. For more information,see Using SharePoint Configuration Analyzer.

Related TopicsFor information about installing, upgrading, and deleting custom Web Parts, along with descriptions of other Web Partconfiguration tasks at the virtual server level, see Managing Web Parts on Virtual Servers.

For information about using SharePoint Configuration Analyzer, see Using SharePoint Configuration Analyzer.

For information about managing a site collection Web Part Gallery, see Managing a Site Collection Web Part Gallery.©2003 Microsoft Corporation. All rights reserved.


Show All

Managing a Site Collection WebPart GalleryAdministrators of a top-level Web site can determine which Web Parts are available to the users of sites in their sitecollection. They can use the site collection Web Part gallery page to add or remove Web Parts from the list of WebParts available for use or to upload new Web Parts. Note that users may also have access to Web Parts in the onlineWeb Part gallery or in the server Web Part gallery. The Web Part gallery for a site collection controls only a subset ofall Web Parts available to users.

Make a Web Part available in the Web Part gallery1. On a top-level Web site, click Site Settings.2. Under Administration, click Go to Site Administration. 3. Under Site Collection Galleries, click Manage Web Part gallery. 4. On the Web Part Gallery page, click New Web Part.5. Select the check box next to the Web Parts you want to include in the gallery, and then click Populate

Gallery.

NoteÂ Â The list of Web Parts that can be added to the Web Part gallery is derived from the list of safeWeb Parts in the web.config file. There may be Web Parts in the web.config file that have never been in thegallery or that were deleted from the gallery.When you click Populate Gallery, the Web Parts you select are added to the gallery and are made availableto all users.

If you have installed a Web Part package and need to add the Web Parts to the gallery, you can use the UploadWeb Part button to add the new Web Parts to the gallery.

Web Parts can be organized into groups for easy filtering in the gallery. You can specify which group a Web Partbelongs to when you add a Web Part to the Web Part gallery. Groups are optional â€” you can add a Web Partwithout specifying a group.

Add a Web Part to the Web Part gallery1. On the Web Part Gallery page, click Upload Web Part.2. In the Name box, type the name of the Web Part (including the full path to the .dwp file) or click Browse. 3. In the Group box, select a group or, under Specify your own value, type a group name for the Web Part.4. Click Save and Close.

You can add several Web Parts to your gallery at once by using the Upload Multiple Files option on the UploadWeb Part page.

NoteÂ Â You must be using a Windows SharePoint Services-compatible client application to use the UploadMultiple Files option.

Add multiple Web Parts to the Web Part gallery1. On the Web Part Gallery page, click Upload Web Part.2. Under Name, click Upload Multiple Files.3. Select the check boxes next to the Web Parts you want to upload, and then click Save and Close.

You can remove a Web Part from the gallery if you want to make it unavailable to users. If a user has already used aWindows SharePoint Services Administrator's Guide Página 227 de 382

Web Part in the site, and you delete the Web Part from the site gallery, the Web Part will remain on the Web PartPage and will still work. However, if an administrator on the server computer removes the Web Part assembly thatcontains the Web Part from the server, or marks the assembly as unsafe in the Web.config file for the server, the WebPart will no longer run, and the user will see an error message.

Remove a Web Part from the Web Part gallery1. On the Web Part Gallery page, next to the Web Part you want to remove, click the Edit icon.2. On the Web Part Gallery: <Web Part Name> page, click Delete.3. Click OK to delete the Web Part.

Related TopicsFor an overview of Web Parts, see About Web Parts.

For information about installing, upgrading, and deleting custom Web Parts, along with descriptions of other centraladministration Web Part configuration tasks, see Managing Web Parts on Virtual Servers.



Show All

Managing Web Parts on VirtualServersThis topic describes Web Parts administration on virtual servers. Web Part administration tasks include:

Installing Web Parts. Upgrading Web Parts. Deleting Web Parts. Managing an online Web Part gallery. Allowing part-to-part connections. Setting additional Web Part configuration options.

For information about managing Web Parts for a site collection, see Managing a Site Collection Web Part Gallery.

Installing Web PartsAs a server administrator, you will be called on to install Web Parts on a server or server farm. To meet the needs ofyour organization, internal teams may develop Web Parts to deploy on some servers or across your entire intranet.Also, external software developers will build general purpose applications based on Web Parts technology and makethem available to your user community. Installing a Web Part is a three-step process: evaluation, installation, andverification.

Evaluation

Evaluate a custom Web Part before installing it on your server or server farm. You should be comfortable thatinstalling the Web Part will not compromise your server's security or performance. Web parts should becoded and tested by following recommended best practices, and they must be configured to run with theminimum level of permissions required to access the system and other resources that they need. MicrosoftWindows SharePoint Services takes advantage of the Microsoft .NET Framework code access securitymechanism to provide server administrators with the flexibility to set permissions on Web Part assembliestailored to their needs. For a complete discussion, see Microsoft Windows SharePoint Services and CodeAccess Security.

The SharePoint Products and Technologies 2003 Software Development Kit contains guidelines for softwaredevelopers that will help them implement their Web Parts following best security practices. For example, theSDK includes a topic, "Code Access Security For Administrators," that describes how code access securityis used in Windows SharePoint Services and how an administrator can create custom security policy files ifneeded. Also, see SharePoint Products and Technologies on MSDN for additional information on creatingand testing Web Parts, and see the Microsoft Security Developer Center for information that helpsdevelopers create secure software. Make sure that your developer community uses these resources indesigning, coding, and testing Web Parts before you agree to deploy them.

Installation

Custom Web Part packages are distributed as cabinet (.cab) files. You use the command-line toolStsadm.exe to add Web Parts from a Web Part package to one or more virtual servers.







In addition to installing the Web Part assemblies, .dwp files, and resources needed by Web Parts, Stsadm.exeputs a copy of the Web Part package in the configuration database. In a server farm configuration, you usethis centrally located Web Part package when installing the Web Parts from other servers.

NoteÂ Â The Wppackager tool is an alternative method of packaging and installing custom Web Parts. Thisunsupported tool is available on the Microsoft Download Center at SharePoint Products and TechnologiesTool: wppackager for packaging and deploying Web Parts. A whitepaper on this tool is published at UsingWppackager to Package and Deploy Web Parts for Microsoft SharePoint Products and Technologies.

An important decision when adding a new Web Part assembly is whether to install it to the global assemblycache (GAC) or to the Bin directory (C:\inetpub\wwwroot\bin for the default virtual server). The Bindirectory is the more secure option. When installed in the Bin directory, an assembly is only available to thevirtual server. Because the administrator controls the trust level for the virtual server, assemblies installed in theBin directory will run, by default, at a lower level of trust, such as WSS_Minimal, than they would in theGAC. (By default, assemblies installed in the GAC run at Full trust.)

In some IIS configurations, you must install assemblies in the GAC. For example, when you configure an IISvirtual server, extended by using Windows SharePoint Services, that has a host header name, you must installWeb Part assemblies in the GAC. But generally, you should install custom Web Parts in the Bin directory,and you should demand of your developer community that they develop Web Parts that work properly underthe trust level that you want to enforce on your virtual servers.

Verification

After installing Web Parts to each server, you can verify your installation by using the SharePointConfiguration Analyzer tool. Along with verifying that IIS and Windows SharePoint Services configurationsare compatible, this tool reports on errors in Web Part and Web Control assemblies installations, mismatchesbetween SafeControls lists (in web.config files) and the Web Parts that they reference, and Web Partassemblies that are missing from your server but referenced from pages in the database.

After installing a new Web Part assembly, using SharePoint Configuration Analyzer to check the installation,and fixing any errors, you should run SharePoint Configuration Analyzer again with the Save stateinformation option selected. When you select Save state information, SharePoint Configuration Analyzercreates a reference XML file that it uses to reconstruct the mappings between global unique identifiers(GUIDs) and type names, so that it can report the more readable type names of Web Parts in its reports.

For information about installing and using SharePoint Configuration Analyzer, see Using SharePointConfiguration Analyzer.

Installing Web Parts By Using Stsadm.exe

To add a new Web Part package to your virtual server, use the following syntax:stsadm.exe -o addwppack -filename <path to Web Part Package> [-url <URL>]

[-globalinstall]

-filename specifies the path to the cabinet file containing the Web Parts and associated resources. -url optionally specifies the URL of the virtual server on which to install the Web Parts. To install the Web

Parts on every virtual server on a server, omit the -url parameter. -globalinstall tells Stsadm.exe to install the Web Parts in the global assembly cache (GAC) rather than in the

Bin directories of each virtual server.

Assemblies installed in the GAC are available to all applications on the server. This is less secure thaninstalling in Bin directories because it potentially grants a higher level of permission to your assemblies across alarger scope than might be necessary.






Noteso Web Parts must be strongly named to be installed in the GAC. If one or more Web Parts in the Web Part

package are not strongly named, the Web Part package will be installed in the Bin directory and not in theGAC. For more information, see the topic "Code Access Security for Developers" in the SharePointProducts and Technologies 2003 Software Development Kit .

o If you specify both the URL of a single virtual server and the -globalinstall parameter, the Web Part willonly appear in the Web Part Gallery of the virtual server that you specified. However, the assembly willbe installed in the GAC, will run at the Full Trust level by default, and will be available from otherapplications.

In a server farm configuration, if a Web Part package has already been installed on one front-end server, you caninstall the Web Part Package on another server from the configuration database by using the following syntax: stsadm.exe -o addwppack -name <name of Web Part Package> [-url <URL>] [-globalinstall]

-name specifies the name of a Web Part Package. -url optionally specifies the URL of the virtual server on which to install the Web Parts. To install the Web

Parts on every virtual server on the server, omit the-url parameter. -globalinstall specifies to install the Web Parts in the global assembly cache (GAC) rather than in the Bin

directories of each virtual server. Use this flag consistently on all front-end servers of a server farm.

To enumerate the Web Part packages installed on a virtual server, use the following syntax:stsadm.exe -o enumwppacks [-name <name of Web Part Package>] [-url <URL>]

-name specifies the name of a Web Part package. Omitting this parameter specifies to list all Web Partpackages for the virtual server or virtual servers.

-url optionally specifies the URL of the virtual server for which to enumerate the Web Part packages. If -urlis omitted, Stsadm.exe enumerates Web Part packages on every virtual server on the server.

Upgrading Web PartsYou may need to upgrade installed Web Parts on a server or server farm, either to introduce new functionality or todistribute repaired Web Parts in response to bugs or security issues. Upgrading Web Parts is a four-step process:evaluation, notification, installation, and verification.

Evaluation

Evaluate changes to a custom Web Part before upgrading it. As when installing new Web Parts, you shouldverify that changes to the Web Part do not compromise your server security or performance. Make sure thatyour developer community uses the resources available at SharePoint Developer Center and in the SharePointProducts and Technologies 2003 Software Development Kit when designing, coding, and testing new orupdated Web Parts before you agree to deploy them.

Notification

Before upgrading a Web Part package, you should notify everyone in your user community who is using WebParts from the package. An upgraded Web Part may function differently, and an upgraded Web Partdescription (.dwp) file may expose new properties. Failing to notify your user community could result inbroken Web sites and the resultant support calls.

To find all owners of pages containing a Web Part on a virtual server, use the SharePoint ConfigurationAnalyzer tool. SharePoint Configuration Analyzer lists each Web Part installed on a virtual server and, foreach Web Part, lists all of the pages that contain an instance of that Web Part in a Web Part Zone. Using thisinformation, you can contact owners of pages containing Web Parts that are about to be upgraded. For moreinformation about SharePoint Configuration Analyzer, including where to find this tool, see Using SharePointConfiguration Analyzer.







Installation

Installing an upgraded Web Part package is similar to installing a new package. Use the Stsadm.execommand line tool to upgrade the Web Part package.

Verification

As with new Web Parts packages, after upgrading Web Parts to each server, you can verify your installationby using the SharePoint Configuration Analyzer tool.

After upgrading a Web Part assembly, using SharePoint Configuration Analyzer to check the upgrade, andfixing any errors, you should run SharePoint Configuration Analyzer again with the Save state informationoption selected. When you select Save state information, SharePoint Configuration Analyzer creates areference XML file that it uses to reconstruct the mappings between GUIDs and type names, so that it canreport the more readable type names of Web Parts in its reports.

Upgrading Web Parts By Using Stsadm.exe

You use the command-line tool Stsadm.exe to upgrade Web Parts from a Web Part package (in cabinet file format)to a virtual server. In addition to upgrading the Web Part assemblies and optional Web Part Definition (.dwp) files tothe server, Stsadm.exe puts a copy of the Web Part package in the configuration database. In a server farmconfiguration, use this centrally located cabinet file when upgrading the Web Parts from other servers.

The syntax for upgrading a Web Part package on a virtual server is similar to the syntax for installing a new package:stsadm.exe -o addwppack -filename <path to file> -force [-url <URL>] [-globalinstall]

-filename specifies the path to the cabinet file containing the Web Parts. -force instructs Stsadm.exe to overwrite an existing Web Part package with a new version. -url optionally specifies the URL of the virtual server on which to upgrade the Web Parts. If -url is omitted,

Stsadm.exe upgrades the Web Parts in the Bin folder of every virtual server on the server. On servers wherethe Web Parts were not installed, this is equivalent to a new installation.

-globalinstall specifies to install the Web Parts in the global assembly cache (GAC) rather than in the Bindirectories of each virtual server.

In a server farm, if a Web Part package has already been upgraded on one front-end server, you can upgrade theWeb Part package from another server by using the following syntax, where -name specifies the name of the WebPart package: stsadm.exe -o addwppack -name <name of Web Part Package> -force [-url <URL>]

[-globalinstall]

When you upgrade a Web Part assembly that is currently in the global assembly cache, if you omit the -globalinstallparameter, the Web Part assembly will be moved to the Bin folder. When you upgrade a Web Part assembly that iscurrently in the Bin folder, adding the -globalinstall parameter will move the upgraded assembly to the globalassembly cache.

Deleting Web PartsWhen you delete a Web Part on a server, you delete the assembly (that part of the Web Part implementation that isexecutable code) and related resources. Users must remove the Web Part Definition file from any pages that use theWeb Part. Deleting Web Parts is a three-step process: notification, deletion, and verification.

Notification

Before deleting a Web Part assembly, you should notify everyone in your user community who is using theassembly. Deleting Web Parts that are in use will break the functionality of Web pages that are dependent on


the Web Part. Failing to notify your user community could result in support calls as pages stop working asexpected.

To find all owners of pages containing a Web Part on a virtual server, use the SharePoint ConfigurationAnalyzer tool, which lists each Web Part installed on a virtual server and, for each Web Part, lists all of thepages that contain an instance of the Web Part in a Web Part Zone. Using this information, contact owners ofpages containing Web Parts that are to be deleted, so that they can remove instances of that Web Part fromtheir pages. For more information about SharePoint Configuration Analyzer, see Using SharePointConfiguration Analyzer.

NoteÂ Â Because SharePoint Configuration Analyzer does not report on the Web Parts that have beenadded to each site collection gallery, you should also contact all site administrators of site collection galleriesto warn them to remove Web Parts that you are deleting from these galleries.

Deletion

Use the Stsadm.exe tool to delete a Web Part assembly.

Verification

After deleting Web Part assemblies from each server, you can verify the operation using the SharePointConfiguration Analyzer tool. By using this tool, you can find unwanted Web Part assemblies that remain onvirtual servers along with pages that refer to deleted assemblies.

Deleting Web Parts By Using Stsadm.exe

To delete the Web Parts in a Web Part package, use the following syntax:stsadm -o deletewppack -name <name of Web Part package> [-url <url>]

-name specifies the name of the Web Part package. -url optionally specifies the URL of the virtual server on which to delete the Web Parts. If -url is omitted,

Stsadm.exe deletes the Web Parts from the Bin folder of every virtual server on the server or from the globalassembly cache.

NoteÂ Â When you delete the last instance of a Web Parts package on a server or server farm, Stsadm.exe alsodeletes the Web Part package from the configuration database.

Managing the Online GalleryIf your organization runs Windows SharePoint Services over multiple front-end servers, you may want to create yourown online Web Part gallery as a central location for deploying Web Parts to all your sites.

For details on how to implement a custom online Web Part gallery, including the XML schema for communicationsbetween the server accessing the gallery and the server hosting the gallery, see the article Protocols forCommunicating Between Windows SharePoint Services and an Online Web Part Gallery on MSDN.

Specifying an Online Web Part GalleryTo specify an online Web Part gallery for a virtual server:

1. On the Web server, navigate to the folder containing the virtual server, and then, using a text editor such asMicrosoft Notepad, open the web.config file under the following directory:

\Inetpub\wwwroot2. In the web.config file, modify the following line, which is contained in the <SharePoint> element




<OnlineLibrary Url="http://Server/Path"/>

Where Server is the server hosting the online gallery and Path is the path to the .aspx page that implements theonline gallery.

3. Save and close the web.config file.4. Repeat steps 1 through 3 for each virtual server for which you want to specify an online Web Part gallery.

Adding Web Parts to an Online Web Part GalleryAs with all Web Part galleries, a new Web Part added to an online gallery can be implemented either as a Web Partdescription (.dwp) file or as a .dwp file along with a new assembly file. New Web Parts implemented as .dwp filesprovide their functionality by configuring existing assemblies to behave in new ways. New Web Parts that areimplemented as both a .dwp file and an assembly file provide their functionality by implementing new code in theassembly file.

When a new Web Part that has a new assembly is added to an online gallery, the server administrator for each serverthat accesses the online gallery must install the assembly on each server. It is up the owner of the online gallery tocontact each server administrator and provide a method for installing the new assembly, and the administrator of eachserver must evaluate the Web Part before installing its assembly, as with any custom Web Part.

Controlling Access to the Online GalleryYou can configure access to the online gallery for each virtual server. You must be an administrator of the local servercomputer or a member of the SharePoint Administrators group to configure access to the online gallery.

1. On your server computer, click Start, point to Administrative Tools, and then click SharePoint CentralAdministration.

2. On the SharePoint Central Administration page, click Configure virtual server settings.3. On the Virtual Server List page, click the virtual server you want to configure.4. On the Virtual Server Settings page, click Manage security settings for Web Part Pages.5. In the Online Web Part Gallery section, click Enabled to allow access to the online Web Part gallery, or

click Disabled to prevent access to the gallery, and then click OK.

You can also return to using the default server setting for enabling use of the Online Web Part gallery byclicking Restore Defaults.

Allowing Access to the Online Web Part Gallery from Behind aProxy Server or FirewallIf your server is behind a proxy server or firewall, you must also edit the web.config file for each virtual server forwhich you want to enable an online Web Part gallery that is implemented outside of your firewall. In a server farmenvironment, you must edit this file for each virtual server in every front-end Web server in the server farm.

1. On your Web front-end server computer, open Notepad, navigate to the folder containing the virtual serverfor which you want to enable the online Web Part gallery, and then open the web.config file under thefollowing directory:

\Inetpub\wwwroot2. In the web.config file, add the following lines.

<system.net>

<defaultProxy>

<proxy proxyaddress="http://Proxy_Server:port" bypassonlocal = "true"/>

</defaultProxy>

</system.net>

Where Proxy_Server:port is the proxy server or firewall used for your environment.


3. Save and close the web.config file.4. Repeat steps 1 through 3 for each virtual server for which you want to enable access to the online Web Part

gallery.

Allowing Part-to-Part ConnectionsYou specify whether or not users can connect Web Parts to each other for each virtual server. You must be anadministrator of the local server computer or a member of the SharePoint Administrators group to allow part-to-partconnections.

1. On your server computer, click Start, point to Administrative Tools, and then click SharePoint CentralAdministration.

2. On the SharePoint Central Administration page, click Configure virtual server settings.3. On the Virtual Server List page, click the virtual server you want to configure.4. On the Virtual Server Settings page, click Manage security settings for Web Part Pages.5. Select the options you want to enable or disable, and then click OK.

You can also return to using the default server setting for part-to-part connections by clicking RestoreDefaults.

Additional Web Part SettingsThere are additional Web Part options you can set in the Windows SharePoint Services web.config file. Theweb.config file is a text file containing custom XML elements. You can edit this file using a text editor, such asMicrosoft Notepad. The web.config file for the default virtual server is located in the C:\Inetpub\wwwroot\ folder.When a virtual server is extended with Windows SharePoint Services, a top-level web.config file is placed within thecontent root folder of the extended virtual server.

The following is a summary of these additional Web Part options and their values.

Setting Safemode AttributesThere are two safe mode attributes:

MaxControls specifies the maximum number of server-side controls (controls with the HTML Elementattribute runat = "server") on a Web Part Page, including Web Parts, static Web Parts (that is, Web Parts notin a zone), and Web Form Controls. The default value is 50.

CallStack shows or hides many (but not all) ASP.NET exceptions that may occur in addition to the initialerror reported in the SharePoint Error page. You can do the following:o To show these messages, set CallStack to "true".o To hide these messages, set CallStack to "false". This is the default.

You might set this attribute to "true" for developers who are testing Web Parts so they can view thesemessages on a remote computer. You must also set the customErrors mode in the <system.web> section to"On".

Setting CallStack to "true" also enables stack tracing.

NoteÂ Â Except when debugging, CallStack should be set to "false." Setting CallStack to "true" on a productionWeb server will make your Web server less secure.

The following example sets the safe mode attributes to their default values:


<SharePoint>

<SafeMode MaxControls="50" CallStack="False" />

</SharePoint>

<system.web>

<customErrors mode="On" />

</system.web>

Setting WebPartLimits AttributesThere are two Web Part limit attributes:

MaxZoneParts specifies the total number of Web Parts allowed within all Web Part zones on a Web PartPage.

PropertySize specifies the maximum number of bytes used to store Web Part properties on the server.

The following example sets the Web Part limit attributes to their default values:

<SharePoint>

<WebPartLimits MaxZoneParts="50" PropertySize="1048576" />

</SharePoint>

Configuring Web Part CachingWebPartCache Storage specifies how a Web Part is cached on the server, if at all. You can enter one of thefollowing values:Value DescriptionNone Prevent caching Web Parts on the server.

CacheObjectUse ASP.NET Web server memory caching. This is thedefault. In general, this value helps improve performance ifyour site is installed on a single server.

DatabaseCache Web Parts in site server database. In general, thisvalue helps improve performance if your site is installed ona server farm.

The following example sets the Web Part cache storage attribute to its default value:

<SharePoint>

<WebPartCache Storage="CacheObject" />

</SharePoint>

NoteÂ Â A Web Part must implement caching to take advantage of the server or database cache. Developing WebParts that use caching is described in the SharePoint Products and Technologies 2003 Software Development Kit .

Setting Web Part Timeout ValuesWebPartWorkItem Timeout specifies a timeout value in milliseconds for any asynchronous child processes startedby a Web Part. The default value is 7000.

The following example sets the Web Part work item timeout to its default value:

<SharePoint>

<WebPartWorkItem Timeout value="7000" />

</SharePoint>



Setting the Default Security Policy and Trust LevelYou can define and specify a default security policy and trust level for all Web Parts installed on the site server byusing two configuration files. There are two default policies:

WSS_MinimalÂ Â A copy of the ASP.NET web_minimaltrust.config file with WebPartPermission.Connectionsenabled. This is the default.

WSS_MediumÂ Â A copy of ASP.NET web_mediumtrust.config file with WebPartPermission.Connectionsand SharePointPermission.ObjectModel enabled.

The following example defines and sets a minimal trust level

<system.web>

<securityPolicy>

<trustLevel name="WSS_Minimal" policyFile="C:\Program Files\Common Files\Microsoft

Shared\Web Server Extensions\60\config\wss_minimaltrust.config" />

</securityPolicy>

<trust level="WSS_Minimal" originUrl="" />

</system.web>

The following example defines and sets a medium trust level

<system.web>

<securityPolicy>

<trustLevel name="WSS_Medium" policyFile="C:\Program Files\Common Files\Microsoft

Shared\Web Server Extensions\60\config\wss_mediumtrust.config" />

</securityPolicy>

<trust level="WSS_Medium" originUrl="" />

</system.web>

For a full discussion of setting trust levels, see the topic "Code Access Security For Administrators" in the SharePointProducts and Technologies 2003 Software Development Kit .

The SafeControls ListTo register a Web Part as a safe control for use in Windows SharePoint Services, in the SafeControls block, add aSafeControl element that specifies the Web Part in the top-level web.config file of the virtual server. When you addand delete Web Part assemblies using the Stsadm.exe tool, this is handled by Stsadm.exe.

The following example, from the SharePoint Products and Technologies 2003 Software Development Kit, registers asample Web Part as a SafeControl:

<SafeControls>

<SafeControl

Assembly="SimpleWebPart, Version=1.0.0.0, Culture=neutral,

PublicKeyToken=def148956c61a16b"

Namespace="MyWebParts"

TypeName="*" >

.

.

.

<\SafeControls>





Related TopicsFor an overview of Web Parts, see About Web Parts.

For information on using SharePoint Configuration Analyzer, see Using SharePoint Configuration Analyzer.

For information on managing a site collection Web Part Gallery, see Managing a Site Collection Web Part Gallery.

For information on developing custom Web Parts, see SharePoint Products and Technologies 2003 SoftwareDevelopment Kit .





Using SharePoint ConfigurationAnalyzerSharePoint Configuration Analyzer is a tool that you can download from the Microsoft Download Center to analyzeand report on your Microsoft Windows SharePoint Services installation and content. SharePoint ConfigurationAnalyzer reports on a wide range of configuration errors and also copies a set of log files, configuration files, andother data to a results folder for further analysis or archiving.

SharePoint Configuration Analyzer is particularly useful for analyzing and troubleshooting Web Parts on your servers.For example, you can configure SharePoint Configuration Analyzer to list each Web Part installed on a virtual serverand to report on all of the pages that contain an instance of each Web Part. This is useful when upgrading a Web Partto a newer version or when deleting a Web Part. Before upgrading or deleting the Web Part, run SharePointConfiguration Analyzer with these options selected. Then, by using the usage data, contact all owners of pagescontaining the Web Part you are about to upgrade or remove, giving them notice of the impending change.

NoteÂ Â SharePoint Configuration Analyzer is not supported, and is available as is. It does not change the state ofyour Windows SharePoint Services nor does it repair errors that it reports. SharePoint Configurration Analyzer onlycopies its analysis results, along with any configuration files, log files, or other data that you requested, to its resultsfolder, as described in this topic and in the SharePoint Configuration Analyzer Help.

Service Pack 2 NoteService Pack 2 allows virtual servers extended with Windows SharePoint Services to be bound to a static IPaddress. When SharePoint Configuration Analyzer is run after applying Service Pack 2 and an IP-bound virtual serveris configured you will receive the following error message in the IIS Settings section: A virtual server is bound to a static IP address. This is not supported in Windows SharePoint Services.

This error can be ignored if Service Pack 2 has been installed and an IP-bound virtual server has been configured inIIS. This issue might be resolved in future versions of SharePoint Configuration Analyzer.

What is SharePoint Configuration Analyzer?SharePoint Configuration Analyzer is a diagnostic tool that verifies settings on your server that are critical to runningMicrosoft Windows SharePoint Services or Microsoft SharePoint Portal Server and to hosting Web Parts on yourserver. SharePoint Configuration Analyzer also reports on Web Part usage on your server and retrieves a set of logfiles, configuration files, and Web Part packages used by Windows SharePoint Services and Internet InformationServices (IIS). In a server farm configuration, running SharePoint Configuration Analyzer on each front-end server is auseful way to find and repair inconsistencies in server configurations and to ensure that all Web Part assemblies aredeployed on all front-end servers.

When you run SharePoint Configuration Analyzer, you choose from a set of verification and information retrievaloptions. Verification options analyze aspects of each virtual server's configuration and report on error conditions.Information retrieval options gather information you request without verifying the data.

SharePoint Configuration Analyzer verifies the following and reports any errors it finds: Microsoft Internet Information Services (IIS) settings match Windows SharePoint Services requirements. Web Part and Web Control assemblies are installed in a way that is compatible with IIS. All virtual directories for a virtual server share the same application pool.



Web Part and Web Control assemblies listed in the SafeControls list exist. Web Part instances on pages are associated with Web Part assemblies. Policy files listed in Web.config files exist. A copy of Microsoft.sharepoint.dll is not installed in the \bin directory.

In addition to verifying the above information, SharePoint Configuration Analyzer can retrieve the following: List of all application pools for the virtual server. Web.config files found in the following folders:

o /<wssroot>/o /<wssroot>/_vti_bin o /<wssroot>/_layoutso /<wssroot>/o /<wssroot>/wpresourceso /<wssroot>/_wpresources

All security policy files that are referred to from the root Web.config file. All IIS and Windows SharePoint Services log files. The application and server event logs, which are copied to a tab-delimited file. List of all Web Parts and Web Controls listed in the SafeControls list. For each Web Part type found in the database, a list of the pages that contain an instance of that Web Part. List of all Web Part packages installed in the Global Assembly Cache (GAC) and \bin directories. List of all files contained within the main application root.

NoteÂ Â SharePoint Configuration Analyzer also lists general information about the Web server and SQL databasesused by . Some of this information is sensitive. Because of this, you should view the output results of SharePointConfiguration Analyzer by using the administrator's account used to run SharePoint Configuration Analyzer.

Installing SharePoint Configuration AnalyzerYou must install SharePoint Configuration Analyzer on the server running . In a server farm configuration, installSharePoint Configuration Analyzer on every front-end Web server.

To install SharePoint Configuration Analyzer:1. Run the installation program from the Microsoft Download Center. 2. In the Unzip to folder field, enter a folder in which to install SharePoint Configuration Analyzer, such as

C:\Program Files\SharePoint Configuration Analyzer, or click Browse and point to a folder.3. Click Unzip to complete the installation.

Using SharePoint Configuration AnalyzerNoteÂ Â To use SharePoint Configuration Analyzer, you must be a member of the local Administrator group on theserver or servers running Windows SharePoint Services and on the server running Microsoft SQL Server 2000 orMicrosoft SQL Server 2000 Desktop Engine (Windows) (WMSDE). For best results, run SharePoint ConfigurationAnalyzer by using the same account that was used to install Windows SharePoint Services.

Start SharePoint Configuration Analyzer1. On your server, use Windows Explorer to locate the SharePoint Configuration Analyzer program, Sca.exe. 2. From Windows Explorer, double-click Sca.exe.

Specify general parameters1. In the Server address field, type the URL of the virtual server or, if your server is configured in scalable

hosting mode, type the fully-qualified host name of the server that you want to analyze.



To analyze only the single site collection at the virtual server's address, clear the Include all site collectionscheck box. Include all site collections is selected by default, specifying that all site collections on the virtualserver should be analyzed.

2. To start the analysis at the top-level Web site of a specific site collection, rather than analyzing the entirevirtual server, in the Site collection path field, type the path to a Web site collection.

If you choose this option, SharePoint Configuration Analyzer will limit its analysis to the database used by thespecified site collection.

3. To package the SharePoint Configuration Analyzer results in a Microsoft cabinet (.cab) file, click Packageresults into .cab file.

When you select this option, SharePoint Configuration Analyzer creates a .cab file named "VirtualServerName_PortNumber_AnalyzerPackage_time.cab" and stores it in the SharePointConfiguration Analyzer's results folder. The CAB file includes copies of the log files, configuration files, andother data that you specified.

NoteÂ Â Along with optionally creating a .cab file, SharePoint Configuration Analyzer always creates afolder, named "VirtualServerName_PortNumber_AnalyzerPackage_time, that contains the set of data itfinds.

4. Click Explore results to view the expanded results folder when SharePoint Configuration Analyzer finishes.

NoteÂ Â If you don't select Explore results, you can view the expanded results by clicking the message"Last analysis folder: MyServerName_PortNumber_AnalyzerPackage_time" in the status bar at the bottomof the SharePoint Configuration Analyzer window after you run SharePoint Configuration Analyzer.

Specify analysis optionsSharePoint Configuration Analyzer has a set of verification options and options that specify which log files andconfiguration files to include in the results.

Choose one or more of the following analysis options:Option Description

Verify IIS settings

Verifies that the IP address bindings in Internet InformationServices (IIS) match Windows SharePoint Servicesrequirements. SharePoint Configuration Analyzer flags thefollowing IIS configurations because they are not supported byWindows SharePoint Services:

Static IP address binding. IIS is configured so that multiple host header names are

assigned to a single IP address, and Web Part DLLsare installed outside of the global assembly cache(GAC).

This option also lists all application pools and associated virtualservers.

Retrieve web.config files

Retrieves web.config files for the application root (usuallylocated at \inetpub\wwwroot), _vti_bin, _layouts,_wpresources, and wpresources virtual directories. This optionalso retrieves any security policy files referenced by theapplication root web.config file.


Retrieve IIS and SharePoint Services log files Retrieves all log files generated by IIS and all files with .log and.txt extensions generated by Windows SharePoint Services.

Retrieve server event logs

Retrieves the application and server event logs and stores themin tab-delimited files for easy viewing in a spreadsheet programsuch as Microsoft Excel.

NoteÂ Â Depending on the size of the server event log files,this operation could take SharePoint Configuration Analyzer along time to complete.

Verify SafeControl assemblies

Verifies all Web Parts and Web Controls assemblies found inthe SafeControls list (taken from the application root'sweb.config file). Verification includes:

Making sure the assemblies exist. Determining the location of each assembly (the GAC or

the Local_drive:\inetpub\wwwroot\bin directory). Listing all public Web Part and Web Control types

contained in these assemblies. Reporting any conflicts between the assembly location

and the Web server configuration (such as installingDLLS in the \bin directory in some IIS configurations).

After the assemblies have been verified, SharePointConfiguration Analyzer performs additional steps to finddiscrepancies between the use of Web Parts, as reflected in thedatabase, and the Web Part assemblies listed in the web.configfile. SharePoint Configuration Analyzer lists all pages with oneof these database errors:

Web Part instances on pages that are not accountedfor in the assemblies listed in the SafeControls list.

Uncompressed Web Parts. An uncompressed WebPart is one in which the properties of the Web Part arewritten directly in a Web page, rather than referencedfrom a .dwp file. When a page with an uncompressedWeb Part is saved, Windows SharePoint Servicesremoves the Web Part properties and other markupfrom the page and saves that data. Althoughuncompressed Web Parts are not errors, if a user getsan error when trying to view a Web Part, but the WebPart assembly is properly installed and configured, thiscould indicate an uncompressed Web Part for which themarkup is insufficient to initialize the Web Part.

NoteÂ Â The scope of the database scan is dependent on thevalue of the Site collection path field.


Create Web Part usage report

If you select Verify SafeControl assemblies, you can selectCreate Web Part usage report to generate, for each WebPart installed on the virtual server, a list of the pages that containan instance of that Web Part. For example, it is useful togenerate this list before upgrading a Web Part to a newerversion so that you can contact all users of the Web Part beforeupgrading it. This option is deselected by default because it maytake a long time to complete.

The Web Part usage report is displayed in the Analysis Resultspane and is also stored in an XML file namedWebPartUsageReport.xml.

NoteÂ Â If you are running SharePoint Configuration Analyzeron a server farm, select this option on only one of the front-endWeb servers. This will generate a complete usage reportcovering all sites on the server farm. Because the Create WebPart usage report option is the most resource-intensive task,generating this report on multiple front-end servers will slowdown your server farm environment needlessly.

Save state information

Web Parts have a type name, such asMicrosoft.SharePoint.Sample.WebPart, along with a globallyunique identifier (GUID) value. Some configuration errors, suchas a missing assemblies, make it difficult for SharePointConfiguration Analyzer to associate a GUID with its relatedtype name. When you select Save state information,SharePoint Configuration Analyzer creates a reference XMLfile, named VirtualServerName_PortNumber_VirtualServerStateData.xml. In subsequent sessions,SharePoint Configuration Analyzer uses this file to reconstructthe mappings between GUIDs and type names, and reports themore readable type names in error messages and Web Partusage reports.

For best results, run SharePoint Configuration Analyzer with Save state information selected after installing WindowsSharePoint Services to create a "snapshot" of the installed WebParts, and repeat this each time that you install or update WebParts packages to keep the state information up to date.

NoteÂ Â When using SharePoint Configuration Analyzer in aserver farm environment, you should run SharePointConfiguration Analyzer with Save state information selectedon every virtual server.

List Web Part packages

Lists all Web Part packages installed in the GAC or Local_drive:\inetpub\wwwroot\bin directory. To also retrievethe packages, click Retrieve packages, and they will beadded to the results folder and CAB file. Note that Retrievepackages is cleared by default because this option can betime-consuming.

List application files Lists all files contained within the main application root (forexample, c:\inetpub\wwwroot).


Start the analysis After specifying general and analysis options, click Go.

Exit SharePoint Configuration Analyzer To exit SharePoint Configuration Analyzer, on the File menu, click Exit.

SharePoint Configuration Analyzer ResultsBy default, SharePoint Configuration Analyzer packages its results in four ways:

In a folder, named VirtualServerName_PortNumber_AnalyzerPackage_time, in the folder in whichSharePoint Configuration Analyzer is installed.

In the SharePoint Configuration Analyzer's Analysis results pane. In an optional Microsoft cabinet (.cab) file, named VirtualServerName_PortNumber_AnalyzerPackage_

time .cab. In the XML file, Analyzer.log, which is stored in the results folder.

For a full description of the results returned by SharePoint Configuration Analyzer, see the SharePoint ConfiguationAnalyzer Help.



Backup and Restore Options forWindows SharePoint ServicesThere are several methods you can use to back up and restore data for Microsoft Windows SharePoint Services.Each of these methods allows you to back up and restore data, but each method acts at a different level of granularityand may require different permissions. You can back up and restore data for Windows SharePoint Services by usingthe following methods:

Use the Microsoft SQL Server 2000 tools to back up the databases.

You can use the backup tools included with SQL Server 2000 to get a full-fidelity, complete backup of thedatabases used by Windows SharePoint Services on your server or server farm. When you use this method,you back up and restore the entire configuration database and each content database on your server or inyour server farm. You can then restore any or all of these databases. You must be running SQL Server 2000,not Microsoft SQL Server 2000 Desktop Engine (Windows) (WMSDE), to be able to use this backupmethod, and you must be an administrator on the local server computer that is running SQL Server. Thisoption is the most secure of the backup and restore options described in this topic.

For more information about backing up databases in SQL Server, see "Backing Up and Restoring Databasesby Using the SQL Server 2000 Tools" in the Windows SharePoint Services Administrator's Guide and theHelp system for SQL Server 2000.

Use the Stsadm.exe command-line tool to back up individual site collections.

You can get a full-fidelity, complete backup or restore of an entire site collection by using the Stsadm.execommand-line tool with the backup and restore operations. This method of backing up and restoring datadoes not require SQL Server 2000. However, you must still be an administrator on the local server computerthat is running Windows SharePoint Services in order to perform this method of backing up and restoring.

For more information about backing up site collections by using the Stsadm.exe command-line tool, see Backing Up and Restoring Web Sites.

Use the Microsoft SharePoint Migration Tool (smigrate.exe) to back up individual sites and subsites.

You can back up and restore individual sites or subsites by using the SharePoint Migration Tool. This methodis not full-fidelity; you may lose some customizations or settings in the process. For example, security settingsfor the site, such as user membership in site groups, cannot be restored when you use the SharePointMigration Tool. However, with this backup method, you do not need to be an administrator on the localserver computer. Any member of the Administrator site group for a site or subsite can use this method.

For more information about backing up sites and subsites by using the SharePoint Migration Tool, see Migrating and Upgrading Web Sites.

The following table describes the scope and limitations of each backup and restore method, and the permissionsrequired to perform each.Method Scope Limitations Required permissionsSQL Server 2000 Backupand Restore Database None Administrator on local

server computerStsadm.exe Backup andRestore Site collection None Administrator on local

server computer


SharePoint Migration ToolSite Migration Site or subsite

Some customizations orsettings may not migrate.

Does not migrate securitysettings.

Member of Administratorsite group for the site orsubsite

Running Microsoft SQL Server tools frequently (such as once a week) can be costly to an organization. Also, thesetools support backup and restoration at the database level only, making it impractical to restore single sites or sitecollections. The Stsadm.exe command-line tool supports complete backup and restoration at the site-collection level,including security settings. It is ideal for targeted backups and is less costly to run.

A practical and effective backup strategy for your Windows SharePoint Services installation is to use both of thesetools. At longer intervals, such as monthly, back up your entire set of databases using the Microsoft SQL Servertools. At shorter intervals, such as weekly, run Stsadm.exe to back up just those site collections that have changed.This will facilitate quick recovery of lost items with a minimum of space usage, while the Microsoft SQL Server toolsbackups are available for large-scale disaster recovery.



Backing Up and RestoringDatabases by Using the SQLServer 2000 ToolsWith Microsoft Windows SharePoint Services, you can back up and restore information about your serverconfiguration and about each site you host on your server or server farm. You can back up and restore theconfiguration database and content databases for your server or server farm. This backup and restore method allowsyou to recover from a server failure. You must be running Microsoft SQL Server 2000 to perform a database backupand restore.

NoteÂ Â You can also back up and restore individual Web sites hosted on your server or server farm. This backupand restore method is not dependent on the type of database you are using. You can perform this backup and restoreeven if you are running Microsoft SQL Server 2000 Desktop Engine (Windows) (WMSDE) instead of SQL Server2000. For more information, see Backing Up and Restoring Web Sites.

In Windows SharePoint Services, all server and site configuration information is stored in the configuration database,and all site content is stored in content databases. If you want to back up all the Windows SharePoint Servicesinformation on your server or server farm, you must back up these databases by using the SQL Server 2000 backupand restore tools.

NoteÂ Â You must be running SQL Server 2000 SP3 to back up and restore the databases used by WindowsSharePoint Services. If you are running WMSDE, you can use the client tools for SQL Server 2000 to back up andrestore WMSDE databases, but there is no provision for backing up and restoring from WMSDE itself. If you wantto upgrade from WMSDE to SQL Server so that you can use the backup and restore tools for SQL Server andperform other database server tasks, see Migrating from WMSDE to SQL Server.

Backing Up the DatabasesIf you installed Windows SharePoint Services with SQL Server on the same computer, the configuration and contentdatabases are stored under \Program Files\Microsoft SQL Server\MSSQL\Data by default. If you are in a serverfarm or remote SQL Server environment, the databases are stored on another server or multiple servers. There isalways one configuration database for the entire server or server farm, and there is at least one content database.

Before you can back up the databases, you must identify which databases you need. By default, the databases arenamed as follows:

The configuration database is named sts_config.mdf by default. Note that this is only the default name. Whenyou created the configuration database, you had the option to specify a different name.

The content databases are created with names based on the server name by default. For example,STS_server_name_1.mdf, STS_server_name_12.mdf, and so on. The database names are not sequential.Again, you may have chosen a different naming scheme for the content databases when you created them.

You use the SQL Server 2000 backup and restore tools to back up these databases. Be sure to back up both theconfiguration database and all of the content databases used by Windows SharePoint Services. To find out how toback up databases in SQL Server, see the SQL Server documentation.

NoteÂ Â When you back up the database using the SQL Server 2000 tools, the backup file includespersonalizations made by site users and personal data about site users. This data is also included when you restore


from a backup. As part of your own internal privacy policies, you may want to inform users that this data is collectedand stored during database backups.

Restoring from a BackupCreating regular backups allows you to restore your servers and sites in case they happen to fail. To restore a serveror server farm from a database backup, you must perform the following steps.

1. On your server, or on the front-end Web servers in your server farm, in Internet Information Services (IIS),create the virtual servers to host your Web site content.

For more information about creating a virtual server, see Extending Virtual Servers.2. Using the SQL Server restore tools, restore the databases from the backups.

For more information about restoring databases in SQL Server, see the SQL Server documentation.3. In IIS, create the application pools for the content virtual servers.

Be sure that you use domain accounts for the application pools, and that these accounts are members of theSecurity Administrators and Database Creators roles in SQL Server. For more information about creatingapplication pools, see the Help system for Internet Information Services.

4. On your server or front-end Web servers, install Windows SharePoint Services, and connect to the restoredconfiguration database.

For more information about installation, see the appropriate deployment scenario:o Single Server Deploymento Remote SQL Server Deploymento Server Farm Scalable Hosting Mode Deploymento Configuring Two Virtual Servers to Host the Same Contento Separate Active Directory Directory Service Organization Unit Deployment

NoteÂ Â When you install Windows SharePoint Services and connect to an existing configurationdatabase, the included and excluded paths for your server or server farm are automatically recreated. Formore information about included and excluded paths, see Managing Paths.

5. Set the default content database server to the restored database server.

You can use the Set Default Content Database Server page in SharePoint Central Administration. For moreinformation, see Managing Content Databases.

6. Extend each virtual server for your server or server farm using the Extend and map to another virtualserver option on the Extend Virtual Server page, or by using the extendvsinwebfarm command-lineoperation.

This option allows you to connect a new virtual server to a restored content database. Repeat this step foreach new virtual server. For more information about mapping one virtual server to another virtual server, see Extending Virtual Servers.

7. Add any additional content databases that have been restored.

Use the Manage Content Databases page in SharePoint Central Administration to add content database to avirtual server. Repeat this step for each virtual server. For more information, see Managing ContentDatabases.

NoteÂ Â As you reconnect the content databases to your virtual servers, the Web sites for those contentdatabases are restored. Note that only Web sites contained in the list of included paths for the virtual serverare restored.

When you have completed these steps, your restoration is complete. All sites included in your backup should beWindows SharePoint Services Administrator's Guide Página 248 de 382

functioning again, complete with the site content, users, and settings as they were when the sites were backed up.©2003 Microsoft Corporation. All rights reserved.


Backing Up and Restoring WebSitesWith Microsoft Windows SharePoint Services, you can back up and restore individual Web sites hosted on yourserver or server farm. You can use this backup and restore method to replace a site that has become corrupted, orthat contains changes that need to be rolled back. This backup and restore method is not dependent on the type ofdatabase you are using. You can perform this backup and restore method even if you are running Microsoft SQLServer 2000 Desktop Engine (Windows) (WMSDE) instead of Microsoft SQL Server 2000 or SQL Server 2005.

CautionÂ Â Previous versions of this guide recommended using regular backup operations to allow recovery ofsingle document or list items. This usage is no longer recommended. Because the backup operation involves reading alarge amount of data, running the backup process frequently can interfere with the performance of the system,including blocking end users' access to their sites. If you need a solution for quick recovery of deleted documents orlist items, you might want to consider creating a recycle bin by using the Windows SharePoint Services object model.For more information about using the object model to create a recycle bin, see the Add a Recycle Bin to WindowsSharePoint Services for Easy Document Recovery article on the MSDN Web site.

If you need to back up a specific site, rather than a whole installation of Windows SharePoint Services, you can do soby using the backup and restore operations with the Stsadm.exe command-line tool. You do not need SQL Server2000 or SQL Server 2005 to perform a site-by-site backup. If you are using WMSDE, this is the only backup andrestore option that is available.

When you back up a Web site, you back up the content database for the site, including all pages in the site, files indocument libraries or lists, security and permission settings, and feature settings. The backup process creates a singlefile that contains all of this data. You can then restore your site to either the same location or to a new location. Youcan back up only top-level Web sites, not individual subsites. The backup file for a top-level Web site includes anysubsites of that site.

You must be a member of the server computer's administrators group or a member of the SharePoint administratorsgroup to be able to back up or restore a site.

About Site Backup and RestoreSite backup and restore is intended to help you reconnect sites that have become corrupted or need to be restored toa previous state. This process is not intended for moving a site to a new server. If you want to move a site, use theMicrosoft SharePoint Migration Tool (smigrate.exe) instead. For more information, see Migrating and UpgradingWeb Sites.

When using site backup and restore, keep the following items in mind: You can automate the backup process by using a batch file, a script, or the Scheduled Tasks item on

Microsoft Windows Control Panel.

You can use the object model to include the backup operation in a scripted procedure. For moreinformation, see the Microsoft SharePoint Products and Technologies Software Development Kit.

If you are using SQL Server 2000 or SQL Server 2005 as your database, using the stsadm.exe utility as theprimary backup and restore solution for Windows SharePoint Services is not recommended. Backing up sitesexclusively with stsadm.exe can cause locking issues that prevent users from accessing their SharePoint sites.Instead, it is recommended that you use the backup tools in SQL Server, because they will not cause lockingissues and are better suited for server-farm-wide backups. Note that WMSDE does not have Enterprise




Management functionality for backing up databases. Site backup and restore affects performance and can cause access errors.

The process of backing up and restoring sites takes up both memory and processing power on your server. Inaddition, if you have many sites, or a large amount of data in your sites, the backup process can take a longtime, and might result in access errors for your users. If you choose to schedule automatic backups in a batchfile or script, be sure to run the backup process when server usage is minimal or, optimally, when there are nousers accessing data on your sites.

Site backup and restore are not designed to be used when the server is under active load.

If a site is in use when the backup operation is run, the data in that site may continue to change throughout theoperation. The resulting backup file may be inconsistent with the actual state of the site and, if you restore thisfile, the restored site or database will be inconsistent as well.

Sites with duplicate names cannot not be restored.

This could be a problem in the following situation. If you have two virtual servers, with separate contentdatabases for each virtual server that are only listed by relative paths in the configuration database, the sitenames may conflict. For example, if the configuration database lists the site names without thehttp://server_name prefix, you could have several sites that use the same path. For example,http://server_1/sites/site1 and http://server_2/sites/site1 could both be listed in the configuration database as/sites/site1 even though they are on separate virtual servers. In this case, the sites will not be restoredcorrectly, and you will see an error in the restore log file.

You must have the appropriate language packs installed to successfully restore a site.

If a site you are restoring to a new server used a specific language pack, you must add the language pack tothe new server before restoring the site or update the new server with the language pack after you restore. Ifyou do not add the language pack, users who browse to the site or any subsites will see a "file not found"error.

Restoring Sites in Active Directory Account Creation Mode When restoring a site that was running in Active Directory account creation mode, the destination site must also berunning in Active Directory account creation mode. Further, you cannot restore a site that was not running in ActiveDirectory account creation mode to a server that is running in Active Directory account creation mode.

ImportantÂ Â Do not run the both the original and the restored sites simultaneously. Doing so creates security risks as it

allows users from the backup site to have full access to the restored site, and all user management changes toone site will apply to the other site.

When deleting either the original or restored site, make sure that you specify the -deleteusers false optionon the stsadm.exe command line or users from both sites will be deleted from Active Directory service. Forexample: stsadm â€“o deletesites â€“deleteusers false

Using the Backup OperationTo back up a site, you use the backup operation with the Stsadm.exe command-line tool. The backup operationtakes the following parameters.Parameter Required? Description

-filename yes Backup filename. For example,backup.dat.

-url yes Web site URL. For example,http://server_name/site.


-overwrite no

Overwrite any existing backup file orWeb site. By default, the backupoperation does not overwrite files. Ifyou do not specify this parameter anda backup file or Web site exists, theoperation will stop.

The filename parameter can take any of the following types of information: A filename, such as backup.dat A path on the local hard disk, such as c:\backups\backup.dat A path on a network share, such as \\share\folder\backup.dat

NoteÂ Â Before you run the backup operation, you may want to list all of your sites and identify which sites to backup. To see a list of sites on your server, you can use the enumsites operation. Listing the sites with enumsites canbe useful when you are automating backups. You can include enumsites in your batch file, parse the list of sites, andthen walk through the list of sites to create the backups. The enumsites operation uses the following syntax: stsadm.exe -o enumsites -url <url>

To perform a simple backup of a site, you would use syntax similar to the following:

stsadm.exe -o backup -url http://server_name/site -filename backup.dat

To back up a site and overwrite an existing backup file, you would use syntax similar to the following:

stsadm.exe -o backup -url http://server_name/site -filename c:\backups\backup.dat

-overwrite

Using the Restore OperationTo restore a site, you use the restore operation with the Stsadm.exe command-line tool. The restore operationtakes the same parameters as the backup operation: filename, url, and overwrite.

You have three options for restoring sites from a backup. You can restore a site over an existing site.

Use this option with caution. When you overwrite an existing site, the existing site is completely overwritten.You cannot merge sites. Any existing site content, and existing site permissions, are destroyed when youoverwrite a site.

You can restore a site to a new site on the same server.

This is the recommended option. When you restore a site to a new site on the same server, you can copy thedata from the restored site, and paste it back into the original site. Use this method if you are restoring a siteto recover data.

NoteÂ Â In order for the restore operation to work correctly, the included and excluded paths for yourvirtual server must be configured properly. If you are restoring a site to a new site, be sure to create anincluded path for the site, if necessary, before restoring the site.

You can restore a site to a separate server, with a separate installation of Windows SharePoint Services thatuses a copy of the original server's configuration database.

This is a more complicated scenario, but it gives you the ability to set up two versions of the same site, as inthe previous option, but with the ability to use the unused Web site deletion feature to remove the site


automatically after a specific time period. For more information about automatically deleting unused Websites, see Managing Unused Web Sites.

NoteÂ Â If you are trying to recover a particular list or list item from a site backup, use this method torestore the site, and then copy the list or item from the restored site back to the original site.

To restore a site from a backup file, either to a new site or a separate server, you would use syntax similar to thefollowing:

stsadm.exe -o restore -url http://server_name/site -filename backup.dat

To restore a site from a backup file on a server share, and to overwrite any existing site at the new location, youwould use syntax similar to the following:

stsadm.exe -o restore -url http://server_name/site -filename \\share\folder\backup.dat

-overwrite

About GUIDs and Restoring Site CollectionsIf you attempt to restore a backup of a site collection more than once to the same content database, you may get thefollowing error message: "No content databases are available for restoring this site collection. Create a new contentdatabase and then try the restore operation again." This is because the globally-unique identifiers (GUID) for lists arepreserved in the backup file and reused during restore, but the content database requires list GUIDs to be unique.Therefore, you cannot restore a site collection twice to the same content database, and must instead use a differentcontent database.



Migrating and Upgrading WebSitesIf you have been using SharePoint Team Services 1.0 from Microsoft, you probably have several Web sites that youneed to move to new servers running Microsoft Windows SharePoint Services. You may also have new Web sitesbased on Windows SharePoint Services that you want to move to another URL or another Internet Service Provider,for example. To accomplish these tasks, you use the Microsoft SharePoint Migration Tool (smigrate.exe).

For larger scale site migration in Windows SharePoint Services, such as moving a site collection to a new server, usethe full backup and restore features for Windows SharePoint Services. For more information, see Backing Up andRestoring Web Sites.

When you use the SharePoint Migration Tool, you must actually perform two separate operations: First, you back upthe site to a file, and then you restore the site to the new location. During the backup process, you specify the URLfor the Web site and the backup file to create. You can also specify the scope of the site migration (whether tomigrate just the top-level Web site, or whether to migrate the top-level Web site and any subsites). During the restoreprocess, you specify the new URL and the backup file to restore from.

If you are upgrading from SharePoint Team Services 1.0 to Windows SharePoint Services, you can also specifywhether to migrate the security settings for the site. Migrating security settings includes all of the following:

The list of user roles and associated rights The list of user accounts and role membership The anonymous access settings The setting for inherited or unique permissions for the site

Before you migrate a site, be sure that all of the settings are the way you want them to be in your destination site.Note that if a user account cannot be verified in the domain, and you are not using Active Directory account creationmode, the account will not be restored.

When restoring a site, it's often helpful to create an account specifically for this purpose. This is beneficial because theSharePoint Migration Tool will substitute the name of the account performing the restore in places where the accountof the author or the last person who modified the content is unavailable. For example, if you create an account named"SharePoint Migration" and then use that account to restore a site, users will see "SharePoint Migration" as the authorof list items whose author was unavailable.

If the site you are backing up or restoring is large, it can take quite a while to process. For example, a site with about4.5 gigabytes (GB) of data can take up to 3 hours to back up. The same site can take up to 3 hours to restore,because so many files must be uploaded to the new server. The more files included in a site, the longer the restoreprocess will take. As a general performance guideline, you will have the best backup/restore performance when usingseparate computers for each task. An example of such a configuration is:

One computer running smigrate.exe One or more computers running as front-end Web servers One or more computers running as SQL backend servers

CautionÂ Â If you are using the SharePoint Migration Tool to migrate and upgrade a site from SharePoint TeamServices 1.0 or FrontPage 2002 Server Extensions from Microsoft to Windows SharePoint Services, be aware thatseveral features or types of customizations supported in these environments will not migrate properly or will not workin a migrated site. For a list of items that you must re-create or work around, see "Upgrade Considerations" in theWindows SharePoint Services Administrator's Guide.


You can migrate a site to a new virtual server, to a new top-level Web site on an existing virtual server, or to a subsiteunder an existing top-level Web site. No matter what level the site is, when you restore the site, you must create ablank site at the destination without applying a site template. For more information about creating a new virtual server,see Extending Virtual Servers. For more information about creating sites, see Creating Sites and Subsites. Follow thesteps to create the site, but when prompted to select a site template, close the browser window and do not apply anytemplate (including the Blank Site template) or the restore operation will fail.

NoteÂ Â Some of the steps in this topic require changing settings in Microsoft Internet Information Services (IIS) orMicrosoft SQL Server. To complete the steps that use IIS, you must be logged on as a member of the Administratorsgroup on the local computer, or you must be logged on using an account that is both a member of the SharePointadministrators group and that has been granted permissions to administer IIS. To complete the steps that use SQLServer, you must be logged on using an account that is a member of the db_owner role in SQL Server.

Temporary Files Created During Backup andMigrationWhile creating the backup file, the SharePoint Migration Tool creates temporary files in a folder at the same locationwhere the backup file (*.FWP) are created. You should ensure that there is enough free space at the location wherethe backup file will be created to hold all of the data and files from the original Web site, plus approximately 25percent.

While restoring, files are periodically saved in a folder in Temporary Internet Files folder on the computer on whichyou are running the SharePoint Migration Tool. Make sure the computer you use to run the SharePoint MigrationTool has sufficient disk space to temporarily store approximately 20 percent of the data and files from the originalWeb site.

Migrating Windows SharePoint Services Sites toAnother Server Running Windows SharePointServicesIf you use the SharePoint Migration Tool to migrate a site based on Windows SharePoint Services to another serverrunning Windows SharePoint Services, the following information is not migrated to the new site:

Security settings including: rights, site groups and memberships, cross-site groups, anonymous access setting,and whether or not permissions are inherited from the parent site.

SharePoint Central Administration settings for the server or virtual server. Personalizations including personal views. Web Part customizations made through Modify My Web Part instead of Modify Shared Web Part.

Migrating Sites to Windows SharePoint Services inActive Directory Account Creation ModeWhen you are running Windows SharePoint Services in Active Directory account creation mode, user accounts areautomatically created in Microsoft Active Directory directory service when you add users to a site. Likewise, whenyou migrate a site from SharePoint Team Services 1.0 to a server running Windows SharePoint Services in ActiveDirectory account creation mode, user accounts are automatically created in Active Directory for the users thatexisted in the site before migration. If you do not want to migrate user information to the new site, use the x parameterwith the SharePoint Migration Tool.


The new user accounts are created based on the users' e-mail addresses, so each user must have a unique e-mailaddress for the account creation to work correctly. If a user does not have an e-mail address in the old site, noaccount can be created for that user. Also, because only one account is created for each e-mail address, a sharede-mail address results in a merged user account that is given all of the rights that each original user had, and is alsolisted as the user name for any items added to the site by any of the original users. Be sure that each existing useraccount has a unique e-mail address before migrating a site, and that you enter the full e-mail address (for example:[email protected]).

After you migrate a site to a server running Windows SharePoint Services in Active Directory account creation mode,you must reset the passwords for the new user accounts. When user accounts are created during site migration, noautomatic e-mail messages are sent with the user name and passwords, so you must send the users their new logoninformation manually.

Migrating Sites By Using Secure Sockets Layer(SSL) ConnectionsFor the SharePoint Migration Tool to migrate a site by using an SSL connection, the following conditions must be met:

The computer on which you are running the SharePoint Migration Tool trusts the certificate authority thatissued the SSL certificate.

The hostname you provide when running the SharePoint Migration Tool matches the hostname on the SSLcertificate.

The certificate is valid (for example, it cannot be expired).

If the computer on which you are running the SharePoint Migration Tool does not trust the certificate authority thatissued the SSL certificate, you will need to add the certificate authority to your list of trusted certificates by followingthe steps in the following procedure.

Add certificate authority to list of trusted certificates1. Browse to the destination https site. The Security Alert window appears, indicating that the site certificate

was issued by a company you do not yet trust.2. In the Security Alert window, click View Certificate. 3. In the Certificate window, click the Certification Path tab. 4. Click the parent certificate of the selected certificate. The parent certificate will have a red and white "X"

through it. 5. Click View Certificate. 6. In the second Certificate window, click Install Certificate. 7. In the Certificate Import Wizard, click Next. 8. In the Certificate Store window, choose either:

o Automatically select the certificate store based upon the type of certificate: Choose this option ifyou want the new certificate to be kept in the default store for that kind of certificate.

o Place all certificates in the following store: Choose this option if you want to specify the store inwhich the new certificate will be kept. After choosing this option, click the Browse button and specify thedesired store.

9. Click Next. 10.Click Finish. 11.In the Root Certificate Store window, click Yes.

Migrating Sites By Using Proxy Server ConnectionsProblems can occur if the SharePoint Migration Tool must migrate a site over a proxy server connection. Forexample, if the proxy server requires different authentication than the destination Web server, the user name andpassword specified when you ran the SharePoint Migration Tool will be rejected and the migration will fail.


Migrating Sites across DomainsProblems can occur when migrating a site to a destination Web server in another domain. Failures can occur even ifyou use the -u and -pw parameters to supply the necessary user name and password. To resolve this problem, on thecomputer on which you are running the SharePoint Migration tool, complete the following steps.

Turn on prompts for user authentication1. Click Start.2. Click Control Panel.3. Click Internet Options.4. Click the Security tab.5. Click the Internet zone in which the destination site exists.6. Click Custom Level.7. In the User Authentication Section, under Logon, click Prompt for user name and password.8. Click OK.

Before Migrating Sites to Windows SharePointServicesBefore you use the SharePoint Migration Tool to migrate your sites from either SharePoint Team Services 1.0 orWindows SharePoint Services to Windows SharePoint Services, it is recommended that you configure the followingsettings:

1. If the original site is running SharePoint Team Services 1.0, you must download and install Microsoft OfficeXP service packs 1 and 2 from the Microsoft Product Update site and then install the Office XP WebServices Security Patch: KB812708 for the site to function with the SharePoint Migration Tool.

2. Set the original site to read-only to ensure consistency. Because backup and restore may take some time, it isbest to set the site to read-only so that the original site does not change while you are still restoring.

3. If the original site is running Windows SharePoint Services, disable blocked file types so that smigrate.exe caninclude all site files in the backup.

4. If you are migrating a large Web site and need additional virtual memory, increase the paging file size to atleast 1 GB. Increasing the paging file size is recommended especially if you are running the SharePointMigration Tool directly on a front-end Web server.

5. Change the following server settings on the destination server (detailed steps appear later in this topic): o Increase the Internet Information Services (IIS) timeout settings to 65,000 seconds.o If the destination server is using a Microsoft SQL Server 2000 database, disable full-text search before

migrating. This step can decrease amount of time required to restore by as much as 40% in some cases. o Turn on anonymous user access in IIS (optional â€”use this setting only if you want to migrate anonymous

access settings).o If you are using quotas for the destination virtual server, and the site you are migrating is close to the quota

limit for the virtual server, double the quota limit.o Turn off blocked file extensions on the destination server.

6. Change the following virtual server settings on the destination virtual server: o Change the maximum file size temporarily from 50 MB to 500 MB (or to the maximum upload limit for

your hardware configuration).o Set the maximum number of allowed alerts to be unlimited.

7. Create a destination collection, top-level Web site, or site and do not apply a template.

NoteÂ Â To create a destination site with no template, begin creating the site collection, top-level site, orsubsite as usual, but when you get to the page where you are asked to select a template, close the browserwindow without making a selection. Do not apply any template (including the Blank Site template) or therestore operation will fail.





ImportantÂ Â When you have finished migrating your sites to Windows SharePoint Services, change the serversettings to the configuration you want to use while users are working with the sites.

NoteÂ Â If you are migrating sites to a server running Windows SharePoint Services in Active Directory accountcreation mode, you must also be sure that all users of the original Web site have valid, unique e-mail addresses. If youdo not want to migrate the users and create new Active Directory accounts for them automatically, be sure to specifythe x parameter when you run the SharePoint Migration Tool.

Download and install the update for SharePoint Team Services 1.0 (SharePoint Team Services 1.0 only)

To migrate sites from SharePoint Team Services v1.0 to Windows SharePoint Services, you must verify that theserver hosting the original site has been updated to work with the SharePoint Migration Tool. You must downloadand install Office XP service packs 1 and 2 from the Microsoft Product Update site and then install the Office XPWeb Services Security Patch: KB812708. To install this update, you must be a member of the local administratorsgroup on the server.

Set the original site to read-only

You can set the original site to be read-only by turning off all but browsing and viewing rights on the Set List ofAvailable Rights page for the server that contains the site.

NoteÂ Â This setting applies to all sites and subsites on the server.

If you are migrating a site based on Windows SharePoint Services to a new location, you can set the site to read-onlyby locking the site. For more information about locking a site, see Configuring Site Collection Quotas and Locks.

1. On the original server, click Start, point to All Programs, point to Administrative Tools, and then clickMicrosoft SharePoint Administrator.

2. On the Server Administration page, click Set list of available rights.3. Clear all of the check boxes except for the Browse, View Lists, and View Web Document Discussions

check boxes. 4. Click Submit.

Turn off blocked file extensions in the original site (Windows SharePoint Services only)1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central

Administration. 2. Under Security Configuration, click Manage blocked file types.3. In the list of blocked file types, delete the file types you want to include in the backup.4. Click OK.

CautionÂ Â The list of blocked file extensions affects all sites on the server or in the server farm, not just the site youare migrating. After migrating, you must specify the blocked file settings again to restore this protection for any sites onthe server or server farm.

Increase the paging file size

If you are migrating a large site or running the SharePoint Migration Tool directly on a front-end Web server, it isrecommended that you increase the paging file size for the server to at least 1 GB.

1. Click Start, point to All Programs, point to Administrative Tools, and then click ComputerManagement.

2. In the console tree, right-click Computer Management (Local), and then select Properties. 3. On the Advanced tab, under Performance, click Settings.4. In the Performance Options dialog box, under Virtual memory, click Change. 5. In the Drive list, click the drive that contains the paging file you want to change.





6. Under Paging file size for selected drive, select Custom size, and then type 1024 in the Initial Size(MB) box.

7. Specify a larger number in the Maximum Size (MB) box, and then click Set.

This sets the paging file to a minimum of 1 gigabyte (GB).

Changing the Destination Server SettingsSome of the settings must be changed in IIS, and some must be changed in SharePoint Central Administration.

Increase IIS timeout settings1. Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information

Services (IIS) Manager.2. Double-click the server name that is running Windows SharePoint Services.3. Double-click Web Sites.4. Right-click the virtual server that you are restoring to, and then click Properties.5. On the Web Site tab, in the Connection time out box, change the setting from 120 to 65,000 seconds.6. Click OK.

If you want to migrate the anonymous user access settings to the destination server, you must enable anonymous useraccess in IIS.

Turn on anonymous user access in IIS

This procedure is optional. Turn on anonymous user access only if you want to migrate anonymous access settings. 1. Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information

Services (IIS) Manager.2. Double-click the server name that is running Windows SharePoint Services.3. Double-click Web Sites.4. Right-click the virtual server that you are restoring to, and then click Properties.5. On the Directory Security tab, under Authentication and access control, click Edit. 6. Select the Enable anonymous access check box, and then click OK. 7. Click OK.

After the IIS settings are configured, you can change quota limits by using SharePoint Central Administration.

Double a quota limit1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central

Administration. 2. Under Component Configuration, click Manage quotas and locks.3. On the Manage Quotas and Locks page, click Manage site collection quotas and locks. 4. Enter the URL of the site collection, and then click View Data.5. In the Site Quota Information Section, double the amount of storage allowed for the Limit site storage to

a maximum of option.6. Click OK.

If you know that the original site contains files that have file extensions on the blocked file extensions list, you mustunblock those file extensions before you migrate the site. If you do not remove those file extensions from the blockedlist, the files will not be migrated with the rest of the site content.

Disable full-text searching in SQL Server 20001. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central

Administration. 2. On the SharePoint Central Administration page, under Component Configuration, click Configure


full-text search. 3. Clear the Enable full-text search and index component check box. 4. Click OK.

Turn off blocked file extensions on the destination server1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central

Administration. 2. Under Security Configuration, click Manage blocked file types.3. In the list of blocked file types, delete the file types you want to allow.4. Click OK.

If you want to continue blocking these file types after the site has been migrated, you must add the file extensions backto this list after the migration is completed. Note that this list of blocked file extensions affects all sites on the server orin the server farm, not just the site you are migrating.

Changing the Destination Virtual Server SettingsYou change the settings for the destination virtual server by using the Virtual Server General Settings page inSharePoint Central Administration. Specify a larger maximum upload size to allow any existing large files to berestored during migration and allow an unlimited number of alerts to be sure that all of the alerts for your users can beadded.

By default, the maximum upload limit is set to 50 MB, which may not be enough to restore your site's content.However, uploading files larger than 50 MB may cause problems, depending on your available system resources. Ifyou greatly increase the maximum file size and then attempt to upload a very large file, the upload may fail or theserver may stop responding. The file size at which Windows SharePoint Services may stop responding depends onthe hardware you are using and usage patterns. For example, an installation that includes a front-end Web server with512 MB of RAM and a back-end server with 1 GB of RAM may be able to handle files up to about 128 MB. Ingeneral, it is the amount of available memory that determines how large of a file can be uploaded - for a temporarysolution, such as when you are running the SharePoint Migration Tool, you can set the maximum upload size to handlefiles about one quarter of the size of the physical memory for your server.

NoteÂ Â Windows SharePoint Services Service Pack 1 includes a change to provide better support for large filesizes. If you have applied Windows SharePoint Services SP1, you can increase the maximum upload size to any valueup to 2 GB (2047 MB). For more information, see Configuring large file support in Installing and Using ServicePacks for Windows SharePoint Services.

Change the virtual server settings for maximum uploads and alerts1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central

Administration. 2. Under Virtual Server Configuration, click Configure virtual server settings.3. On the Virtual Server List page, click the name of the virtual server that contains the destination site.4. On the Virtual Server Settings page, under Virtual Server Management, click Virtual server general

settings.5. In the Maximum Upload Size section, in the Maximum upload size box, type the maximum size you want

to allow.

NoteÂ Â By default, the maximum upload size is 50 MB. If you change this setting to a larger size, you mayalso need to change the IIS Connection Timeout setting. For more information, see Configuring large filesupport in Installing and Using Service Packs for Windows SharePoint Services.

6. In the Alerts section, under Maximum number of alerts that a user can create, select Unlimitednumber.

7. Click OK.


Create a New Top-level Site without Applying aTemplateYou can migrate a site to a new virtual server, to a new top-level Web site on an existing virtual server, or to a subsiteunder an existing top-level Web site. No matter what level the site is, when you restore the site, you must create ablank site at the destination without applying a site template.

You can use the stsadm.exe command line tool to create blank sites and site collections. For example:

stsadm -o createweb

stsadm -o createsite

Be sure to not use the -sitetemplate parameter.

You can also use the SharePoint Central Administration, Site Administration, and Create pages to create a destinationsite without applying a template. To do so, begin creating the site collection, top-level site, or subsite as usual, butwhen you get to the page where you are asked to select a template, close the browser window without making aselection. Do not apply any template (including the Blank Site template) or the restore operation will fail.

Using the SharePoint Migration Tool to MigrateSitesThe SharePoint Migration Tool (smigrate.exe) is available in the Program Files\Common Files\Microsoft Shared\WebServer Extensions\60\Bin folder on your server computer. To use the SharePoint Migration Tool, you must be a siteadministrator for both the Web site being backed up and the destination Web site.

NoteÂ Â You can also download the SharePoint Migration Tool from the Microsoft Download Center.

Smigrate.exe takes the following parameters:Parameter Description Example values

-w Web site URL. Required.A valid URL, such ashttp://myserver/site1 orhttps://myserver/site1.

-f The name of the backup file.Required.

A filename, or full path to a filename,with the .fwp extension. For example,backup.fwp, c:\backup.fwp, or\\myserver\folder\backup.fwp.

NoteÂ Â The file name extension isoptional. If you do not specify the.fwp extension, it will be addedautomatically.

-r Restores a site to a new location. none

-e Excludes subsites during backup.Optional. none

-x

Excludes security during restore.Optional. For use when migratingfrom SharePoint Team Services 1.0 toWindows SharePoint Services only.

none



-y Overwrites an existing backup file.Optional. none

-u

The user name for the Web siteadministrator. This parameter isrequired if your site supports onlyBasic authentication. Note that if thecurrent logged on user has sufficientrights to perform the migration, thecurrent user's credentials are used toperform the migration instead of theone specified with the -u parameter. Ifyou want the migration to beperformed by a specific account, logon as that account before migrating.Alternatively, you can change yourInternet settings so that your computerdoes not automatically try toauthenticate when you connect toWeb sites.

A valid user name, in the formDOMAIN\name.

-pw The password for the Web siteadministrator. Optional.

A valid password. Use "*" to beprompted to type a password.

NoteÂ Â If Internet Explorer Enhanced Security is enabled on your server, you must specify the u and pwparameters.

To back up a site, you use Smigrate.exe with the following parameters:

smigrate.exe -w Web_site_URL -f backup_filename [-e -y -u user_name -pw password]

For example, to create a backup of http://myserver/site1 to a file called backup.fwp at the root of the c:\ drive,without including any subsites of the Web site, you would type the following:

smigrate.exe -w http://myserver/site1 -f c:\backup.fwp -e

NoteÂ Â If your site has a space in the URL, enclose the URL in quotation marks ("). For example, to back uphttp://myserver/my site, type "http://myserver/my site".

To restore a site, you use Smigrate.exe with the following parameters:

smigrate.exe -r -w Web_site_URL -f backup_filename [-u user_name -pw password]

For example, to restore the above site to http://yourserver/site2, you would type the following:

smigrate.exe -r -w http://yourserver/site2 -f c:\backup.fwp

If you are logged on with an account that does not have specific permissions to the destination Web site, you canspecify a site administrator user name and password that has the appropriate permissions. For example, to restore asite and specify the administrator user name and password, you would use the following syntax:

smigrate.exe -r -w Web_site_URL -f backup_filename -u site_administrator_user_account

-pw password


When you migrate a site from SharePoint Team Services 1.0 to Windows SharePoint Services, you can also use the x parameter during restore, which allows you to determine whether or not to preserve the security settings for theWeb site (user accounts and site groups). You can run the SharePoint Migration Tool from any computer runningMicrosoft Windows 2000 Service Pack 3 or later. The tool can be copied to another computer and used even ifWindows SharePoint Services is not installed.

NoteÂ Â The upgrade and migration from SharePoint Team Services 1.0 to Windows SharePoint Services is not fullfidelity, and some data may be lost because of changes in the functionality between versions. You can view thesmigrate.log file to see which items migrated successfully and which did not. The smigrate.log file is stored in the%temp% directory for your user account. If a log file already exists from a previous backup or restore, a log file willbe created using the next available name (such as smigrate_1.log, smigrate_2.log, and so on).

To restore a site based on SharePoint Team Services 1.0 to a server running Windows SharePoint Services, andexclude the security information, you use Smigrate.exe with the following parameters:

smigrate.exe -r -w Web_site_URL -f backup_filename -x

Troubleshooting Migration IssuesIf your site does not migrate as expected, refer to the following list to understand issues or find solutions:

When using the SharePoint Migration Tool to backup my SharePoint Team Services 1.0 site, I get themessage: The server administration programs and the server extensions on the Web server are notcompatible. The server is too old to use with this administration program. Please consult the section in theAdministration Guide on Migrating and Updating Web Sites for more information.

To migrate sites from SharePoint Team Services v1.0 to Windows SharePoint Services, you must verify thatthe server hosting the original site has been updated to work with the SharePoint Migration Tool. Todownload this update, go to the Office XP Web Services Security Patch: KB812708 page. To install thisupdate, you must be a member of the local Administrators group on the server.

When using the SharePoint Migration Tool to restore a site, I get the following error message: Server error: Asite template has already been applied to this site. Once a template has been applied, the site must be deletedand recreated in order to apply a different template.

To restore to a site, you must first create a blank site without applying a template. To create a destination sitewith no template, begin creating the site collection, top-level site, or subsite as usual, but when you get to thepage where you are asked to select a template, close the browser window without making a selection. Do notapply any template (including the Blank Site template) or the restore operation will fail. After you have createda blank site with no template, you can use the SharePoint Migration Tool to restore to that site.

How do I determine if there were errors during migration?

Check the SharePoint Migration Tool log file for errors. The smigrate.log file is stored in the %temp%directory for your user account. If a log file already exists from a previous backup or restore, new log files willbe created using the next available name (such as smigrate_1.log, smigrate_2.log, and so on). Search the logentries for the following error messages: cannot, could not, failure, server error, timed out, unable to, and theserver sent a response.

Alerts from unavailable users were not restored.

If a user account no longer exists at restore time, or if the account was a local account, the alerts for that useraccount cannot be restored.

Survey creation times are incorrect.

Creation times for surveys are not preserved during migration. This applies to all list types, but is most visible



for surveys. The site language is incorrect.

When you restore a site, the language of the restored site must match that of the backed up site. Be sure thatthe language you need is available on the server you are restoring to.

There are too many views.

If your site was migrated from SharePoint Team Services 1.0 to Windows SharePoint Services, the restoredsite contains both the views from the original site and the default views for Windows SharePoint Services. Therestored SharePoint Team Services 1.0 views are listed after the default Windows SharePoint Services views.You can remove any views that you do not want.

I get an error message when I try to back up or restore a site through a proxy server.

If your firewall or proxy server requires authentication, you may not be able to back up or restore a site. Some of my currency formats changed after migration.

When migrating a site from SharePoint Team Services 1.0 to Windows SharePoint Services, WindowsSharePoint Services converts some obsolete currencies to their modern equivalents. For example, GermanDeutschmarks are converted to Euros. However, only the format of the currency field is changed. The valuefor each entry is not altered and must be manually converted by using the desired conversion rate.

Some of the entries have the fields Created By or Modified By attributed to the wrong person.

When you migrate a Web site, the SharePoint Migration Tool attributes any content created by users who arenot currently members of the source site to the user who performed the site migration. This problem canhappen easily if you migrate to a new site, and then migrate from there to yet another site. The second timeyou run the SharePoint Migration Tool, it is possible that there will be content from a user from the source sitewho is not a member of first destination site. After that content is migrated to the second destination site, thecontent will be attributed to the user who performed the second migration. To resolve this problem, makesure that all team members are listed on the User Information page (Userinfo.aspx) of the source site beforemigrating. This problem occurs only when migrating Windows SharePoint Services sites to another serverrunning Windows SharePoint Services.

The lookup column I created is blank after I migrated the site.

If you have a lookup column with the Get information from option set to User Information, the field willshow up as blank in the restored site. This problem occurs only when migrating Windows SharePointServices sites to another server running Windows SharePoint Services. This problem can happen easily if youmigrate to a new site, and then migrate from there to yet another site. The second time you run the SharePointMigration Tool, it is possible that the lookup field looked up a user from the source site who is not a memeberof the first destination site. When that content is migrated to the second destination site, if the SharePointMigration Tool cannot find the user name in the second destination site, the lookup column is left blank. Toresolve this problem, make sure that all team members are listed on the User Information page(Userinfo.aspx) of the source site before migrating.

The properties of library folders have the wrong information in fields such as Created By or Created.

The SharePoint Migration tools does not preserve library folder information such as Created, Created By,Modified, and Modified By. This problem occurs only when migrating Windows SharePoint Services sites toanother server running Windows SharePoint Services.

Some of the properties for files in my library are blank after migration.

If the files were uploaded to the library using a multiple file upload utility such as the one provided in Office2003 or using a Windows SharePoint Services-compatible Web page editor such as Office FrontPage 2003,any custom properties that use a default value will be blank after migration.

I no longer get alerts for changes in library folders

The SharePoint Migration tool does not preserve alerts for library folders. This problem occurs only whenWindows SharePoint Services Administrator's Guide Página 264 de 382

migrating Windows SharePoint Services sites to another server running Windows SharePoint Services. The migrated site is larger than the original site

The size of the restored site will be larger than the original site due to an increase in the size of Web PartPages. If the original site is near the size quota allowed on the destination server, you may need to increase thequota on the destination server or delete some site content. This problem occurs only when migratingWindows SharePoint Services sites to another server running Windows SharePoint Services.

Properties for my basic page or Web Part Page such as Modified or Modified By have changed after sitemigration.

Properties such as Modified or Modified By are not preserved for basic pages or Web Part Pages. Thisproblem occurs only when migrating Windows SharePoint Services sites to another server running WindowsSharePoint Services.

The creation date and time for Web discussions have changed after migration.

The SharePoint Migration Tool does not preserve creation time and date for Web discussions duringmigration. This problem occurs only when migrating Windows SharePoint Services sites to another serverrunning Windows SharePoint Services.

A user keeps getting alerts for changes to the site, but he or she isn't allowed access to the site.

The SharePoint Migration Tool migrates alerts to the new site, however, does not migrate site permissions. Toresolve this problem, use the SharePoint administration pages to assign the user to a site group on the newsite. If you don't want to give the user access to the site, you must manually delete any alerts that he or shecreated. This problem occurs only when migrating Windows SharePoint Services sites to another serverrunning Windows SharePoint Services.

The version numbers on my documents have changed after migration.

If you have a library with Document Versions enabled, the versions are numbered sequentially after migration.Deleting a version of a document from the library causes the original version numbers to be non-sequential.This problem occurs only when migrating Windows SharePoint Services sites to another server runningWindows SharePoint Services.

The files that I had checked out are checked in after migration.

File checkout status is not preserved during migration. My user information from the source site didn't get migrated.

The user information for the user who performs the migration is not copied to the destination site if he or she isalready listed on the the User Information page (Userinfo.aspx) of the destination site.

The text direction for a list has changed.

The SharePoint Migration Tool does not preserve the default text direction (right-to-left or left-to-right) duringmigration. To resolve this problem, you must manually change the text direction for lists after migration. Thisproblem occurs only when migrating Windows SharePoint Services sites to another server running WindowsSharePoint Services.

After migration, one of the lookup columns for a library has one more entry than there are files.

After migration, an extra entry exists if a lookup field in a libary references files in the same library. Some folders marked as unbrowsable did not migrate.

Windows SharePoint Services uses the _private folder to store unbrowsable files and folders. FrontPage2002 Server Extensions and SharePoint Team Services 1.0 allowed you to mark additional folders asunbrowsable. When you use the SharePoint Migration Tool to migrate a site that has multiple unbrowsablefolders, only the _private folder and any files in the _private folder, are restored. If you want to migrate a sitethat contains additional folders marked as unbrowsable, move the files from those additional folders into the_private folder before migrating.


NoteÂ Â You can only see the _private folder and its contents when you open the site in a programcompatible with Windows SharePoint Services such as Office Word 2003 or Office FrontPage 2003.

In addition, when you migrate a site from SharePoint Team Services 1.0 to Windows SharePoint Services, there aresome features or customizations that do not migrate. For a list of these items, see Upgrade Considerations.



Migrating from WMSDE to SQLServerWhen you install Microsoft Windows SharePoint Services on a single server using the Typical option, you have aninstallation that uses Microsoft SQL Server 2000 Desktop Engine (Windows) (WMSDE) for your databases. This isfine in a small-scale environment, when you are hosting just a few Web sites, but if your server suddenly gets popularand you need to start hosting hundreds of sites, you may run into performance and storage problems.

Using Microsoft SQL Server 2000 allows you to host all of your databases together and manage them with SQLServer Enterprise management tools. For example, SQL Server provides backup and restore, database management,and full text searching, which are not available in WMSDE.

If you find yourself in this situation and need to move to a more scaled out solution, you can switch to using MicrosoftSQL Server 2000 Service Pack 3 (SP3), or later as your database back end. There are two methods you can use toswitch your databases to SQL Server 2000:

Upgrade the databases to SQL Server on the same computer.

Use this option if you want to continue running Windows SharePoint Services on a single server. Migrate the content databases to a server farm running SQL Server and Windows SharePoint Services.

Use this option if you want to move your sites to a server farm, with at least one front-end Web server and atleast one back-end database server.

Upgrading the Databases to SQL Server on theSame ComputerIf you want to continue using a single server for Windows SharePoint Services, you can simply upgrade yourdatabase instance from WMSDE to SQL Server. Because this process requires your sites to be offline while thedatabases are upgraded, it is recommended that you perform these steps at a time when usage of your sites isgenerally low, and also that you notify users that their sites will be offline for a time.

NoteÂ Â Before you upgrade your databases, it is a good idea to back them up. If you have the SQL Server clienttools installed on your server, you can use them to back up a WMSDE database. Otherwise, stop WMSDE andmake a copy of the database files before installing SQL Server.

NoteÂ Â SQL Server 2000 and SQL Server 2000a provide the default installation with the upgrade option. Oncethe upgrade is complete you must install Service Pack 3 or later.

NoteÂ Â In additions to SQL Server 2000 and SQL Server 2000a, you can also use SQL Server 2005 as yourback-end database for Windows SharePoint Services.

Install SQL Server and upgrade your databases1. Run the SQL Server 2000 or SQL Server 2000a Setup program, and on the Autorun panel, click SQL

Server 2000 Components.

NoteÂ Â You might receive one or more Security Warnings during the installation process.2. Click Install Database Server, and then on the Welcome panel, click Next.3. A warning message appears stating "SQL Server 2000 sp2 and below is not supported on this version of


Windows. Please apply SP3 after installation of SQL Server 2000." Click Continue.4. On the Welcome panel, click Next.5. In the Computer Name box, select Local computer, and then click Next.6. In the Installation Selection pane, select Upgrade, remove, or add components to an existing instance

of SQL Server, and then click Next.7. In the Instance Name pane, clear the Default check box, and then in the Instance name box, select

SHAREPOINT, and click Next.8. In the Existing Installation pane, verify that Upgrade is selected, and then click Next.9. In the Upgrade pane, verify that the Yes, upgrade my programs check box is selected, and then click

Next.10.In the Licensing Options pane, select your licensing options, and then click Continue.11.On the Setup pane click Yes to install additional components.12.In the Select Components pane, click Server Components, and then in the right pane select the Full-text

Search check box if you want to enable full-text searching.13.In the left pane, select the Management Tools check box and in the right pane, select the Enterprise

Manager and Query Analyzer check boxes.14.Select any other components you want, and then click Next.15.In the Start Copying Files pane, click Next, and then click Finish.16.Install Service Pack 3 or later.

After the upgrade to SQL Server 2000 is complete, your SharePoint sites should work as usual.

Maintaining DatabasesAfter you have performed the upgrade, you can use SQL Server Enterprise Manager to maintain your databases. Toconnect to the database, you can use the Register Server wizard to add the upgraded server to a SQL Server Group.You must use the following syntax to register the upgraded SHAREPOINT instance:

Server_name\sharepoint

After you have registered your database, you should perform a backup of the configuration and content databases.Refer to the SQL Server 2000 documentation for information on using the SQL Server Enterprise Manager.

Migrating the Content and ConfigurationDatabases to a Server FarmIf you are moving to a larger scale environment, with one or more front-end Web servers and one or more back-enddatabase servers, the process is more complicated. To switch from WMSDE to SQL Server and move to a serverfarm, you must perform steps using the Internet Information Services (IIS), Windows SharePoint Services, and SQLServer administration tools. You must also take your sites offline during the process. It is recommended that youperform these steps at a time when usage of your sites is generally low, and also that you notify users that their site willbe offline for a time.

The process below assumes that you will continue to use the original Web server computer as either a stand-aloneserver or part of a server farm, and that you are moving the databases to a new back-end database server runningSQL Server 2000 SP3 or later .

The steps you take to move from a single-server WMSDE installation to a server farm with a separate front-end Webserver and a back-end SQL Server database server are:

1. Install the SQL Server client tools on the original server running WMSDE. The client tools are used to backup and restore the content and configuration databases. The version of WMSDE that is installed withWindows SharePoint Services does not allow remote connections from SQL Server Enterprise Manager.


2. Prepare the back-end database server by installing SQL Server 2000 or SQL Server 2000a and thenapplying Service Pack 3 (SP3) or later.

3. In IIS, stop any virtual servers that are hosting SharePoint sites, so that users cannot access the sites.4. Disconnect the content databases from the virtual server and remove Windows SharePoint Services from the

virtual server.5. Decide which domain accounts to use for the SharePoint Central Administration virtual server and the content

virtual servers, and then update the SharePoint Central Administration virtual server to use the domainaccount.

You can use the same account for both SharePoint Central Administration and the other virtual servers, or formore granular security, you can choose to use different accounts.

6. Register the instance of WMSDE in SQL Server Enterprise Manager, and then back up the content andconfiguration databases.

7. Copy the backup files to the destination server and restore the content and configuration databases.8. In SQL Server, change the database ownership and permissions for the configuration and content databases.9. Reconnect to the configuration database.10.Extend the content virtual server and add the restored content databases to the virtual server.11.Update the default content database server for future content database creation.

Installing the SQL Server Client Tools and Backing Up the ContentDatabasesTo create a backup file for a WMSDE database, you must use the SQL Server client tools. You must install the SQLServer client tools to your original server, and then perform the backup. For more information about installing theclient tools for SQL Server 2000, see the SQL Server 2000 documentation.

Preparing the Destination Server FarmYou can move your content to an existing or new server farm. Either way, you need to have a back-end databaseserver running SQL Server 2000 SP3 or later and one or more front-end Web servers running Windows SharePointServices. For more information about setting up separate servers with SQL Server and Windows SharePointServices, see Remote SQL Server Deployment or Server Farm Scalable Hosting Mode Deployment. Your serverfarm must be up and running before you can upgrade and move the content databases.

Stopping the Virtual Servers Hosting SharePoint SitesIn order to completely back up and restore your SharePoint sites, you must be sure that no users are making changesto the sites. To block users from changing the sites, you can stop the sites in IIS.

Stop a virtual server in IIS1. Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information

Services (IIS) Manager.2. Click the plus sign (+) next to the server name that contains the virtual server you want to stop.3. Click the plus sign (+) next to the Web Sites folder.4. Right-click the virtual server you want to stop, and then click Stop.

Disconnecting the Content Databases and Removing WindowsSharePoint Services from the Virtual ServerYou must disconnect the content databases and remove Windows SharePoint Services from the virtual servershosting SharePoint sites before you can back up the configuration and content databases.


Remove a content database1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central



databases. 5. On the Manage Content Databases page, under Content Databases, select the database you want to

change. 6. On the Manage Content Database Settings page, in the Remove Content Database section, select the

Remove content database check box.7. A warning dialog box appears. Click OK to disconnect the content database. 8. Click OK.

Repeat these steps for any additional content databases. After the content databases have been removed, you canremove Windows SharePoint Services from the virtual servers.

Remove Windows SharePoint Services from a virtual server1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central


settings. 3. On the Virtual Server List page, select the virtual server you want to configure. 4. On the Virtual Server Settings page, under Virtual Server Management, click Remove Windows

SharePoint Server from Virtual Server. 5. On the Remove Windows SharePoint Server from Virtual Server page, select Remove without deleting

content databases. 6. Click OK.

Updating the Application Pool Account for SharePoint CentralAdministrationYou must determine which accounts to use for the application pools for the SharePoint Central Administration virtualserver and for any virtual servers hosting SharePoint sites. Then, you can update the application pool for theSharePoint Central Administration virtual server to run with the domain account you select. You can use the sameaccount for both SharePoint Central Administration and the other virtual servers, or for more granular security, youcan use separate accounts.

Update the application pool account for SharePoint Central Administration1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central

Administration. 2. On the SharePoint Central Administration page, under Server Configuration, click Configure virtual

server for central administration. 3. Select Create a new application pool, and then select Configurable.4. In the User name box, type the DOMAIN\account to use for the identity.5. In the Password box, type the password for that user name.6. In the Confirm password box, type the password again.7. In the security configuration section choose either NTLM or Kerberos authentication.

NoteÂ Â Choosing Kerberos authentication will require additional steps if you are using a domain account.The account must be configured as a Service Principal Name (SPN). You must have domain administratorrights to configure a Service Principal Name (SPN). Refer to the Microsoft Knowledge Base article 832769:How to configure a Windows SharePoint Services virtual server to use Kerberos authentication for additional




information.8. You will be prompted to restart Internet Information Services (IIS). To restart IIS from a command prompt,

type iisreset which will stop and restart IIS.9. After IIS has been restarted, click OK.

Registering the WMSDE Instance in Enterprise Manager andBacking Up the DatabasesYou must register the WMSDE instance with Enterprise Manager to be able to back up the configuration and contentdatabases. You must have already installed the SQL Server client tools to use Enterprise Manager.

Register the WMSDE database in Enterprise Manager1. Click Start, point to All Programs, point to Microsoft SQL Server, and then click Enterprise Manager.2. Click the plus sign next to Microsoft SQL Servers.3. Right-click SQL Server Group, and then click New SQL Server Registration.4. In the Register SQL Server Wizard, click Next.5. In the Available Servers box, type the original server name and the instance name (for example,

server_name\SHAREPOINT), and then click Add.6. Click Next.7. On the Select an Authentication Mode panel, select one of the following connection methods:

o The Windows account information I use to log on to my computer (Windows Authentication)o The SQL Server login information that was assigned to me by the system administrator (SQL

Server Authentication)8. Click Next.9. On the Select SQL Server Group panel, click Next to add the server to the existing SQL Server Group.10.Click Finish.11.On the Server registration completed panel, click Close.

After you have registered the WMSDE database with Enterprise Manager, you are ready to back up yourconfiguration and content databases.

Back up the configuration and content databases1. Click Start, point to All Programs, point to Microsoft SQL Server, and then click Enterprise Manager.2. Click the plus sign next to Microsoft SQL Servers.3. Click the plus sign next to SQL Server Group.4. Click the plus sign next to the WMSDE instance name.5. Click the plus sign next to Databases.6. Right-click the configuration database name, point to All Tasks, and then click Backup Database.7. In the SQL Server Backup dialog box, on the General tab, be sure the correct database is selected in the

Database box, and then in the Name box, type the name for the backup.8. Under Destination, click Add.9. In the Select Backup Destination dialog box, in the File name box, type the path and file name for your

backup file, and then click OK.

For example, c:\database_name.bak.10.On the General tab, under Overwrite, select Overwrite existing media.11.Click OK to begin the backup.12.Repeat these steps to back up the content databases.

Copying the Backup Files and Restoring the DatabasesCopy all of the backup files for your configuration and content databases to the following directory on yourdestination server: \Program Files\Microsoft SQL Server\MSSQL\Backup. After you have copied the files to thedestination server, you can restore the databases. After the databases have been restored, they work as fullyWindows SharePoint Services Administrator's Guide Página 271 de 382

functional SQL Server databases.

Restore the configuration and content databases1. On the new server, click Start, point to All Programs, point to Microsoft SQL Server, and then click

Enterprise Manager.2. Click the plus sign next to Microsoft SQL Servers.3. Click the plus sign next to SQL Server Group.4. Click the plus sign next to the WMSDE instance name, if you connected remotely to your original server, or

next to (local) (Windows NT), if you performed the backup on another server and have just copied thebackup file to the new server.

5. Right-click Databases, point to All Tasks, and then click Restore Database.6. In the Restore database dialog box, on the General tab, in the Restore as database box, type the

database name.7. In the Restore section, select From device, and then click Select devices.8. In the Choose Restore Devices dialog box, click Add.9. In the File name box, type the path and file name for your backup file, and then click OK.

For example, c:\Program Files\Microsoft SQL Server\MSSQL\BACKUP\sts_config.bak.10.Click OK to close the Choose Restore Devices dialog box.11.On the Options tab, under Move to physical file name, verify that the paths listed for the database and log

files are correct.

For example, the path in the WMSDE backup file might be similar to c:\Program Files\Microsoft SQLServer\MSSQL$SHAREPOINT\Data\database_name, but on the new server, you need to use the pathc:\Program Files\Microsoft SQL Server\MSSQL\Data\database_name instead.

12.Click OK to restore the database.13.Repeat these steps to restore the content databases.

Changing the Database Ownership and Permissions for theDatabasesYou must change the database ownership and permissions for the databases to grant permissions to the applicationpool accounts you want to use. To change the ownership and permissions, you use SQL Query Analyzer.

Change the database ownership and permissions for the configuration database1. On the new server, click Start, point to All Programs, point to Microsoft SQL Server, and then click

Query Analyzer.2. In the Connect to SQL Server dialog box, in the SQL Server box, type the server name, and then click

OK.3. On the SQL Query Analyzer tool bar, select select the configuration database (default sts_config) from the

drop-down list.4. In the Query pane, type the following query. DECLARE @AdminVSAccount nvarchar(255)

DECLARE @ContentVSAccount nvarchar(255)

SET @ContentVSAccount = N'domain\contentaccount';

SET @AdminVSAccount = N'domain\adminaccount';

EXEC sp_grantlogin @ContentVSAccount;

EXEC sp_changedbowner @AdminVSAccount;

IF NOT EXISTS (SELECT * FROM sysusers WHERE name=@ContentVSAccount)

EXEC sp_grantdbaccess @ContentVSAccount;

EXEC sp_addrolemember 'db_owner', @ContentVSAccount;

EXEC sp_addsrvrolemember @AdminVSAccount, 'dbcreator'

EXEC sp_addsrvrolemember @AdminVSAccount, 'securityadmin'

EXEC sp_addsrvrolemember @AdminVSAccount, 'processadmin'

NoteÂ Â In lines 3 and 4, replace domain\contentaccount and domain\adminaccount with the domainWindows SharePoint Services Administrator's Guide Página 272 de 382

account for the content virtual server and the domain account for the SharePoint Central Administration virtualserver. If the accounts are the same, SQL Query Analyzer will display an error, but the process will stillsucceed.

5. Click the Execute Query button to update the database.

Change the database ownership and permissions for the content databases1. On the new server, click Start, point to All Programs, point to Microsoft SQL Server, and then click


OK.3. On the Query menu, click Change Database.4. In the Select Database of server_name box, click the content database you want to update, and then click

OK.5. In the Query pane, type the following query.DECLARE @AdminVSAccount nvarchar(255)





EXEC sp_grantlogin @AdminVSAccount;





NoteÂ Â In lines 3 and 4, replace domain\contentaccount and domain\adminaccount with the domainaccount for the content virtual server and the domain account for the SharePoint Central Administration virtualserver. If the accounts are the same, SQL Query Analyzer will display an error, but the process will stillsucceed.


Reconnecting to the Configuration DatabaseAfter the permissions have been set, you are ready to reconnect to the configuration database.

Connect to the restored configuration database1. On the server running Windows SharePoint Services, click Start, point to All Programs, point to

Administrative Tools, and then click SharePoint Central Administration.2. Under Server Configuration, click Set configuration database server.3. On the Set Configuration Database Server page, in the Database server box, type the name of the new

server.4. In the SQL Server database name box, type the name of the configuration database (the default is

sts_config).5. Select the Connect to existing configuration database check box.6. Click OK.

Extending the Virtual Servers and Adding the Content DatabasesYou can extend either the default virtual server (if it was not in use already) or a newly created virtual server. Formore information about creating a virtual server, see Extending Virtual Servers.

ImportantÂ Â When you extend the virtual server, you must specify the application pool identity to use for the virtualserver processes. Be sure to specify an account that is a member of the database owners role in SQL Server for therestored content database, or else add the account to the database owners role before you extend the virtual server.For more information about adding an account to a role in SQL Server, see the SQL Server 2000 documentation.


Extend a virtual server1. On the SharePoint Central Administration page, click Extend or upgrade virtual server. 2. On the Virtual Server List page, click the name of the virtual server to extend. 3. On the Extend Virtual Server page, in the Provisioning Options section, select Extend and map to

another virtual server. 4. In the Server Mapping section, in the Host name or IIS virtual server name box, click the name of the

virtual server that contained the original sites.5. In the Application Pool section, select Create a new application pool.

NoteÂ Â It is recommended that you create a new application pool for each virtual server, so that they run inseparate processes. Be sure that the application pool account you specify is a member of the databaseowners role for the content database you restored.

6. In the Application pool name box, type the new application pool name.7. Under Select a security account for this application pool, select Configurable. 8. In the User name box, type the account name.9. In the Password box, type the password for the account.10.In the Confirm password box, type the password again.11.In the Security Configuration section select either NTLM or Kerberos authentication.

NoteÂ Â Choosing Kerberos authentication will require additional steps if you are using a domain account.The account must be configured as a Service Principal Name (SPN). You must have domain administratorrights to configure a Service Principal Name (SPN). Refer to the Microsoft Knowledge Base article 832769:How to configure a Windows SharePoint Services virtual server to use Kerberos authentication for additionalinformation.

12. Click OK.

Now that the virtual server is extended, you can add any additional restored content databases.

Add the restored content databases1. On the Central Administration page, under Virtual Server Configuration, click Configure virtual server

settings. 2. On the Virtual Server List page, select the virtual server you want to configure.3. On the Virtual Server Settings page, under Virtual Server Management, click Manage Content

Databases.4. On the Manage Content Databases page, click Add a content database.5. In the Database Information section, click Specify database server settings.6. In the Database name box, type the name of the restored database.7. In the Database Capacity Settings section, fill in the capacity settings you want to use.8. Click OK.

Repeat these steps to add any additional content databases.

Updating the Default Content Database ServerNow that all of the databases have been moved, you can update the default content database server, so that any newcontent databases are created on the correct server.

Update the default content database server1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central

Administration. 2. Under Server Configuration, click Set default content database server. 3. In the Content Database section, enter the new database server name. 4. Click OK.






Show All

Analyzing Web Site UsageIf you want to know what kind of impact your Web site has, you need to track how many users visit your site, thetype and number of hits your site receives, and other site-usage information. Microsoft Windows SharePoint Servicesincludes features that analyze the usage of your site. Summary and detailed usage reports supply information such as:

Number of page hits for each individual page Number of unique users Browser and operating system information Referring domains and Uniform Resource Locator (URL)

Tracking usage information can be useful for identifying which content on your site is being heavily used (andtherefore should be kept) and which content is not being heavily used (and may be a candidate for archiving). Inaddition to site usage statistics, you can also keep track of how much storage space your site is taking up, and thelevel of activity your site is generating. This information is gathered as part of the quota tracking for sites. For moreinformation about quotas, see "Configuring Site Quotas and Locks" in the Windows SharePoint ServicesAdministrator's Guide.

The usage reports rely on usage log data gathered from the Web sites and stored in the content databases. The logdata is a summary record of transactions on your Web site. When you view a usage report in Windows SharePointServices the data is arranged into a list format. You must be a member of the administrator site group (or have the View Usage Data right) for a site in order to view the site usage statistics.

You can view usage data about a site from the Site Administration page.

View site usage data1. On the site you want to view data for, click Site Settings. 2. Under Administration, click Go to Site Administration. 3. Under Management and Statistics, click View site usage data.

From the Site Usage Report page, you can see detailed usage reports for sites. If you want to see a summary ofusage information for an entire site collection at the same time, you can use the Site Collection Usage Summarypage.

View usage summary for a site collection1. On the top-level Web site of the site collection, click Site Settings. 2. Under Administration, click Go to Site Administration. 3. Under Site Collection Administration, click View site collection usage summary.

You can also view the details reports about storage by using the Storage Space Allocation link on the SiteCollection Usage Summary page.

Related TopicsFor more information about changing settings for usage analysis processing, see Configuring Usage Analysis.

For more information about managing quotas, see "Configuring Site Quotas and Locks" in the Windows SharePointServices Administrator's Guide.



Show All

Managing Unused Web SitesWeb sites based on Microsoft Windows SharePoint Services may become inactive for many reasons: perhaps a sitewas set up for documents relating to a project that is finished, or perhaps a user was trying out Windows SharePointServices and created a site that he or she no longer needs. Because inactive sites take up space on the servers, it'simportant to check with site owners to see if their sites are still needed or have become inactive. In WindowsSharePoint Services, new administrative options allow you to automatically send notices to site owners requiring themto confirm that their sites are in use. You can also delete unconfirmed sites automatically. These features give you away to control the number of unused Web sites on your server.

Site use confirmation works like alerts for your users' sites. When sites are created, they are added to the databaseand are logged as active sites. After a specified time defined by the administrator, the site owners are sent an e-mailnotification asking the owners to either reactivate or delete their unused Web sites. The notification e-mail textcontains links to confirm that a site is active or to delete a site. After the notification is sent, there are three possibleoutcomes:

If a site is in use, the site owner will click a link to confirm that the site is active and preserve the site. Whenthe owner clicks the confirmation link, the timer is restarted, and the owner will be notified again after thesame time period.

If a site is not in use, the site owner can delete the site by following instructions in the notification e-mail, or donothing. The site owner continues to receive periodic e-mail notifications (the period is defined by theadministrator) until use is confirmed or the site is deleted.

If a site is not in use, and you have turned on the automatic deletion feature, the site owner is queried aspecific number of times (a number configured by the administrator), and if use is not confirmed, the site isautomatically deleted.

Automatic deletion is an advanced administrative feature that can delete unneeded sites without any administrativeintervention and without any backup mechanism. To prevent a site from being deleted without any notification, youmust turn on site use confirmation before you can turn on automatic deletion. Also, the site owner must always be sentat least two confirmation notices before a site can be deleted. In addition to these basic safeguards included asdefaults, you should also consider the following best practices:

Require a secondary contact when sites are created.

When a user creates a site, the user is listed as the site owner. Depending on your configuration, the user mayalso be required to specify a secondary contact for the site. Confirmation notifications are automatically sentto the site owner and to the secondary contact, if one exists. For more information, see "ConfiguringSelf-Service Site Creation" in the Windows SharePoint Services Administrator's Guide.

Set reasonable intervals between confirmations and before automatic deletion.

For example, if a site owner is unavailable for four weeks, and sites are deleted after four missed weeklyconfirmations, the site could be deleted without allowing the owner a chance to confirm. If you are enablingthis feature inside a corporation, be sure you consider your organization's policies regarding vacations andleaves of absence when you configure the intervals for confirmation and deletion.

Back up Web sites regularly, so you can restore a recent copy if a site is unintentionally deleted.

For example, if you configure confirmation and automatic deletion to happen on the fifth day of each month,make it a policy to back up your server on the fourth day. You can automate this process by creating a storedprocess in Microsoft SQL Server computer to check the sites table and automatically back up any itemsscheduled for deletion. For more information about SQL Server, see the SQL Server documentation. Formore information about the sites table, see the Windows SharePoint Services Software Development Kit.


Configuring Site Use Confirmation and DeletionThere are several settings that you can configure to control how much time elapses between stages for confirmationand automatic deletion. You can configure the following:

When to begin sending site use confirmation notices

The initial notification value controls when the first confirmation notice is sent to a new site, or to a site that hasbeen confirmed as in use. This value does not control the frequency of notifications, only the number of daysto wait before the initial notification.

How frequently to check for sites needing confirmation and how frequently to send out notifications

The frequency value affects both how often the server is checked and how often confirmation notices can besent. If you set the frequency to weekly, the server is checked weekly, and notifications are also sent outweekly, immediately after the server has been checked.

What time to perform the check and to send out notifications

Change this time to suit your environment. For example, if most of your users are online and hitting the serverduring the day, pick a time during the night when the server is not as busy.

How many notifications to send before allowing automatic deletion

Adjust this number to be sure site owners receive notification before a site is deleted. The number ofnotifications also depends on the frequency, so if you specify daily checks, with 30 reminders before deletion,the site owner would be notified every day for a month before the site was deleted.

Be sure to configure these times to be useful and reasonable given your organization's context. In a large organization,where users may need data to be stored for some time, you can specify longer intervals (for example, start sendingnotifications at 180 days, notify every month, and delete after six months without a confirmation). If you are hostingfree sites for customers, you may want to shorten these intervals (start sending notifications at 45 days, notify weekly,delete after four weeks). If you are hosting sites for paying customers, you may not want to use this feature, unlessyou have an automated backup strategy that allows you to restore sites on request.

The following table lists each of these settings as you see them on the Configure Site Collection Use Confirmation andAuto-Deletion page and their default and minimum values.Setting Default value Minimum valueStart sending notifications ___ daysafter site collection creation, or use isconfirmed

90 days 30 days

Check for unused site collections, andsend notices <Daily WeeklyMonthly> and run the check at<time>

Weekly

12:00 AMDaily

Delete the site collection after sending___ notices 4

Daily minimum: 28

Weekly minimum: 4

Monthly minimum: 2

In a scenario using the default values above, the first notice is sent at 90 days. Another notice is sent every week forfive additional weeks. On the sixth week after the initial notification, if the site has not been confirmed, the site isdeleted. If at any point the site is confirmed as in use, the count goes back to the start, and the owner will not receiveanother notice for 90 days.

NoteÂ Â If for any reason the e-mail notification cannot be queued (for example, the SMTP mail server is down), theWindows SharePoint Services Administrator's Guide Página 278 de 382

count is not incremented. For example, if three notices have been sent, and when it is time for the fourth notice to besent the next week, the SMTP server is down, the fourth notification is not sent that day, and the count is notincremented. The next week, when the database is checked again, the fourth notice is sent, and the process continuesfrom there.

The confirmation and automatic deletion feature relies on the Microsoft SharePoint Timer service to carry out thetimed jobs. The times and intervals you specify here follow the same rules as any other SharePoint Timer service jobin Windows SharePoint Services. For more information, see Scheduling Timed Jobs.

Enabling Site Use Confirmation and AutomaticDeletionYou manage unused Web sites at the virtual server level by using the Configure Site Collection Use Confirmation andAuto-Deletion page in the HTML Administration pages. You must be an administrator on the server computer or amember of the SharePoint administrators group to access this administration page. By default, both site useconfirmation and automatic deletion are turned off.

Open the Configure Site Collection Use Confirmation and Auto-Deletion page1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central

Administration.2. On the Central Administration page, under Virtual Server Configuration, click Configure virtual server

settings. 3. On the Virtual Server List page, click the virtual server you want to configure.4. On the Virtual Server Settings page, under Automated Web Site Collection Management, click

Configure site collection use confirmation and deletion.

By default, site use confirmation is turned off. If you want to require confirmation of use, you can specify the intervalto wait before sending the first notification, and how frequently to continue sending notifications if site use is notconfirmed. Notices are sent to the e-mail address specified in the site for the site owner and the secondary owner (if asecondary contact has been identified).

Enable and configure e-mail confirmation notices1. On the Configure Site Collection Use Confirmation and Auto-Deletion page, in the Confirmation and

Automatic Deletion Settings section, select the Send e-mail notifications to owners of unused sitecollections check box.

2. In the Start sending notifications ___ days after site collection creation, or use is confirmed box, typethe number of days to wait before sending notifications after the site is created or use is confirmed.

For example, if you enter 60 days, then when a user creates a site, the first notification will be sent after 60days. If the user confirms that that the site is in use at that time, another 60 days will go by before they getanother notification.

3. In the Check for unused site collections, and send notices ____ and run the check at ____ boxes,specify daily, weekly, or monthly, and then the time of day to run the check.

4. Click OK.

You must enable and configure e-mail confirmation notices before you can enable automatic deletion.

Enable and configure automatic deletion1. Enable and configure e-mail confirmation notices. 2. Select the Automatically delete the site collection if use is not confirmed check box. 3. In the Delete the web after sending ___ notices box, specify how many e-mail notifications to send before

deleting the site. 4. Click OK.


Configuring Site Use Confirmation and AutomaticDeletion from the Command LineYou can also configure confirmation and automatic deletion from the command line by using the setpropertyoperation and the following properties: delete-web-send-email, dead-site-notify-after,dead-site-num-notifications, dead-site-auto-delete, and job-dead-site-delete. For more information, seeCommand-Line Properties.

Customizing the Notification TextThere are two versions of the confirmation e-mail notification â€”one is used when only site use confirmation isenabled, the other when automatic deletion is also enabled. The text for the notification e-mail messages is stored inthe DEADWEB.XML file in the \Program Files\Common Files\Microsoft Shared\Web ServerExtensions\60\TEMPLATE\LCID\XML folder for the server, where LCID is the locale ID. You must be anadministrator on the server computer to view or change this file. There are different versions of these e-mail messagesfor each language version. If you host site collections in multiple languages, be sure to customize the specific languageversions of the notification e-mail messages as well.



Changing the Application PoolIdentity for a Virtual ServerIf you need to change the application pool identity for the SharePoint Central Administration virtual server or for acontent virtual server, you can do so from within Microsoft Internet Information Services (IIS). When you change theSharePoint Central Administration application pool identity in IIS, you must also change the information for theMicrosoft SharePoint Timer service, so you do not lose your connection to the configuration and content databasesfor Microsoft Windows SharePoint Services.

NoteÂ Â Windows SharePoint Services Service Pack 2 (SP2) provides support for NTLM and Kerberosauthentication. If you use Kerberos authentication, you will need to configure a service principal name (SPN). Formore information about application pool identity, see Installation Considerations for Windows SharePoint Services.For information about identifying authentication issues by using the Auth Diagnostics tool, see Troubleshooting OtherIssues.

To change the application pool identity for SharePoint Central Administration and one or more content virtual servers,you must perform the following steps:

1. Grant the appropriate database permissions to the new identity or identities and change the database ownerfor the configuration and content databases.

2. Add the new accounts to the STS_WPG and IIS_WPG groups and verify that the IIS_WPG group hasRead and Write permissions to the content area of the virtual server.

3. Update the application pools in IIS and synchronize the SharePoint Timer Service with the new accountinformation.

Granting Database Permissions and ChangingDatabase OwnershipBefore you change the identity, you must ensure that the application pool account you use has the appropriatepermissions for your databases in Microsoft SQL Server. To work correctly, the application pool account must be amember of the following roles for your databases in SQL Server: Security Administrators and Database Creators. Ifyou are changing the Administration virtual server and one or more content virtual servers to different accounts, youmust perform the following procedures for each account.

Grant Database Creation Rights in SQL Server1. On your SQL Server computer, click Start, point to Programs, point to Microsoft SQL Server, and then


to SQL Server Group, and then click the plus sign next to your SQL Server. 3. Click the plus sign (+) next to Security, and then right-click Logins, and click New Login. 4. In the Name box, type the account in the form DOMAIN\name. 5. Click the Server Roles tab. 6. In the Server Role list, select the Security Administrators and Database Creators check boxes, and

then click OK.

NoteÂ Â Do not specify any databases for this login on the Database Access tab.

Change the database ownership and permissions for the configuration database1. On the database server, click Start, point to All Programs, point to Microsoft SQL Server, and then


click Query Analyzer.2. In the Connect to SQL Server dialog box, in the SQL Server box, type the server name, and then click

OK.3. On the Query menu, click Change Database.4. In the Select Database of server_name box, click the configuration database (sts_config), and then click

OK.5. In the Query pane, type the following query. DECLARE @AdminVSAccount nvarchar(255)









EXEC sp_addsrvrolemember @AdminVSAccount, 'dbcreator'

EXEC sp_addsrvrolemember @AdminVSAccount, 'securityadmin'

NoteÂ Â In lines 3 and 4, replace domain\contentaccount and domain\adminaccount with the domainaccount for the content virtual server and the domain account for the SharePoint Central Administration virtualserver, respectively. If the accounts are the same, SQL Query Analyzer will display an error, but the processwill still succeed.


Change the database ownership and permissions for the content databases1. On the database server, click Start, point to All Programs, point to Microsoft SQL Server, and then

click Query Analyzer.2. In the Connect to SQL Server dialog box, in the SQL Server box, type the server name, and then click

OK.3. On the Query menu, click Change Database.4. In the Select Database of server_name box, click the content database you want to update, and then click

OK.5. In the Query pane, type the following query.DECLARE @AdminVSAccount nvarchar(255)










NoteÂ Â In lines 3 and 4, replace domain\contentaccount and domain\adminaccount with the domainaccount for the content virtual server and the domain account for the SharePoint Central Administration virtualserver, respectively. If the accounts are the same, SQL Query Analyzer will display an error, but the processwill still succeed.


Adding Accounts to the STS_WPG and IIS_WPGGroups and Verifying PermissionsYou must add the new accounts to the STS_WPG and IIS_WPG groups on all front-end Web servers in your server


farm. These groups control access to the IIS metabase, the SharePoint connection string to SQL Server, and otherrequired directories and files. For more information about adding accounts to groups, see the Microsoft WindowsServer 2003 Help system.

The IIS_WPG group must have Read and Write permissions to the content area of the virtual server. For example, ifthe content virtual server points to c:\inetpub\wwwroot, you must grant the IIS_WPG group Read and Writepermissions to this directory. For more information about granting permissions to directories, see the Windows Server2003 Help system.

Updating the Application Pools and Synchronizingthe SharePoint Timer ServiceTo change the application pool identity for the SharePoint Central Administration virtual server or for a content virtualserver, you use Internet Information Services (IIS) Manager. If you have changed the identity for SharePoint CentralAdministration, you must also synchronize the SharePoint Timer Service to use the new identity.

Update the SharePoint Central Administration application pool in IIS1. Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information

Services (IIS) Manager.2. Click the plus sign next to your server name.3. Click the plus sign next to Web Sites.4. Right-click SharePoint Central Administration, and then click Properties.5. Click the Home Directory tab.6. Make a note of the application pool name in the Application pool box, and then click Cancel.7. Click the plus sign next to Application Pools.8. Right-click the application pool that needs to be updated, and then click Properties.9. In the "Application Pool ID" Properties dialog box, click the Identity tab. 10.Under Application pool identity, verify that Configurable is selected, and then in the User name box, type

the new account to use.11.In the Password box, type the password for the new account, and then click OK.

After you have reset the application pool identity, you must restart IIS. To restart IIS, run iisreset on the commandline.

Synchronize the SharePoint Timer Service with the new account information1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central

Administration. 2. On the SharePoint Central Administration page, under Server Configuration, click Configure virtual

server for central administration. 3. Select Use an existing application pool, and then select the application pool you just updated with the new

account for SharePoint Central Administration.4. Click OK.


Update the content virtual server application pool in IIS1. Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information

Services (IIS) Manager.2. Click the plus sign next to your server name.3. Click the plus sign next to Web Sites.4. Right-click the virtual server you need to update, and then click Properties.5. Click the Home Directory tab.


6. Make a note of the application pool name in the Application pool box, and then click Cancel.7. Click the plus sign next to Application Pools.8. Right-click the application pool that needs to be updated, and then click Properties.9. In the "Application Pool ID" Properties dialog box, click the Identity tab. 10.Under Application pool identity, verify that Configurable is selected, and then in the User name box, type

the new account to use.11.In the Password box, type the password for the new account, and then click OK.




Monitoring Events for WindowsSharePoint ServicesPart of managing servers is monitoring the applications and services running on your servers so that you can takeaction either when an error occurs or before a limit is reached. Use the events, alerts, and System Monitor counters inthis topic to monitor service status and troubleshoot issues for your front-end Web servers running MicrosoftWindows SharePoint Services. When you monitor events for Windows SharePoint Services and related services, youcan make sure that your users' SharePoint sites are available when they need them.

The following types of events are covered in this topic: Web Site and SQL Server Events Services Events Active Directory Events Virus Scanner Events HTML Transformation Events Baseline Server Events

NoteÂ Â The Microsoft Windows SharePoint Services Monitoring Design and Implementation whitepaper,available on the Microsoft Web site, contains more information about these events and errors and how one team, theInternet Platform and Operations group at Microsoft, used these errors and events to monitor Windows SharePointServices during the beta release.

Web Site and SQL Server EventsThe Windows NT Event log entries from Windows SharePoint Services all have the same Event ID (1000). For theseevents, the description field contains unique elements - usually the pound sign (#) followed by a number. These uniqueelements are called out in the following tables.

When the content and configuration databases cannot be reached, the Windows SharePoint Services service on thefront-end Web server will be interrupted. Event Cannot connect to databaseEvent Type ErrorEvent Source Windows SharePoint Services 2.0 Event Category NoneEvent ID 1000Description contains substring '#50070'

Response Check the database connection information and makesure that the database server is running.

The following two events are alerts, sent through e-mail messages to system administrators.Event Database capacity reachedEvent Type ErrorEvent Source Windows SharePoint Services 2.0 Event Category NoneEvent ID 1000Description contains substring '#50068'



Response Change the content database Web site capacity settingsor add more content databases.

Event Database capacity warning reachedEvent Type WarningEvent Source Windows SharePoint Services 2.0 Event Category NoneEvent ID 1000Description contains substring '#50069'

Response Either change the content database Web site capacitysettings or add more content databases.

Services EventsWhen the following errors occur with Web parts, the SharePoint Timer Services, STSWel, or W3WP, they shouldbe investigated and troubleshooted. When these events occur, Windows SharePoint Services services are stillavailable but certain components on one server may not be functioning normally. Error Web Part rendering failureProvider Name ApplicationProvider Type Windows NT Event LogEvent Type ErrorSource Name Windows SharePoint Services 2.0Description contains Substring 'VerifySafeControls failed for guidâ€™Error Web Part unsafe control detectedProvider Name ApplicationProvider Type Windows NT Event LogEvent Number 1000Event Type ErrorSource Name Windows SharePoint Services 2.0Description contains Substring 'Unsafecontrol exception (GetTypeFromGuid)'Error OWSTimer and STSWel errorProvider Name ApplicationProvider Type Windows NT Event LogEvent Number 1000Event Type ErrorSource Name Windows SharePoint Services 2.0Description contains Substring â€˜owstimer.exeâ€™Error W3WP errorProvider Name ApplicationProvider Type Windows NT Event LogEvent Number 1000Event Type ErrorSource Name Windows SharePoint Services 2.0Description contains Substring â€˜w3wp.exeâ€™

Active Directory Events


The following three events are related to Active Directory account creation, deletion, and updating. Immediate actionshould be taken when an error is received.Event Cannot add user to Active DirectoryEvent Type InformationEvent Source Windows SharePoint Services 2.0 Event Category NoneEvent ID 1000

Description#1966150: Adding user <username> to OU <activedirectory OU> in domain <domain name> FAILED withHRESULT <error code from AD handler>

Event Cannot delete user from Active DirectoryEvent Type InformationEvent Source Windows SharePoint Services 2.0 Event Category NoneEvent ID 1000

Description #1966151: Deleting user %user% from OU %OU% indomain %DOMAIN% FAILED with HRESULT %HR%

Event Cannot update user in Active DirectoryEvent Type InformationEvent Source Windows SharePoint Services 2.0Event Category NoneEvent ID 1000

Description#1966152: Updating user %user% from OU %OU% indomain %DOMAIN% FAILED with HRESULT%HR%

Virus Scanner EventsIf a virus scanner is installed to the front-end Web servers, the following events may be logged in certain scenarios.Event Virus checking, loading virus scannerEvent Type InformationEvent Source Windows SharePoint Services 2.0 Event Category NoneEvent ID 1000Description #96000f: Loading antivirus scanner... Event Virus checking, cannot load virus scannerEvent Type InformationEvent Source Windows SharePoint Services 2.0Event Category NoneEvent ID 1000

Description #960010: Finished loading antivirus scanner. No scannerinstalled.

HTML Transformation EventsHTML transformation server is an optional component for a server farm running Windows SharePoint Services. An


HTML transformation server runs an HTML viewer service such as Microsoft Office 2003 HTML Viewer. If anHTML transformation server is configured, the events in this category should be configured and monitored. Event HTML launcher startedProvider Name ApplicationProvider Type Windows NT Event LogSource Name Microsoft.Office.HtmlTrans.LauncherDescription contains substring 'start'Event HTML load balancer stoppedProvider Name ApplicationProvider Type Windows NT Event LogEvent Number 0Source Name Microsoft.Office.HtmlTrans.LoadBalancerDescription contains Substring 'stop'Event HTML launcher1 stoppedProvider Name ApplicationProvider Type Windows NT Event LogEvent Number 0Source Name Microsoft.Office.HtmlTrans.LauncherDescription contains Substring 'stop'Event HTML load balancer 1 startedProvider Name ApplicationProvider Type Windows NT Event LogEvent Number 0Source Name Microsoft.Office.HtmlTrans.LoadBalancerDescription contains Substring 'start'Event HTML transformation server CPU usageProvider Name Processor - % Processor Time-_Total-3.0-minutesProvider Type Windows NT Performance Counter

Baseline Server EventsTo make sure your servers are available to your users, you must monitor baseline server events, such as events forNetLogon, Internet Information Server (IIS), Microsoft SQL Server, and so on. The following events and SystemMonitor counters help you track the status of your servers.Server Type Event or Perfmon CounterFront-end Web server IIS stop and start timesFront-end Web server NetLogon Service stop and start timesFront-end Web server WSS Service stop and start timesFront-end Web server Web Service: Connection Attempts/second > 500/second

Active Directory server Events from the standard Microsoft Operations Manager(MOM) pack for Active Directory

Back-end database server Events from the standard Microsoft Operations Manager(MOM) pack for SQL Server

All servers Server login successes and failuresAll servers Memory: % Committed Bytes in Use > 80%All servers Memory: Available Mbytes < 50MB


All servers Processor: % Processor Time: _Total (CPU Utilization) >80%

All servers Current Connections - Error 2000All servers Disk usage <10%All servers System: Processor Queue Length > 10All servers Memory Pages/second >220

You can also create a script to ping each front-end Web server to make sure that each port is responding, includingthe SharePoint Central Administration port. You can use the MOM scripts to create a URL monitoring rule and scriptto do this automatically. Note that the monitoring accounts must be able to access each port to be able to ping them.

If you want to understand the system load and service usage status for each server, you can also monitor the followingSystem Monitor counters.Server Type Perfmon Counter

Front-end Web serverProcess (w3wp)\% Processor Time

Process (w3wp)\Private Bytes

Front-end Web serverProcess (w3wp)\Working Set

Process (w3wp)\Handle CountFront-end Web server .NET CLR Memory\# Bytes in All HeapsFront-end Web server .NET CLR Memory\Large Object Heap SizeFront-end Web server .NET CLR Memory\% Time in GCFront-end Web server ASP.NET\Worker Process RestartsBack-end database server Process(sqlservr)\% Processor TimeBack-end database server Process(sqlservr)\Working SetBack-end database server SQLServer:General Statistics\User ConnectionsBack-end database server SQLServer:Locks\Number of Deadlocks/secBack-end database server SQLServer:Locks\Lock Waits/secBack-end database server SQLServer:Locks\Lock Wait Time (ms)Back-end database server SQLServer:SQL Statistics\Batch Requests/sec



ï»¿

Show All

Customizing a Web Site Based onWindows SharePoint ServicesWeb sites based on Microsoft Windows SharePoint Services are designed to be flexible. You can tailor a site to fityour users' needs by adding or removing pages, changing the appearance of pages, changing the site navigation, andmaking other customizations. To customize Web sites based on Windows SharePoint Services, you must have thefollowing rights, all of which are included in the Web Designer and Administrator site groups by default:

Manage Lists Add and Customize Pages Apply Themes and Borders Apply Style Sheets

Other users of your site cannot gain access to the pages required to perform these tasks unless you specifically assignthem to a site group that contains these permissions. For more information about controlling permissions and assigningrights and site groups, see "Managing Site Groups and Permissions" in the Windows SharePoint ServicesAdministrator's Guide.

Customizing Web Sites in the BrowserBasic customization can be done from within the browser, using links from the Home, Create, and Site Settings pagesof the Web site. From the browser you can perform basic customizations such as the following:

Add a list. Change the layout of the home page. Change the picture on the home page. Add a Web Part to a Web Part Page. Change a site's display name (not the Uniform Resource Locator (URL)). Apply a theme.

The Windows SharePoint Services Help files contain more information about customizing Web sites from within thebrowser.

Customizing Web Sites by Using Web Page EditingToolsAdditional customization can be done by using a Windows SharePoint Servicesâ€“compatible Web page editor, suchas Microsoft Office FrontPage 2003. With a Web page editor you can perform customizations such as the following:

Add borders to pages. Insert graphics. Add components to the home page. Change the navigation of a site.

For example, if you have created a custom theme for Windows SharePoint Services sites in Office FrontPage 2003,and added the theme name to the list of themes in Office FrontPage 2003, you can edit the list of available themes inWindows SharePoint Services to include your new theme. An XML template called spthemes.xml contains the theme


name, style sheet location, thumbnail, preview, and description of each theme that is available through the browser.This XML file is used to render the theme selection page. You can modify this XML file (by opening it in any editor,such as Notepad) to include a custom theme on the Apply Theme to Web page. You must be a member of the localadministrators group for the server to edit this file. For more information about creating a theme and adding it to thelist of themes in Office FrontPage 2003, see the Office FrontPage 2003 Help system.

Add a custom theme to the list of available themes1. On the top link bar, click Site Settings. 2. In the Customization section, click Apply theme to site. 3. In the Address bar on the browser, replace the file name themeweb.aspx with spthemes.xml. 4.

For example, if the Address bar showed http://server_name/_layouts/1033/themeweb.aspx, you wouldchange the path to http://server_name/_layouts/1033/spthemes.xml.

5. Edit the XML file and add a new section for your custom theme, similar to the following:

- <Templates>

<TemplateID>newtemplateid</TemplateID>

<DisplayName>NewTemplateDisplayName</DisplayName>

<Description>Description</Description>

<Thumbnail>/images/image.png</Thumbnail>

<Preview>/images/image.gif</Preview>

</Templates>

For more information about customizing Web site elements in a Windows SharePoint Servicesâ€“compatible Webpage editor, see the Help system for the Web page editor.

Customizing Web Sites by Using AdministrativeControlsIf you are an Administrator, you can customize how Web sites work by performing tasks such as the following:

Change settings, such as regional settings. Add, remove, or modify site groups. Add or remove users, or change their site group membership.

You control these features by using the Site Administration pages. Only an administrator of the site can perform thesetypes of customizations, or users who are members of a site group that contains administrative rights, such as the Manage Site Groups right.

Customizing Web Sites ProgrammaticallyYou can perform advanced Web development customizations by using the programming model behind WindowsSharePoint Services. You can use the programming model to make Web site customizations such as:

Add, edit, delete, and retrieve data from SharePoint lists. Create new lists and set list metadata (such as the fields in a list). Work with documents in document libraries.


Perform administrative tasks such as creating Web sites, adding users, creating roles, and so on.

For more information about advanced customizations, see the Windows SharePoint Services Software DevelopmentKit.



Show All

Customizing HelpWeb sites based on Microsoft Windows SharePoint Services are fully customizable â€”you can add any type of Webpage to the site, and all kinds of interactive content to the pages. To complement this flexibility in the site, the Helpsystem for Windows SharePoint Services was designed to be customizable. So, when you customize the pagesavailable on a Web site, you can also customize the Help available for those pages by adding topics that containinformation specific to your organization.

For example, you might want to customize Help when: You change the behavior of a default Web site page and want to explain how users can interact with the

modified page. You add a new page to the site with a form that users must fill out and you want to provide assistance for

particular fields in the form. You want to explain your organization's Web site policies, processes, or structure to new users of the site.

You must have administrator rights to the server computer to add topics to the Windows SharePoint Services Helpsystem.

Performing Basic Customization of HelpBasic customization of Help consists of adding new Help topics. You can use any level 4 HTML-compatible Webpage editor, such as Microsoft Office FrontPage 2003, to create topics. When you add a topic, be sure to edit thetable of contents topic to include the new file, and also create a hyperlink in the index topic to link to important termsin the new topic.

Help for Windows SharePoint Services is stored as HTML and image files in the file system of the server computer.These files are stored per server, so when you add a Help topic, it is available for all users of that server. Thefollowing table lists and describes the contents of the folders used to store Help content on a server.Folder Contains

\_vti_bin\help\lcid\stsAll Help topic files. LCID stands for the locale ID (LCID). For example, U.S. English Help topics are stored in\_vti_bin\help\1033\.

\_vti_bin\help\lcid\sts\html\ Localized HTML, cascading style sheets, and JScript filesused in the Help topics.

\_vti_bin\help\lcid\sts\images\ Localized images used in the Help topics.

About the Windows SharePoint Services Help Folder and Security

Because the Windows SharePoint Services Help topics take advantage of JScript coding to control some Helpfeatures, the \_vti_bin\help\lcid\sts\ folder that contains the Windows SharePoint Services Help files grants Read andRead and Execute permissions to the Everyone group. Be sure to tightly control access to this folder, and any of theother Windows SharePoint Services installation folders. Because of the Read and Execute permission, a user withWrite permissions to this folder could potentially add malicious scripting to files in the folder, which would then beallowed to run.

Customizing Special Help FilesThe Help system for Windows SharePoint Services consists of Help topic files plus special files such as the table ofWindows SharePoint Services Administrator's Guide Página 293 de 382

contents, index, glossary, and other files. When you add custom content to the Help system, consider updating thesespecial files as well to contain references to your new content.

Finding Specific Help FilesYou can easily find topics in the Help system by browsing through the table of contents. After you identify the topicyou want, you can turn on the Address bar for the Help window (in Microsoft Internet Explorer, on the View menu,click Toolbars, and then click Address Bar), and then make a note of the file name. Alternatively, you can useMicrosoft Windows search feature to search through the _vti_bin\lcid\sts\html folder to find a particular sentence orphrase in Help.

Performing Advanced Customization of HelpYou can also perform more advanced customization of the Help system. For example, each default page has one ormore unique Help topics associated with it. These associations are maintained in an XML file called sts.xml. Byediting this file, you can make your custom Help topics appear in the list of context-sensitive topics for a particularpage in your Web site. For more information about advanced customization of Help, see the Windows SharePointServices Software Development Kit.

Preserving Customized Help When InstallingService PacksWindows SharePoint Services service packs often contain updated Help files. If you customize a default Help topic,and then apply a service pack, your customized version of the Help file can be overwritten. Because service packsupdate default Help topics, it is not recommended that you customize the default Help topics, aside from the table ofcontents and index files. New topics that you add to the Help system are not overwritten by service packs, unless youuse the same file names as existing or new topics.

If you are customizing the Help system extensively, be sure to back up your customized topics before applying aservice pack, so that you can restore your customizations after the service pack has been installed.



Configuring Discussion BoardsDiscussion boards provide forums for site participants to converse about topics. Most Microsoft WindowsSharePoint Services site templates include the ability to create discussion boards, and many sites and workspace siteshave a built-in discussion board called General Discussion. As a server administrator, you can set the number ofcharacters of text displayed in an expanded discussion item, control how long the "!New" tag is displayed for adiscussion entry, and change the display order of discussion items.

Display More than 400 Characters of DiscussionTextThreaded view limits the number of characters of text displayed in an expanded discussion item to 400. To configureWindows SharePoint Services to exceed this limit in all discussion boards on the server, you must edit the file onet.xml and then reprovision the site. (Reprovisioning a site means reapplying Windows SharePoint Services to avirtual server.)

NoteÂ Â To complete this task you must be a member of the local Administrator group on the server computer.

WarningÂ Â Making changes to an originally installed onet.xml file on a server running Windows SharePointServices is not supported and can break existing sites. Changes to onet.xml will be overwritten if you reinstall orupgrade Windows SharePoint Services.

Edit the onet.xml file1. Using Notepad or another XML editor, open the file onet.xml, which is in the folder C:\Program

Files\Common Files\Microsoft Shared\Web server Extensions\60\Template\1033\STS\XML by default.2. Edit each instance of the following string, replacing â€œ400â€• with the number of characters to display:

Limit Len=400

NoteÂ Â Windows SharePoint Services will exceed the limit you specify to avoid displaying an incompleteword.

3. Save the file onet.xml.

Reprovision the site1. On the server, click Start, point to All Programs, point to Administrative Tools, and then click

SharePoint Central Administration. 2. On the Central Administration page, under Virtual Server Configuration, click Configure virtual server

settings. 3. Click the Web site you are reprovisioning.4. On the Virtual Server Settings page, under Virtual Server Management, click Remove Windows

SharePoint Services from Virtual Server. 5. On the Remove Windows SharePoint Services from Virtual Server page, select Remove without deleting

content databases, and click OK.6. From the Central Administration home page, click Extend or upgrade virtual server.7. Click the Web site to provision.8. Click Extend and map to existing virtual server.9. In the Application Pool section, click Use an Existing App Pool click the application pool associated with

the virtual server (STSAPPOOL1 in the default Windows SharePoint Services installation), and click OK.


Change the Expiration Date of the "!NEW" Tag Because discussion boards can be heavily used, new items, and their accompanying "!New" tags, can proliferate. Sitedesigners may find this annoying, and they may want to shorten the number of days that these tags are displayed. Thefollowing steps configure Windows SharePoint Services to stop showing "!New" tags in less than the default twodays. This will change the expiration time for all "!New" tags in lists on the server. Setting the time to zero will disablethe "!New" tag completely. This setting will affect all lists and libraries on the server, not just the discussion boards.

This procedure uses the SharePoint administration utility stsadm.exe, which is available, by default, in the ProgramFiles\Common Files\Microsoft Shared\Web Server Extensions\60\Bin folder on your server computer.

NoteÂ Â To use the stsadm.exe utility, you must be a member of the local Administrators group on the server or amember of the SharePoint administrators group.

Run stsadm.exe by using the following syntax, where Number_Of_Days is the number of days that WindowsSharePoint Services should display the "!New" tag:

stsadm -o setproperty -pn days-to-show-new-icon -pv Number_Of_Days -url http://Server_Address

The following example sets the expiration time to one day:

stsadm -o setproperty -pn days-to-show-new-icon -pv 1 -url http://MyServer

Change the Discussion Board Display Order Discussion board entries are displayed either from oldest entry to newest or from newest to oldest. You can changethe order in which items are displayed by editing the Schema.xml file for the discussion board. To edit the fileSchema.xml, you must be a member of the local Administrators group on the server.

1. Using Notepad or another XML editor, open the file Schema.xml (in the folder C:\Program Files\CommonFiles\Microsoft Shared\Web Server Extensions\60\Template\1033\STS\Lists\Discuss by default).

2. Locate the following code in Schema.xml: <OrderBy>

<FieldRef Name="ThreadID" Ascending="FALSE" />

<FieldRef Name="Ordering" />

</OrderBy>

Alternately, the Ascending attribute could be set to the value "True": <OrderBy>

<FieldRef Name="ThreadID" Ascending="TRUE" />

<FieldRef Name="Ordering" />

</OrderBy>

3. To display threaded discussion lists on the virtual server in oldest to newest order, make sure that the Ascending attribute is set to the value "TRUE" To display newest items first, set the Ascending attributeto "FALSE".

4. Save and close the file Schema.xml.5. After you modify the file Schema.xml, you must restart Internet Information Services (IIS) to have the

changes take effect. To restart IIS, type iisreset on the command line.©2003 Microsoft Corporation. All rights reserved.


Show All

Extending Windows SharePointServicesMicrosoft Windows SharePoint Services is a technology that was designed to be extended and used with otherproducts. Several products from Microsoft and other software vendors use Windows SharePoint Services as anextensible platform. These products build additional features that work with Windows SharePoint Services orcustomize existing features to meet the users' needs. This extension and customization can be as simple as editing anXML template file or providing special Web Parts that can be used on Web Part Pages, or as complex as creatingentire products that build on the Windows SharePoint Services functionality. Other products may also provideadministrative or user tools that interact with Windows SharePoint Services, or may link their document editingapplications into Windows SharePoint Services to allow users to edit documents directly from the site.

If you have installed Windows SharePoint Services as part of another product, be sure to read the administrativedocumentation for that product to find out what additional features you have that are not covered in the WindowsSharePoint Services Administrator's Guide.

If you are interested in building features for Windows SharePoint Services to work with your product, you can findinformation about building Web Parts, connecting to Windows SharePoint Services, and customizing WindowsSharePoint Services features and templates files in the Windows SharePoint Services Software Development Kit.

Related TopicsFor more information about creating or customizing templates, see Working with Templates.

For more information about distributing Web Parts, see Managing Web Parts on Virtual Servers.©2003 Microsoft Corporation. All rights reserved.


Binding to a Document LibraryEvent HandlerMicrosoft Windows SharePoint Services includes changes that allow you to bind an event handler to a documentlibrary. With this feature, you can use document library events to start other processes, such as workflow processes.You can develop managed code that takes advantage of document library events and create an application based onWindows SharePoint Services to perform whatever actions you need. When you combine document libraries, yourown event-handling managed code, and possibly XML forms, you can create complex workflow processes that areeasy for users to work with.

For example, in the healthcare industry, when a new patient is admitted to a hospital, there is a lot of paperwork thatneeds to be generated, and it needs to be done in a specific order. You can write an application that interacts withXML forms in a document library to do such things as:

Track when a new admissions form is added to the document library. Extract the insurance information and forward it to the billing application. Notify the staff in the appropriate section of the hospital to pull the patient's chart.

Tracking Events in Document LibrariesThe following events can be tracked for document libraries.Event DescriptionInsert A new document is added to the document library.Update An existing document is edited.Delete An existing document is deleted.Move A document is moved or renamed.Copy A document or folder is copied.Check In A document is checked in.Check Out A document is checked out.Cancel Check-Out Changes made to a checked out document are undone.

For more information about writing managed code to interact with document library events, see the MicrosoftWindows SharePoint Services Software Development Kit.

Enabling Document Library EventsIf you want to allow developers in your organization to use the document library events to write code, you mustenable this feature at the virtual server level.

Enable document library events for a virtual server1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central

Administration. 2. Under Virtual Server Configuration, click Configure virtual server settings. 3. On the Virtual Server List page, click the name of the virtual server you want to configure.4. On the Virtual Server Settings page, under Virtual Server Management, click Virtual server general

settings.5. On the Virtual Server General Settings page, in the Event Handlers section, next to Event handlers are,


select On.6. Click OK.

After the feature is enabled, you can write code to handle the events, and then specify the code to use for a particulardocument library in the document library settings.

Enable document library events for a specific document library1. On the appropriate Web site, navigate to the document library you want to monitor.2. Under Actions, click Modify columns and settings.3. Under General Settings, click Change advanced settings.4. In the Event Handler section, in the Assembly name box, type the strong name of the assembly containing

the event handler class.5. In the Class Name box, type the full class name for the event handler.

NoteÂ Â The Class Name value is case sensitive.6. In the Properties box, list any appropriate properties for the event handler.7. Click OK.

NoteÂ Â Be aware that event settings are preserved when a document library is saved as a list template. For moreinformation about templates, see "Working with Templates" in the Windows SharePoint Services Administrator'sGuide.



Show All

Working with TemplatesThere are methods for providing prepackaged site and list content in Microsoft Windows SharePoint Services:

You can build a new site definition. Site definitions include the set of basic pages and schema from which allSharePoint sites and lists are derived. Site definitions are stored on the file system of each front-end Webserver as Web pages and XML files.

You can save an existing site or list as a custom template. Custom templates are a way of packaging up a setof changes to an existing site definition and making those available for new sites and lists. Every customtemplate is based on a site definition. Custom templates are stored in the database and made available throughthe central or site collection template galleries.

Each method can package up either an entire site or just one list. The site creation template picker page shows bothsite definitions and sites saved as custom site templates. The Create page shows lists defined in the site definition, andlists saved as custom list templates.

Working with Site DefinitionsWhen you install Windows SharePoint Services on a Web server computer, the default set of site definitions is alsoinstalled. Every site definition is stored in a folder on the file system of each front-end Web server and includes atminimum an Onet.xml file. Administrators of the server computer can create custom versions of the default set of sitedefinitions. To create a custom version of a site definition, it is recommended that you create a new site definition,rather than editing the existing site definition files. If you edit the default site definition files, and then upgrade to a laterversion of Windows SharePoint Services, you will lose your customizations, and any sites based on the site definitionscan potentially be broken. For more information about creating custom site definitions, see the Windows SharePointServices Software Development Kit.

You can also mark a site definition as hidden, so it does not appear in the list of site types that users can create. Forexample, if you have a customized version of the Team Site template that you want users to base their sites on, ratherthan the default version, you can hide the default version of the Team Site template.

To mark a site definition as hidden, you modify the hidden parameter in the Webtemp.xml file. The Webtemp.xml filelists all of the site definitions available for the server, and is stored on the server computer at \Program Files\CommonFiles\Microsoft Shared\Web Server Extensions\60\Template\LCID\XML, where LCID is a locale ID (LCID), suchas 1033 for U.S. English. You can open the Webtemp.xml file in any XML editor, such as Notepad. To hide aparticular template, locate the section for that template in the Webtemp.xml file, and then set the hidden parameter totrue. Set hidden to false to unhide the template.

For more information about working with site definitions, see the Windows SharePoint Services SoftwareDevelopment Kit.

Working with Custom TemplatesYou can create custom site or list templates for your users. To create a custom template, you save an existing site orlist as a site or list template. You can add custom site templates to the central template gallery or the site collectiontemplate galleries, and you can add custom list templates to the site collection template gallery. When you save a siteor list as a site or list template, it retains an ID that indicates which site definition the template is based on.

CautionÂ Â Template files include personal information such as server URLs and user account names. Only share


template files with trusted users and groups.

About Site TemplatesUsers can customize a site and save the customized site as a site template, so that other users in the site collection cancreate similar sites later. Site templates created by another user or software vendor can also be imported to the sitecollection template gallery.

To create a site template based on a Web site, you must a member of the Administrators site group for the currentWeb site. To add or import a site template to the site collection gallery, you must have the Add Items right for thesite template gallery, which is included by default in the Web Designer and Administrator site groups for the top-levelWeb site in a site collection.

A site template is a file that includes all of the design information about the site, such as: The lists within a site. Any Web Part Pages within a site. Any custom pages within a site. The theme or borders applied to a site. Any customizations to the Quick Launch bar. Site content (list and document library contents â€”optional).

Site templates do not include the following items: Security settings, such as a list of users or groups with permissions to the site from which the template was

created. Personalizations to Web Part Pages. Web discussion from the original site. alert from the original site. Web Part assemblies that were added to the original site.

Site templates are stored as files with the .stp extension.

Using Site TemplatesUsers can create subsites based on templates available on the server or on the site collection. When a user creates a top-level Web site, he or she can base the site on a site template from either of the following sources:

The site definitions available on the server Custom site templates in the central template gallery

When a user creates a new subsites, he or she can choose from the combined list of templates from the followingsources:

The site definitions available on the server Custom site templates in the central template gallery Custom site templates in the site collection template gallery

When the user creates a subsite, he or she chooses a template from templates available on the Template Selectionpage. This page shows all templates available on the server and site collection, filtered by the language that wasselected on the Create Site page. The new subsite is based on the template, but can be customized and changed, justlike any other site.

About List TemplatesWhen a user creates a new list, he or she selects a list template to use in creating the list. Windows SharePoint


Services includes many list templates by default, and users can customize an existing list and save the customized listas a new list template. List templates created by other users or software vendors can also be imported to the sitecollection template gallery.

You must have the Manage Lists right to create a list template. The Manage Lists right is included in the WebDesigner and Administrator site groups by default. To add or import a list template to the site collection gallery, youmust have the Add Item right for the list template gallery, which is included by default in the Web Designer andAdministrator site groups for the top-level Web site in a site collection.

A list template is a file that includes all of the design information about the list, such as: The columns and fields in the list. Any views created for the list. List content (optional).

List templates do not include: Security settings, such as a list of users or groups with permissions to the list from which the template was

created. Lookup field links. Although lists can contain lookup fields that reference data in another list, that other list

(and its data) is not included when you save a list template.

List templates are stored as files with the .stp extension.

Using List TemplatesUsers can create lists based on templates available on the server or on the site collection. To create a list based on atemplate, the user can go to the Create page in a site, and then click the list name to create. Custom list templates arelisted on the Create page alongside the default set of list templates from the site definitions.

NoteÂ Â When a user creates a list, he or she can select a list template from the set of list templates on the serverand the site collection. This set is filtered based on the site language and the site definition ID that your site is basedon. For example, a site based on the Meeting Workspace template has a different site definition ID from a site basedon the Team Site template. If you create a Meeting Announcements custom list template from the Announcements listin a site based on a Meeting Workspace template, that template is not available from within a site based on the TeamSite template.

Creating TemplatesMembers of the Administrator site group for a site can create a template based on that site.

Create a site template1. On the site, click Site Settings. 2. Under Administration, click Go to Site Administration.3. Under Management and Statistics, click Save site as template. 4. In the File name box, type the filename to use for the site template file.5. In the Template title box, type the title you want to use for the template in the site template gallery.6. In the Template description box, type a description for the site template.7. If you want to include the existing site content, select the Include content check box.8. Click OK.

You must be a member of the Web Designer or Administrator site group to be able to create a list template.

Create a list template1. Navigate to the list you want to save as a template.


2. Under Actions, click Modify settings and columns. 3. On the Customize <List Name> page, under General Settings, click Save list as template.4. In the File name box, type the filename to use for the template file.5. In the Template title box, type the title you want to use for the template in the list template gallery.6. In the Template description box, type a description for the template.7. If you want to include the existing content, select the Include content check box.8. Click OK.

Managing the Site Template GallerySite templates are added or removed from the site template gallery at the site collection level. You must go to the SiteAdministration page for the top-level Web site in a site collection to manage the site template gallery.

When a user creates a site template, it is automatically added to the site template gallery for the site collection. If youwant to import a site template from an .stp file, you can do so from the Manage Site Template Gallery page.

Add a template to the site template gallery1. On the top-level Web site, click Site Settings. 2. Under Administration, click Go to Site Administration.3. Under Site Collection Galleries, click Manage site template gallery. 4. On the Site Template Gallery page, click Upload Template.5. In the Name box, type the path to the template, or click Browse.

You can upload multiple templates by clicking Upload Multiple Files.6. Click Save and Close.

Delete a template in the site template gallery1. On the top-level Web site, click Site Settings. 2. Under Administration, click Go to Site Administration.3. Under Site Collection Galleries, click Manage site template gallery. 4. On the Site Template Gallery page, click the Edit icon next to the template name.5. On the Site Template Gallery: <Name> page, click Delete.

Managing the List Template GalleryList templates are managed at the site collection level. You must be an administrator of the top-level Web site in a sitecollection to manage the list template gallery.

When a user creates a list template, it is automatically added to the list template gallery for the site collection. If youwant to import a list template from an .stp file, you can do so from the Manage List Template Gallery page.

Add a template to the list template gallery1. On the top-level Web site, click Site Settings. 2. Under Administration, click Go to Site Administration.3. Under Site Collection Galleries, click Manage list template gallery. 4. On the List Template Gallery page, click Upload Template.5. In the Name box, type the path to the template, or click Browse.

You can upload multiple templates by clicking Upload Multiple Files.6. Click Save and Close.

Delete a template in the list template gallery1. On the top-level Web site, click Site Settings.


2. Under Administration, click Go to Site Administration.3. Under Site Collection Galleries, click Manage list template gallery. 4. On the List Template Gallery page, click the Edit icon next to the template name.5. On the List Template Gallery: <Name> page, click Delete.

Managing the Central Template GalleryThere is a centralized store of site templates called the central template gallery. This gallery is managed for your entireserver or server farm, and can only be managed by using the command-line tool, Stsadm.exe. You must be a memberof the local administrators group for the server computer to manage the central template gallery.

You use the following operations to manage the central template gallery.Operation Descriptionaddtemplate Adds a template to the central template gallery.deletetemplate Removes a template from the central template gallery.enumtemplates Lists the templates currently in the central template gallery.

The addtemplate operation takes the required filename and title parameters and the optional descriptionparameter. To add a template, you would use the following syntax:stsadm.exe -o addtemplate -filename <filename> -title <template title> -description

<description of the template>

The deletetemplate operation takes the required title parameter and the optional lcid parameter. To delete atemplate from the central template gallery, you would use the following syntax:stsadm.exe -o deletetemplate -title <template title> -lcid <language>

NoteÂ Â After you add or delete a template from the central template gallery, you need to restart the Web service inInternet Information Services (IIS). You can restart all of IIS at once by running iisreset on the command line, or justrestart the specific Web sites in Internet Information Services (IIS) Manager. If you are in a server farm environment,you must restart the Web services for each front-end Web server in your server farm.

The enumtemplates operation takes the optional lcid parameter. To list all templates in the central template gallery,you would use the following syntax:stsadm.exe -o enumtemplates

To list only templates for a specific language, you would use the following syntax:stsadm.exe -o enumtemplates -lcid <language>

For more information about command-line parameters, see Command-Line Parameters. For a list of valid locale IDs(LCIDs), see Regional and Language Settings.

Using Site Templates from the Central Template GalleryUsers can create sites based on templates available in the central template gallery by using the same method as is usedfor any other site template. When the user creates a site, he or she chooses a template from templates available on theTemplate Selection page.

Administrators can also create sites based on the site templates available in the server template gallery. To create asite based on a template in the central template gallery, the administrator must use the createsite or createweboperation on the command line, and specify the template name as _GLOBAL_#number, where number refers to thetemplate ID. For example, if you have a site template in the central template gallery with the ID 2, you could use thefollowing syntax to create a site based on that template:stsadm.exe -o createsite -url <url> -ownerlogin<DOMAIN\username>

-owneremail <[email protected]> -sitetemplate _GLOBAL_#2


NoteÂ Â To find the template ID for a global template, you can use the enumtemplates operation.

Sharing TemplatesYou can share list and site templates with users outside of your site collection by giving them a copy of the .stptemplate file. You can give them a copy of the template file, just like any other file, by sending it in an e-mail message,posting it to a network share or Web site, or making a copy on a disk.

If the users are members of the Administrator or Web Designer site groups for their sites, they have the Add Itemright for the site and list template galleries, and can add the site or list template to their site or list template gallery, andstart using it.

To create a copy of a template, you must perform the following steps:1. Create the template.2. Navigate to the template gallery (whether site or list), right-click the file, and then click Save As to save the

file to a network share or your local computer.©2003 Microsoft Corporation. All rights reserved.


Show All

Using the SDK to PerformAdvanced CustomizationThe Microsoft Windows SharePoint Services Software Development Kit is a great resource for learning to customizeWeb sites programmatically. Using the information and examples in the Software Development Kit (SDK), you can:

Customize sites, including layouts, navigation bars, themes, and lists.

Most site-level customization, such as page layouts, themes, and custom lists, can also be performed by usinga Web page editor compatible with Windows SharePoint Services, such as Microsoft Office FrontPage2003. However, if you want to perform identical customizations across sites, it is much easier and quicker todo so programmatically.

Create custom templates.

Although you can create list and site templates from within the Web browser, you can create more complextemplates (for example, templates that link to databases) or edit the front-end templates by using informationfrom the SDK.

Create custom Web Parts.

Although you can easily customize instances of Web Parts from within the Web browser, to create a newWeb Part assembly (.dll) to support a custom class of Web Parts, you need the information in the SDK.

Connect an application to Microsoft Windows SharePoint Services.

For example, if you want to use Windows SharePoint Services as a front-end to another application (such asa workflow application), you can learn how to connect by reading the SDK.

This is just a short list of some of the tasks you can perform by using information from the SDK. The SDK alsocontains information about other customization tasks and programmatically administering sites and servers. For moreinformation about any of these tasks, see the Windows SharePoint Services Software Development Kit.



Show All

Using the Object Model toManage Windows SharePointServicesYou can use the object model for Microsoft Windows SharePoint Services to manage your servers, sites, users, andother resources. To access the administrative object model for Windows SharePoint Services, you must be anadministrator of the local server computer or a member of the SharePoint administrators group.

If you are using a Web application (such as a billing application) to access the object model and performadministrative functions, you must be sure that the Web application is running in the same security context asWindows SharePoint Services. In other words, the Internet Information Services (IIS) application pool for the Webapplication must allow access to the SharePoint administrators group, or you must include the application poolaccount in the SharePoint administrators group, or the application pool must be the same application pool as is usedfor SharePoint Central Administration.

If you are relying on the SharePoint administrators group for the security context, keep in mind that there are someactions that that group cannot perform. The following actions must be performed by a member of the localadministrators group for the server computer:

extending virtual servers or removing Windows SharePoint Services from a virtual server Changing the configuration database settings Changing the SharePoint administrators group Managing paths

If you want to perform these tasks from a custom application that calls the administrative object model directly, theapplication must be running as a member of the local administrator group.

Administrative Object Model ScenariosThere are many times when it would be useful to use the object model to perform administrative tasks for WindowsSharePoint Services, rather than using the command line tool or HTML Administration pages. For example, youwould use the object model when:

You are using Windows SharePoint Services in Active Directory account creation mode.

Active Directory account creation mode allows you to automatically create accounts for users in the ActiveDirectory directory service, rather than using pre-existing domain accounts. When you are in this mode, thereare certain administrative tasks that are unavailable in the HTML Administration pages. For example, youcannot create a top-level Web site, you cannot enable Self-Service Site Creation, and you cannot add a userto a site from the Central Administration pages. To perform these actions in Active Directory account creationmode, you must use the object model or the command line. For more information about Active Directoryaccount creation mode, see Managing Users and Cross-Site Groups.

You have a custom administrative application that you use to manage servers in your server farm, rather thanusing SharePoint Central Administration.

If your environment is very complex, and your organization uses a special administrative application to manageservers, you can use the object model to call the Windows SharePoint Services administrative functions,


rather than using the HTML Administration pages or the command line. You have a Web application that needs to call into Windows SharePoint Services to perform a specific set of

administrative tasks.

For example, if you have an application that coordinates online meetings, and you want to create MeetingWorkspaces in Windows SharePoint Services automatically, you can use the object model to do so.

You want to generate administrative reports to track sites, usage, or other data.

You can use the object model to enumerate the sites owned by particular users, find out how many users orhow many files are being added to sites, or determine trends and perform capacity planning to decide when itis time to add another server to your server farm.

You want to make site creation conditional based on billing information or generate custom pages based onbilling information.

For example, you can use a billing application to verify billing information before a user can create a site. Or,you can use contact or billing information to generate a custom page that shows which sites belong to whichsite owners.

You want to make site access conditional based on billing or employment status.

You can use the quota mechanisms to automatically lock a site if a customer or group is not current in itsbilling, and only allow access when the billing charges are rationalized. Or if a user is no longer part of yourorganization, you can lock all sites owned by that user until you determine what to do with the sites. For moreinformation about quotas and locking sites, see Configuring Site Collection Quotas and Locks.

For more information about the administrative object model and using it to perform administrative tasks, see theWindows SharePoint Services Software Development Kit.



Troubleshooting InstallationIssuesCannot Connect to the Configuration DatabaseMessage

I get a "cannot connect to the configuration database" message when I try to set the configuration database forMicrosoft Windows SharePoint Services.

If the password associated with the account used to connect to Microsoft SQL Server has expired orchanged, you will see a "cannot connect to the configuration database" message until you reset the passwordin SQL Server. For more information about changing passwords in SQL Server, see Help in SQL ServerEnterprise Manager.

NoteÂ Â You may also see a "service unavailable" message if the password for an Internet InformationServices (IIS) application pool identity has changed or expired. For more information about changingpasswords for application pool identities, see "Service Unavailable Message" in Troubleshooting Other Issues.

This message may also appear if Internet Information Services (IIS) is running in IIS 5.0 compatibility mode.Windows SharePoint Services requires IIS 6.0 to be running in IIS 6.0 worker process isolation mode. Tochange to IIS 6.0 worker process isolation mode, in Internet Information Services (IIS) Manager, right-click Web Sites and then click Properties. On the Service tab, clear the Run WWW service in IIS 5.0isolation mode check box.

Extending a Virtual Server I installed Windows SharePoint Services, but I can't extend a virtual server.

Is your file system formatted with FAT instead of NTFS? If you installed Windows SharePoint Services to adisk drive formatted with the FAT file system, your default virtual server might not be extended. On theMicrosoft Windows platform, the security features of Windows SharePoint Services require the NTFS filesystem. For more information, see Hardware and Software Requirements.

Does the virtual server exist in Internet Information Services? Before you can extend a new virtual server withWindows SharePoint Services, you must create the virtual server by using the Internet Information Services(IIS) Manager. For more information, see Extending Virtual Servers.

When I extended a virtual server, I created a new application pool, but entered an account that is used for anexisting application pool. I got a message that I need to restart IIS, or I cannot access my virtual server.

If you attempt to reuse an existing IIS application pool account (that is not currently used for a virtual serverrunning Windows SharePoint Services), you must restart IIS before you can access the virtual server.

CautionÂ Â Reusing an account from a non-Windows SharePoint Services application pool is not secure,and is not recommended. You can reuse an application pool account that is already being used for WindowsSharePoint Services or that was previously used for Windows SharePoint Services.

To restart IIS, on the command line, type iisreset. When I try to extend a virtual server, I get an error message that FrontPage Server Extensions or SharePoint


Team Services 1.0 from Microsoft is installed on the default virtual server.

You must remove FrontPage Server Extensions or SharePoint Team Services 1.0 before you can extend thedefault virtual server. You can extend a different virtual server if you want to continue running FrontPageServer Extensions or SharePoint Team Services 1.0. For more information about upgrading to WindowsSharePoint Services, see Upgrade Considerations. For information about migrating site content fromFrontPage Server Extensions or SharePoint Team Services 1.0 to Windows SharePoint Services, see Migrating and Upgrading Web Sites.

Remove FrontPage 2002 Server Extensions from a virtual server1. Click Start, point to All Programs, point to Administrative Tools, and then click Microsoft

SharePoint Administrator.2. In the list of virtual servers, next to the virtual server name, click Administration.3. On the Virtual Server Administration page, click Uninstall FrontPage 2002 Server Extensions.4. On the Uninstall FrontPage 2002 Server Extensions page, next to Full Uninstall, click Yes.5. Click Uninstall.

After you remove FrontPage 2002 Server Extensions, you must restart IIS by running iisreset on thecommand line before you can try extending the virtual server again.

NoteÂ Â If you have already uninstalled FrontPage Server Extensions or SharePoint Team Services 1.0 fromthe default virtual server, but you still see this message, you may need to delete the _vti_pvt\service.cnf filemanually. This file is in the content folder for the virtual server (usually c:\inetpub\wwwroot). _vti_pvt is ahidden folder, so you must unhide it before you can locate and delete the service.cnf file.

When I try to extend a virtual server, I get a message that the request timed out.

If the request to extend a virtual server times out, you can try the following workarounds:1. Check to see whether full-text searching is enabled for your server or server farm. If it is enabled, turn it

off, and then extend the virtual server. After the virtual server is extended, you can enable full-textsearching again. For more information about configuring full-text searching, see Managing andCustomizing Search.

2. Change the timeout length for the process. To change the timeout length, you must edit the web.config filefor the administration virtual server. This file is in the Windows SharePoint Services installation folder, at\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\template\admin\LCID,where LCID is the locale ID, such as 1033 for U.S. English. Add the following to the web.config file inthe <system.web> section: <httpRuntime executionTimeout="999999"/>. After you edit the web.configfile, you must reset IIS by running iisreset on the command line.

I extended a new virtual server, and the usage analysis processing is not working for the new virtual server.

If usage analysis processing was configured before you extended the virtual server, it must be enabledmanually for the new virtual server. For more information, see Usage Analysis in Troubleshooting OtherIssues.

Installing on Windows Server 2003, Web Edition I am installing on Microsoft Windows Server 2003, Web Edition, and the installation ends without installing

Windows SharePoint Services or extending a virtual server.

You must use the remotesql=yes property to install Windows SharePoint Services on Windows Server2003, Web Edition. For more information about installing Windows SharePoint Services to work withMicrosoft SQL Server 2000, see Remote SQL Server Deployment.

Page Cannot Be Found Message After I have installed Windows SharePoint Services, I get a "page cannot be found" message when the


SharePoint Central Administration page tries to open.

Windows SharePoint Services requires ASP.NET to run. If you already had an instance of ASP.NET runningwhen you installed Windows SharePoint Services, it is possible that you now have two ASP.NET installationson the same server. In this case, the new installation of ASP.NET may be prohibited in IIS. You must enablethe new instance of ASP.NET before the SharePoint Central Administration pages can run. To enable thenew instance of ASP.NET, in Internet Information Services (IIS) Manager, click Web Service Extensions.In the list of Web Service Extensions, select the new instance of ASP.NET, and then click Allow.

Reusing Application Pools I have an existing application pool that I want to use for a virtual server that I am extending with Windows

SharePoint Services.

If you reuse an existing application pool when you extend a virtual server, the application pool account will notbe automatically added to the local IIS_WPG and STS_WPG groups (the application pool groups forInternet Information Services (IIS) and Windows SharePoint Services), and any new sites that you create willnot be accessible.

If the application pool was created when you extended a different virtual server with Windows SharePointServices, the application pool may already be part of these groups. If, however, the application pool wasused for another purpose, and you want to use it with Windows SharePoint Services, you must manually addthe application pool account to these groups. For more information about adding an account to a local group,see Help in Windows Server 2003.

Running Windows SharePoint Services on aDomain Controller

I installed Windows SharePoint Services to a computer, and then made the computer a domain controller.Now when I go to SharePoint Central Administration or to a page in my SharePoint site, I see a "file notfound" error, or an "access denied" error.

In order for the permissions for Windows SharePoint Services to be configured correctly, InternetInformation Services (IIS) and Windows SharePoint Services must be installed to the domain controller afterit is promoted to domain controller. If you have already installed IIS and Windows SharePoint Services to acomputer, and you now need to make that computer a domain controller, you must uninstall IIS andWindows SharePoint Services, promote the computer to domain controller, and then reinstall IIS andWindows SharePoint Services. For more information about running IIS on a domain controller, see the IISdocumentation.

Site Migration Error When Migrating a Site fromSharePoint Team Services 1.0

I am migrating a site from SharePoint Team Services 1.0 and I get the following message: 1376258 Theserver administration programs and the server extensions on the Web server are not compatible. The server istoo old to use with this administration program.

Before you can use the Microsoft SharePoint Migration Tool (smigrate.exe) to migrate sites from SharePointTeam Services 1.0 to Windows SharePoint Services, you must verify that you are running the update toSharePoint Team Services 1.0 that updates it to function better with the SharePoint Migration Tool. Todownload this update, go to Office XP Web Services Security Patch: KB812708.



Typical Installation Ends Without Creating a Site I am installing Windows SharePoint Services on a single server, using the Typical Installation option. When

Setup ends, I get an error that the server instance specified was not found.

If the Default Web Site in IIS is set to a port other than port 80, the Typical Installation for WindowsSharePoint Services may end without creating a site. Use the SharePoint Central Administration pages toextend the Default Web Site virtual server and create a Web site manually. For more information, see Extending Virtual Servers.



Troubleshooting Other IssuesCannot Connect to the Configuration DatabaseMessageI get a "cannot connect to the configuration database" message when I try to set the configuration database forMicrosoft Windows SharePoint Services.

If you are using SQL Server authentication, and the password associated with the SQL Server system account usedto connect to the Microsoft SQL Server databases has expired or changed, you will see a "cannot connect to theconfiguration database" message until you reset the password in SQL Server. For more information about changingpasswords in SQL Server, see Help in SQL Server Enterprise Manager.

You may also see this message if the application pool for the administration virtual server does not have theappropriate rights to the databases in SQL Server. The administration virtual server's application pool account mustbe a member of the Security Administrators and Database Creators roles for SQL Server, and that account shouldalso be the database owner of the configuration database. The application pool accounts for additional virtual serversmust also be database owners for the configuration database, in order to create and manage the content databases forthat virtual server.

Verify also that the account for the administration virtual server's application pool is in the both IIS_WPG andSTS_WPG local groups. If the account for the application pool is not in these local groups, add the account to theselocal groups.

NoteÂ Â You may also see a "service unavailable" message if the password for an Internet Information Services(IIS) application pool identity has changed or expired. For more information about changing passwords forapplication pool identities, see Service Unavailable Message in this topic.

Database Already Exists MessageWhen I try to manage a content database on the Manage Content Databases page in SharePoint CentralAdministration, I get one of the following error messages:

Database database_name already exists. (Error code: 1801) The current user or the application pool identity of the virtual server is not the owner of the database

database_name on server servername\sharepoint.

This issue may occur when the database owner of the database that you are connecting to is different from theapplication pool identity that Windows SharePoint Services is running under. To resolve this issue, you must changethe database ownership and the permissions for the content database to match the identities of the virtual serveraccounts for content and configuration. The steps for changing the database ownership differ depending on whetheryou are running SQL Server or Microsoft SQL Server 2000 Desktop Engine (Windows) (WMSDE).

This issue is also covered by article 828815 in the Microsoft Knowledge Base.

Changing the Database Ownership and Permissions for SQL ServerIf you are running Microsoft SQL Server, you can change the ownership and permissions by using SQL QueryAnalyzer.



Change the database ownership and permissions in SQL Query Analyzer1. On the new server, click Start, point to All Programs, point to Microsoft SQL Server, and then click


OK.3. On the Query menu, click Change Database.4. In the Select Database of server_name box, click the configuration database (sts_config), and then click

OK.5. In the Query pane, type the following query.

NoteÂ Â In lines 3 and 4, replace domain\contentaccount and domain\adminaccount with the domainaccount for the content virtual server and the domain account for the SharePoint Central Administration virtualserver. If the accounts are the same, SQL Query Analyzer will display an error, but the process will stillsucceed.DECLARE @AdminVSAccount nvarchar(255)











Changing the Database Ownership and Permissions for WMSDEIf you are running WMSDE, you must perform the following steps: Add the Network Service account to theSYSADMIN role for WMSDE, then use the Manage Content Database page to add the database back to the virtualserver, and then remove Network Service from the SYSADMIN role.

Set Network Service as SYSADMIN for WMSDE1. Click Start, point to All Programs, point to Accessories, and then click Command Prompt.2. At the command prompt, type the following command (where servername is the name of your server) and

then press ENTER.

osql -S servername\sharepoint -E3. Type the following command and then press ENTER.

sp_addsrvrolemember 'nt authority\network service', 'sysadmin'4. Type go, and then press ENTER.

After the Network Service account has been added to the SYSADMIN role, you can add the content database tothe virtual server.

Add the content database1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central

Administration. 2. On the SharePoint Central Administration page, under Virtual Server Configuration, click Configure

virtual server settings. 3. On the Virtual Server List page, click the virtual server you want to add the content database to. 4. On the Virtual Server Settings page, under Virtual Server Management, click Manage content

databases. 5. On the Manage Content Databases page, under Content Databases, click Add a content database.


6. In the Database Information section, click Specify database server settings. 7. In the Database server box, type the name of the database server.8. In the Database name box, type the name of the database. 9. In the Database Capacity Settings section, type a number in the Number of sites before a warning

event is generated box. 10.Type a number in the Maximum number of sites that can be created in this database box. 11.Click OK.

After the content database has been restored, you can reset the SYSADMIN role to not include the NetworkService account.

Restore the SYSADMIN role1. At the OSQL command prompt, type the following command and then press ENTER.

sp_dropsrvrolemember 'nt authority\network service', 'sysadmin'2. Type go, and then press ENTER.

General Site Use Issues Site users report that they can't get to a list, document library, discussion board, or survey, yet I can see it

listed on the Document Libraries, Discussion Boards, or Lists page.

The default view may have been deleted. Do one of the following:o Set an existing view as the default view.o Create a new view to use as the default view.

NoteÂ Â To specify a default view or create a new view you must be a member of the Web Designer sitegroup or a site group that has the Manage Lists right.

I can no longer modify a view by using my Web browser.

If a view is modified extensively by using a Windows SharePoint Services-compatible Web page editor, suchas Microsoft Office FrontPage 2003, it can no longer be modified in the Web browser.

NoteÂ Â To modify a view you must be a member of the Web Designer site group or a site group that hasthe Manage Lists right.

I can't get custom Active Server Pages to work correctly on my site.

By default, the ISAPI filter for Windows SharePoint Services blocks the use of any ASP pages that are notpart of the installation. If you want to use custom ASP pages with your SharePoint sites, you must put theASP pages in a separate virtual directory and create an excluded path for the directory in . This allowsInternet Information Services (IIS), rather than , to control the directory and allows the ASP pages to run.Also, IIS does not allow ASP pages to be displayed by default. You may also need to allow Active ServerPages in IIS before your custom Active Server Pages work correctly. For more information, see the IIS Helpsystem. Active Server Pages issues are also covered by article 828810 in the Microsoft Knowledge Base.

NoteÂ Â To perform these steps, you must be a member of the local Administrators group on the serverrunning .

Full-Text Search Issues Full-text searching does not include any file types other than .doc, .xls, .ppt, .txt, and .htm in the search

results.

If you are using the full-text searching for Microsoft SQL Server 2000, the following filters are installed byWindows SharePoint Services Administrator's Guide Página 315 de 382


default: .doc, .xls, .ppt, .txt, and .htm. You can install custom filters to allow you to search other file types. Formore information about enabling full-text searching, see Managing and Customizing Search. For moreinformation about adding filters to SQL Server full-text searching, see the SQL Server 2000 documentation.

I can't enable search for a server.

Is your server running -compatible search server software, such as Microsoft SQL Server 2000 or later? Bydefault, installs the Microsoft SQL Server 2000 Desktop Engine (Windows) (WMSDE) database. However,to enable the search functionality, the server's back-end database must be running Microsoft SQL Server2000 or another -compatible search server.

Is your server part of a server farm? If each server in the server farm is not running -compatible search serversoftware, such as Microsoft SQL Server 2000 or later, the search controls may not appear. To resolve thisproblem, make sure that all servers in the server farm are running -compatible search server software.

Enabling full-text searching has failed.

If you are enabling full-text searching with Microsoft SQL Server in a server farm environment, the processcan time out or fail if one of the servers is offline or has a hard disk drive failure. If enabling full-text searchingis taking more than a minute or two, you can restart the SQL Server services and run a stored procedure toenable searching.

Restart the SQL Server processes1. On your computer running SQL Server, open a command prompt and run the following commands:

net stop mssearch

net stop mssqlserver

net start mssqlserver

net start mssearch2. Open SQL Server Query Analyzer and connect to the database for .3. Run the following stored procedures:

exec proc_DisableFullTextSearch

exec proc_EnableFullTextSearch

Restoring a List, List Item, or Document A user deleted an item, document, or list, and now needs to recover it.

If you have a recent backup of either the content database or the site, you can restore the backup to a new,temporary server or site, and then copy the deleted item, document, or list to the original site. After you haverecovered the list, item, or document, you can delete the restored version of the database or site. For moreinformation, see Backing Up and Restoring Databases and Backing Up and Restoring Web Sites.

NoteÂ Â To copy an entire list or document library, save the list or document library (including the content)as a list template, and then import the list template and create a list or document library based on thattemplate. When you include the content in the template, your new instance of the list includes all of the itemsor documents from the old list. List templates do not include per-list permission settings or created by ormodified by data from the original list. For information about creating a list template, see Working withTemplates.

Service Unavailable MessageWindows SharePoint Services Administrator's Guide Página 316 de 382

I get a "service unavailable" message when I try to view my site or the administration pages for my site orserver.

If the password for the application pool for a virtual server has expired or changed, you will see a "serviceunavailable" message until you reset Internet Information Services (IIS) and SQL Server to accept the newpassword.

NoteÂ Â You may also see a "cannot connect to configuration database" error message if you are using SQLServer authentication and the password associated with the system account for SQL Server has expired orchanged. If you see this message, you must reset the password in SQL Server. For more information aboutchanging passwords in SQL Server, see Help in SQL Server Enterprise Manager.

Reset an application pool password in IIS1. Click Start, point to All Programs, point to Administrative Tools, and then click Internet

Information Services (IIS) Manager.2. Click the plus sign next to your server name.3. Click the plus sign next to Application Pools.4. Right-click the application pool that needs to be updated, and then click Properties.5. In the "Application Pool ID" Properties dialog box, click the Identity tab. 6. Under Application pool identity, in the Password box, type the new password, and then click OK.7. In the Confirm Password dialog box, type the password again, and then click OK.

After you change the password in IIS, you must restart IIS to connect with the new password. To restart IIS,type iisreset on the command line.

Security Issues I want to prevent users from seeing links to areas in this site, such as Site Administration.

Rather than hiding links and controls from users, checks users' rights when they click links or try to performactions on the site. If a user is not a member of a site group or cross-site group with the proper rights, he orshe cannot enter site administration or change the settings for a site, list, or library. There are no administrativecontrols to hide links from unauthorized users.

I've deleted users from my site, but I'm still being notified that my quota is full and I can't add any more users.

To have any effect on your user quota, users must be removed at the site collection level. You can do this byusing SharePoint Central Administration or the Manage Site Collection Users page in Site Administration.Removing users from individual sites will not allow you to add more users. To remove site collection users byusing the Site Administration pages, do the following:1. On the top link bar, click Site Settings.2. In the Administration section, click Go to Site Administration. 3. In the Site Collection Administration section, click View site collection user information. 4. Select the check box next to the users that you want to delete, and then click Remove Selected Users.

NoteÂ Â You must be a site collection administrator to remove users from a site collection. I removed a user from a site but he or she is still receiving alerts from it.

When you remove a user from a Web site, site group, or cross-site group after he or she has created alerts,you must manually delete any alerts that he or she has set up. This is also true for any lists or libraries whereyou change security settings to limit access. If a user has set up alerts for the list or library, he or she willcontinue to receive them after you change the security settings. For information on deleting alerts for users,see Managing Alerts.

Usage Analysis IssuesWindows SharePoint Services Administrator's Guide Página 317 de 382

I see a "no data" message or a message that usage reports are not available when I try to view the Site UsageReport page

Usage analysis must be turned on, and users must have visited a page in your site before any data can appearon the Site Usage Report page. If you are seeing the error "No usage data is available for this web" on thispage, verify that usage analysis has been turned on for the server.

If the site is new (created today), or has not been used before today, no data will appear until the usage logprocessing has been done (usually within 24 hours).

If there has been no activity on the site for the past 31 days, the Site Usage Report page will say that usagereports are not available.

For more information about enabling usage analysis, see Configuring Usage Analysis. I extended a new virtual server, and the usage analysis processing is not working for the new virtual server.

If usage analysis processing was configured before you extended the virtual server, it must be enabledmanually for the new virtual server. To enable usage analysis for the new virtual server, you can use either ofthe following methods:1. Use the command-line tool Stsadm.exe with the setproperty operation to set the schedule for usage

analysis on the new virtual server. To set the schedule, run the following operation:stsadm.exe -osetproperty -pn job-usage-analysis

-pv "daily between HH:MM:SS and HH:MM:SS" -url <URL to virtual server>

2. Use the Configure Usage Analysis page to reconfigure usage analysis for all virtual servers.

NoteÂ Â Usage analysis information is not available until the usage analysis processing has been run at leastonce.

The number of users that I'm seeing is higher than I expected.

If you have removed users from a subsite, but not from the site collection, the users will still appear in theusage data. If you are trying to remove users so that you are under your quota, you must remove users at thesite collection level, not at the subsite level.

Also, server administrators are included as users in the usage analysis results, even though they are notmembers of a site. If they perform actions within a site or run a monitoring utility on a site collection, thoseactivities are included in the usage analysis results. However, server administrators are not counted towardsuser quotas.

For more information about enabling usage analysis, see Configuring Usage Analysis.

SSL Termination Not Supported Prior to ServicePack 2

NoteÂ Â The information contained in this section applies to issues in versions of Windows SharePoint Servicesearlier than Windows SharePoint Services Service Pack 2 (SP2). Windows SharePoint Services SP2 includessupport for advanced extranet configurations, such as SSL termination at the reverse proxy server. New commandline operations can be used with the stsadm.exe command line utility to "map" incoming and outgoing URLs. For moreinformation about these new command line operations, see Command-Line Operations and What's New in WindowsSharePoint Services Service Pack 2.

My alert message URLs are wrong and I get an "Access denied" message when I try to upload a document to adocument library.


Secure Sockets Layer (SSL) termination is a configuration where an HTTPS request from the client is first processedby either a proxy server or a firewall, and then the request is forwarded to a Web server by using HTTP. SSLtermination is not supported for Windows SharePoint Services. If SSL termination is configured, alert messages maycontain the wrong URL (HTTP rather than HTTPS), and your users may not be able to upload documents todocument libraries (they receive an Access Denied message after attempting to authenticate).


Web Part Errors on the Home PageI get one of the following errors when I view the home page of my site:

Web Part Error: Cannot deserialize (convert an XML stream back into an object) the Web Part on theserver.

Web Part Error: One of the properties of the Web Part has an incorrect format. Windows SharePointServices cannot deserialize the Web Part. Check the format of the properties and try again.

These errors can be caused when permissions that Windows SharePoint Services configured on the Windows Tempdirectory were unintentionally reset (perhaps during an upgrade to the operating system). To resolve this issue, makesure that the following permissions are configured correctly.Windows directory Required permissions

%WinDir%\Temp

Administrators - Full control

SYSTEM - Full control

STS_WPG - Read, Write

Network Service (for a domain controller only) - Read,Write

%WinDir%\System32\Logfiles

STS Administrators - Full Control

SYSTEM - Full control

STS_WPG - Read, Write

Network Service (for a domain controller only) - Read,Write

NoteÂ Â If your usage analysis log files are stored in a different location, you must also be sure that the permissionsfor those log files match the permissions for the Logfiles directory above.

For more information about the permissions needed for Windows SharePoint Services to perform as expected, see Files and Permissions. This issue is also covered by article 826786 in the Microsoft Knowledge Base.

Assigned IP Addresses Not Supported Prior toService Pack 2The information contained in this section applies to pre-Service Pack 2 issues. Windows SharePoint Services ServicePack 2 removes this limitation of assigning IP addresses by allowing virtual servers extended with WindowsSharePoint Services to be IP-bound (have static IP addresses). Prior to Service Pack 2, Windows SharePointServices required that IIS virtual servers be configured with the All Unassigned option on the Web Site properties in




Internet Information Server (IIS) Manager before the virtual server could be extended with Windows SharePointServices.

NoteÂ Â Windows SharePoint Services does not support assigning a static IP address to a virtual server in scalablehosting mode.For additional information, see Microsoft Knowledge Base article 832816: The server instance specified was notfound.

When I try to modify my site or add or export Web parts I get one of the following error messages: Cannot retrieve properties at this time. The server could not complete your request. Contact your Internet service provider or Web server

administrator to make sure that the server has the FrontPage Server Extensions or SharePoint Servicesinstalled.

This problem may occur when one or both of the following conditions are true: You have configured the virtual server in IIS to have an assigned IP address, and then extended the virtual

server with Windows SharePoint Services. You have configured the virtual server in IIS to use host headers, and then extended the virtual server with

Windows SharePoint Services, and then you installed a Web Part assembly to the Bin folder instead of to theglobal assembly cache.

In each of these configurations, Windows SharePoint Services cannot obtain sufficient information from the virtualserver to load the Web Part or Web Parts on the site. To address these issues, use one of the following methods, asappropriate to your situation:

1. Assigned IP addresses are not supported. If you have assigned an IP address in IIS, you must change the IPaddress to use All Unassigned before you can use Windows SharePoint Services. For more informationabout changing the IP address in IIS, see the IIS Help system.

2. If you host a virtual server that has a host header name and you installed a Web Part assemblies to the Binfolder, you must move the assembly to the global assembly cache. For more information, see the SharePointProducts and Technologies Software Development Kit.

3. Consider using scalable hosting mode for Windows SharePoint Services. For more information, see ServerFarm Scalable Hosting Mode Deployment.


SharePoint Configuration Analyzer Windows SharePoint Services Service Pack 2 (SP2) allows virtual servers extended with Windows SharePointServices to be bound to a static IP address. When SharePoint Configuration Analyzer is run after applying WindowsSharePoint Services SP2 and an IP-bound virtual server is configured you will receive the following error message inthe IIS Settings section:

"A virtual server is bound to a static IP address. This is not supported in Windows SharePoint Services."

This error can be ignored if Service Pack 2 has been installed and an IP-bound virtual server has been configured inIIS. This issue may be resolved in future versions of SharePoint Configuration Analyzer.

Authentication and Access Control Diagnostics 1.0(Authdiag)Authentication and Access Control Diagnostics 1.0 (more commonly known as AuthDiag) is a robust diagnostic toolfrom Microsoft. This tool helps find the source of authentication and authorization failures. Authdiag analyzesmetabase configuration and system-wide policies and warns administrators of possible points of failure and provide





guidance with resolving the problem.

AuthDiag 1.0 also includes a robust monitoring tool, called AuthMon, designed to capture a snapshot of the problemwhile it occurs in real-time. AuthMon is especially helpful in removing any information not pertinent to theauthentication or authorization process from IIS servers.

You can find additional information about and download this tool from the Microsoft Download Center.

Configuring Kerberos AuthenticationNew to Windows SharePoint Services Service Pack 2 (SP2), you can choose to use either NTLM or Kerberosauthentication.

NoteÂ Â For more information, see the Microsoft Knowledge Base article 832769: How to configure a WindowsSharePoint Services virtual server to use Kerberos authentication.

Enabling Kerberos in IIS

NoteÂ Â Windows SharePoint Services, prior to Service Pack 2, enabled NTLM authentication by default whenWindows SharePoint Services was installed by using the Typical Installation option. Windows SharePoint ServicesSP2 uses Kerberos by default, but enables you to choose either NTLM or Kerberos authentication when you createthe SharePoint Central Administration virtual server and extend content virtual servers.

You can use either of the following two methods to enable Kerberos in IIS: Manually edit the IIS metabase.

If you are enabling Kerberos for only one virtual server, you can directly edit the IIS metabase. Use IIS administration scripts to edit the IIS metabase.

If you need to enable Kerberos authentication for several virtual server, consider using a script that you canrun for each virtual server.

Method 1: Manually edit the IIS metabase to enable Kerberos authentication1. On the server running IIS, open Notepad, and then open the Metabase.xml file that is located in the following

folder on the hard disk, where %systemroot% is the path and folder name where Microsoft Windows isinstalled:

%systemroot%\System32\Inetsrv2. In the <IIsWebServer> section, locate the following line:

NTAuthenticationProviders="NTLM"3. Modify the line so that it reads exactly as follows:

NTAuthenticationProviders="Negotiate,NTLM"4. Save the file, and then quit Notepad.5. Open a command prompt, and then restart IIS by typing iisreset.

Method 2: Use an IIS administration script to edit the IIS metabase and enable Kerberos authentication1. On the server running IIS, open a command prompt.2. Change to the Inetpub\Adminscripts folder, and then type the following line, where Drive is the hard disk

drive where Windows is installed, and then press ENTER:





cd Drive:\inetpub\adminscripts3. Type the following line, where xx is the virtual server ID number, and then press ENTER.

cscript adsutil.vsb get w3svc/xx/NTAuthenticationProviders

NoteÂ Â The virtual server ID of the default Web site in IIS is 1.

The following string is returned:

ntauthenticationproviders: (STRING) "NTLM"4. To enable Kerberos on the virtual server, type the following line, where xx is the virtual server ID number,

and then press ENTER.

cscript adsutil.vsb get w3svc/xx/NTAuthenticationProviders "Negotiate,NTLM"5. Type iisreset and then press ENTER to restart IIS.

Configuring Server and Account Delegation and Configuring aService Principal Name for the Domain AccountAfter you have enabled Kerberos in IIS, you must configure a service principal name for the domain account that thevirtual server is running under.

NoteÂ Â You do not need to perform these steps if the virtual server application pool identity is using one of thebuilt-in security principals (such as Network Service or Local System). The built-in accounts are automaticallyconfigured to work with Kerberos authentication.

If you use a remote computer running SQL Server 2000 for your configuration and content databases, and you wantto use the built-in Network Service account as a domain account, you must add the domain\computername$ entryto SQL Server and grant it Database Creators and Security Administrators permissions. This allows WindowsSharePoint Services to connect to the remote computer running SQL Server and create and manage the configurationand content databases. For more information about granting permissions in SQL Server, see Remote SQL ServerDeployment.

If the server running IIS is a member of the domain, but is not a domain controller, the server must be trusted fordelegation before Kerberos authentication can work correctly.

Configure the server running IIS to be trusted for delegation1. On the domain controller, start Active Directory Users and Computers.2. In the left pane, click Computers.3. In the right pane, right-click the name of the server running IIS, and then click Properties.4. Click the General tab, and then select the Trust computer for delegation check box.5. Click OK.

If the application pool identity is configured to use a domain user account, the user account must be trusted fordelegation. before you can use Kerberos authentication.

Configure the domain account to be trusted for delegation1. In Active Directory Users and Computers, in the left pane, click Users.2. In the right pane, right-click the name of the user account, and then click Properties.3. Click the Account tab, and then under Account Options, select the Account is trusted for delegation

check box.4. Click OK.

If the application pool identity is a domain user account, you must configure a service profile name (SPN) for that


account.

Configure a service profile name for the domain account1. Download and install the Setspn.exe command line utility from the Microsoft Web site.2. Open a command prompt, and then run the following command:

Setspn -A HTTP/ServerNameDomain\username

Where ServerName is the fully-qualified domain name of the server, domain is the name of the domain, andusername is the name of the user account.




Command-Line OperationsThis topic lists and explains the operations you can perform with Stsadm.exe for Microsoft Windows SharePointServices. For detailed information about the required and optional parameters, including short forms of theparameters, see Command-Line Parameters. For more information about using the command-line tool, seeIntroducing the Administration Tools for Windows SharePoint Services.

NoteÂ Â To use stsadm.exe, you must be a member of the local Administrators group for the server computer.

You can also get a list of the command-line operations by typing stsadm.exe -help on the command line. Syntax helpfor specific operations is available by typing stsadm.exe -help operation name.

Operations in This Topic addalternatedomain addpath addtemplate adduser addwppack addzoneurl backup binddrservice createadminvs createsite createsiteinnewdb createweb deleteadminvs deletealternatedomain deleteconfigdb deletepath deletesite deletetemplate

deleteuser deleteweb deletewppack deletezoneurl disablessc disablestsisapis email enablessc enablestsisapis enumalternatedomains enumroles enumsites enumsubwebs enumtemplates enumusers enumwppacks enumzoneurls extendvs

extendvsinwebfarm getadminport getproperty migrateuser recalculatestorageused removedrservice renameweb restore setadminport setconfigdb setproperty siteowner unextendvs uninstall upgrade userrole

addalternatedomain

NoteÂ Â New in Windows SharePoint Services Service Pack 2 (SP2).

Configures the incoming URL and maps it to a URL zone. For each HTTP request, Windows SharePoint Serviceslooks up the incoming URL and detmines which zone will be used to format the outgoing response. Note that you canperform a separate zone mapping for each virtual server. Required parameters Optional parameters-url

-incomingurl

-urlzone

none

Sample syntax: stsadm.exe -o addalternatedomain -url http://existing.sharepointvserver.URLdomain

-urlzone default -incomingurl http://incoming.url.domain

The following table describes the properties associated with this command line operation.


Property Description

-url

URL of the virtual server as it is displayed on the Virtual Server List page in the SharePoint CentralAdministration site. If the virtual server is bound to a specific IP address or to a specific host header inMicrosoft Internet Information Services (IIS), you can also use that IP address or host header as the valuefor this property.


-urlzone Specifies which one of the five zones with which the outgoing URL is associated. The possible values for thisproperty are: default, internet, intranet, extranet, or custom.


addpath

Adds a defined path (inclusion or exclusion) to a virtual server. For more information, see Managing Paths.Required parameters Optional parameters-url

-typenone

Sample syntax: stsadm.exe -o addpath -url url

-type exclusion/explicitinclusion/wildcardinclusion

addtemplate

Adds a site template to the template gallery.

NoteÂ Â If you want the changes to the template list to take effect immediately, run the iisreset command after yourun the addtemplate operation.Required parameters Optional parameters-filename

-title-description

Sample syntax: stsadm.exe -o addtemplate -filename template filename

-title template title [-description template description]

adduser

Adds a user account to the specified site and assigns it to the specified site group. Use the siteadmin parameter toregister the user as the site administrator.Required parameters Optional parameters


-url

-userlogin

-useremail

-role

-username

-siteadmin

Sample syntax: stsadm -o adduser -url url -userlogin DOMAIN\username

-useremail [email protected] -role site group name

-username user's display name [-siteadmin]

addwppack

Adds a Web Part package to your server Web Part gallery. Use the globalinstall parameter to install the Web Partsin the global assembly cache (GAC) rather than in the Bin directories of each virtual server. Assemblies installed in theGAC are available to all applications on the server. The url parameter optionally specifies the URL of the virtualserver on which to install the Web Parts. To install the Web Parts on every virtual server on a server, omit theurlparameter. Use the force parameter to overwrite an existing Web Part package with a new version, or to repair aWeb Part package by reinstalling it. Use the lcid parameter to specify a language for the Web Part package.

Use filename to specify the path to the cabinet file containing the Web Parts and associated resources. If the WebPart package has already been installed on another server in a server farm configuration, you can install the Web Partpackage from the configuration database by using the name parameter.Required parameters Optional parameters

either -filename or -name

-url

-globalinstall

-force

-lcid

Sample syntax: stsadm.exe -o addwppack -filename Web Part Package filename

[-url url] [-globalinstall] [-force] [-lcid language]

AddZoneUrl

NoteÂ Â New in Windows SharePoint Services SP2.

Maps the outgoing URL to the url configured with the addalternatedomain operation.Required parameters Optional parameters-url

-urlzone

-zonemappedurl

none

Sample syntax:Windows SharePoint Services Administrator's Guide Página 326 de 382

stsadm.exe -o addzoneurl -url http://existing.sharepointvserver.URLdomain

-urlzone default -zonemappedurl http://outgoing.url.domain

NoteÂ Â There can be only one outgoing URL per URL zone. This example uses the default URL zone.


-url

URL of the virtual server as it is displayed on the Virtual Server List page in the SharePoint CentralAdministration site. If the virtual server is bound to a specific IP address or to a specific host header in IIS,you can also use that IP address or host header as the value for this property.


-urlzone

Specifies which one of the five zones with which the outgoing URL is associated. The possible values for thisproperty are: default, internet, intranet, extranet, or custom.

NoteÂ Â You can associate only one URL with an outgoing URL.

-zonemappedurlURL used in Web pages or e-mail messages going from the Web server to the reverse proxy server or theclient. This URL is the one that can be reached by the end user. This step ensures that the end user sees thecorrect URL when the URL is returned from the server to the client.

backup

Creates a backup of the site at the specified URL. Use the overwrite parameter to replace an existing backup file.Required parameters Optional parameters-url

-filename-overwrite

Sample syntax: stsadm.exe -o backup -url url -filename filename [-overwrite]

binddrservice

Registers a data retrieval service for the list of data retrieval services that pertain to a specific setting on the DataRetrieval Services Settings page. Specify the service name and then the setting. Settings include enabled,responsesize, timeout, and update.Required parameters Optional parameters-servicename

-settingnone

Sample syntax: stsadm.exe -o binddrservice -servicename service name -setting

enabled/responsesize/timeout/update

createadminvs

Creates the administration virtual server for Microsoft Windows SharePoint Services. Use the admapid... parametersto create a new application pool for IIS, or to specify the application pool to use for the administration virtual server.

NoteÂ Â This operation is intended for use by other products, and not by administrators of Windows SharePointWindows SharePoint Services Administrator's Guide Página 327 de 382

Services. Required parameters Optional parameters

none

-admapcreatenew

-admapidname

-admapidtype

-admapidlogin

-admapidpwd

-exclusivelyusentlm

Sample syntax: stsadm.exe -o createadminvs [-admapcreatenew]

[-admapidname app pool id]

[-admapiptype configurableid/NetworkService/LocalService/LocalSystem]

[-admapidlogin app pool user account] [-admapidpwd app pool password] [

-exclusivelyusentlm yes/no]

createsite

Creates a site at the specified URL with the specified user as owner and administrator. If you do not specify thetemplate to use, the owner can choose the template when he or she first browses to the site.Required parameters Optional parameters

-url

-ownerlogin

-owneremail

-ownername

-lcid

-sitetemplate

-title

-description

-quota

Sample syntax: stsadm.exe -o createsite -url url

-ownerlogin DOMAIN\username -owneremail [email protected]

[-ownername display name] [-lcid language]

[-sitetemplate site template] [-title title]

[-description description] [-quota quota template]

NoteÂ Â You must specify the -lcid option when using a non-English template.

createsiteinnewdb

Creates a site at the specified URL and creates a new content database with the username and password you specify.If you do not specify the template to use, the owner can choose the template when he or she first browses to the site.Required parameters Optional parameters


-url

-ownerlogin

-owneremail

-ownername

-databaseuser

-databasepassword

-databaseserver

-databasename

-lcid

-sitetemplate

-title

-description

-secondarylogin

-secondaryemail

-secondaryname

Sample syntax: stsadm.exe -o createsiteinnewdb -url url

-ownerlogin DOMAIN\username -owneremail [email protected]

[-ownername owner's name]

[-databaseuser databaseusername] [-databasepassword databasepassword]

[-databaseserver databaseserver] [-databasename databasename]

[-lcid language] [-sitetemplate site template]

[-title title] [-description description]

[-secondarylogin DOMAIN\username] [-secondaryemail [email protected]]

[-secondaryname secondary owner's name]


createweb

Creates a subsite at the specified URL. If you do not specify the template to use, the owner can choose the templatewhen he or she first browses to the site. Use the unique parameter to specify unique permissions for the subsite.Required parameters Optional parameters

-url

-lcid

-sitetemplate

-title

-description

-convert

-unique


Sample syntax: stsadm.exe -o createweb -url url [-lcid language]

[-sitetemplate site template] [-title title]

[-description description] [-unique] [-convert]


deleteadminvs

Deletes the administration virtual server for Windows SharePoint Services.

CautionÂ Â This operation is intended for use by other products, and not by administrators of Windows SharePointServices. If you delete the administrative virtual server for Windows SharePoint Services, you can no longer manageWindows SharePoint Services. This operation cannot be undone.Required parameters Optional parametersnone none

Sample syntax: stsadm.exe -o deleteadminvs

deletealternatedomain


Deletes alternate domains created with the addalternatedomain operation.

NoteÂ Â If you previously used the Addalternatedomain command-line operation to map an incoming URL and youwant to change that URL, you must first use this operation to delete the existing incoming URL and then use theAddalternatedomain command-line operation to map a new one.Required parameters Optional parameters-url

-incomingurlnone

Sample syntax: stsadm.exe -o deletealternatedomain -url http://existing.sharepointvserver.URLdomain

-incomingurl http://incoming.url.domain




deleteconfigdb

Deletes the configuration database for Windows SharePoint Services.Required parameters Optional parametersnone none

Sample syntax:Windows SharePoint Services Administrator's Guide Página 330 de 382

stsadm -o deleteconfigdb

deletepath

Removes an included or excluded path from the list of paths managed by Windows SharePoint Services.Required parameters Optional parameters-url none

Sample syntax: stsadm -o deletepath -url url

deletesite

Deletes the specified site. To delete users from Active Directory directory services, specify true for thedeleteadaccounts parameter.Required parameters Optional parameters-url none -deleteadaccounts

Sample syntax: stsadm.exe -o deletesite -url url -deleteadaccounts true/false

deletetemplate

Deletes the specified site template.Required parameters Optional parameters-title -lcid

Sample syntax:

stsadm.exe -o deletetemplate -title template title [-lcid language]

deleteuser

Deletes the specified user.Required parameters Optional parameters-url

-userloginnone

Sample syntax: stsadm -o deleteuser -url url -userlogin DOMAIN\username

deleteweb

Deletes the specified subsite.Required parameters Optional parameters-url none

Sample syntax: stsadm.exe -o deleteweb -url url


deletewppack

Removes the Web Parts in a Web Part package from a virtual server. When you delete the last instance of a WebParts package on a server or server farm, Stsadm.exe also deletes the Web Part package from the configurationdatabase.

The parameter name specifies the name of the Web Part package. The parameter url optionally specifies the URL ofthe virtual server on which to delete the Web Parts. If url is omitted, Stsadm.exe deletes the Web Parts from the Binfolder of every virtual server on the server or from the global assembly cache.

Use the lcid parameter to remove a particular language version of a Web Part package.Required parameters Optional parameters

-name-url

-lcid

Sample syntax: stsadm -o deletewppack -name name of Web Part package [-url url] [-lcid language]

deletezoneurl


Deletes previously created zone urls created with the addzoneurl operation.Required parameters Optional parameters-url

-urlzonenone

Sample syntax: stsadm.exe -o deletezoneurl -url http://existing.sharepointvserver.URLdomain

-urlzone extranet



-urlzone Specifies which one of the five zones with which the outgoing URL will be associated. The possible values forthis property are: default, internet, intranet, extranet, or custom.

disablessc

Disables Self-Service Site Creation for the specified virtual server.Required parameters Optional parameters-url none

Sample syntax: stsadm -o disablessc -url url

disablestsisapis


NoteÂ Â This operation has been replaced by the following operations in Windows SharePoint Services SP2 andlater. See addalternatedomain and addzoneurl. Disables the Windows SharePoint Services ISAPI extensions. This operation is used by the Setup program forWindows SharePoint Services.Required parameters Optional parametersnone none

Sample syntax: stsadm -o disablestsisapis

email

Sets the e-mail configuration settings for your server, or for a specific virtual server (when you use the url parameter).Required parameters Optional parameters-outsmtpserver

-fromaddress

-replytoaddress

-codepage

-url

Sample syntax:

stsadm.exe -o email -outsmtpserver SMTP server

-fromaddress [email protected] -replytoaddress [email protected]

-codepage codepage [-url url]

enablessc

Enables Self-Service Site Creation for the specified virtual server.Required parameters Optional parameters-url -requiresecondarycontact

Sample syntax: stsadm -o enablessc -url url [-requiresecondarycontact]

enablestsisapis

NoteÂ Â This operation has been replaced by the following operations in Windows SharePoint Services SP2 andlater. See addalternatedomain and addzoneurl. Enables the Windows SharePoint Services ISAPI extensions. This operation is used by the Setup program forWindows SharePoint Services.Required parameters Optional parametersnone none

Sample syntax: stsadm -o enablestsisapis

enumalternatedomains



Lists the incomingURLs and which URL zones and outgoing URLs they are mapped to.Required parameters Optional parameters-url none

Sample syntax:stsadm.exe â€“o enumalternatedomains â€“url http://sharepoint:1234


-url

URL of the virtual server as it is displayed on the VirtualServer List page in the SharePoint Central Administrationsite. If the virtual server is bound to a specific IP addressor to a specific host header in IIS, then you can also usethat IP address or host header as the value for thisproperty.

enumroles

Lists the site groups that are available for use in a particular site or subsite.Required parameters Optional parameters-url none

Sample syntax: stsadm -o enumroles -url URL

enumsites

Lists all of the sites that have been created under a particular virtual server. The url parameter must be the URL of avirtual server.Required parameters Optional parameters-url none

Sample syntax: stsadm -o enumsites -url URL

enumsubwebs

Lists the subsites that have been created under a particular site.Required parameters Optional parameters-url none

Sample syntax: stsadm -o enumsubwebs -url URL

enumtemplates

Lists the site templates that are available.Required parameters Optional parametersnone -lcid


Sample syntax:

stsadm.exe -o enumtemplates [-lcid language]

enumusers

Lists the users of a particular site or subsite.Required parameters Optional parameters-url none

Sample syntax:

stsadm.exe -o enumusers -url url

enumwppacks

Lists the Web Part Packages currently in your server Web Part gallery. Required parameters Optional parameters

none-name

-url

Sample syntax: stsadm -o enumwppacks [-name name of Web Part Package]

[-url URL]

enumzoneurls


Lists the outgoing URLs and which URL zones they are mapped to.Required parameters Optional parameters-url none

Sample syntax: stsadm.exe -o enumzoneurls -url http://existing.sharepointvserver.URLdomain


-url

URL of the virtual server as it is displayed on the VirtualServer List page in the SharePoint Central Administrationsite. If the virtual server is bound to a specific IP addressor to a specific host header in IIS, you can also use thatIP address or host header as the value for this property.

extendvs

Extends a virtual server with Windows SharePoint Services and creates a new content database.

NoteÂ Â Extending a virtual server creates a site but does not require the createsite parameter. Use thedonotcreatesite parameter if you do not want to create a site when you extend the virtual server.


Required parameters Optional parameters

-url

-ownerlogin

-owneremail

-exclusivlyusentlm

-ownername

-databaseuser (du)

-databaseserver (ds)

-databasename (dn)

-databasepassword (dp)

-lcid

-sitetemplate

-donotcreatesite

-apcreatenew

-apidname

-apidtype

-apidlogin

-apidpwd

Sample syntax: stsadm -o extendvs -url url -ownerlogin DOMAIN\username

-owneremail [email protected] -exclusivlyusentlm yes/no [-ownername display name]

[-du database user] [-ds database server] [-dn database name]

[-dp database user password][-lcid lcid] [-sitetemplate site template]

[-donotcreatesite] [-apcreatenew] [-apidname app pool name]

[-apidtype configurableid/NetworkService/LocalService/LocalSystem]

[-apidlogin DOMAIN\username]

[-apidpwd app pool password]

extendvsinwebfarm

Extend a virtual server with Windows SharePoint Services for use in a server farm. This operation does not create anew content database, but allows you to connect to an existing virtual server (vsname) and use the same contentdatabase.Required parameters Optional parameters

-url

-vsname

-exclusivlyusentlm

-apcreatenew

-apidname

-apidtype

-apidlogin

-apidpwd


Sample syntax: stsadm -o extendvsinwebfarm -url url -vsname virtual server name -exclusivlyusentlm

yes/no

[-apcreatenew] [-apidname app pool name]

[-apidtype configurableid/NetworkService/LocalService/LocalSystem]

[-apidlogin DOMAIN\username]

[-apidpwd app pool password]

getadminport

Returns the administration port for Windows SharePoint Services.Required parameters Optional parametersnone none

Sample syntax: stsadm -o getadminport

getproperty

Returns the property value for the specified property name. For a list of valid properties, see Command-LineProperties.Required parameters Optional parameters-propertyname (pn) -url

Sample syntax: stsadm -o getproperty -pn property name [-url url]

migrateuserRequired Parameter Optional parameter-oldlogin %DOMAIN\name# -ignoresidhistory-newlogin %DOMAIN\name#

Sample syntax:stsadm -o migrateuser -oldlogin DOMAIN\name-newloginDOMAIN\name [-ignoresidhistory]

recalcuatestorageusedUsed to recalcuate storage used for a virtual serverRequired Parameter Optional Parameter-url virtual server url none

Sample syntaxstsadm -o recalculatestorageused virtual server url

removedrservice

Removes a data retrieval service from the list of data retrieval services that pertain to a specific setting on the DataRetrieval Services Settings pages. Specify the service name, and then the setting. Settings include enabled,responsesize, timeout, and update.Required parameters Optional parameters


-servicename

-settingnone

Sample syntax: stsadm.exe -o removedrservice -servicename service name -setting

enabled/responsesize/timeout/update

renameweb

Renames the specified subsite.Required parameters Optional parameters-url

-newnamenone

Sample syntax: stsadm.exe -o renameweb -url url -newname new subsite name

restore

Restores a Web site from a backup file. Use the overwrite parameter to replace any existing Web site at the newlocation.Required parameters Optional parameters-url

-filename-overwrite

Sample syntax: stsadm.exe -o restore -url url -filename filename [-overwrite]

setadminport

Sets the port number for the administration virtual server for Windows SharePoint Services. Use the ssl parameter tospecify a Secure Sockets Layer (SSL) connection to the port. Use the admap... parameters to specify the IISapplication pool to use or to create a new IIS application pool for the administration virtual server.Required parameters Optional parameters

-port

-ssl

-admapcreatenew

-admapidname

-admapidtype

-admapidlogin

-admapidpwd

Sample syntax: stsadm.exe -o setadminport -port port [-ssl]

[-admapcreatenew] [-admapidname app pool id]


[-admapiptype configurableid/NetworkService/LocalService /LocalSystem]

[-admapidlogin app pool user account] [-admapidpwd app pool password]

setconfigdb

Creates the configuration database or specifies the connection to an existing configuration database. Setting theconfiguration database is required before a virtual server can be extended.Required parameters Optional parameters

-databaseserver (ds)

-connect

-databaseuser (du)

-databasepassword (dp)

-databasename (dn)

-hh

-adcreation

-addomain

-adou

Sample syntax: stsadm.exe -o setconfigdb [-connect] -ds database server

[-du database user] [-dp database user password] [-dn database name]

[-hh] [-adcreation] [-addomain AD domain] [-adou AD OU]

setproperty

Sets the specified property with the specified value. Use the url property to specify a virtual server or site collectionto apply the property to, or omit the url parameter to apply the property at the server or server farm level. For a listof valid properties, see Command-Line Properties.Required parameters Optional parameters-propertyname (pn)

-propertyvalue (pv)-url

Sample syntax: stsadm.exe -o setproperty -pn property name

-pv property value [-url url]

siteowner

Sets the owner or secondary owner of a site collection. Either the ownerlogin or secondownerlogin parameter mustbe used.Required parameters Optional parameters-url

either -ownerlogin or -secondownerloginnone

Sample syntax:


stsadm.exe -o siteowner -url url [-ownerlogin DOMAIN\username | -secondownerlogin

DOMAIN\username]

unextendvs

Removes Windows SharePoint Services from a particular virtual server. Use the deletecontent parameter to deletethe content databases for the virtual server.Required parameters Optional parameters-url -deletecontent

Sample syntax: stsadm.exe -o unextendvs -url url [-deletecontent]

uninstall

Uninstalls Windows SharePoint Services from the default virtual server at port 80. Any other virtual servers that wereextended with Windows SharePoint Services will not be unextended. Uninstall removes the Windows SharePointServices ISAPI extensions and any virtual directories or other files from the virtual server. It does not delete thecontent databases unless you include the deletecontent parameter. This operation is used by the Setup program forWindows SharePoint Services.Required parameters Optional parametersnone -deletecontent

Sample syntax: stsadm.exe -o uninstall [-deletecontent]

upgrade

Upgrades the server or the specified virtual server with Windows SharePoint Services. This operation is used by theSetup program for Windows SharePoint Services.Required parameters Optional parameters

none

-url

-forceupgrade

-quiet

Sample syntax: stsadm.exe -o upgrade [-url url] [-forceupgrade ] [ -quiet ]

userrole

Specifies the site group membership for a user. Use the add and delete parameters to specify whether to add theuser to a site group or remove the user from a site group.Required parameters Optional parameters-url

-userlogin

-role

-add

-delete

Sample syntax: stsadm.exe -o userrole -url url -userlogin DOMAIN\username


-role site group name [-add] [-delete]



Command-Line ParametersThe following table lists and explains the parameters you can use with operations for Stsadm.exe. For detailedinformation about the operations, including sample syntax, see Command-Line Operations. For more informationabout using the command-line tool, see Introducing the Administration Tools for Windows SharePoint Services.Parameter Short form Definition Sample values

adcreation

Specifies that new useraccounts are created inMicrosoft Active Directorydirectory service.

add

Specifies that the user isadded to a site group whenthe userrole operation isrun.

addomain The Active Directorydomain.

admapcreatenew

Specifies that a newapplication pool is created inInternet InformationServices (IIS).

admapidlogin

The user name to use forrunning processes in theadministrative applicationpool.

This value must be aMicrosoft Windows username, and must be qualifiedwith a domain name, forexample DOMAIN\name.

admapidname The administrativeapplication pool ID.

admapidpwdThe password thatcorresponds to theadmapidlogin.

admapidtypeThe identity type to use forthe administrativeapplication pool.

(configurableid/NetworkService/LocalService/LocalSystem)

adou The Active Directoryorganizational unit (OU).

apcreatenew -apnew

Specifies that a newapplication pool is created inInternet InformationServices (IIS).

apidlogin -aplThe user name to use forrunning processes in theapplication pool.

This value must be aWindows user name, andmust be qualified with adomain name, for exampleDOMAIN\name.

apidname The application pool ID.

apidpwdThe password thatcorresponds to theapidlogin.


apidtype The identity type to use forthe application pool.

(configurableid/NetworkService/LocalService/LocalSystem)

codepage The language codepage touse for e-mail messages.

This value must be a validcodepage, such as 65001.

connectConnects to an existingdatabase, rather thancreating a new one.

convertoptional switch used increateweb operation toconvert a folder to a subsite

databasename -dn

The name of the MicrosoftSQL Server database orMicrosoft SQL Server2000 Desktop Engine(Windows) (WMSDE)database used for WindowsSharePoint Services data.

The default database nameis automatically generatedbased on the machine name,virtual server, and subsite.For example,SharePoint_collab_stsid.

databasepassword -dp

The password thatcorresponds to theadministrator user name forthe SQL Server database orWMSDE database.

databaseserver -ds

The server on which theWindows SharePointServices collaborationdatabase exists.

The default is the localmachine name. For example,SQL_01.

databaseuser -du

The administrator user namefor the SQL Serverdatabase or WMSDEdatabase.

delete

Specifies that the user isdeleted from a site groupwhen the userroleoperation is run.

deleteadaccounts

Specifies that users aredeleted from ActiveDirectory directory servicewhen the deletesiteoperation is run.

deletecontent

Specifies that the contentdatabases are deleted whena virtual server isunextended or WindowsSharePoint Services isuninstalled.

description -desc The site or templatedescription. Any text string.

donotcreatesiteSpecifies that no site iscreated when a virtualserver is extended.


exclusivlyusentlm

New in Microsoft WindowsSharePoint Services ServicePack 2 (SP2). Kerberos isenabled by default inWindows SharePointServices SP2 using typicalinstallation, eariler versionsthe default was ntlm.

-exclusivelyusentlm<yes/no>

filename -fA valid file name for a file,template, or Web Partpackage.

A full path and file name,such asC:\Myfiles\Filename.htm.

fromaddress

The e-mail address to use asa From address on servermessages, such as alertnotifications.

This value must be a valide-mail address, in the [email protected].

force

Specifies that an existingWeb Part package isoverwritten when the addwppack operation isrun.

forceupgrade

Bypasses the initialSPVirtualServer.NeedUpgrade check and upgradesanyway. Useful when theSPVirtualServer object itselfdid not need upgrade, butthe attached contentdatabases still needed to beupgraded.

globalinstall

Specifies that, when the addwppack operation isrun, the Web Part packageis installed in the globalassembly cache (GAC)rather than in the Bindirectories of each virtualserver. Assemblies installedin the GAC are available toall applications on theserver..

hh

Specifies that the server is ina server farm hostingconfiguration. No databaseis created and the virtualserver is extended byconnecting to existingcontent database. You mustspecify an existing SQLconnection string to theconfiguration database whenyou use this parameter.


incomingurl

New in WindowsSharePoint Services SP2.Adds the ability to map anincoming URL for anyrequests that come from thereverse proxy server orclient to an existing virtualserver. You can mapmultiple incoming URLs tothe same URL zone.

protocol://incoming.url.domain

lcid

The locale ID for sitescreated on this virtualserver. Default is the installlanguage for WindowsSharePoint Services.

A locale ID, for example1033.

name -n The name of a Web Partpackage.

newname -new The new name to use whenrenaming a subsite.

operation -o The operation to perform.For a list of availableoperations, see Command-Line Operations.

outsmtpserver The SMTP server to use foroutgoing messages.

overwrite

Specifies that any existingbackup files or existing Websites will be overwrittenduring backup or restore.

owneremail The site owner's e-mailaddress.


ownerlogin The site owner's useraccount.


ownername The site owner's displayname.

portThe port to use forSharePoint CentralAdministration.

An integer, such as 80.

propertyname -pn A valid property name. For names, see Command-Line Properties.

propertyvalue -pv A valid property value. For more information, see Command-Line Properties.

quiet used to prevent any consoleoutput

quota -qtThe quota template to applyto sites created on the virtualserver.

A quota template name. Forexample, personalquotas.


replytoaddressThe e-mail address thatusers can reply to when theyreceive server messages.


requiresecondarycontactSpecifies that users mustsupply a secondary contactwhen they create a new site.

role A valid site group name. For example, reader.

secondaryemail -se The secondary site owner'se-mail address.


secondarylogin -sl The secondary site owner'suser account.


secondaryname -sn The secondary site owner'sdisplay name.

servicename -svc The name of a data retrievalservice. For example, Service1.

setting A setting for data retrievalservices.

Any of the following values: enabled, responsesize,timeout, update.

siteadmin Specifies that the user is anadministrator of the site.


sitetemplate -st The template to apply to thenew site.

The value must be in theform name#configuration. Ifyou do not specify theconfiguration, configuration0 is the default (for example,STS#0). The list of availabletemplates can be customizedto include templates youcreate.

Values available in a defaultinstallation include:

STS#0 (Team Site)

STS#1 (Blank Site)

STS#2 (DocumentWorkspace)

MPS#0 (Basic MeetingWorkspace)

MPS#1 (Blank MeetingWorkspace)

MPS#2 (Decision MeetingWorkspace)

MPS#3 (Social MeetingWorkspace)

MPS#4 (Multipage MeetingWorkspace)

NoteÂ Â If you added atemplate to the centraltemplate gallery, you mustspecify the template name as_GLOBAL_#number,where number refers to thetemplate ID.

ssl

Specifies that SecureSockets Layer (SSL)encryption is used for theadministration port.

title -t The template or site title Any text string.

type Type of path to add orremove.

(exclusion/explicitinclusion/wildcardinclusion)

unique Specifies that the subsiteuses unique permissions.


url

The URL to the virtualserver, site, or subsite. If thevirtual server is bound to aspecific IP address or to aspecific host header inMicrosoft InternetInformation Services (IIS),you can also use that IPaddress or host header asthe value for this property.

NoteÂ Â The value of thisproperty is displayed in theVirtual Server List inSharePoint CentralAdministration.

For example,http://myserver/site1.

urlzone

New in WindowsSharePoint Services SP2.

Specifies which one of thefive zones with which theoutgoing URL isassociated.

default, internet, intranet,extranet, or custom.

useremail An e-mail address.This value must be a valide-mail address, in the [email protected].

userlogin A user account.


username -u A user name.

Always use the short formfor this parameter (u). Thisvalue must be either aWindows user accountname or a Windows groupaccount name, and can bequalified with a domainname, for exampleDOMAIN\name.

vsname The virtual server name.


zonemappedurl

New in WindowsSharePoint Services SP2.Maps the outgoing URL tothe URL configured with theaddalternetdomanoperation.

The outgoing URL is used inWeb pages or e-mailmessages going from theWeb server to the reverseproxy server or the client.This URL is the one that canbe reached by the end user.This step ensures that theend user sees the correctURL when the URL isreturned from the server tothe client.

-zonemappedurl<protocol://outgoing.url.domain>



Show All

Command-Line PropertiesThis topic lists and explains the properties that can be set on the command line by using the Stsadm.exe tool with the getproperty and setproperty operations. To see the current value of a property, you use the getpropertyoperation. To set the value for a property, you use the setproperty operation. The following examples show thesyntax to use when getting or setting a property:

stsadm.exe -o getproperty -pn <property name> [-url <url>]

stsadm.exe -o setproperty -pn <property name> -pv <property value> [-url <url>]

Some properties are available for the entire server, and are called server properties. Some are only available for anindividual virtual server. When you get or set a server property, you can omit the url parameter. You must include theurl parameter to get or set virtual server properties. For more information about setting properties, see "Introducingthe Administration Tools for Windows SharePoint Services" in the Windows SharePoint Services Administrator'sGuide.

Server Properties for Windows SharePoint Services Antivirus properties Content database properties Data retrieval services properties General server properties HTML Viewer properties Security properties Site confirmation and automatic deletion properties Usage analysis properties

Virtual Server Properties for Windows SharePoint Services Alert properties Data retrieval services properties General virtual server properties Security properties Site confirmation and automatic deletion properties Web Part configuration properties

Alert Properties

Use these properties to configure alerts for your server. The alerts-enabled, alerts-limited, and alerts-maximumproperties can be set at either the server (and server farm) or virtual server level. Use the -url parameter to configurethese properties for a specific virtual server or omit it to configure these properties for an entire server. The job-daily-alerts, job-immediate-alerts, and job-weekly-alerts properties properties can be set only at the virtualserver level. You must specify the -url parameter when you configure these properties. For more information aboutalerts, see Managing Alerts.Property name Description Values

alerts-enabled Specifies whether alerts are enabledfor this virtual server "true" or "false"

alerts-limited Specifies whether users are limited asto the number of alerts they can create "true" or "false"


alerts-maximumIf alerts-limited is configured,specifies the maximum number ofalerts that users can create

A numerical value

job-daily-alerts Specifies the time to send out dailyalerts

A phrase that includes the frequencyinterval and time range to send outnotifications. For example "dailybetween 22:00:00 and 06:00:00".

job-immediate-alerts Specifies how long to wait beforesending out daily alerts

A phrase that includes the frequencyinterval and time range to send outnotifications. For example "every 5minutes between 0 and 59".

job-weekly-alerts Specifies the day and time to send outweekly alerts

A phrase that includes the frequencyinterval and time range to send outnotifications. For example "weeklybetween Fri 22:00:00 and Mon06:00:00".

Antivirus Properties

Use these properties to configure antivirus protection for your server. These properties can be set only at the server(and server farm) level. You do not need to specify the -url parameter when you configure these properties. For moreinformation about using antivirus scanning, see Configuring Antivirus Protection.Property name Description Values

avallowdownload Specifies whether users can downloadinfected files to their client computers "yes" or "no"

avcleaningenabled Specifies whether antivirus cleaning isenabled "yes" or "no"

avdownloadscanenabled Specifies whether the download scansare enabled "yes" or "no"

avnumberofthreads Specifies the number of threads totake up with antivirus processes

A numerical value, the number ofthreads to use

avtimeout Specifies the timeout time for scanning A numerical value, in seconds

avuploadscanenabled Specifies whether the upload scansare enabled "yes" or "no"

Content Database Properties

Use these properties to set the server name, user name, and password to use for the default content database for yourserver. These properties can be set only at the server (and server farm) level. You do not need to specify the -urlparameter when you configure these properties. For more information about the default content database, see contentdatabases.Property name Description Values

defaultcontentdb-password Specifies the password for thedefaultcontentdb-user A password

defaultcontentdb-server Specifies the server that contains thedefault content database A server name

defaultcontentdb-user Specifies the username for the defaultcontent database

A user account in the formatDOMAIN\username

Data Retrieval Services Properties


Use these properties to configure data retrieval services for your virtual server, server, or server farm. Theseproperties can be set at either the server or virtual server level. Use the -url parameter to configure these propertiesfor a specific virtual server or omit it to configure these properties for an entire server. For more information aboutdata retrieval services, see Configuring Data Retrieval Services.Property name Description Values

data-retrieval-services-enabled Specifies whether data retrievalservices are enabled "true" or "false"

data-retrieval-services-enabled-listThe list of services to which thedata-retrieval-services-enabled settingapplies

A list of services, such as"OLEDB;SOAP Passthrough"

data-retrieval-services-inherit Specifies whether to inherit the serverfarm settings for a virtual server "true" or "false"

data-retrieval-services-response-size Specifies the maximum size for datareturned from the back-end source

An integer value in kilobytes (KB)between 1 and 100,000

data-retrieval-services-response-size-list

The list of services to which thedata-retrieval-services-response-sizesetting applies

A list of services, such as "OLEDB"

data-retrieval-services-timeoutSpecifies the time an adapter will waitfor a response from the back-enddata source

An integer value in seconds between 1and 100,000

data-retrieval-services-timeout-listThe list of services to which thedata-retrieval-services-timeout settingapplies


data-retrieval-services-updateSpecifies whether adapters canexecute requests that containupdatable queries

"true" or "false"

data-retrieval-services-update-listThe list of services to which thedata-retrieval-services-update settingapplies


data-retrieval-services-oledb-providers

Specifies the list of supportedOLEDB providers

The list of OLEDB providers,separated by semi-colons

For example:"DB2OLEDB;IBMDADB2;MSDAORA;OraOLEDB.Oracle;SQLOLEDB"

General Virtual Server Properties

Use the following properties to specify general settings for a virtual server. These properties can be set only at thevirtual server level. You must specify the -url parameter when you configure these properties. For more informationabout specifying virtual server general settings, see Configuring Virtual Servers. For more information aboutlarge-file-chunk-size, see Configuring large file support in Installing and Using Service Packs for WindowsSharePoint Services.Property name Description Values

days-to-show-new-iconSpecifies how long (in days) to displaythe New icon for items added to aWeb site

A numerical value (number of days)

defaultquotatemplate Specifies the default quota templatefor Web sites A quota template name


defaulttimezone Specifies the default time zone forWeb sites

A time zone (numerical). For a list ofvalid time zones, see Regional andLanguage Settings.

large-file-chunk-size Specifies the chunk size to use forlarge files

A numerical value, in megabytes(MB). The default value is 5 MB.

max-file-post-size Specifies the maximum size for filesposted to Web sites

A numerical value, in megabytes(MB). The default value is 50 MB.

General Server Properties

Use these properties to specify settings for your server. These properties can be set only at the server (and serverfarm) level. You do not need to specify the -url parameter when you configure these properties. For more informationabout changing IIS application pool identities, see Changing the Application Pool Identity for a Virtual Server. Formore information about user account modes, see Installation Considerations for Windows SharePoint Services. Formore information about full-text search, see Managing and Customizing Search.Property name Description Values

adminportidentity

Contains the IIS Application Poolidentity that is being used for theSharePoint Central Administrationport.

You can only use the "getproperty"operation with this property - it cannotbe set through the command line. Toset this property, you must change theIIS Application Pool identity in IIS.

The IIS Application Pool identity thatthe Central Administration port isrunning under

fulltextsearchenabled Specifies whether full text searchingand indexing is enabled "1" (yes) or "0" (no)

HTML Viewer Properties

Use these properties to specify HTML Viewer options for your server or server farm. These properties can be setonly at the server (and server farm) level. You do not need to specify the -url parameter when you configure theseproperties. For more information about HTML viewing, see Managing HTML Viewers.Property name Description Values

htmltranslbpath Specifies the path (URL) to theHTML Viewer server A URL

htmltransmaxcachesize Specifies the maximum cache size forthe HTML Viewer A numerical value, in MB

htmltransmaxsize Specifies the maximum file size thatcan be viewed A numerical value, in MB

htmltranson Specifies whether HTML viewing isenabled "true" or "false"

htmltranstimeout Specifies the timeout time for HTMLviewing A numerical value, in seconds

Security Properties

Use these properties to set security policies for Self-Service Site Creation, user names and passwords, and securityvalidation, and to get the virtualserverpermsmask property.


Some of these properties can be set only at the virtual server level. You must specify the -url parameter when youconfigure these properties. For more information about Self-Service Site Creation, see Configuring Self-Service SiteCreation.Property name Description Values

createadaccounts

Contains a value specifying which useraccount mode has been configured."Yes" indicates that you are in ActiveDirectory account creation mode, "no"indicates that you are in domainaccount mode.

You can only use the "getproperty"operation with this property - it cannotbe set through the command line. Thisproperty is set when you installWindows SharePoint Services andchoose a user account mode.

This property is only available at theserver level and does not take the -urlparameter.

"yes" or "no"

ssc

Specifies whether to allowSelf-Service Site Creation.

This property can only be set at thevirtual server level and requires the -url parameter.

"yes" or "no"

ssc-contact

Specifies whether or not to require asecondary contact for sites created byusing Self-Service Site Creation.


"yes" or "no"

adaccountdomain

Specifies the Active Directory domainname to use for user accounts inActive Directory account creationmode.

This property can only be set at theserver level and does not take the -urlparameter.

A domain name

adaccountou

Specifies the organizational unit to usefor user accounts in Active Directoryaccount creation mode.

This property can only be set at theserver level and does not take the -urlparameter.

An organizational unit name


send-ad-email

Specifies whether or not to sendusernames and passwords throughe-mail.


"true" or "false"

securityvalidation-enabled

Specifies whether security credentialsmust be validated again before anoperation that has timed out can berun again.


"true" or "false"

securityvalidation-expire

Specifies whether Web Page SecurityValidation is set to never expire.


"true" or "false"

securityvalidation-timeout

Specifies how long (in minutes) to waitbefore requiring security validation fora timed-out operation.


A number (minutes to wait)

virtualserverpermsmask

Contains a value that indicates whatchanges have been made to the list ofuser rights available for use on avirtual server with the virtualserverpermsmask property.

You can only use the "getproperty"operation with this property - it cannotbe set through the command line. Thisproperty is set when you makechanges to the Manage User Rightsfor Virtual Server page in SharePointCentral Administration.

This property is only available at thevirtual server level and requires the -url parameter.

For more information aboutconfiguring the list of user rightsavailable for use on a virtual server,see Controlling User Rights andAssigning Tasks.

A hashed number

Site Confirmation and Automatic Deletion Properties


These properties can be set either at the server (and server farm) level or at the virtual server level. Use the -urlparameter to configure these properties for a specific virtual server or omit it to configure these properties for an entireserver. For more information about site confirmation and automatic deletion, see Managing Unused Web Sites.Property name Description Values

delete-web-send-email Specifies whether to send e-mailnotifications about unused Web sites "yes" or "no"

dead-site-notify-after Specifies how long to wait beforesending the first e-mail notification

A numerical value (the number of daysto wait before sending notifications)

dead-site-num-notifications Specifies how many e-mailnotifications to send

A numerical value (the number ofnotifications to send)

dead-site-auto-delete Specifies whether to automaticallydelete unused Web sites "yes" or "no"

job-dead-site-delete Specifies when to delete unused Websites automatically

A phrase that includes the frequencyinterval and time range to deleteunused Web sites automatically. Forexample "weekly at Sat 0:00:00".

Usage Analysis Properties

This property can be set either at the server (and server farm) level or at the virtual server level. Use the -urlparameter to configure these properties for a specific virtual server or omit it to configure these properties for an entireserver. For more information about usage analysis, see Configuring Usage Analysis.Property name Description Values

job-usage-analysisSpecifies the frequency (daily, weekly,monthly) and time of day to performthe usage analysis processes.

A phrase that includes the frequencyinterval and time range to performusage analysis log processing. Forexample "daily between 16:55:00 and17:00:00".

If you want the job to start at a specific time, set the beginning and end times to the same time, for example: "dailybetween 16:55:21 and 16:55:21".

NoteÂ Â This property can be set only to "daily", not to "weekly" or "immediate".

If you want to view the current setting for the job-usage-analysis property, you must include the URL parameter.For example, to see the current usage analysis setting for the default Web site, use the following syntax:

stsadm.exe -o getproperty -pn job-usage-analysis -url http://localhost

Web Part Configuration Properties

Use these properties to configure Web Part settings. These properties can be set only at the virtual server level. Youmust specify the -url parameter when you configure these properties. For more information about configuring WebPart settings, see About Web Parts and Managing Web Parts on Virtual Servers.Property name Description Values

spallowglobalcatalog Specifies whether users can use theonline Web Part gallery "1" or "0"

spallowsp2p

Specifies whether users can connectWeb Parts (pass data or values froma source Web Part to a target WebPart)

"1" or "0"




Show All

Command-Line Options forSetupsts.exeWhen you install Microsoft Windows SharePoint Services, you can use command-line properties and setup optionsto control how it is installed. For example, to install Windows SharePoint Services to work with a remote installationof Microsoft SQL Server, you run Setupsts.exe with the remotesql=yes option to avoid installing Microsoft SQLServer 2000 Desktop Engine (Windows) (WMSDE). Then, after the installation, you can specify the SQL Servercomputer connection information and extend your servers.

The following table lists and explains the properties you can use with the command-line Setup program (Setupsts.exe)for Windows SharePoint Services.Property Description

remotesql=yes/no

An optional property that specifies whether or notWMSDE is installed with Windows SharePoint Services.The default value is no. Set this property to yes if you aregoing to use an existing or remote installation of MicrosoftSQL Server with Windows SharePoint Services. Formore information, see Remote SQL Server Deployment.

fulluninstall=yes/no

Specifies whether or not to remove Windows SharePointServices from extended virtual servers when performingan uninstall. The default value is yes. It is recommendedthat you use the Add or remove programs control panelto uninstall Windows SharePoint Services. For moreinformation, see Uninstalling Windows SharePointServices.

provision=yes/no

Specifies whether or not to provision the administrativevirtual server, extend the default virtual server, and createa top-level Web site during installation. The default valueis yes. Set this property to no if you want to provisionvirtual servers later using the Stsadm.exe command-linetool.

NoteÂ Â The remotesql=yes property also installsWindows SharePoint Services without provisioning thedefault virtual server, but it does provision theadministration virtual server.

Not all of the standard setup options for Microsoft Windows Installer programs are supported by WindowsSharePoint Services. For example, you cannot create an administrative installation point for Windows SharePointServices (performed for other programs by including the /a option). The following table lists and describes the setupoptions supported by Windows SharePoint Services.Option Description

datadir="<path>\\"

Specifies where to install WSMDE. Set this property to apath on your local server, for example:datadir="d:\program files\wmsdedata\\". For moreinformation, see Single Server Deployment.


l <path to log file> Log setup messages to the specified file.

q or qnRun Setupsts in quiet mode (unattended setup with nouser intervention). For more information, see Performing aQuiet Installation.

qb Run Setupsts in basic mode (limited user intervention).Includes a progress bar.

qf Run Setupsts in full mode (user must fill in options duringsetup). This is the default option.

qr Run Setupsts in reduced mode. Displays reduced UIduring installation.

qn+Run Setupsts in quiet mode (unattended setup with nouser intervention). Displays a Setup complete dialog boxat the end of the installation.

qb+

Run Setupsts in basic mode (limited user intervention).Includes a progress bar and a Setup complete dialogbox at the end of the installation. If you cancel theinstallation, the dialog box is not displayed.

qb- Run Setupsts in basic mode (limited user intervention).Does not display a Setup complete dialog box.

x Uninstall Windows SharePoint Services.©2003 Microsoft Corporation. All rights reserved.


User Rights and Site GroupsThis topic explains the rights and site groups you can assign to users by using operations in Stsadm.exe and by usingHTML Administration pages. Each user right or site group is listed by the name that appears in HTML Administrationpages. The name used to identify a site group for the Stsadm.exe command-line tool is listed in a table. For each sitegroup, the default rights included in that site group are listed. For each right, any rights dependent on the right arelisted, as well as any default site groups that include the right.

For more information about user rights and site groups, see "Managing Site Groups and Permissions" and "ManagingUsers and Cross-Site Groups" in the Windows SharePoint Services Administrator's Guide. For more informationabout using the command-line tool, see "Introducing the Administration Tools for Windows SharePoint Services" inthe Windows SharePoint Services Administrator's Guide.

Default Site Groups in Windows SharePoint Services Guest Reader Contributor Web Designer Administrator

User Rights Available for Windows SharePoint Services Add and Customize Pages Add Items Add/Remove Private Web

Parts Apply Style Sheets Apply Themes and Borders Browse Directories Cancel Check-out

Create Cross-Site Groups Create Subsites Delete Items Edit Items Manage Lists Manage List Permissions Manage Personal Views

Manage Site Groups Manage Web Site Update Personal Web Parts Use Self-Service Site

Creation View Items View Pages View Usage Data

Default Site GroupsMicrosoft Windows SharePoint Services includes five site groups by default. You can customize the rights available inthese site groups (except for the Guest and Administrator site groups) or add new site groups to combine differentsets of rights.

Guest

The Guest site group is designed to be combined with per-list permissions on particular lists to give guest users accessto a specific list, without giving them access to the entire site. The Guest site group cannot be customized or deleted.Command-line name Rights included by defaultguest None

Reader

The Reader site group allows a user to view items in lists and document libraries, view pages in the site, and create asite using Self-Service Site Creation.Command-line name Rights included by default


reader

Use Self-Service Site Creation

View Pages

View Items

Contributor

The Contributor site group allows a user to interact with Web Parts and lists and document libraries. They can alsocreate and manage personal views and cross-site groups, and personalize Web Part Pages.Command-line name Rights included by default

contributor

All rights included in the Reader site group, plus:

Add Items

Add/Remove Private Web Parts

Browse Directories

Create Cross-Site Groups

Delete Items

Edit Items

Manage Personal Views

Update Personal Web Parts

Web Designer

The Web Designer site group allows a user to customize the Web site using the HTML tools or a Web page editorcompatible with Windows SharePoint Services, such as Microsoft Office FrontPage 2003. For example, WebDesigners can create lists from within the site or add new pages to the site by using a Web page editor.Command-line name Rights included by default

web designer

All rights included in the Contributor site group, plus:

Add and Customize Pages

Apply Themes and Borders

Apply Style Sheets

Cancel Check-out

Manage Lists

Administrator

The Administrator site group allows a user to have complete control over a Web site. Members of the Administratorsite group can configure settings, manage users and site groups, and view usage analysis data.


Command-line name Rights included by default

administrator

All rights included in the Web Designer site group, plus:

Create Subsites

Manage List Permissions

Manage Site Groups

View Usage Data

User RightsWindows SharePoint Services includes 21 rights, which are used in the five default user site groups. You can changewhich rights are included in a particular site group (except for the Guest and Administrator site groups) or create anew site group to contain a specific list of rights.

Add and Customize Pages

Grants permission to create ASP.NET, ASP, and HTML pages for a Web site.Site groups included in by default Dependent rightsWeb Designer, Administrator Browse Directories, View Pages

Add Items

Grants permission to add items to lists or add documents to document libraries.Site groups included in by default Dependent rightsContributor, Web Designer, Administrator View Items, View Pages

Add/Remove Private Web Parts

Grants permission to add and remove Web Parts in order to personalize Web Part Pages.Site groups included in by default Dependent rightsContributor, Web Designer, Administrator Update Personal Web Parts, View Items, View Pages

Apply Style Sheets

Grants permission to apply a style sheet to the entire Web site.Site groups included in by default Dependent rightsWeb Designer, Administrator View Pages

Apply Themes and Borders

Grants permission to apply a theme or border to an entire Web site.Site groups included in by default Dependent rightsWeb Designer, Administrator View Pages

Browse Directories

Grants permission to browse the directory structure of a Web site.Windows SharePoint Services Administrator's Guide Página 362 de 382

Site groups included in by default Dependent rightsContributor, Web Designer, Administrator View Pages

Cancel Check-out

Grants permission to cancel the check-out action performed by another user.Site groups included in by default Dependent rightsWeb Designer, Administrator View Pages

Create Cross-Site Groups

Grants permission to create or delete cross-site groups, or to change membership of a cross-site group.Site groups included in by default Dependent rightsContributor, Web Designer, Administrator View Pages

Create Subsites

Grants permission to create a new subsite or workspace site, such as a Document Workspace site or MeetingWorkspace site.Site groups included in by default Dependent rightsReader, Contributor, Web Designer, Administrator View Pages

Delete Items

Grants permission to delete list items and documents from the Web site.Site groups included in by default Dependent rightsContributor, Web Designer, Administrator View Items, View Pages

Edit Items

Grants permission to edit existing list items and documents in the Web site.Site groups included in by default Dependent rightsContributor, Web Designer, Administrator View Items, View Pages

Manage Lists

Grants permission to create, edit, or delete lists and change their settings.Site groups included in by default Dependent rightsWeb Designer, Administrator View Items, View Pages, Manage Personal Views

Manage List Permissions

Grants permission to change permissions for a list or document library.Site groups included in by default Dependent rights

Administrator Manage Lists, View Items, View Pages, ManagePersonal Views

Manage Personal Views


Grants permission to create, edit, or delete personal views on lists.Site groups included in by default Dependent rightsContributor, Web Designer, Administrator View Items, View Pages

Manage Site Groups

Grants permission to create, delete, and edit site groups, both by changing the rights assigned to the site group and bychanging which users are members of the site group.Site groups included in by default Dependent rightsAdministrator View Pages

Manage Web Site

Grants permission to perform administration tasks for a particular site or subsite.Site groups included in by default Dependent rightsAdministrator View Pages

Update Personal Web Parts

Grants permission to update Web Parts to display personalized information.Site groups included in by default Dependent rightsContributor, Web Designer, Administrator View Items, View Pages

Use Self-Service Site Creation

Grants permission to use the Self-Service Site Creation tool to create a top-level Web site.Site groups included in by default Dependent rightsReader, Contributor, Web Designer, Administrator View Pages

View Items

Grants permission to view items in lists, documents in document libraries, and Web discussion comments.Site groups included in by default Dependent rightsReader, Contributor, Web Designer, Administrator View Pages

View Pages

Grants permission to browse pages in the Web site.Site groups included in by default Dependent rightsReader, Contributor, Web Designer, Administrator None

View Usage Data

Grants permission to view reports on Web site usage.Site groups included in by default Dependent rightsAdministrator View Pages



Files and PermissionsThis appendix lists the detailed, minimum file permission settings that must be in place for Microsoft WindowsSharePoint Services to perform as designed.

Windows SharePoint Services InstallationDirectoryThe Windows SharePoint Services installation directory is C:\Program Files\Common Files\Microsoft Shared\WebServer Extensions\60 by default. Installation directory User Permissions

\ADMISAPI

Users

Administrators

SYSTEM

Read & Execute

Full Control

Full Control

\BIN

Users

Administrators

SYSTEM

Read & Execute

Full Control

Full Control

\CONFIG

Users

Administrators

SYSTEM

Read & Execute

Full Control

Full Control

\ISAPI

Users

Administrators

SYSTEM

Read & Execute

Full Control

Full Control

\TEMPLATE

Users

Administrators

SYSTEM

Read & Execute

Full Control

Full Control

Web Site Content AreaThis listing is for a Web site content area of \inetpub\wwwroot.Web site content area User Permissions\inetpub

NoteÂ Â All directories enclosing thecontent root will grant LISTpermissions to these accounts.


\inetpub\wwwroot\_vti_pvt

Users

Administrators

SYSTEM

IIS_WPG

Internet Guest Account (IUSR_*)

Read & Execute, Read

Full Control

Full Control


Special Permissions

web.config

Users

Administrators

SYSTEM

IIS_WPG



Full Control

Full Control

Read & Execute, Read, SpecialPermissions

Special Permissions

wpresources\web.config

Users

Administrators

SYSTEM

IIS_WPG

IUSR_*



Full Control

Full Control

Read & Execute, Read, SpecialPermissions

Special Permissions

Windows DirectoryWindows SharePoint Services also changes permissions for two folders in the Microsoft Windows directory(%WinDir%). Windows directory User Permissions

%temp%

Administrators

SYSTEM

STS_WPG

Network Service (for a domaincontroller only)

Full Control

Full Control

Read, Write

Read, Write


%WinDir%\logfiles\STS

Administrators

SYSTEM

STS_WPG

Network Service (for a domaincontroller only)

Full Control

Full Control

Read, Write

Read, Write



Special Directories and StorageLocationsThis appendix lists folders and files used by Microsoft Windows SharePoint Services.

Installation Directory FilesThe following files are added to the installation directory (c:\Program Files\Common Files\Microsoft Shared\WebServer Extensions\60) when you install Windows SharePoint Services.Folder Description Files and purpose

\ADMISAPI The physical directory addressed bythe SharePoint Central Administrationvirtual directory.

admin.asmx â€” ISAPI filter foradministration

\BIN Contains the core binary files forWindows SharePoint Services.

*.DLL â€” Core binary files

OWSTIMER.EXE â€” MicrosoftSharePoint Timer service

SMIGRATE.EXE â€” MicrosoftSharePoint Migration Tool

STSADM.EXE â€” Stsadm utility

STSCFG.EXE â€” Configurationutility used by Setup

\BIN\LCID\ Contains the core binary files used byspecific languages.

FPEXT.MSG â€” Error messagesand text strings

ONETINTL.DLL â€” Coreinternational binary file


\CONFIG Contains configuration files and defaultvalues for the server.

*.xml â€” XML files used to mapdefault values

appwpresweb.config â€”Configuration file

adminweb.config â€” Configurationfile for the administrative virtual server

gacwpresweb.config â€”Configuration file

layoutsweb.config â€” Configurationfile for the _layouts directory

web.config â€” Configuration file forvirtual servers

wss_mediumtrust.config â€”Configuration file

wss_minimaltrust.config â€”Configuration file

\ISAPI The physical directory addressed bythe /_vti/_bin virtual directory.

*.asmx â€” SOAP protocol receptors

*.aspx â€” Form pages

Global.asax â€” ASP.NETnamespace definition

*.xml â€” XML file for managed code

*.DLL â€” Core binary files formanaged code

web.config â€” Configuration file

\ISAPI\BIN Contains binary files for the /_vti/_binvirtual directory.

STSSOAP.DLL â€” Binary file usedfor SOAP code

\ISAPI\HELP\LCID\STS\HTML Contains Help files and support filesused in the Help system.

*.css

*.htm

*.js

layout.swf

\ISAPI\HELP\LCID\STS\IMAGES Contains images used in the Helpsystem.

*.gif


\ISAPI_VTI_ADM Contains Microsoft Office FrontPage2003 legacy binary files.

ADMIN.DLL â€” Binary file used foradministration from Office FrontPage2003

\ISAPI\_VTI_AUT Contains Office FrontPage 2003legacy binary files.

AUTHOR.DLL â€” Binary file usedfor authoring from Office FrontPage2003

\TEMPLATE Contains all site templates and coreWeb site files.

\TEMPLATE\LCID\MPSContains files that are copied to theroot of the Web site upon instantiationwith a Meeting Workspace template(for example, default.aspx).


\TEMPLATE\LCID\MPS\DOCTEMP\SMARTPGS\ Contains files used for Web Part

Pages in Meeting Workspaces.spstd1.aspx â€” Form page

\TEMPLATE\LCID\MPS\LISTSContains the actual lists used in theMeeting Workspace templates, alongwith schema definition and defaultviews.

\TEMPLATE\LCID\MPS\LISTS\AGENDA Contains files used for the Agenda list.


SCHEMA.XML â€” Schema file

\TEMPLATE\LCID\MPS\LISTS\DECISION Contains files used for the Decisions

list.



\TEMPLATE\LCID\MPS\LISTS\DOCLIB

Contains files used for documentlibraries in the Meeting Workspacetemplates.


*.HTM â€” Dialog boxes


\TEMPLATE\LCID\MPS\LISTS\MEETINGS Contains files used for the Meeting

Workspace templates.

MoveToDt.ASPX â€” Form page


\TEMPLATE\LCID\MPS\LISTS\OBJECTIV Contains files used for the Objectives

list.



\TEMPLATE\LCID\MPS\LISTS\PEOPLE Contains files used for the Attendees

list.



\TEMPLATE\LCID\MPS\LISTS\TEXTBOX Contains files used for the Text Box

list.




\TEMPLATE\LCID\MPS\LISTS\THGBRING Contains files used for the Things to

Bring list.



\TEMPLATE\LCID\MPS\LISTS\WKSPGLIB Contains files used for lists in the

Meeting Workspace templates. SCHEMA.XML â€” Schema file

\TEMPLATE\LCID\MPS\XMLContains the available lists in theMeeting Workspace templates, basetypes for fields (onet.xml), and thestandard view template for new views.

*.XML â€” XML files for site schemaand views

\TEMPLATE\LCID\STSContains files that are copied to theroot of the Web site upon instantiationwith the Team Site template (forexample, default.aspx).

default.aspx â€” Default home pagefor sites based on Team Sitetemplates

\TEMPLATE\LCID\STS\DOCTEMP\BLANKPGS Contains the default document

templates.

bpstd.aspx

_blankpage.htm

\TEMPLATE\LCID\STS\DOCTEMP\FP Contains document templates for

Office FrontPage 2003.

FPTMPL.HTM â€” Defaultdocument templates for FrontPagedocuments

\TEMPLATE\LCID\STS\DOCTEMP\PPT Contains document templates for

Microsoft Office PowerPoint 2003.

FILELIST.XML

MASTER03.CSS

MASTER03.HTM

MASTER03.XML

PPTMPL.HTM

PPTMPL.POT

PRES.XML

PREVIEW.WMF

SLIDE001.HTM

\TEMPLATE\LCID\STS\DOCTEMP\SMARTPGS Contains document templates for

Web Part Pages.

*.aspx

_smartpage.htm

_webpartpage.htm

\TEMPLATE\LCID\STS\DOCTEMP\WORD Contains document templates for

Microsoft Office Word 2003.

WDTMPL.DOC

WDTMPL.HTM


\TEMPLATE\LCID\STS\DOCTEMP\XL Contains document templates for

Microsoft Office Excel 2003.

FILELIST.XML

SHEET001.HTM

SHEET002.HTM

SHEET003.HTM

STYLE.CSS

TABSTRIP.HTM

XLTMPL.HTM

XLTMPL.XLS\TEMPLATE\LCID\STS\DOCTEMP\XMLFORMS\BLANK

Contains document templates forMicrosoft Office InfoPath 2003.

TEMPLATE.XML â€” Defaultdocument templates for XMLdocuments

\TEMPLATE\LCID\STS\DWSContains files that are copied to theroot of the Web site upon instantiationwith a Document Workspacetemplate.

default.aspx â€” Default home pagefor Document Workspaces

\TEMPLATE\LCID\STS\LISTS Contains the actual lists along withschema definition and default views.

\TEMPLATE\LCID\STS\LISTS\ANNOUNCE Contains files used for the

Announcements list.



\TEMPLATE\LCID\STS\LISTS\CONTACTS Contains files used for the Contacts

list.



VCARD.VCF â€” Contacts form

\TEMPLATE\LCID\STS\LISTS\CUSTLIST Contains files used for custom lists.



\TEMPLATE\LCID\STS\LISTS\DATASRCS Contains files used for data sources

for lists.SCHEMA.XML â€” Schema file

\TEMPLATE\LCID\STS\LISTS\DISCUSS Contains files used for the Discussion

Board list.




\TEMPLATE\LCID\STS\LISTS\DOCLIB Contains files used for document

libraries.




\TEMPLATE\LCID\STS\LISTS\EVENTS Contains files used for the Events list.


EVENT.ICS â€” Event form


\TEMPLATE\LCID\STS\LISTS\FAVORITE Contains files used for the Favorites

list.



\TEMPLATE\LCID\STS\LISTS\GRIDLIST Contains files used for the Datasheet

view of lists.



\TEMPLATE\LCID\STS\LISTS\IMGLIB Contains files used for picture

libraries.



\TEMPLATE\LCID\STS\LISTS\ISSUE Contains files used for the Issues list.



\TEMPLATE\LCID\STS\LISTS\LISTTEMP Contains files used for the list template

gallery.



\TEMPLATE\LCID\STS\LISTS\TASKS Contains files used for the Tasks list.



TASK.ICS â€” Task form

\TEMPLATE\LCID\STS\LISTS\VOTING Contains files used for surveys.



\TEMPLATE\LCID\STS\LISTS\WEBTEMP Contains files used for the site

template gallery.




\TEMPLATE\LCID\STS\LISTS\WPLIB Contains files used for the Web Part

gallery.




\TEMPLATE\LCID\STS\LISTS\WPLIB\DWP Contains Web Part files. *.dwp â€” Default Web Parts in the

site collection Web Part gallery

\TEMPLATE\LCID\STS\LISTS\XMLFORM Contains files used for form libraries.




\TEMPLATE\LCID\STS\XMLContains the available lists in the sitetemplate, base types for fields(onet.xml), and the standard viewtemplate for new views.

*.XML â€” XML files for site schemaand views

\TEMPLATE\LCID\XML Contains the XML files with base listand field types defined for all sitetemplates.

*.XML â€” XML templates used inall site templates for a particularlanguage

\TEMPLATE\ADMIN\LCID Contains files used for the siteadministration pages.

*.aspx, *.css, *.js â€” Administrationpages, styles, and JavaScript files

\TEMPLATE\ADMIN\LCID\aspnet_client\system_web\Version Contains ASP.NET files.

SmartNav.htm

SmartNav.js

WebUIValidation.js

ASP.NET files

\TEMPLATE\ADMIN\LCID\BIN Contains binary files used for the siteadministration pages. *.DLL - Core binaries

\TEMPLATE\ADMIN\LCID\XML Contains XML files used for the siteadministration pages.

adminleftnavbar.sts.xml â€” XML filefor the left link bar (Action menu andViews list)

setuperror.htm â€” Setup messages

\TEMPLATE\IMAGES Contains images shared by all pageson the server, addressed by the virtualdirectory /_layouts/images.

*.gif, *.jpg, *.png

\TEMPLATE\LAYOUTS

Addressed by the virtual directory/_layouts, this directory containslanguage subdirectories that containthe forms for creating lists, siteadministration pages, and so on.These directories are shared by allsites.

Global.asax â€” ASP.NETnamespace definition


web.config â€” Configuration file


\TEMPLATE\LAYOUTS\LCID Contains forms for creating lists, siteadministration pages, and so on, for aspecific language.


*.css â€” Style sheets

*.htm â€” Dialog boxes

*.htc â€” Menu control

*.js â€” JavaScript files

*.xml â€” XML templates

*.xsd â€” XML definitions

\TEMPLATE\LAYOUTS\LCID\IMAGES Contains images used in the default

site pages for a specific language.*.gif, *.jpg

\TEMPLATE\LAYOUTS\LCID\MPS

Contains form pages and scripting filesfor Meeting Workspaces.

NoteÂ Â This folder is added only ifyou have used a Meeting Workspacetemplate.


MEETINGS.JS â€” JavaScript file

\TEMPLATE\LAYOUTS\LCID\STYLES

Contains style sheets shared by all sitetemplates for a particular language.Addressable by the virtual directory/_layouts/styles.

*.CSS â€” Style sheets

\TEMPLATE\LAYOUTS\BIN Contains core binary files.Microsoft.SharePoint.ApplicationPages.dll â€” Core binary

\TEMPLATE\SQL Contains stored procedures forMicrosoft SQL Server.

*.SQL â€” Stored procedures forSQL Server

\TEMPLATE\THEMES Contains the list of themes. THEMES.INF â€” Themes list

\TEMPLATE\THEMES\Theme Contains files used by a specifictheme.

*.gif â€” Images

*.css â€” Style sheets

theme.INF â€” Theme definition file

theme.utf8 â€” Theme file for UTF8encoding

\TEMPLATE\XML Contains XML files used by all sitetemplates in all languages.

*.XML â€” Templates used across alllanguages and site types

\TEMPLATE\XML\HELP Contains XML files used by the Helpsystem.

STS.XML â€” Context-sensitive Helpmapping file


Web Part Resource FilesIn addition to the installation directory, there is a Web Part resources directory that contains files used to supportcustom Web Parts in Windows SharePoint Services. The c:\Program Files\Common Files\Microsoft Shared\WebServer Extensions\wpresources directory contains a web.config file that is used to help control security for ASP.NETfiles used in Web Parts. For more information about custom Web Parts, see the Windows SharePoint ServicesSoftware Development Kit.

Web Site Content FilesThe following files are added to each top-level Web site or subsite when a SharePoint site is created. Folder Description Files and purpose

\inetpub\folder Configuration file web.config

\inetpub\folder\_vti_pvt SpeedDial shortcuts

service

services

\inetpub\folder\wpresources\ Configuration file for Web Parts web.config

All other Web site files are stored in the content and configuration database.©2003 Microsoft Corporation. All rights reserved.


Regional and Language SettingsThis topic lists the regional and language settings you can specify from the command line by using operations inStsadm.exe and by using HTML Administration pages. For more information about specifying regional and languagesettings, see Language Considerations. For more information about the syntax for command-line operations, seeCommand-Line Operations.

The following types of regional and language settings are used in Microsoft Windows SharePoint Services: Language IDs Locale IDs Time zones Currency IDs

Language IDsThe Language ID determines the language used for text on pages in the Web site (such as the text on the Site Settingspage). The languages available for site creation depend on the language template packs you have installed to yourserver or server farm. Web sites based on Windows SharePoint Services can be created in the following languages. ID Language ID Language1025 Arabic 1041 Japanese 1028 Chinese - Traditional 1042 Korean1029 Czech 1043 Dutch 1030 Danish 1044 Norwegian 1031 German 1045 Polish 1032 Greek 1046 Portuguese - Brazilian 1033 English 1049 Russian 1034 Spanish 1053 Swedish 1035 Finnish 1054 Thai 1036 French 1055 Turkish 1037 Hebrew 2052 Chinese - Simplified 1038 Hungarian 2070 Portuguese 1040 Italian 3076 Chinese - Hong Kong SAR

Windows SharePoint Services also supports input and display of text in the following languages, but not site creation.ID Language ID Language1026 Bulgarian 1048 Romanian1050 Croatian 2074 Serbian1061 Estonian 1051 Slovak1081 Hindi with Indic PT 1060 Slovenian1062 Latvian 1058 Ukrainian1063 Lithuanian

Locale IDsThe Locale ID controls the numbering, sorting, calendar, and time formatting for the Web site. You can change the


locale for a Web site by using the Regional Settings page. Web sites based on Windows SharePoint Services can beset to the following Locale IDs. ID Locale ID Locale1078 Afrikaans 1037 Hebrew 1052 Albanian 1081 Hindi 5121 Arabic (Algeria) 1038 Hungarian 15361 Arabic (Bahrain) 1039 Icelandic 3073 Arabic (Egypt) 1057 Indonesian 2049 Arabic (Iraq) 1040 Italian (Italy) 11265 Arabic (Jordan) 2064 Italian (Switzerland) 13313 Arabic (Kuwait) 1041 Japanese 12289 Arabic (Lebanon) 1099 Kannada 4097 Arabic (Libya) 1087 Kazakh 6145 Arabic (Morocco) 1111 Konkani 8193 Arabic (Oman) 1042 Korean 16385 Arabic (Qatar) 1088 Kyrgyz (Cyrillic) 1025 Arabic (Saudi Arabia) 1062 Latvian 10241 Arabic (Syria) 1063 Lithuanian 7169 Arabic (Tunisia) 1071 Macedonian (FYROM) 14337 Arabic (U.A.E.) 2110 Malay (Brunei Darussalam) 9217 Arabic (Yemen) 1086 Malay (Malaysia) 1067 Armenian 1102 Marathi 2092 Azeri (Cyrillic) 1104 Mongolian (Cyrillic) 1068 Azeri (Latin) 1044 Norwegian (Bokmal) 1069 Basque 2068 Norwegian (Nynorsk) 1059 Belarusian 1045 Polish 1026 Bulgarian 1046 Portuguese (Brazil) 1027 Catalan 2070 Portuguese (Portugal) 3076 Chinese (Hong Kong SAR) 1094 Punjabi 5124 Chinese (Macau SAR) 1048 Romanian 2052 Chinese (PRC) 1049 Russian 4100 Chinese (Singapore) 1103 Sanskrit 1028 Chinese (Taiwan) 3098 Serbian (Cyrillic) 1050 Croatian 2074 Serbian (Latin) 1029 Czech 1051 Slovak 1030 Danish 1060 Slovenian 1125 Divehi 11274 Spanish (Argentina) 2067 Dutch (Belgium) 16394 Spanish (Bolivia) 1043 Dutch (Netherlands) 13322 Spanish (Chile) 3081 English (Australia) 9226 Spanish (Colombia) 10249 English (Belize) 5130 Spanish (Costa Rica)

4105 English (Canada) 7178 Spanish (DominicanRepublic)

9225 English (Caribbean) 12298 Spanish (Ecuador) 6153 English (Ireland) 17418 Spanish (El Salvador)


8201 English (Jamaica) 4106 Spanish (Guatemala) 5129 English (New Zealand) 18442 Spanish (Honduras) 13321 English (Philippines) 2058 Spanish (Mexico) 7177 English (South Africa) 19466 Spanish (Nicaragua) 11273 English (Trinidad) 6154 Spanish (Panama) 2057 English (United Kingdom) 15370 Spanish (Paraguay) 1033 English (United States) Â 10250 Spanish (Peru) 12297 English (Zimbabwe) 20490 Spanish (Puerto Rico) 1061 Estonian 3082 Spanish (Spain)

1080 Faeroese 1034 Spanish (Traditional Sort) -Spain

1065 Persian 14346 Spanish (Uruguay) 1035 Finnish 8202 Spanish (Venezuela) 2060 French (Belgium) 1089 Swahili 3084 French (Canada) 1053 Swedish 1036 French (France) 2077 Swedish (Finland) 5132 French (Luxembourg) 1114 Syriac 6156 French (Monaco) 1097 Tamil 4108 French (Switzerland) 1092 Tatar 1110 Galician 1098 Telugu 1079 Georgian 1054 Thai 3079 German (Austria) 1055 Turkish 1031 German (Germany) 1058 Ukrainian 5127 German (Liechtenstein) 1056 Urdu 4103 German (Luxembourg) 2115 Uzbek (Cyrillic) 2055 German (Switzerland) 1091 Uzbek (Latin) 1032 Greek 1066 Vietnamese 1095 Gujarati

Time ZonesWeb sites based on Windows SharePoint Services can be set to any of the time zones recognized by MicrosoftWindows Server 2003.Code Time zone Code Time zone

39 (GMT-12:00) Eniwetok,Kwajalein 59 (GMT+02:00) Helsinki,

Riga, Tallinn

16 (GMT-11:00) MidwayIsland, Samoa 27 (GMT+02:00) Jerusalem 26

(GMT+03:00) Baghdad

15 (GMT-10:00) Hawaii 74 (GMT+03:00) Kuwait,Riyadh

14 (GMT-09:00) Alaska 51 (GMT+03:00) Moscow, St.Petersburg, Volgograd

13 (GMT-08:00) Pacific Time(US and Canada); Tijuana 56 (GMT+03:00) Nairobi

38 (GMT-07:00) Arizona 25 (GMT+03:30) Tehran


12 (GMT-07:00) MountainTime (US and Canada) 24 (GMT+04:00) Abu Dhabi,

Muscat

55 (GMT-06:00) CentralAmerica 54

(GMT+04:00) Baku, Tbilisi,Yerevan 48 (GMT+04:30)Kabul

11 (GMT-06:00) Central Time(US and Canada) 58 (GMT+05:00) Ekaterinburg

37 (GMT-06:00) Mexico City 47 (GMT+05:00) Islamabad,Karachi, Tashkent

36 (GMT-06:00)Saskatchewan 23

(GMT+05:30) Calcutta,Chennai, Mumbai, NewDelhi

35 (GMT-05:00) Bogota,Lima, Quito 62

(GMT+05:45) Kathmandu46 (GMT+06:00) Almaty,Novosibirsk

10 (GMT-05:00) Eastern Time(US and Canada) 71 (GMT+06:00) Astana,

Dhaka

34 (GMT-05:00) Indiana(East) 66 (GMT+06:00) Sri

Jayawardenepura

9 (GMT-04:00) Atlantic Time(Canada) 61 (GMT+06:30) Yangon

(Rangoon)

33 (GMT-04:00) Caracas, LaPaz 22 (GMT+07:00) Bangkok,

Hanoi, Jakarta

65 (GMT-04:00) Santiago 64 (GMT+07:00)Krasnoyarsk

28(GMT-03:30)Newfoundland 8(GMT-03:00) Brasilia

45(GMT+08:00) Beijing,Chongqing, Hong KongSAR, Urumqi

32 (GMT-03:00) BuenosAires, Georgetown 63 (GMT+08:00) Irkutsk,

Ulaan Bataar

60 (GMT-03:00) Greenland 21 (GMT+08:00) KualaLumpur, Singapore

30 (GMT-02:00) Mid-Atlantic 73 (GMT+08:00) Perth 75(GMT+08:00) Taipei

29 (GMT-01:00) Azores 20(GMT+09:00) Osaka,Sapporo, Tokyo 72(GMT+09:00) Seoul

53 (GMT-01:00) Cape VerdeIs. 70 (GMT+09:00) Yakutsk 19

(GMT+09:30) Adelaide

31 (GMT) Casablanca,Monrovia 44 (GMT+09:30) Darwin

2(GMT) Greenwich MeanTime : Dublin, Edinburgh,Lisbon, London

18 (GMT+10:00) Brisbane

4(GMT+01:00) Amsterdam,Berlin, Bern, Rome,Stockholm, Vienna

76 (GMT+10:00) Canberra,Melbourne, Sydney

6(GMT+01:00) Belgrade,Bratislava, Budapest,Ljubljana, Prague

43 (GMT+10:00) Guam, PortMoresby


3 (GMT+01:00) Brussels,Copenhagen, Madrid, Paris 42 (GMT+10:00) Hobart

57(GMT+01:00) Sarajevo,Skopje, Sofija, Vilnius,Warsaw, Zagreb

68 (GMT+10:00) Vladivostok

69 (GMT+01:00) West CentralAfrica 41

(GMT+11:00) Magadan,Solomon Is., NewCaledonia

7 (GMT+02:00) Athens,Istanbul, Minsk 17 (GMT+12:00) Auckland,

Wellington

5 (GMT+02:00) Bucharest 40 (GMT+12:00) Fiji Islands,Kamchatka, Marshall Is.

49 (GMT+02:00) Cairo 67 (GMT+13:00) Nuku'alofa

50 (GMT+02:00) Harare,Pretoria

Currency IDsWeb sites based on Windows SharePoint Services can be set to use the following currencies. ID Currency ID Currency

5121 1,254 .Ø¬.Ø¯(Arabic-Algeria) 4106 Q1,254 (Guatemala)

15361 1,254 .Ø¨.Ø¯(Arabic-Bahrain) 18442 L. 1254 (Honduras)

3073 1,254 .Ù….Ø¬(Arabic-Egypt) 3076 HK$1,254 (Hong Kong

SAR)

2049 1,254 .Ø¹.Ø¯(Arabic-Iraq) 1038 1 254 Ft (Hungary)

11265 1,254 .Ø§.Ø¯(Arabic-Jordan) 1081 à¤°à¥• 1,254 (India)

13313 1,254 .Ùƒ.Ø¯(Arabic-Kuwait) 6153 IRÂ£1,254 (Ireland)

12289 1,254 .Ù„.Ù„(Arabic-Lebanon) 1037 â‚ª1,254 (Israel)

4097 1,254 .Ù„.Ø¯(Arabic-Libya) 1041 Â¥1,254 (Japan)

6145 1,254 .Ù….Ø¯(Arabic-Morocco) 1042 â‚©1,254 (Korea)

8193 1,254 .Ø¹.Ø±(Arabic-Oman) 2058 $1,254 (Mexico)

16385 1,254 .Ù‚.Ø±(Arabic-Qatar) 5129 $1,254 (New Zealand)

1025 1,254 .Ø³.Ø±(Arabic-Saudi Arabia) 19466 C$ 1254 (Nicaragua)

10241 1,254 .Ø³.Ù„(Arabic-Syria) 1044 kr 1 254 (Norway)

7169 1,254 .Øª.Ø¯(Arabic-Tunisia) 1056 Rs 1,254 (Pakistan)


14337 1,254 .Ø¥.Ø¯(Arabic-U.A.E) 6154 B/. 1,254 (Panama)

9217 1,254 .ÙŠ.Ø±(Arabic-Yemen) 15370 Gs 1.254 (Paraguay)

11274 $ 1.254 (Argentina) 2052 ï¿¥1,254 (People's Republicof China)

3081 $1,254 (Australia) 10250 S/. 1,254 (Peru) 3079 Ã¶S 1.254 (Austria) 1045 1 254 zÅ‚ (Poland) 16394 $b 1.254 (Bolivia) 1049 1 254Ñ€. (Russia) 1046 R$ 1.254 (Brazil) 4100 $1,254 (Singapore) 3084 1 254 $ (Canada) 1051 1 254 Sk (Slovakia) 4105 $1,254 (Canada) 1060 1.254 SIT (Slovenia) 13322 $ 1.254 (Chile) 7177 R 1,254 (South Africa) 9226 $ 1.254 (Colombia) 1053 1.254 kr (Sweden) 5130 C1.254 (Costa Rica) 2055 SFr. 1'254 (Switzerland)

1029 1 254 KÄ• (CzechRepublic) 1028 NT$1,254 (Taiwan)

1030 kr 1.254 (Denmark) 1054 à ¿̧1,254 (Thai)

7178 RD$1,254 (DominicanRepublic) 1055 1.254 TL (Turkey)

17418 C1254 (El Salvador) 2057 Â£1,254 (United Kingdom)

-2 1,254 â‚¬ (EuropeanUnion) 1033 $1,254 (United States)

-1 â‚¬ 1,254 (EuropeanUnion) 14346 $U 1.254 (Uruguay)

1065 1,254 Ø±ÙŠØ§Ù„(Persian) 8202 Bs 1.254 (Venezuela)

1032 1.254 Î”Ï•Ï‡ (Greece) 1066 1,254 â‚« (Vietnamese) ©2003 Microsoft Corporation. All rights reserved.