MCTS Windows SharePoint Services 3.0 Configuration Study Guide: Exam 70-631 [Pap/Cdr ed.] 0470449314, 9780470449318

Citation preview

MCTS Windows® SharePoint® Services 3.0 Configuration Study Guide

Marilyn Miller-White Paul Papanek Stork Kris Wagner

Disclaimer: This eBook does not include ancillary media that was packaged with the printed version of the book.

Acquisitions Editor: Jeff Kellum Development Editor: Alexa Murphy Technical Editors: Kris Wagner and Randy Muller Production Editor: Angela Smith Copy Editors: Liz Welch and Linda Recktenwald Editorial Manager: Pete Gaughan Production Manager: Tim Tate Vice President and Executive Group Publisher: Richard Swadley Vice President and Publisher: Neil Edde Media Project Manager 1: Laura Moss-Hollister Media Associate Producers: Josh Frank and Doug Kuhn Media Quality Assurance: Shawn Patrick Book Designers: Judy Fung and Bill Gibson Proofreader: Word One New York Indexer: Ted Laux Project Coordinator, Cover: Lynsey Stanford Cover Designer: Ryan Sneed

Copyright © 2009 by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada ISBN: 978-0-470-44931-8 No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permission Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at www.wiley.com/go/permissions. Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read. For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002. Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books. Library of Congress Cataloging-in-Publication Data Miller-White, Marilyn. MCTS : Windows sharepoint services 3.0 configuration study guide (70-631) / Marilyn Miller-White, Paul Stork, Kris Wagner. p. cm. ISBN 978-0-470-44931-8 (pbk.) 1. Intranets (Computer networks) — Examinations — Study guides. 2. Microsoft SharePoint (Electronic resource) — Examinations — Study guides. 3. Web servers — Examinations — Study guides. 4. Electronic data processing personnel — Certification — Study guides. I. Stork, Paul, 1952- II. Wagner, Kris, 1974- III. Title. TK5105.875.I6M58 2009 004.6'82—dc22 2009031425 TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. Windows and SharePoint are registered trademarks of Microsoft Corporation in the United States and/ or other countries. All other trademarks are the property of their respective owners. Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book. 10 9 8 7 6 5 4 3 2 1

To my family, my friends, and all who love learning —Marilyn Miller-White To all those who feel most alive when they are learning something new —Paul Papanek Stork For my partner Stacy, our kids, and my family —Kris Wagner

Acknowledgments I always knew I wanted to be a teacher. There was no question — it was my passion. I am fortunate to live my passion and share my results with you. I have had the privilege to be on the forefront of many new advancements. My life centers on research, development, and education. This is what this book is all about — enabling you to develop and hone your skills in the exciting arena of Windows SharePoint Services 3.0 to build highly usable collaboration products for your organization. This book is for you, my friend and reader — may you consume all the information that Paul, Kris, and I have put into this book to help your pass the 70 - 631 exam as well as help you understand WSS 3.0. A very, very special set of thanks goes to all my family and friends who encouraged me to pursue this project and allowed me to neglect them during the process. Please chill the wine! I would like to send my heartfelt appreciation to the other two members of the team, Paul and Kris. Without their exceptional knowledge and input, this book would not have the special quality of being both a study guide and an implementation guide. Thanks to the Wiley team, and especially acquisitions editor Jeff Kellum and development editor Alexa Murphy, for helping me through this process and always being there when I needed guidance. The team at Wiley has worked long hours to bring you such a professional fi nished product. And speaking of professional products, thanks to the Microsoft Office SharePoint Services team for giving us such a unique collaboration product. I have enjoyed working with you for this version of the product and know the next version will be even more awesome. — Marilyn Miller-White

iv

Acknowledgments

First I want to thank Marilyn White, my fellow author, and Jeff Kellum, an acquisitions editor for Wiley, who fi rst approached me about working on this project. Your belief that I had knowledge to share is what made all this possible. Marilyn, it is always a delight working on projects with you, even when it’s writing books. Jeff, your continuing faith and occasional gentle prodding kept me on track to get my chapters written. I also want to thank the rest of the team at Wiley, especially development editor Alexa Murphy, copyeditors Liz Welch and Linda Recktenwald, and production editor Angela Smith. Your skillful editing of my writing made the knowledge that I tried to impart that much easier to understand. I couldn’t have done this without you. Finally, I want to thank Kris Wagner, who was the technical reviewer for my chapters and also a coauthor of the book. We couldn’t have done this without you, Kris. I hope I’ve made a new friend whom I’ll keep for many years. — Paul Papanek Stork First I would like to thank my partner Stacy for letting me miss many weekend plans, nightly television dates, and walks with our dogs Resin, Cody, and Little Bit. Thank you to all my close friends whom I have not seen in months. Thank you to my parents (Toni, Nancy, Nene, Mark, Richard, and Ron) for supporting and pushing me in every way possible. Special thanks to my friends, Gaurav Issar and Asif Rehmani, for providing me with the last bit of motivation I needed to fi nish this book. Thank you to Jeff Kellum at Wiley for giving me this opportunity and thank you to the other authors Marilyn White and Paul Stork, this has truly been an amazing experience. And fi nally I would like to thank Dave Cutler and the Slalom Consulting family, for supporting me in my SharePoint adventures. — Kris Wagner

About the Authors Marilyn Miller-White, a SharePoint 2007 MCTS, SQL Server 2005 MCTS and MCITP, MCT, MODL, MCDBA, and MCSE, is the owner of White Consulting, a New Jersey– based consultancy specializing in database and systems training and solutions. With a master’s degree in education and a passion for learning, Marilyn began teaching computer science in New Jersey’s schools and colleges. While teaching, she decided to branch out to both the government and private sectors, specializing in designing database, programming, and systems solutions to support the growing needs of her customers. She has been training and implementing Microsoft technologies for customers throughout North America for over ten years. An early achiever on both the Windows 2003 and SQL Server 2005 platforms, she is often called upon to speak on Microsoft solutions. She has presented at Microsoft launch events for SQL Server 2005 and Visual Studio 2005. In June 2006, 2007, 2008, and 2009 she was a Technical Learning Guide at Tech Ed North America (NA). She has authored two MCITP study guides under the Sybex label: MCITP Developer: Microsoft SQL Server 2005 Data Access Design and Optimization Study Guide (70-442) and MCITP Administrator: Microsoft SQL Server 2005 Optimization and Maintenance Study Guide (70-444). Most recently she has been specializing in SharePoint development and training. At TechEd NA 2007 and 2008, she presented an instructor-led lab session on customized Visual Studio workflows. Marilyn has been training and consulting since January 2007 in a variety of SharePoint venues. When not in the field — or on the road, or in the air — she is writing and performing technical editing. Marilyn enjoys working with customers and assisting them with their solutions. She loves to travel, especially to Washington and Texas where she can include a visit with her children. When home, she enjoys attending concerts and plays, scrapbooking, listening to classical music, and the company of her cats, Holly and Sequel. Paul Papanek Stork, a Microsoft SharePoint Server MVP, MCT, MCSE+I, MCSA, MCSD, MCDBA, MCITP, MCPD), is a senior instructor and principal consultant for Mindsharp, one of the preeminent SharePoint training fi rms in North America. Paul has been working full time in the computer industry since the mid-1980s. After obtaining an MBA in 1995, he began specializing in training and consulting on Microsoft products. Over the last 15 years he has passed numerous Microsoft certification exams and earned an extensive list of Microsoft certifications on everything from NT 3.5 to his latest certifications on WSS and MOSS. Paul has developed expertise as an administrator, developer, and database administrator (DBA). His primary area of expertise has always been Microsoft application servers. Since coming to work for Mindsharp several years ago, Paul has focused primarily on SharePoint technologies. Paul has worked for a variety of companies, including religious nonprofit organizations, a local government, a regional bank, a university, and several consulting and training firms.

vi

About the Authors

His knack for quickly learning new technologies allows Paul to work on the “bleeding edge” of technology. His breadth of knowledge makes him a much sought after resource for SharePoint questions that cross the traditional boundaries of administration, development, and design. Paul maintains an active blog at http://sharePoint.mindsharpblogs.com/pauls. In July 2008 Paul was awarded a Most Valuable Professional (MVP) award by Microsoft in recognition of his work: writing, speaking at conferences, and supporting the SharePoint community. Kris Wagner, MCP, MCSE, MCTS, and MCITP, has over 15 years of experience in the IT sector delivering web-based client applications. For the past 9 years he has been architecting, deploying, and supporting enterprise SharePoint solutions. Kris became a Microsoft SharePoint evangelist by helping in the community, running SharePoint-focused events such as SharePoint Saturday—Chicago, and actively maintains his blog at http://www.sharepointkris.com. Kris has a deep passion for SharePoint, and his dedication shows through his delivery of solutions and customer satisfaction. He has been involved in the delivery and deployment of over 200 SharePoint installations. Kris currently lives in Chicago with his partner Stacy, their three dogs, and their bird Max. Kris works for Slalom Consulting as a Microsoft Solutions Architect and Slalom’s SharePoint Practice Lead for Chicago.

Contents at a Glance Introduction

xxi

Assessment Test Chapter 1 Chapter 2 Chapter 3

xxxi Getting Started with the Windows SharePoint Services 3.0 Platform

1

Integrating Windows SharePoint Services in the Network

45

Installing and Deploying Windows SharePoint Services 3.0

95

Configuring the Windows SharePoint Services 3.0 Environment

147

Building and Configuring the Windows SharePoint Services 3.0 Topology

211

Chapter 6

Configuring Lists and Managing Documents

263

Chapter 7

Configuring Authentication and Security

311

Chapter 8

Administering the Implementation

371

Chapter 9

Managing Customization

397

Chapter 10

Extending Windows SharePoint Services

427

Chapter 11

Monitoring Windows SharePoint Services

447

Chapter 12

Upgrading Windows SharePoint Services 3.0 from Windows SharePoint Services 2.0

487

About the Companion CD

525

Chapter 4 Chapter 5

Appendix Glossary

529

Index

539

Contents Introduction

xxi

Assessment Test Chapter

Chapter

1

2

xxxi Getting Started with the Windows SharePoint Services 3.0 Platform

1

Overview of Windows SharePoint Services 3.0 What Is Microsoft WSS 3.0? Why Use WSS 3.0? Understanding the Technology Features of WSS 3.0 Administration Model Enhancements Compliance Features Enhancements Operational Tools and Capabilities Enhancements Network Support Enhancements Extensibility Enhancements Planning, Planning, and Planning a WSS 3.0 Solution Determining the Purpose of the Solution Determining User Needs Determining the Number and Types of Users Planning and Understanding the Logical Architecture Understanding the Logical Architecture Components Understanding the Deployment Architecture Summary Exam Essentials Review Questions

3 4 9 12 12 14 14 14 15 15 16 18 21 23 23 29 35 35 36

Integrating Windows SharePoint Services in the Network

45

Understanding the Physical Architecture Configuring a Stand-Alone Installation Configuring a Farm Installation Understanding Web Browser Support Planning for Availability Defining Server Redundancy requirements Planning for a Minimum Level of Availability Planning for Extranet Environments Planning an Edge Firewall Topology Planning a Multihomed Topology Planning a Back-to-Back Perimeter Topology Planning a Split Back-to-Back Topology

46 47 50 54 56 57 59 65 66 66 67 68

x

Contents

Chapter

3

Planning the Internet Security and Acceleration Server Implementation Planning for and Designing a Secure Infrastructure Securing the Web Front-End Servers Securing the Application Servers for WSS 3.0 Securing the Database Servers for WSS 3.0 Securing Other Features in WSS 3.0 Securing Ports and Protocols Summary Exam Essentials Review Questions

69 79 79 81 81 81 83 83 84 85

Installing and Deploying Windows SharePoint Services 3.0

95

Implementing Security Requirements Creating Security Accounts Configuring Security for Extranet Environments Installing WSS 3.0 on a Stand-Alone Computer Verifying Hardware and Software Requirements Configuring the Server as a Web Server Installing Microsoft .NET Framework 3.0 Enabling ASP.NET 2.0 Installing and Configuring WSS 3.0 with WID Running the SharePoint Products and Technologies Configuration Wizard Performing Postinstallation Tasks Installing WSS 3.0 in a Server Farm Verifying Hardware and Software Requirements Configuring the Server as a Web Server Installing the Microsoft .NET Framework 3.0 Enabling ASP.NET 2.0 Installing and Configuring WSS 3.0 on All Servers in the Farm Starting the WSS 3.0 Search Service Reviewing the Installation Inspecting the File System Changes Reviewing Registry Entries Examining IIS Changes Viewing Database Changes Summary Exam Essentials Review Questions

96 97 98 98 98 99 101 102 102 104 106 114 114 115 116 117 118 127 133 134 135 136 136 137 137 139

Contents

Chapter

Chapter

4

5

Configuring the Windows SharePoint Services 3.0 Environment

xi

147

Introducing Central Administration The Central Administration Pages Security Using the Central Administration Home Page Using the Administrator Tasks Web Part Using the Farm Topology Web Part Using the Resources Web Part Configuring Services Central Administration Windows SharePoint Services Search Windows SharePoint Services Incoming Mail Windows SharePoint Services Web Application Using Central Administration to Create and Manage Web Applications Creating a Web Application Creating a DNS Entry for the Host Header Configuring Web Application Settings Configuring Additional Settings Configuring Web Application Security Creating a Site Collection Managing Your Site Collection in Central Administration Extending Your Web Application Configuring Alternate Access Mappings Summary Exam Essentials Review Questions

148 149 150 152 152 155 156 156 157 157 158 159 159 160 165 166 171 176 186 190 193 197 200 200 202

Building and Configuring the Windows SharePoint Services 3.0 Topology

211

Planning the Site Collection Hierarchy One Site or a Hierarchy? Determining Site Objectives Identifying the Site Environment Mapping User Needs to SharePoint Capabilities Other Considerations Creating Sites SharePoint Site Templates Creating a Subsite Managing Sites and Site Collections Using Site Settings Changing a Site’s Look and Feel Configuration Galleries Managing Sites

212 212 214 214 215 216 217 218 225 227 228 238 239

xii

Contents

Managing Site Collections Summary Exam Essentials Review Questions Chapter

Chapter

6

7

Configuring Lists and Managing Documents

249 254 254 255 263

Understanding Document Management Defining Governance Areas to Address in Your Governance Plan Items to Consider in Your Governance Plan Defining Metadata Creating and Maintaining Lists Understanding the Included Lists Creating and Customizing Lists Maintaining Lists by Implementing Settings Creating and Maintaining Libraries Understanding the Included Libraries Creating and Customizing Libraries Maintaining Libraries by Implementing Settings Submitting Content to Lists and Libraries Introducing and Creating Content Types Modifying the Content Type Adding the Content Type to the Library Creating and Implementing Workflows What Are Workflows? Combining Workflow and WSS 3.0 Summary Exam Essentials Review Questions

264 265 266 266 267 268 269 270 273 281 281 282 284 292 293 296 297 299 299 300 301 302 303

Configuring Authentication and Security

311

SharePoint Security Overview Authentication Authorization Planning Security Authentication Providers Active Directory Groups SharePoint Administrative Groups Managing Content Security Breaking Security Inheritance on a Subsite Breaking Security Inheritance on a List or Library

312 313 313 329 329 330 333 336 338 341

Contents

Chapter

Chapter

8

9

xiii

Breaking Security Inheritance on a Folder, Item, or Document Securing Documents with Information Rights Management Implementing User Security Adding and Removing Users Managing Access Requests Anonymous Access Implementing Web Application Security Understanding Code Access Security Trust Levels Code Access Security Web Solution Packages Summary Exam Essentials Review Questions

347 348 348 349 353 358 358 359 359 360 361 362 363

Administering the Implementation

371

Understanding Central Administration Home Page Operations Page Application Management Page Site Collection Administration Managing the WSS 3.0 Recycle Bin Managing Portal Site Connections in WSS 3.0 Backup and Restore Using the Operations Page Directory Permissions Administering WSS 3.0 Using Stsadm Stsadm Location Stsadm Considerations Stsadm Operations and Parameters Summary Exam Essentials Review Questions

372 373 374 375 376 377 379 380 381 383 384 384 384 388 389 390

Managing Customization Introducing Customization and Branding Understanding Where Content Is Stored Understanding Page Requests Understanding Master Pages Understanding Master Page Controls Indentifying Strategies for Customization Customizing with SharePoint Designer

343

397 398 398 401 401 402 406 407

xiv

Contents

Configuring Code Access Security Summary Exam Essentials Review Questions Chapter

Chapter

10

11

Extending Windows SharePoint Services

416 417 418 419 427

Introducing Features What Are Features? Feature Components The Creation and Deployment Process of Features Using Features in Site Definitions Understanding Web Parts Adding a Web Part to a Page Removing a Web Part from a Page Moving a Web Part Using Web Parts to Customize Pages Summary Exam Essentials Review Questions

428 428 429 430 431 432 433 434 435 438 439 439 440

Monitoring Windows SharePoint Services

447

Why Monitoring Is Important Maintaining Performance Troubleshooting Errors Maintaining SQL Performance Limiting SQL Database Size Controlling Database Activity SQL Server Maintenance Using Performance Monitor with WSS Metrics Generating a Performance Baseline Creating Alerts Common WSS Counters Troubleshooting Problems with Logs and the Event Viewer Diagnostic Logging and Event Throttling Configuring Usage Analysis Processing Interpreting the IIS Logs Microsoft Operations Manager (MOM) 2005 and WSS WSS 3.0 Management Pack for MOM 2005 Configuring MOM 2005 for WSS Summary Exam Essentials Review Questions

448 448 449 449 449 454 458 458 458 462 464 469 470 472 473 475 476 477 478 478 479

Contents

Chapter

Appendix

12

Upgrading Windows SharePoint Services 3.0 from Windows SharePoint Services 2.0

xv

487

Upgrade Approaches In-Place Upgrade Gradual Upgrade Database Migration Upgrade Choosing the Best Approach Handling Customizations Customized Pages Custom Web Parts and Other Coding Custom Site Definitions Site Themes The Upgrade Process Preparing for the Upgrade Performing an In-Place Upgrade Performing a Gradual Upgrade Performing a Database Migration Post-Upgrade Tasks Summary Exam Essentials Review Questions

488 490 491 492 494 495 495 497 497 498 498 498 503 506 510 513 516 516 517

About the Companion CD

525

Glossary

529

Index

539

Table of Exercises Exercise

2.1

Checking to See if ASP.NET Is Enabled . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Exercise

2.2

Configuring Surface Area Settings in SQL Server 2005 . . . . . . . . . . . . . . 53

Exercise

3.1

Installing and Configuring IIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

Exercise

3.2

Installing Microsoft .NET Framework 3.0. . . . . . . . . . . . . . . . . . . . . . . . . . 101

Exercise

3.3

Enabling ASP.NET 2.0. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

Exercise

3.4

Installing and Configuring WSS 3.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

Exercise

3.5

Running the SharePoint Products and Technologies Configuration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

Exercise

3.6

Adding Your WSS 3.0 Site to the List of Trusted Sites . . . . . . . . . . . . . . . 107

Exercise

3.7

Configuring Proxy Server Settings to Bypass the Proxy Server for Local Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Exercise

3.8

Configuring the SMTP Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

Exercise

3.9

Configuring Incoming Email Settings in Central Administration . . . . . . 110

Exercise

3.10 Configuring Outgoing Email Settings in Central Administration . . . . . . 112

Exercise

3.11

Exercise

3.12 Installing and Configuring IIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

Exercise

3.13 Installing Microsoft .NET Framework 3.0. . . . . . . . . . . . . . . . . . . . . . . . . . 117

Exercise

3.14 Enabling ASP.NET 2.0. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

Exercise

3.15 Installing WSS 3.0 on the First Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

Exercise

3.16 Running the SharePoint Products and Technologies Configuration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

Performing Administrator Tasks Using Central Administration . . . . . . . 113

Exercise

3.17

Exercise

3.18 Configuring Proxy Server Settings to Bypass the Proxy Server for Local Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

Exercise

3.19 Installing WSS 3.0 on Additional Servers . . . . . . . . . . . . . . . . . . . . . . . . . 126

Exercise

3.20 Running the SharePoint Products and Technologies Configuration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

Exercise

3.21 Starting the WSS Search Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

Exercise

3.22 Configuring the SMTP Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

Exercise

3.23 Configuring Incoming Email Settings in Central Administration . . . . . . 131

Exercise

3.24 Configuring Outgoing Email Settings in Central Administration . . . . . . 132

Adding the Central Administration Website as a Trusted Site . . . . . . . . 125

Exercise

3.25 Performing Administrator Tasks Using Central Administration . . . . . . . 133

Exercise

4.1

Installing a Certificate for the Central Administration Site . . . . . . . . . . . 150

Exercise

4.2

Maintaining and Customizing Administrator Tasks . . . . . . . . . . . . . . . . . 152

xviii

Table of Exercises

Exercise

4.3

Creating a New Web Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

Exercise

4.4

Creating a DNS Alias for Intranet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

Exercise

4.5

Configuring General Settings for Your Web Application. . . . . . . . . . . . . 168

Exercise

4.6

Defining a Wildcard Inclusion Managed Path . . . . . . . . . . . . . . . . . . . . . . 172

Exercise

4.7

Managing User Permissions by Creating a Web Application Policy . . . 180

Exercise

4.8

Configuring Authentication Providers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

Exercise

4.9

Creating a Root Site Collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

Exercise

4.10 Extending a Web Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

Exercise

4.11

Creating a DNS Alias for Extranet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

Exercise

5.1

Creating a Subsite. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

Exercise

5.2

Changing a Site’s Title, Description, and Icon. . . . . . . . . . . . . . . . . . . . . . 229

Exercise

5.3

Applying a Theme. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232

Exercise

5.4

Adding a Manual Link to the Top Link Bar . . . . . . . . . . . . . . . . . . . . . . . . . 233

Exercise

5.5

Creating a Template from an Existing Site . . . . . . . . . . . . . . . . . . . . . . . . 234

Exercise

5.6

Overriding the Default Regional Settings . . . . . . . . . . . . . . . . . . . . . . . . . 242

Exercise

5.7

Restoring a Deleted List from the Recycle Bin . . . . . . . . . . . . . . . . . . . . . 249

Exercise

6.1

Creating a Custom List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271

Exercise

6.2

Creating the HR Library . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283

Exercise

6.3

Modifying Settings for the HR Library . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291

Exercise

6.4

Creating the Vacation Form Content Type . . . . . . . . . . . . . . . . . . . . . . . . . 294

Exercise

6.5

Modifying the Vacation Form Content Type by Adding a Status Column . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297

Exercise

6.6

Creating a Workflow for Vacation Form Approval . . . . . . . . . . . . . . . . . . 300

Exercise

7.1

Creating a New Permission Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322

Exercise

7.2

Copying an Existing Permission Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324

Exercise

7.3

Creating a SharePoint Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327

Exercise

7.4

Adding a User to the Farm Administrators Group . . . . . . . . . . . . . . . . . . 333

Exercise

7.5

Changing a Site Collection Administrator in Central Administration. . . 334

Exercise

7.6

Adding More than Two Site Collection Administrators . . . . . . . . . . . . . . 336

Exercise

7.7

Assigning Unique Security to a Subsite . . . . . . . . . . . . . . . . . . . . . . . . . . 338

Exercise

7.8

Creating Unique Groups for a Subsite . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340

Exercise

7.9

Assigning Unique Security to a List or Library . . . . . . . . . . . . . . . . . . . . . 342

Exercise

7.10

Assigning Unique Security to a Subsite . . . . . . . . . . . . . . . . . . . . . . . . . . 344

Table of Exercises

xix

Exercise

7.11

Adding Users to the Top-Level Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348

Exercise

7.12

Enabling Anonymous Access for a Web Application Zone . . . . . . . . . . . 355

Exercise

7.13

Setting Up Anonymous Access to a Site . . . . . . . . . . . . . . . . . . . . . . . . . . 355

Exercise

7.14

Setting Up Anonymous Access to a List . . . . . . . . . . . . . . . . . . . . . . . . . . 356

Exercise

8.1

Navigating to the Central Administration Page. . . . . . . . . . . . . . . . . . . . . 376

Exercise

8.2

Restoring a Deleted File from the Recycle Bin . . . . . . . . . . . . . . . . . . . . . 378

Exercise

8.3

Connecting to Another SharePoint Portal . . . . . . . . . . . . . . . . . . . . . . . . . 380

Exercise

8.4

Backing Up Using Backup and Restore . . . . . . . . . . . . . . . . . . . . . . . . . . . 381

Exercise

8.5

Using the Central Administration Operations Backup and Restore GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382

Exercise

8.6

Using the Stsadm backup Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385

Exercise

8.7

Using the Stsadm restore Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386

Exercise

8.8

Using the Stsadm migrateuser Command . . . . . . . . . . . . . . . . . . . . . . . . 386

Exercise

8.9

Using the Stsadm setadminport Command. . . . . . . . . . . . . . . . . . . . . . . 387

Exercise

9.1

Viewing a Master Page in SharePoint Designer 2007. . . . . . . . . . . . . . . . 403

Exercise

9.2

Customizing a Master Page Using SharePoint Designer 2007 . . . . . . . . 407

Exercise

9.3

Customizing a Web Part Page Using SharePoint Designer 2007 . . . . . . 411

Exercise

10.1

Add a Web Part to Your SharePoint Page . . . . . . . . . . . . . . . . . . . . . . . . . 434

Exercise

10.2 Remove a Web Part from Your SharePoint Page. . . . . . . . . . . . . . . . . . . . 435

Exercise

10.3 Move a Web Part to Another Web Part Zone. . . . . . . . . . . . . . . . . . . . . . . 438

Exercise

11.1

Exercise

11.2 Creating Site Collections in a Content Database . . . . . . . . . . . . . . . . . . . 452

Exercise

11.3 Managing Database Quotas and Locks . . . . . . . . . . . . . . . . . . . . . . . . . . . 456

Creating a Site Collection Quota Template . . . . . . . . . . . . . . . . . . . . . . . . 449

Exercise

11.4 Adding a Counter to Performance Monitor . . . . . . . . . . . . . . . . . . . . . . . . 459

Exercise

11.5

Creating a Counter Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461

Exercise

11.6

Setting a Performance Counter Alert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463

Exercise

11.7

Configuring the IIS Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474

Exercise

12.1 Running the Pre-upgrade Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501

Exercise

12.2 Performing an In-Place Upgrade. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504

Exercise

12.3 Performing a Gradual Upgrade. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506

Exercise

12.4 Performing a Database Migration Upgrade. . . . . . . . . . . . . . . . . . . . . . . . 511

Introduction With the release of SQL Server 2005, Microsoft changed its certification program to contain three primary series: Technology, Professional, and Architect. The Technology Series of certifications are intended to allow candidates to target specific technologies and are the basis for obtaining the Professional Series and Architect Series of certifications. The certifications contained within the Technology Series consist of one to three exams, focus on a specific technology, and do not include job -role skills. By contrast, the Professional Series of certifications focus on a job role and are not necessarily focused on a single technology, but rather a comprehensive set of skills for performing the job role being tested. The Architect Series of certifications offered by Microsoft are premier certifications that consist of passing a review board composed of previously certified architects. To apply for the Architect Series of certifications, you must have a minimum of 10 years of industry experience. When obtaining a Technology Series certification, you are recognized as a Microsoft Certified Technology Specialist (MCTS) on the specific technology or technologies that you have been tested on. The Professional Series certifications include Microsoft Certified IT Professional (MCITP) and Microsoft Certified Professional Developer (MCPD). Passing the review board for an Architect Series certification will allow you to become a Microsoft Certified Architect (MCA). This book has been developed to give you the critical skills and knowledge you need to prepare for the exam requirement for obtaining the MCTS: Windows SharePoint Services 3.0, Configuring (Exam 70 - 631).

The Microsoft Certified Professional Program Since the inception of its certification program, Microsoft has certified more than 3 million people. As the computer network industry continues to increase in both size and complexity, this number is sure to grow — and the need for proven ability will also increase. Certifications can help companies verify the skills of prospective employees and contractors. Microsoft has developed its Microsoft Certified Professional (MCP) program to give you credentials that verify your ability to work with Microsoft products effectively and professionally. Several levels of certification are available based on specific suites of exams. Microsoft has recently created a new generation of certification programs: Microsoft Certified Technology Specialist (MCTS) The MCTS can be considered the entry-level certification for the new generation of Microsoft certifications. The MCTS certification program targets specific technologies instead of specific job roles. You must take and pass one to three exams. Microsoft Certified IT Professional (MCITP) The MCITP certification is a Professional Series certification that tests network and systems administrators on job roles, rather than

xxii

Introduction

only on a specific technology. The MCITP generally consists of passing one to three exams, in addition to obtaining an MCTS -level certification. Microsoft Certified Professional Developer (MCPD) The MCPD certification is a Professional Series certification for application developers. Similar to the MCITP, the MCPD is focused on a job role rather than on a single technology. The MCPD generally consists of passing one to three exams, in addition to obtaining an MCTS -level certification. Microsoft Certified Architect (MCA) The MCA is Microsoft’s premier certification series. Obtaining the MCA requires a minimum of 10 years of experience and requires the candidate to pass a review board consisting of peer architects.

How Do You Become Certified on Windows SharePoint Services 3.0? Attaining a Microsoft certification has always been a challenge. In the past, students have been able to acquire detailed exam information — even most of the exam questions — from online “brain dumps” and third-party “cram” books or software products. For the new generation of exams, this is simply not the case. Microsoft has taken strong steps to protect the security and integrity of its new certification tracks. Now prospective candidates must complete a course of study that develops detailed knowledge about a wide range of topics. It supplies them with the true skills needed, derived from working with the technology being tested. The new generations of Microsoft certification programs are heavily weighted toward hands- on skills and experience. It is recommended that candidates have troubleshooting skills acquired through hands- on experience and working knowledge. Fortunately, if you are willing to dedicate the time and effort to learn Windows SharePoint Services 3.0, you can prepare yourself well for the exam by using the proper tools. By working through this book, you can successfully meet the exam requirements to pass the Windows SharePoint Services 3.0, Configuring exam. This book is part of a complete series of Microsoft certification Study Guides, published by Sybex Inc., that together cover the new MCTS, MCITP, MCPD exams, as well as the core MCSA and MCSE operating system requirements. Please visit the Sybex website at www.sybex.com for complete program and product details.

MCTS Exam Requirements Candidates for MCTS certification on Windows SharePoint Services 3.0 – Configuration must pass only the 70 - 631 exam. Many Other MCTS certifications may require up to three exams. For a more detailed description of the Microsoft certification programs, including a list of all the exams, visit the Microsoft Learning Web site at www.microsoft. com/learning/mcp.

Introduction

xxiii

The Windows SharePoint Services 3.0, Configuring Exam The Windows SharePoint Services 3.0, Configuring exam covers concepts and skills related to deploying, configuring, administering, and monitoring Windows SharePoint Services 3.0. This exam captures the skills needed to implement and manage a Windows SharePoint Services 3.0 environment. Since Windows SharePoint Services 3.0 interacts with web and database services, you need to also have a basic understanding of these services to be an effective WSS 3.0 administrator. Each chapter of this book is based on specific objectives for the Windows SharePoint Services 3.0, Configuring exam. Microsoft provides exam objectives to give you a general overview of possible areas of coverage on the Microsoft exams. Keep in mind, however, that exam objectives are subject to change at any time without prior notice and at Microsoft ’s sole discretion. Please visit the Microsoft Learning Web site ( www.microsoft.com/learning/mcp) for the most current listing of exam objectives.

Types of Exam Questions In an effort to both refi ne the testing process and protect the quality of its certifications, Microsoft has focused its newer certification exams on real experience and handson proficiency. There is a greater emphasis on your past working environments and responsibilities and less emphasis on how well you can memorize. In fact, Microsoft says that certification candidates should have hands- on experience before attempting to pass any certification exams.

Microsoft will accomplish its goal of protecting the exams’ integrity by regularly adding and removing exam questions, limiting the number of questions that any individual sees in a beta exam, limiting the number of questions delivered to an individual by using adaptive testing, and adding new exam elements.

Exam questions may be in a variety of formats: depending on which exam you take, you’ll see multiple- choice questions, as well as select-and-place and prioritize-a-list questions. Simulations and case study–based formats are included as well. You may also fi nd yourself taking what’s called an adaptive format exam. Let’s take a look at the types of exam questions and examine the adaptive testing technique, so you’ll be prepared for all of the possibilities.

xxiv

Introduction

With the release of Windows 2000, Microsoft stopped providing a detailed score breakdown. This is mostly because of the various and complex question formats. Previously, each question focused on one objective. Recent exams, such as the Windows Server 2008 Active Directory exam, however, contain questions that may be tied to one or more objectives from one or more objective sets. Therefore, grading by objective is almost impossible. Also, Microsoft no longer offers a score. Now you will only be told if you pass or fail.

Multiple-Choice Questions Multiple- choice questions come in two main forms. One is a straightforward question followed by several possible answers, of which one or more is correct. The other type of multiple- choice question is more complex and based on a specific scenario. The scenario may focus on several areas or objectives.

Select-and-Place Questions Select-and-place exam questions involve graphical elements that you must manipulate to successfully answer the question. For example, you might see a diagram of a computer network, as shown in the following graphic taken from the select-and-place demo downloaded from Microsoft ’s website.

Introduction

xxv

A typical diagram will show computers and other components next to boxes that contain the text “Place here.” The labels for the boxes represent various computer roles on a network, such as a print server and a fi le server. Based on information given for each computer, you are asked to select each label and place it in the correct box. You need to place all of the labels correctly. No credit is given for the question if you correctly label only some of the boxes. In another select-and-place problem you might be asked to put a series of steps in order, by dragging items from boxes on the left to boxes on the right and placing them in the correct order. One other type requires that you drag an item from the left and place it under an item in a column on the right. For more information on the various exam question types, go to

www.microsoft.com/learning/mcpexams/policies/innovations.asp.

Simulations Simulations are the kinds of questions that most closely represent actual situations and test the skills you use while working with Microsoft software interfaces. These exam questions include a mock interface on which you are asked to perform certain actions according to a given scenario. The simulated interfaces look nearly identical to what you see in the actual product, as shown in this example:

xxvi

Introduction

Because of the number of possible errors that can be made on simulations, be sure to consider the following recommendations from Microsoft: 

Do not change any simulation settings that don’t pertain to the solution directly.



When related information has not been provided, assume that the default settings are used.



Make sure that your entries are spelled correctly.



Close all the simulation application windows after completing the set of tasks in the simulation.

The best way to prepare for simulation questions is to spend time working with the graphical interface of the product on which you will be tested.

Case Study– Based Questions Case study–based questions fi rst appeared in the MCSD program. These questions present a scenario with a range of requirements. Based on the information provided, you answer a series of multiple- choice and select-and-place questions. The interface for case study–based questions has a number of tabs, each of which contains information about the scenario. At present, this type of question appears only in most of the Design exams. Microsoft will regularly add and remove questions from the exams. This is called item seeding. It is part of the effort to make it more difficult for individuals to merely memorize exam questions that were passed along by previous test-takers.

Tips for Taking the MCTS: Windows SharePoint Services 3.0, Configuring Exam Here are some general tips for achieving success on your certification exam: 

Arrive early at the exam center so that you can relax and review your study materials. During this final review, you can look over tables and lists of exam-related information.



Read the questions carefully. Don’t be tempted to jump to an early conclusion. Make sure you know exactly what the question is asking.



Answer all questions. If you are unsure about a question, then mark it for review and come back to it at a later time.



On simulations, do not change settings that are not directly related to the question. Also, assume default settings if the question does not specify or imply which settings are used.



For questions you’re not sure about, use a process of elimination to get rid of the obviously incorrect answers first. This improves your odds of selecting the correct answer when you need to make an educated guess.

Introduction

xxvii

Exam Registration You may take the Microsoft exams at any of more than 1,000 Authorized Prometric Testing Centers (APTCs) around the world. For the location of a testing center near you, call Prometric at 800 -755-EXAM (755-3926). Outside the United States and Canada, contact your local Prometric registration center. Find out the number of the exam you want to take, and then register with the Prometric registration center nearest to you. At this point, you will be asked for advance payment for the exam. The exams are $125 each and you must take them within one year of payment. You can schedule exams up to six weeks in advance or as late as one working day prior to the date of the exam. You can cancel or reschedule your exam if you contact the center at least two working days prior to the exam. Same-day registration is available in some locations, subject to space availability. Where same-day registration is available, you must register a minimum of two hours before test time. You may also register for your exams online at www.prometric.com.

When you schedule the exam, you will be provided with instructions regarding appointment and cancellation procedures, ID requirements, and information about the testing center location. In addition, you will receive a registration and payment confi rmation letter from Prometric. Microsoft requires certification candidates to accept the terms of a nondisclosure agreement before taking certification exams.

Who Should Read This Book? If you want to acquire a solid foundation in configuring Windows SharePoint Services 3.0 and your goal is to prepare for the exam by learning how to use and manage the new operating system, this book is for you. You’ll fi nd clear explanations of the fundamental concepts you need to grasp and plenty of help to achieve the high level of professional competency you need to succeed in your chosen field. If you want to become certified as an MCTS, this book is defi nitely for you. However, if you just want to attempt to pass the exam without really understanding Windows SharePoint Services 3.0, this Study Guide is not for you. It is written for people who want to acquire hands- on skills and in-depth knowledge of configuring WSS 3.0.

xxviii

Introduction

What ’s in the Book? What makes a Sybex Study Guide the book of choice for hundreds of thousands of MCTSs? We take into account not only what you need to know to pass the exam, but what you need to know to take what you’ve learned and apply it in the real world. Each book contains the following: Objective-by- Objective Coverage of the Topics You Need to Know objectives covered in that chapter.

Each chapter lists the

The topics covered in this Study Guide map directly to Microsoft ’s official exam objectives. Each exam objective is covered completely.

Assessment Test Directly following this introduction is an Assessment Test that you should take. It is designed to help you determine how much you already know about Windows SharePoint Services 3.0. Each question is tied to a topic discussed in the book. Using the results of the Assessment Test, you can figure out the areas where you need to focus your study. Of course, we do recommend you read the entire book. Exam Essentials To highlight what you learn, you’ll fi nd a list of Exam Essentials at the end of each chapter. The Exam Essentials section briefly highlights the topics that need your particular attention as you prepare for the exam. Glossary Throughout each chapter, you will be introduced to important terms and concepts that you will need to know for the exam. These terms appear in italic within the chapters, and at the end of the book, a detailed Glossary gives defi nitions for these terms, as well as other general terms you should know. Review Questions, Complete with Detailed Explanations Each chapter is followed by a set of Review Questions that test what you learned in the chapter. The questions are written with the exam in mind, meaning that they are designed to have the same look and feel as what you’ll see on the exam. Question types are just like the exam, including multiple choice, exhibits, and select-and-place. Hands- on Exercises In each chapter you’ll fi nd exercises designed to give you the important hands- on experience that is critical for your exam preparation. The exercises support the topics of the chapter, and they walk you through the steps necessary to perform a particular function. Real World Scenarios Because reading a book isn’t enough for you to learn how to apply these topics in your everyday duties, we have provided Real World Scenarios in special sidebars. These explain when and why a particular solution would make sense, in a working environment you’d actually encounter.

Introduction

xxix

Interactive CD Every Sybex Study Guide comes with a CD complete with additional questions, flashcards for use with an interactive device, and the book in electronic format. Details are in the following section.

What ’s on the CD? With this new member of our best-selling Study Guide series, we are including quite an array of training resources. The CD offers bonus exams and flashcards to help you study for the exam. We have also included the complete contents of the Study Guide in electronic form. The CD’s resources are described here: The Sybex E -book for MCTS: Windows SharePoint Services 3.0 Configuration Study Guide Many people like the convenience of being able to carry their whole Study Guide on a CD. They also like being able to search the text via computer to fi nd specific information quickly and easily. For these reasons, the entire contents of this Study Guide are supplied on the CD, in PDF. We’ve also included Adobe Acrobat Reader, which provides the interface for the PDF contents as well as the search capabilities. The Sybex Test Engine This is a collection of multiple- choice questions that will help you prepare for your exam. There are four sets of questions: 

Two bonus exams designed to simulate the actual live exam.



All the questions from the Study Guide, presented in a test engine for your review. You can review questions by chapter or by objective, or you can take a random test.



The Assessment Test.

Sybex Flashcards for PCs and Handheld Devices The “flashcard” style of question offers an effective way to quickly and efficiently test your understanding of the fundamental concepts covered in the exam. The Sybex Flashcards set consists of 100 questions presented in a special engine developed specifically for this Study Guide series.

Contacts and Resources To fi nd out more about Microsoft Education and Certification materials and programs, to register with Prometric, or to obtain other useful certification information and additional study resources, check the following resources: Microsoft Learning Home Page

www.microsoft.com/learning

This website provides information about the MCP program and exams. You can also order the latest Microsoft Roadmap to Education and Certification. Microsoft TechNet Technical Information Network

www.microsoft.com/technet

xxx

Introduction

800 -344 -2121 Use this website or phone number to contact support professionals and system administrators. Outside the United States and Canada, contact your local Microsoft subsidiary for information. Prometric www.prometric.com 800 -755-3936 Contact Prometric to register to take an exam at any of more than 800 Prometric Testing Centers around the world. MCP Magazine Online

www.mcpmag.com

Microsoft Certified Professional Magazine is a well-respected publication that focuses on Windows certification. This site hosts chats and discussion forums and tracks news related to the MCTS and MCITP programs. Some of the services cost a fee, but they are well worth it. Windows IT Pro Magazine

www.windowsITPro.com

You can subscribe to this magazine or read free articles at the website. The study resource provides general information on Windows Vista, Server, and .NET Server.

How to Contact the Authors We welcome feedback from you about this book or about books you’d like to see from us in the future. Sybex strives to keep you supplied with the latest tools and information you need for your work. Please check our website at www.sybex.com, where we’ll post additional content and updates that supplement this book if the need arises. Enter the book’s ISBN — 9780470449318 — and click Go to get to the book’s update page.

Assessment Test 1.

You are the WSS 3.0 farm administrator for your company. You want to deploy a public extranet site using WSS 3.0 as an Internet presence site to promote your products. What should you do? A. You should create an Internet solution using anonymous access.

2.

B.

You should build an extranet solution using forms-based authentication.

C.

You should create an Internet solution using Basic authentication.

D.

You should create an Intranet solution using a default Active Directory account for all the users who want to view your products.

You are a WSS 3.0 site collection administrator for your organization. You want to customize the default.aspx page on your site, but you aren’t a programmer. What application should you use to change the “look and feel” of the page? A. Microsoft FrontPage 2003

3.

B.

Microsoft Office SharePoint Designer 2007

C.

Macromedia Dreamweaver

D.

Microsoft Word

You are the WSS 3.0 administrator for your organization. Your organization is planning a WSS 3.0 deployment using three web front- end (WFE) servers. You need to ensure your users’ optimal access to their content as well as provide for adding new WFE servers for future needs. What should you do? A. Configure the WFE servers to use active/passive clustering.

4.

B.

Configure WFE servers with default IIS settings.

C.

Configure the WFE servers for network load balancing (NLB).

D.

Configure the WFE servers for Domain Name System (DNS) round-robin.

You are the WSS 3.0 administrator for your organization. You have deployed WSS 3.0 on three servers, each containing one network adapter. You have implemented NLB in the default operating mode. When you try to ping one of the servers from the other, it is not successful. You need to be able to communicate among the NLB servers. What should you do? (Choose all that apply.) A. Install a second network adapter on all the NLB servers. B.

Implement dynamic IP addressing on all the NLB servers.

C.

Install a second network adapter on the first server that you configured for NLB and configure it to use unicast mode.

D.

Configure the NLB cluster to use multicast mode.

Assessment Test

xxxii

5.

You are the WSS 3.0 farm administrator for your company. You have deployed a single WSS 3.0 server using the Basic installation option. After several months, the usage and content has grown dramatically. You have decided that you need to scale out your implementation to a medium farm architecture. What should you do? A. You should move the existing WSS 3.0 databases to a dedicated SQL 2005 server and the search activities to a second dedicated server.

6.

B.

You should move the existing WSS 3.0 databases to a dedicated SQL 2005 server.

C.

You should perform a new server farm installation and migrate the content databases to the new farm.

D.

You should add another web front- end server to the current installation.

You are the WSS 3.0 administrator for your organization. You have deployed a WSS 3.0 server farm. To allow external access to your sites, you decide to install an ISA server. You need to configure it so that your solution is as secure as possible and your internal users still have access to the site. What should you do? A. Implement an edge firewall topology.

7.

B.

Implement a split back-to -back topology.

C.

Implement a multihomed perimeter topology.

D.

Implement a back-to -back perimeter topology.

You are the WSS 3.0 administrator for your company. The CIO has asked you to set up a site for him where he can keep a daily journal of thought about the state of the company. He would like to use this site to generate discussion among the managers who report to him. What site template will best provide the capabilities required by the CIO? A. Blog site

8.

B.

Blank site with a discussions list

C.

Team site

D.

Wiki site

Which of the following is not a site permission in SharePoint? A. Apply Themes and Borders B.

Use Self- Service Site Creation

C.

Manage Alerts

D.

Manage Lists

Assessment Test

9.

xxxiii

As the WSS 3.0 administrator for your organization, you are preparing to deploy Windows SharePoint Services 3.0 on a server named Web1. You have installed Windows Server 2003 Web Edition, including all service packs and prerequisite files, on Web1. You are ready to start installing WSS 3.0. Which installation option should you choose? A. Basic Installation as a Stand-Alone Server B.

Basic Installation as a Front-End Web Server

C.

Advanced Installation as a Front-End Web Server

D.

Advanced Installation as a Stand-Alone Server

10. You are the WSS 3.0 administrator for your organization. You are in the process of configuring WSS on a new server farm. You are on the Configure SharePoint Central Administration web application page. Your next task is to select a method of authentication under the Configure Security Settings section. Which of the following are options you can select? (Choose all that apply.) A. Kerberos B.

SSL

C.

NTLM

D.

HTTP

11. You are the WSS 3.0 administrator for your organization. Your WSS 3.0 implementation consists of a medium-sized farm with four load-balanced web front- end servers. You have deployed three web applications on your farm. One web application requires Secure Sockets Layer (SSL) security. You have obtained the necessary certificate(s) from a trusted certificate authority. What should you do? A. Install a certificate on the database server. B.

Install a certificate on each WFE server and the database server.

C.

Install a certificate on the first configured WFE server.

D.

Install a certificate on each WFE server.

12. You are the WSS 3.0 administrator for your organization. Both internal users and external users will be accessing your WSS 3.0 web application. You must implement a solution so that both sets of users are able to access the content using different URLs. Your solution should minimize administrative overhead and hardware requirements. What should you do? A. Create separate web applications for internal and external users. B.

Create separate WSS 3.0 deployments for internal and external users.

C.

Extend the web application by defining separate zones for internal and external users.

D.

Create two separate database servers to hold the content, one for internal users and one for external users.

xxxiv

Assessment Test

13. You are the WSS 3.0 administrator for your organization. You are creating a web application that will be accessed only by your customers. The authentication for the web application must meet the following conditions: customer accounts will be stored in a SQL Server database; authentication to the web application is performed by a membership provider created by an ASP.NET developer; and two levels of permissions will be created for customer access to the content. You must select an appropriate authentication option. What should you do? A. Select Windows authentication. B.

Select forms authentication.

C.

Select web Single-sign On authentication.

D.

Select SSL authentication.

14. You are the WSS 3.0 administrator for your organization. You have deployed WSS 3.0 in a small farm topology. Users inform you that they are getting no results when they search the WSS 3.0 sites on WSS01. What should you do? A. Open Windows Components on WSS01 and reinstall WSS 3.0 with the option Start Search. B.

Open Central Administration; on the Home page under Administrator Tasks, select WSS01 and start the search service.

C.

Open the Central Administration website, on the Operations page under Topology and Services, select WSS01 and start the search service.

D.

Open the SQL Server Surface Area Configuration tool. Select WSS01 Search and click Start.

15. You have deployed WSS 3.0. Your users store expense reports in a document library on a WSS website. A user tells you that she deleted an expense report three weeks ago. You need to recover the lost document. What should you do? A. Instruct the user to recover the document from the Recycle Bin in the WSS site. B.

Recover the document from the Deleted from End User Recycle Bin view of the site collection Recycle Bin.

C.

Restore the recent full backup of the WSS website to a test server. Copy the expense report to the original document library.

D.

Recover the document from the Recycle Bin on the WSS server desktop.

16. You are the WSS 3.0 administrator for your organization. You want to secure a document library so that users who have permissions to just view the documents in the library are not allowed to print them out. What should you do? A. Edit the permissions of the library to allow no users to print documents. B.

Implement Information Rights Management on the library.

C.

Modify the permission level for the users in the Visitors group to use Restricted Read with No Printing.

D.

Implement auditing on the library.

Assessment Test

xxxv

17. You are the WSS 3.0 administrator for your organization. You are planning your implementation of WSS 3.0. You want to ensure that your business processes are supported. What should you do? A. Create and implement an Information Rights Management plan. B.

Create and implement a workflow.

C.

Create and implement a governance plan.

D.

Create and implement content types.

18. You are the WSS 3.0 administrator for your company. Managers in your company use team sites to facilitate collaboration in their departments. Recently one of the managers created a site but accidentally selected Document Workspace instead of Team Site for the template. He would like to delete the site but doesn’t know how. What two ways can you show him that he can use to delete the site? (Choose all that apply.) A. Navigate to the Site Settings page on the top -level site and select Sites Hierarchy from the Site Collection Administration column. Click the Delete link next to the site on the Sites Hierarchy page. B.

Navigate to the Site Settings page on the site and select Delete This Site from the Users and Permissions column.

C.

Navigate to the Site Settings page on the site and select Delete This Site from the Site Administration column.

D.

Navigate to the Site Settings page on the Parent site and select Sites and Workspaces from the Site Administration column. Click the Delete link next to the site on the Sites and Workspaces page.

19. You are the WSS 3.0 administrator for your organization. All the regulation documents for the HR department have been uploaded into a document library on their website. You need to attach pertinent information to each of the documents for historical and auditing purposes. What should you do? A. Create metadata to hold the information. B.

Create versioning to hold the information.

C.

Create an Information Management Policy to hold the information.

D.

Create folders to hold the information.

20. You have deployed WSS 3.0. You create a new Announcements list for the managers in your company. Security on the list has not been broken. You need to ensure that managers can only view and add tasks to the list. Which group should you add the managers to on the site? A. Sitename Owners B.

Sitename Members

C.

Sitename Visitors

D.

Sitename Designers

xxxvi

Assessment Test

21. You have deployed WSS 3.0. You want to use forms-based authentication to a SQL database to authenticate remote users that do not belong to your Active Directory domain. You configure a web application to use forms, but external users report that they can’t authenticate to the WSS website. You need to ensure that external users are able to authenticate to the WSS website. What should you do? A. Restart the Netlogon service on the WSS server. B.

Configure the Active Directory object for the WSS server to be Trusted for delegation.

C.

Edit the web application web.config file to specify the connection string and membership provider entries for the AspNetSqlMembershipProvider.

D.

Use Internet Information Services Manager to configure the Basic authentication on the website.

22. You are the WSS 3.0 administrator for your organization. You are asked to restore a document that was deleted by an end user 29 days before the request. What should you do? A. Perform a restore using STSADM –o restore -file. B.

Use the Backup and Restore feature to perform a site collection restore.

C.

Have the user restore the file by using the SharePoint Recycle Bin.

D.

Instruct the user to restore the file from the Windows Deleted Files folder.

23. You are the WSS 3.0 administration for your organization. You are informed by the networking team that the WSS 3.0 Central Administration port number is the same as another web application on the corporate network. You’re told you must change the WSS 3.0 Central Administration port number to 4500. What do you do? A. In Application Management, choose Network Settings and change the port number for the Central Administration web application. B.

Run the SharePoint Technologies Configuration Wizard to change the port.

C.

Install a second network adapter and set a new port number.

D.

Use the command STSADM –o setadminport –port 4500.

24. You are the WSS 3.0 administrator for your organization. You want to create new pages on your sites that include custom web part zone layouts. What should you do? A. Use Microsoft Office SharePoint Designer 2007 to customize the default.master page and add your zone layouts. B.

Use the Create Web Part pages from the Page Create option in Office SharePoint Designer 2007 and select the layout you want from those available.

C.

Using the browser, select Web Part Page from the Create page and select one of the existing layouts. Customize the layout in the browser.

D.

Use Office SharePoint Designer 2007 to create your custom pages and add your zone layouts.

Assessment Test

xxxvii

25. You are the WSS 3.0 administrator for your organization. You want to change the image on the home page of your site using the least amount of effort. What should you do? A. Using the browser, select Create from the Site Actions menu and add the new image. B.

Using the browser, select Title, Description, and Icon from the Site Settings page and add the new image.

C.

Using Office SharePoint Designer 2007, select Title, Description and Icon from the Site Settings page and add the new image.

D.

Using Office SharePoint Designer 2007, select New from the Common menu and add the new image.

26. You are the WSS 3.0 administrator for your organization with a small farm deployment. You need to deploy a custom web part assembly to your web application. You are concerned with code access security so you have installed the assembly in a secure location. However, you cannot add the web part to a web part page. What should you do? A. Create a new custom policy for the web part assembly and have the web.config point to it. B.

Change the trust level in the web.config file to Full.

C.

Change the trust level in the web.config file to Medium.

D.

Change the trust level in the web.config file to Minimal.

27. You are the WSS 3.0 administrator for your organization. Using a Level 1– supported browser, you can perform which of these functions? (Choose all that apply.) A. Customize the look and feel by moving web parts on the page. B.

Deploy Features that have been activated in your WSS 3.0 site.

C.

Close or remove web parts using the drop - down menu on a web part.

D.

Change the location of a web part in a Web Part zone by moving it on top of another web part.

28. WSS 3.0 site definition files allow developers and administrators to do which of the following to WSS 3.0 and SharePoint sites? (Choose all that apply.) A. Roll out custom sites with Features available in a site, site collection, or farm. B.

Save administrators time when rolling out new sites in SharePoint.

C.

Avoid missing Features in newly created sites.

D.

Create a standard for deploying changes to WSS 3.0 and SharePoint.

29. You have deployed a WSS farm consisting of three web front- end WSS servers and a backend SQL Server. You need to monitor services across all of the servers in the web server farm. What should you do? A. On each server, configure the Central Administration Diagnostic Logging feature to store trace logs on a network share drive. B.

Create a custom Microsoft Management Console (MMC) that contains the Event Viewer from each WSS server.

xxxviii

Assessment Test

C.

Add the Web Service: Current Connections counter for each WSS server to a Performance Monitor chart view.

D.

Install Microsoft Operations Manager (MOM). Download and install the WSS management pack on the MOM server.

30. You are upgrading a WSS 2.0 environment that contains Microsoft Office 2003 web parts. Which upgrade approaches can you use? (Choose two. Each answer represents a complete solution.) A. Perform an in-place upgrade of the existing system. B.

Use the gradual upgrade approach to migrate the existing system.

C.

Use the database migration method to move the content to the new farm.

D.

Install a new WSS 3.0 environment and manually migrate content to the new system.

31. Which of the following is not one of the logs that can be used to monitor and troubleshoot performance on a WSS server? A. File Replication Service log B.

Unified Logging Service (ULS) logs

C.

Application Event log

D.

Internet Information Services (IIS) logs

32. You have deployed WSS 2.0 with a single site collection. You want to upgrade it to WSS 3.0. You would like to maintain existing URLs. What should you do? A. Use the database migration method to move the content to the new farm. B.

Use the gradual upgrade approach to migrate the existing system.

C.

Perform an in-place upgrade of the existing system.

D.

Install a new WSS 3.0 environment and manually migrate content to the new system.

33. You are upgrading a WSS 2.0 farm to WSS 3.0 using the gradual approach. What is the minimum hardware level required for web front- end servers in the upgraded environment? (Choose all that apply.) A. 4GB of RAM B.

2.5GHz processor

C.

1024 ⫻ 768 resolution monitor

D.

100Mbps connection between client computers and server

34. You have deployed WSS 3.0 with a single web front- end server and a SQL database server. You need to monitor the WSS server to identify HTTP 401 errors. What should you do? A. Open the event viewer on your workstation and remotely monitor the application event log on the WSS server. Watch for HTTP errors. B.

Create a counter log that uses the Network Interface Bytes Total/ Sec counter. Store the counter log results in a SQL Server database.

Assessment Test

xxxix

C.

Configure the IIS Log active format on each WSS server to use the W3C Extended Log File Format option. Review the logs weekly.

D.

Install Microsoft Operations Manager (MOM) on a network server. Install the IIS management pack on the MOM server.

35. You are the WSS 3.0 administrator for your organization. You need to configure your WSS 3.0 installation so your sites can accept and archive incoming e-mail. What should you do? A. You should install the IIS SMTP service on your Web front end server. B.

You should install Outlook on your Web front end server.

C.

You should create a new virtual directory in IIS.

D.

You should install an Exchange server on your back end SQL server.

36. You are the WSS 3.0 administrator for your organization. You have just finished installing WSS 3.0 on a single server so your team can evaluate SharePoint. What do you do next? A. Create a site collection using Central Administration. B.

Extend a Web application using Central Administration.

C.

Create a Blank site using Central Administration.

D.

Create a Web application using Central Administration.

Answers to Assessment Test 1. A. You should create a WSS 3.0 site that has anonymous access enabled. Since you want to let all users view your site, you need to set up anonymous access authentication. All the other options require that a user have a user ID and password to access the site. 2. B. Microsoft Office SharePoint Designer 2007 has been specifically designed to customize and brand SharePoint HTML pages and websites. FrontPage 2003 is not compatible with the current version of SharePoint. It was used to edit pages in WSS 2.0. Visual Studio 2005 cannot edit pages that are stored directly in the content database. Custom pages can only be deployed through programming when using Visual Studio. Dreamweaver also can’t open the pages of a SharePoint site directly from the content database. 3. C. You should configure the WFE servers for network load balancing. NLB is a native functionality provided with Windows server products. NLB provides both load balancing as well as fault tolerance on each WFE server. You should not configure round-robin because it is not as efficient as NLB. Although active/passive clustering provides fault tolerance, it does not optimize access to the users’ content. Configuring the servers with default IIS settings does nothing to balance the users’ access. 4. A,D. You should either install a second network adapter on all the NLB servers or configure the NLB cluster to use multicast mode. The default mode is unicast. If you need to have intrahost communications in your NLB cluster, you should configure multicast mode. The other option is to install a second network adapter. The host adapter can remain configured for the default mode of unicast. You should not configure dynamic IP addressing. All servers in an NLB cluster must have static IPs. You should not install a second adapter on just one of the servers; if you install a second adapter, it must be on all the servers. 5. C. You will need to perform a new server farm installation. The Basic option installs Windows Internal Database (WID) for its database component. Although you can move the databases to a dedicated SQL Server, there is no way that you can add additional WFE servers to scale out a Basic installation option farm. 6. B. You should implement a split back-to-back topology. The split back-to-back topology is the most secure; your web front-end servers and possibly your search servers are in the perimeter network while the database server is still maintained in the internal corporate network. You can use two Active Directory directory services with the perimeter domain trusting the corporate domain. The split back-to-back solution uses two ISA or fi rewall servers for additional security to your network. All other solutions are less secure. 7. A. A blog site will provide the CIO with a site where he can create posts daily. Users who have access to the site can read the posts and comment on them. A blank site with a discussion list or a team site could also be used, but would not be as good a fit for the CIO since neither provides categorization. The CIO could also use a wiki site to publish his thoughts, but soliciting comments would be difficult. 8. D. Manage Lists is a List permission, not a Site permission.

Answers to Assessment Test

xli

9. C. You should choose the Advanced Installation as a Front-End Web Server. It is not possible to install a SQL Server database on the Web Edition of Windows Server 2003; therefore, this is your only option. 10. A, C. NTLM and Kerberos are the only two options that are available for authenticating to the Central Administration web application. 11. D. You should install a certificate on each WFE server. Since you are using load balancing, you need a certificate on each WFE. You do not need a certificate on the database server because authentication and encryption occur on the WFEs. 12. C. You should extend the web application by defi ning separate zones for internal and external users. Both zones access the same content keeping administrative overhead minimized. Since both zones of the web application are held on the same server, the hardware necessary for the solution is also kept to a minimum. 13. B. You should select forms authentication. Forms authentication allows you to store user credentials in a custom format such as a SQL Server database. Forms authentication is managed using a membership provider that is implemented in the web application and Central Administration web.config fi le. 14. C. You should open the Central Administration website, and on the Operations page under Topology and Services, select WSS01 and start the search service. The users have no results because the search service has not been started on WSS01. This configuration is managed in Central Administration and not in SQL Server. 15. A. The user can restore the document by using the site’s Recycle Bin. You won’t need to restore the fi le from a previous backup. The fi le will not be in the WSS server’s desktop Recycle Bin or the second stage Recycle Bin for the site collection. 16. B. You should implement Information Rights Management on the library. IRM allows you to create a more secure environment for your library. With IRM, users with the View permission in WSS 3.0 can be restricted from copying or printing documents in the library. 17. C. You should create and implement a governance plan. A governance plan establishes how your organization aligns WSS 3.0 with its business processes. 18. C, D. Sites can be deleted from their own Site Settings page or from the Sites and Workspaces list on their parent site. The Delete link is in the Site Administration column, not the Users and Permissions column. The Sites Hierarchy page provides links to manage, not delete, all the sites in a site collection. 19. A. You should create metadata to hold the information. Metadata, often called columns, properties, or attributes, provides descriptive information used for locating and analyzing the content contained within the document. 20. B. You should add the managers to the Sitename Members group, which has the Contribute permission level. The Owners group, with the Full Control permission level, would give them more than View and Add permissions. The Visitors group, with the Read permission level, would only give them the View permission. There is no default group called Sitename Designers.

xlii

Answers to Assessment Test

21. C. The configuration details for the AspNetSqlMembershipProvider need to be added to the web application web.config fi le. The other choices all deal with forms of Active Directory authentication and not a custom authentication provider. 22. C. The user’s Recycle Bin is the fi rst area a user should look for a document or list deleted in SharePoint. The user’s Recycle Bin holds documents and fi les for up to 30 days. 23. D. The only way to change the Central Administration port number is to use the STSADM –o setadminport command. 24. D. You should use Office SharePoint Designer 2007 to create your custom pages and add your zone layouts. Web part page layouts cannot be customized using the browser. 25. B. You should use the browser and select Title, Description, and Icon from the Site Settings page and add the new image. 26. A. You should create a new custom policy for the web part assembly and have the web. config point to it. You should not reset the trust level in the web.config to Full because it would allow full access to all assemblies in the web application. 27. A,B,C,D. All are true; remember that SharePoint is highly customizable right out of the box, and that a user with the correct rights and browser can move, add, remove, and customize SharePoint using Features and web parts. 28. A,B,C,D. Site Features are great; they save time and make sense for any organization that has the experience to create these fi les. 29. D. MOM 2005 with the WSS management pack can be used to monitor WSS events in the application event logs on multiple servers. 30. B,D. Microsoft Office 2003 web parts cannot be installed directly in WSS 3.0 and can only be upgraded using the in-place or gradual upgrade approaches. 31. A. WSS servers do not make use of the Windows File Replication Service by default. It is doubtful that you would ever need this event viewer log for troubleshooting WSS. 32. C. In-place upgrades are the fastest and easiest way to upgrade small environments while maintaining existing URLs. 33. B,C. WSS 3.0 web front-end servers should have a minimum of a 2.5GHz processor and a 1024 ⫻ 768 resolution monitor. Two gigabytes of RAM is the minimum, and 100Mbps is only required between the servers in the farm, not between servers and clients. 34. C. HTTP 401 errors will be recorded in the IIS logs. Since you only have one WSS server, you don’t need to configure MOM to monitor the logs. 35. A. You should install the IIS SMTP service on your Web front end server. You must also configure incoming e-mail settings in Central Administration. 36. D. You should create a Web application using Central Administration. When the WSS 3.0 installation is complete, your next task is to create a Web application to host your site collection(s) and sites.

Chapter

1

Getting Started with the Windows SharePoint Services 3.0 Platform MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:  Deploy Windows SharePoint Services 3.0 (WSS) 

Configure WSS server roles



Configure WSS topology

Since you are reading this chapter, it means you are committed to learning how to use and administer Windows SharePoint Services (WSS) 3.0. Perhaps this is your own personal commitment to become familiar with a new technology that has become a leader in the field of collaboration. We hope this is so — but since we are also realists, we know you might be here because you have been given another hat to wear in your organization. Don’t worry if that describes you. Don’t worry if you are the network or SQL administrator and have now been also charged with the SharePoint services for your organization. And, also equally important, you are most likely here because this book will guide you to gain the knowledge to pass the Microsoft 70 - 631 exam. Certification credentials show you understand and know how to use a product. This book is built around the exam objectives; as you gain knowledge in those areas you need for implementing WSS 3.0, you are provided with exam questions and key topics to augment your learning and studying. If there is any one word of advice that we can give you as you proceed through this book, it is to plan. All too often, we have worked with companies that have put up WSS sites only to fi nd that their topology has gotten completely out of hand because users became so enthusiastic that the sites and content grew too rapidly. “Wow, how terrific!” you might be thinking. But a SharePoint implementation can become unwieldy and not fulfi ll the objectives it was built to meet. Therefore, our purpose as we travel through this book together is not only to provide you with the necessary tools to enable you to configure your SharePoint site, but also to show you best practices along the way. Before launching into the specific installation, configuration, management, and customization areas of WSS 3.0, you need to learn the building blocks. It’s part of our “strong foundation” approach. To understand the design goals of WSS 3.0, you will begin with an overview of the service. Your next step is to understand the technology. You will learn those features that collaborate to make WSS 3.0. Once you understand what a WSS 3.0 solution is able to provide, you need to determine how it fits into your organization. As in most of its applications and services, Microsoft provides the building blocks, but you need to use them to design an implementation that serves your organization’s needs. The last section of this chapter, and hence the last part of the WSS 3.0 foundation, is the architecture. You need to grasp the logical architecture of a WSS 3.0 deployment so that you can plan the physical structure accordingly. With all that said, let’s start building!

Overview of Windows SharePoint Services 3.0

3

Overview of Windows SharePoint Services 3.0 To understand WSS 3.0 is to understand collaboration. Originating from the Latin com- (“with”) and laboro (“work”), collaboration is a great word and, better yet, a terrific concept for businesses. Wikipedia defi nes collaboration as a recursive process where two or more people work together toward an intersection of common goals — for example, an intellectual endeavor that is creative in nature — by sharing knowledge, learning, and building consensus. It further mentions that collaboration can often provide better results through decentralization and does not always require leadership. Thus, when using collaborative technologies in business, the sum of the parts can be greater than the whole. As web-based technologies expanded, the challenge to provide an environment for creating easily used public workspaces and collaborative sharing became more apparent to companies. The conventional method of sharing data and folders over the network no longer provided the solution. Not only did users waste valuable time searching through the fi le system for their needs, but administering security on the network fi le system became paramount, with users needing a variety of access to fi les within the same folder. Another collaborative technique used by many was to exchange data via email. Again security became an issue. Archiving, storage limits, and difficulty in maintaining audit history made this technique fall short of organizations’ collaborative needs. It became apparent that minimizing data movement was the key to both stabilizing data access and security. With this goal in mind, Microsoft conceived SharePoint Services.

The Evolution of Microsoft Windows SharePoint Services Early concepts of Microsoft’s collaboration tool used Team Folders and the Digital Dashboard to enable users to define their own collaboration spaces. SharePoint Team Services changed the one-way publishing paradigm of company intranets into an organized and structured venue, thus allowing users to save and share their information directly on the Web. The next iteration, Microsoft WSS 2.0, leveraged Windows SharePoint Services and moved the storage of common data off the web server onto the SQL Server. WSS 3.0 and Microsoft Office SharePoint Server 2007, which is built on the WSS 3.0 foundation, encompass the most recent version of this information management software. They provide several communication tools to create a workspace in which users can readily collaborate and communicate in a secure environment. WSS 3.0 is designed to enable organizations to improve team productivity and increase business process efficiency.

4

Chapter 1



Getting Started with the WSS 3.0 Platform

With that in mind, Microsoft built a set of design goals for WSS 3.0: 

Storage



Security



Management



Deployment



Site Model



Extensibility



Collaboration

These goals have evolved into the platform services for WSS 3.0 and are discussed later in this section.

Let’s begin our journey by examining the components of WSS 3.0: 

What is Microsoft WSS 3.0?



Why should we use WSS 3.0?



What are the new and enhanced features?

What Is Microsoft WSS 3.0? Most likely you have been charged with either initiating or updating a SharePoint infrastructure. Well, you will not get far in your endeavor if you do not understand WSS 3.0 and its role as the foundation for all the SharePoint technologies. When we ask users to define WSS, they often tell us it is the “free” version of SharePoint. Well, even though it is true that WSS is a free download from Microsoft, it is more than that. All SharePoint technologies are built on this service. Take Windows Workflow Foundation as one example; this technology would not even exist were it not for the persistence service of WSS 3.0.

The most important concept to grasp is that WSS 3.0 is built on Windows Server 2003 or Windows Server 2008 and provides the foundation platform and collaboration features for Microsoft SharePoint products and technologies. The services provided by WSS are shown enclosed in the dashed areas of Figure 1.1.

Overview of Windows SharePoint Services 3.0

F I G U R E 1 .1

5

Windows SharePoint Services 3.0, architectural view

Architectural View Enterprise Content Management

Portal Services

Collaboration

Search and Indexing

Business Intelligence And Forms Management

Shared Services Storage

Security

Management

Deployment

Site Model

Extensibility

Windows SharePoint Service 3.0 Foundation Services Operating System Services .NET 3.0 Framework Database Services Workflow

Internet Information Services Search

Network

Windows 2003 or 2008 Server Operating System

As noted in Figure 1.1, Microsoft Office SharePoint Server (MOSS) 2007 builds on the technologies of WSS 3.0 to proide the following applications and services: Portal Services MOSS 2007 portal technology allows you to create and manage gateways to all the features and functionality of SharePoint technologies. It also provides users with a greater personalization of their SharePoint experience. Search You can use MOSS 2007 ’s Search feature to query documents, people, and enterprise applications. Enterprise Content Management Enterprise content management in MOSS 2007 includes document, records, and web content management. These services include full web publishing; enterprise-wide documents and records retention, which includes auditing and security compliance; and approval workflows. Business Processes Workflow, one of the business processes of MOSS 2007, facilitates collaboration among users for such processes as document approval, feedback collection

6

Chapter 1



Getting Started with the WSS 3.0 Platform

for document review, and disposition approval for archiving information. The InfoPath forms service assists in collecting and validating business process information. Business Intelligence You are able to integrate your line- of-business (LOB) application by using the Business Data Catalog (BDC) in MOSS 2007. Furthermore, Business Intelligence (BI) employs Excel Calculation Services to manage and share Office Excel 2007 workbooks and reports, integrates with SQL Reporting Services, and includes key performance indicators (KPIs) to track the progress of your business goals.

The term “SharePoint Technologies” is used throughout this book to encompass both WSS 3.0 and Office SharePoint Server 2007 products and services.

In the architectural view of WSS 3.0, each layer provides the necessary services that are consumed by the layers above them. Therefore, to understand the topology it makes sense for us to study these layers starting with the foundation layer of the operating system service and working our way up.

The Operating System Services The foundation layer is the operating system services. WSS 3.0 is built on these technologies and services, which were introduced in Windows Server 2003 and extended in Windows Server 2008. You can install WSS 3.0 on the Standard, Enterprise, or Web edition of Windows Server. As a best practice, have the service packs and patches up -to date on your server.

If you install WSS 3.0 on Windows Server Web edition, you must use a remote SQL Server to store the WSS databases.

Windows Server provides the system and networking services to all the upper layers of the SharePoint technologies. The internal relational database that is the data store within Windows Server itself provides the repository for Windows roles and features as well as such services as Active Directory Rights Management Services, UDDI Services, Windows Update Services, and Windows SharePoint Services. Microsoft SQL Server provides the data repository. Although WSS 3.0 was built to perform with SQL Server 2005, you can also use SQL Server 2008 or the previous version of SQL Server 2000 as your database solution. WSS 3.0 uses the relational database technology of SQL Server to store all configuration, data, and content information. Windows Server also provides the core and development platform services for WSS 3.0. These include: 

Windows services consumed by WSS 3.0, including the NTFS file system



Microsoft Internet Explorer 6.0 or Internet Explorer 7.0



Microsoft .NET Framework 3.0, which includes:

Overview of Windows SharePoint Services 3.0







7

ASP.NET 2.0 master pages, web parts, and content pages as well as its pluggable service provider models Microsoft Windows Workflow Foundation (WF), which employs WSS 3.0 as the workflow host for developing routing, approval, and other custom workflows to model business processes

Internet Information Services (IIS) 6.0 WSS 3.0 uses IIS websites to host web applications. Keep the following in mind: A web application is an IIS website that is created and used by SharePoint technologies. Each WSS 3.0 web application has its own website in IIS.



You must configure the computer to be a web server by enabling IIS 6.0, including common files, World Wide Web publishing service (WWW), and Simple Mail Transfer Protocol (SMTP). IIS is not enabled by default on a Windows server.



You must also configure the server to use IIS 6.0 Worker Process Isolation Mode. This is the default setting in new installations.

If you are using Windows Server 2000 and have upgraded from IIS 5.0, the setting Run WWW in IIS 5.0 Isolation Mode is enabled. Since each worker process must be isolated for your WSS 3.0 implementation, you must change the IIS setting to IIS 6.0 Worker Process Isolation Mode.



To enable email notifications, you need to configure incoming and outgoing email settings.



To configure sending email alerts and notifications, you must specify an SMTP email server.



To configure your installation so that your SharePoint sites can accept and archive incoming email, you must install the IIS SMTP service.

WSS 3.0 Platform Services Microsoft’s design goals evolved into the platform services of WSS 3.0. The WSS 3.0 Platform Services include the following: 

Storage 



Organizations need a central repository to store a variety of information and its metadata. WSS 3.0 provides lists, libraries, pages, and sites as containers for storage.

Chapter 1

8









Organizations need to be able to monitor and manage information from a centralized location. WSS 3.0 provides a Central Administration site for managing information and provisioning of administrative tasks. Organizations need both intranet and extranet deployment strategies. Organizations need to be able to upgrade from WSS 2.0. WSS 3.0 provides in-place and gradual upgrade procedures. It also supports extranet deployments.

Site Model 





WSS 3.0 supports pluggable authentication and a rights-trimmed user interface.

Deployment 



Authorization and authentication must be maintained. Users, whether a part of the organization environment or a public interface, need to be granted securitytrimmed access-level permissions.

Management 



Getting Started with the WSS 3.0 Platform

Security 





Users need to have a consistent experience through uniform navigation and site templates. WSS 3.0 allows sites to be developed on site templates and provides both global and current navigation features.

Extensibility 



Organizations require web services support and the ability to create custom applications. WSS 3.0 provides for a variety of external connectivity, such as forms based authentication, and enables you to create custom applications by using object model enhancements.

WSS 3.0 Collaboration Service Organizations require collaboration for their users to stay connected and be productive. WSS 3.0 provides out- of-the-box (OOB) collaboration features to enable your organization’s employees, business partners, and customers to share information such as documents and events and to work together in a friendly environment. Here are the collaboration features WSS 3.0 provides: Online Presence Online presence offers synchronous communication among your team members. User status is extracted and integrated into WSS through Microsoft Active Directory, Microsoft Exchange, and Windows Messenger. Presence can be discovered by using web parts that enable your team to see if their coworkers are available for real-time conferencing or message exchanging.

Overview of Windows SharePoint Services 3.0

9

Team Sites Team sites provide a central portal for information worker resources. They provide a home page and OOB lists and libraries for collaboration, such as Announcements and Calendar lists and a Shared Documents library. You have other list and page templates available for a variety of your collaboration needs. Meeting Workspaces Meeting workspaces are team sites that enable you to plan, organize, and track your meetings. They provide a home page with lists for you to include information about your meetings, such as objectives, agendas, attendees, tasks, and decisions. Wikis Wikis are open sites where your users can freely create and edit content. Its value stems from the collaborative authoring of your users. Your team can share information readily using wikis. Blogs Blogs are online journals. The name is taken from “web logs.” The blog is owned and maintained by its author, the blogger, who uses the area to document information of interest. Readers can post comments on the site in reference to the blog. A blog site can also be used by your team members to disseminate and share information. Web Parts You can think of a web part as a single-purpose, modular unit of information on a page. Web parts themselves are software components that are customizable through a tool pane when placed into a web part zone on your page. WSS 3.0 has many built-in web parts; however, you can also import or add web parts from other reliable sources into your WSS environment. Discussion Boards Discussion boards provide a conversation mechanism for your team members. Many features are built into the boards to supply security for approval of entries as well as the control needed to manage the discussion threads. Issue Tracking Issue tracking helps your team maintain and manage issues and problems throughout the enterprise. It allows you to assign, prioritize, and follow the complete progress of your issues. Contact Lists Contact lists enable your team members to create the details of information for others they work with. Contact lists facilitate communication by keeping information available in a single location. Integration Features WSS 3.0 supports close integration with all Microsoft Office products, most particularly the Office 2007 line of products. Furthermore, WSS integrates with Microsoft Office SharePoint Designer 2007 for customizing your sites, with Microsoft Exchange for providing mail service, and with Active Directory and Information Rights Management for security. You can also provide secure offline data access through a variety of connection services.

Why Use WSS 3.0? As you consider a collaboration solution for your organization, you should also consider what that solution will provide to be effective. If you build it, they will not always come. A successful solution requires the synergy of the users to be a part of its implementation,

10

Chapter 1



Getting Started with the WSS 3.0 Platform

support, and use. Furthermore, it requires keeping the total cost of ownership (TCO) as low as possible. Let’s take a quick look at some reasons solutions fail, just to make certain you cover all bases in your implementation of WSS 3.0: No Governance We have seen a large number of implementations fail because a governance plan was not put into place. Governance defi nes WSS 3.0 as a service with a plan describing service-level agreements (SLAs), adoption policies, usage, and support. Lack of Security Quite often an organization is seeking a solution deployment that will be used both internally and externally. Often solutions do not provide an easy mechanism for external security. Inability to Integrate Custom Applications Most organizations require several specialized line of business (LOB) applications. If there is no easy way for users to implement these systems with one another, they will lose not only time but also data consistency with data transfer. Expense Custom applications and solutions that are written in-house are expensive to create and maintain. You need a group of developers always available for changes, maintenance, and updates. Difficulty of Use Well, this is a no-brainer. The solution might be terrific, but if your team members don’t think it is intuitive to use, it will be ineffective. High Training Costs To keep down the cost of training, organizations often resort to training small groups of users and expect them to transfer knowledge to the remainder of the team. This process often leaves gaps in knowledge transfer, consequently leading to users being slow or even adverse to adopting the new solution. Lack of Ownership If your users do not see a personal business benefit, even if all other needs are met, they will be slow to use it. If your users feel that someone has pushed the solution on them, it decreases their desire to use it. You need to fi nd a way to create the synergy we mentioned earlier. Users should be involved in both creating and maintaining the solution.

Top 10 Benefits of WSS 3.0 So, just what does WSS 3.0 bring to the table with regard to providing a robust, easyto-use, and definitive solution? The Microsoft SharePoint team provides us with the following top 10 benefits of WSS 3.0: 1. Improve productivity with ease-of-use collaborative tools. Your users can connect easily and readily with the collaborative tools WSS 3.0 provides. Your team can create workspaces, blogs, and wikis for customized information sharing. In addition, your

Overview of Windows SharePoint Services 3.0

mobile users can take SharePoint with them by using WSS 3.0’s offline synchronization capabilities. 2. Manage documents easily and securely. Your team can build on the capabilities of WSS 3.0 to provide a secure repository using your document management requirements. You can check out documents prior to editing, view and retain revisions, as well as control security at the item level, and these are just a few of the included features that are readily available. 3. Get your team on board quickly. WSS 3.0 integrates readily and provides navigation and tool panes similar to other products in the Microsoft Office suite. Its familiar interface makes it easy for users to get up to speed quickly. The integration of WSS 3.0 with the Office products enables your team to easily work within either venue for their information handling. As an example, your team can create workspaces, create and edit documents, as well as view and update calendars on WSS 3.0 sites while working in their Microsoft Office programs. 4. Deploy business process solutions quickly. Your team can use the application templates WSS 3.0 provides to quickly get started with business tasks. Further customization can be accomplished by using development tools specifically designed for WSS 3.0, such as Microsoft Office SharePoint Designer 2007. 5. Establish a collaboration environment quickly. WSS 3.0 is scalable and easy to administer. With proper planning, your organization can begin using WSS 3.0 on a small-scale, single-server deployment and branch out to a more robust enterprise configuration. Your organization can change many deployment settings as well as add new features after initial deployment. This enables you to start your collaboration environment more rapidly. 6. Secure your business information. WSS 3.0 has controls for life-cycle management of your business information. The central administration feature for your farm enables your administrators to secure resources and membership permissions. 7. Control your company resources. You can decide who handles your WSS 3.0 site resources. Your SharePoint administrators can set top-down policies for administering users and groups as well as content recovery. Teams can set permissions at the document or item level and also initiate self-service collaborative workspaces. 8. Enable robust storage capabilities. The compliant document storage and retrieval functionalities of sites and workspaces rival third-party document storage applications without the extra tedium of learning a new application. Along with the check-in/check-out functionality and versioning mentioned earlier, your team is able to access information using customizable views and specially created metadata.

11

12

Chapter 1



Getting Started with the WSS 3.0 Platform

9. Customize the solution to fit your business needs. You can easily customize your environment through the web browser or command-line utilities. For further customization and branding, you can use Microsoft Office SharePoint Designer 2007 or Microsoft .NET Framework 3.0 utilities and applications. 10. Build web-based applications cost effectively. WSS 3.0 is a part of the .NET Framework family. You can use these common resources to fine-tune your websites to meet the specific needs of your organization.

Understanding the Technology Features of WSS 3.0 WSS 3.0 has many new features and enhancements to help you deploy and maintain your SharePoint solution. You now have a multi-tier administration model so that you can delegate your administrative responsibilities. You can take advantage of new and enhanced compliance features to manage your business critical data. You have at your disposal improved operational tools that enable you to maintain reliability and availability of your information. Furthermore, you have the ability to add users from other data sources outside Active Directory. Let’s take a closer look at these enhanced technology features, which include enhancements to: 

Administration model



Compliance features



Operational tools and capabilities



Network support



Extensibility

Administration Model Enhancements WSS 3.0 includes several enhancements to the administration model. Included is a new model for centralized management and configuration. This model enables you to manage and administer your tasks more efficiently.

Understanding the Technology Features of WSS 3.0

13

Centralized Configuration and Management The administration model includes a centralized configuration database to synchronize management and configuration settings for all the servers in your WSS 3.0 farm. You no longer need to manage your server farm configurations on a server-by-server basis.

A server farm is a collection of logical servers grouped together to accomplish server needs that exceed the capabilities that one machine can provide.

Two new services, the Windows SharePoint Services Administration service and the Windows SharePoint Services Timer service, are responsible for facilitating this centralized configuration model. You can think of the Windows SharePoint Services Timer service as the heartbeat for the server farm. This service runs timer jobs that propagate the configuration settings across the farm. You use the Windows SharePoint Services Administration service to carry out the actual configuration changes. The two services work together to complete your administrative tasks effectively and efficiently.

Two-Tier Administration Model A two -tier administration model enables you to separate administrative responsibilities: Tier 1: Farm Administrator Tier 1 management encompasses the central management of the entire server farm. As a Tier 1 administrator, usually a member of your company’s IT department, you perform the management of your farm-level resources. Tier 2: Site Administrator or Site Owner Tier 2 management includes the management of sites within the farm. As a Tier 2 administrator you perform the management of resources at the site level. This management tier is typically performed by a business unit site administrator who is not necessarily a member of the IT department. This multi-tier model allows a delineation and separation of administrative responsibilities. This delegation of responsibilities enables IT professional to concentrate on IT roles, leaving the management of individual site resources to those business professionals most in touch with their needs and information.

Farm-Based Central Administration User Interface WSS 3.0 provides a redesigned central administration site. As a farm administrator, you can access key tasks readily from the interface. The Central Administration home page provides easy navigation to the Operations and Application Management pages. On the Operations page, you are provided with links to manage entities such as farm-wide services as global configurations, security configurations, backup and restore settings, and logging and reporting.

14

Chapter 1



Getting Started with the WSS 3.0 Platform

Compliance Features Enhancements WSS 3.0 offers features to control your information resources more efficiently: Policy Management You can defi ne policy management that is based on your authentication provider. You can use authentication zones to control group and user access control lists (ACLs). Furthermore, access control is now taken all the way down to the item level. Auditing and Logging WSS 3.0 allows you to configure auditing and logging for all actions on your sites, on the content within your sites, and on all workflow processes. Security Trimming WSS 3.0 is security trimmed. Users are allowed to see only that information for which they have permissions. For example, an IT administrator cannot view site content on WSS sites unless he is granted site collection administration privileges. Furthermore, if an IT administrator changes site collection administrator privileges, an event is written to the Event Viewer application log.

Operational Tools and Capabilities Enhancements WSS 3.0 provides several new and enhanced tools to assist you in your operations of your SharePoint environment. Here are a few: Multistage Recycle Bin The multistage Recycle Bin enables users to retrieve deleted items without WSS administrator intervention. Volume Shadow Copy Service WSS 3.0 has an enhanced backup and restore capability that supports Volume Shadow Copy Service. Gradual Upgrade Gradual upgrade provisions have been created so you are able to upgrade from WSS 2.0 without interrupting your business processes. Reparenting You can also reparent in WSS 3.0; that is, you are able to change the structure of your WSS site hierarchy. Managing Service Accounts SharePoint Central Administration enables you to manage all your service account credentials. Stsadm Command-Line Tool The command-line tool Stsadm.exe has enhanced capabilities. For example, you are able to rename your web servers and back- end database servers.

Network Support Enhancements WSS 3.0 has enhanced support for your network configurations, including: Alternate Access Mappings Alternate access mappings in WSS 3.0 provide the mechanism for adding and handling new front- end web servers to your web application. For example, if your initial installation of WSS 3.0 is on a single front- end server, your users just browse

Planning, Planning, and Planning a WSS 3.0 Solution

15

to your server, which renders the content they need. If you add an additional server, users will not be able to access the content of this server through the web application until you add it to the alternate access mapping. Pluggable Authentication You can use non-Windows-based authentication providers to access WSS 3.0. Your users can be a member of identity databases other than Active Directory. The pluggable authentication of the Microsoft ASP.NET forms authentication system is now integrated into WSS 3.0. Any data storage can be used as a membership provider, such as a SQL database or even a list on your WSS site.

Extensibility Enhancements WSS 3.0 has several extensibility enhancements you can use on your sites to improve their functionality or to customize them.

Creating and Deploying Features Feature creation and deployment allow you to immediately add functionality to your sites. You can create new or build on existing site defi nitions by employing Features. Your developers build Features using Visual Studio; however, WSS 3.0 administrators deploy the Feature solution through the Stsadm command-line tool or SharePoint Central Administration.

Creating Custom Applications By using Microsoft Office SharePoint Designer 2007 or Visual Studio, you can extend WSS 3.0 by creating custom applications. The significance of using WSS 3.0 is that it not only provides the interface to the application data through web services, but also provides the capability of creating the custom page the user will access to interface with the application.

Hosting Workflows WSS 3.0 provides the hosting for Windows Workflow Foundation (WF). As part of the .NET Framework, WF has no executables and is dependent on WSS 3.0 to execute the persistence, transaction, scheduling, and tracking services it requires.

Planning, Planning, and Planning a WSS 3.0 Solution Did we mention you should plan? As you have learned, for your implementation to be effective, it must embody the synergy of the users who implement, support, maintain, and use it. We love that word to describe WSS 3.0, since synergy describes a situation where the

16

Chapter 1



Getting Started with the WSS 3.0 Platform

outcome is greater than the sum of its parts. So, your objective in planning is to make your WSS 3.0 solution a truly synergistic collaboration. As you plan, you need to reflect once more on the design goals of WSS 3.0. Which goals, and hence which services, pervade and provide for your users’ needs? There are several factors you should consider in planning your solution: 

Determining the purpose of your solution



Determining the needs of your users



Determining the number and types of users

Determining the Purpose of the Solution Each WSS 3.0 site you create provides its own set of blocks: home page, lists, libraries, and security implementation. Before you can start putting the blocks in place, you need to identify your users’ vision of this workspace. You must identify what you want to accomplish with the structure. Once you have the objectives in place, you must determine the primary environments you can use to meet them.

Determining the Objectives We have already mentioned the word plan, but now we’re giving you one further piece of advice: listen.

Involving Stakeholders One of the most successful implementations we were involved with had to do more with talking and listening than with planning; the planning evolved readily from the listening. As we were in the process of looking for a better solution, we interviewed stakeholders at all levels. Also, we met those stakeholders in their own environments; we went to their workspaces so they could show us their needs and ideas to make their jobs more productive and at the same time easier. We found the most important concepts that we were able to build on came from those stakeholders who had direct contact with the everyday data. When we reconvened from our interviews with our findings, the objectives and needs of our solution were easily identified. Once we built our concept of those findings, we took our prototype to the stakeholders. Once again we listened and took appropriate action with the design. By time we rolled out the initial phase of our implementation, our stakeholders were anxious to be trained and use the solution. They saw their ideas in action; they felt ownership.

Planning, Planning, and Planning a WSS 3.0 Solution

17

Your WSS 3.0 environment is very flexible. However, you need to focus on some primary objectives for your sites. The design of a site needs to reflect its purpose. For example: 

Will the site be used for team collaboration? Is it a place to share ideas?



Will the site be used as a document repository? Do document management features need to be in place?



Will the site be used for reporting? How do you connect WSS 3.0 to the back end data?



Will the site be used for communication? Will users be accessing announcements or forms? Will the site display events through a calendar interface?

If you are nodding your head or answering yes to several of these questions, you should think about creating multiple sites. Remember, you want them to come. And once they are there, you need to remind them why they came. So, here is the short list of objectives for WSS 3.0 sites: 

Collaboration



Document storage



Information reporting



Communication

If you fi nd yourself in the predicament of only having one site but with multiple objectives, you need to be very precise in organizing your home page so users are able to identify the purpose of coming immediately.

Identifying the Primary Environments WSS 3.0 can live in several environments. To effectively plan your sites, you need to identify the environment(s) in which it will live.

Typically companies create intranet sites and use them for collaboration. However, you have seen that WSS 3.0 has so many features to offer; it is time to start thinking outside of the box. Don’t forget to listen to those stakeholders.

Here are the primary environments for WSS 3.0: Intranet An intranet site most often includes user contribution. Some users will interact with the site’s structure, others will contribute to the site’s content, and others will merely view the site. Extranet An extranet could be nothing more than allowing out- of-the- office access to your intranet site for your authenticated intranet users. On the other hand, an extranet environment could be strictly conceived for only external users and serve such purposes as sharing necessary information with other partners on a common project. For either

Chapter 1

18



Getting Started with the WSS 3.0 Platform

of these scenarios, you need to determine the authentication (who has access) and their authorization (what they are allowed to access) from the extranet zone. Internet An Internet solution has yet another set of security objectives. If you are providing a service or promoting your company, you typically do not want to restrict access to your site for viewing. However, you want to tightly control who can add content to the site. Often an Internet site is used for ordering or collecting feedback from its users; that is, you want the users to register and later sign in to have access to the content of your site. For this scenario, you need to create a means of authenticating to the site and storing that authentication.

Zones represent different logical paths of authentication to the same web application. You can create up to five zones for each web application: Default, Intranet, Extranet, Internet, or Custom. You use zones to enforce sets of access policies for different classes of users.

Determining User Needs Once you have delineated the objectives for your WSS 3.0 solution and sites, you need to defi ne any further user needs and special requirements. You can then decide what features to implement to support these needs. Identifying Your Users’ Needs Your users might have needs that should be addressed at the time of planning. Here is a sample list of some user needs that would need special considerations: 

Connecting with back- end systems



Using the WSS 3.0 site while traveling or working offline



Receiving information regarding changes to the site



Sending email to the site



Using wiki or blog sites

Identifying Special Considerations You need to identify any necessary requirements that evolve from the environments being used. Here are some areas that require special considerations while planning your solution: 

Determine if your solution requires integration with LOB applications.



Identify the client applications in your organization that will be interacting with WSS 3.0.



Determine the servers in your organization that will be interacting with WSS 3.0.



Identify whether custom applications need to be interfaced with your solution.

Planning, Planning, and Planning a WSS 3.0 Solution

19



Determine if there are additional feature requirements that need to be deployed or added to the original definition of the site.



If your WSS 3.0 solution is part of a hosting company, determine the additional applications, such as billing or auditing, that must interface with your solution.

Determining Which Features to Use Once the needs and considerations have been recognized, you need to determine what WSS 3.0 features map to them. This step is important because you need to determine any special requirements that you need to have in place so that you can implement the feature. Tables 1.1 through 1.5 list some of the most prevalent WSS 3.0 features.

TA B L E 1 .1

Communication Features

Feature

Description

Announcements

Share news and information

Shared Calendar

Schedule and share events

Links

Share data in other locations through links

Email

Send information to a list

Survey

Collect data from users

Presence

Determine who is online

TA B L E 1 . 2

Collaboration Features

Feature

Description

Discussion board

Share ideas and discuss

Issue Tracking

Track issues

Contacts

Store contact information

Special Planning Considerations

Requires an SMTP mail server

Requires a client application to process presence information — for example, Windows Messenger

20

Chapter 1

TA B L E 1 . 3



Getting Started with the WSS 3.0 Platform

Document Storage and Workflow Features

Feature

Description

Special Planning Considerations

Document library

Store, share, present, and track documents

Need to plan for supported content types and metadata

Picture library

Store and share pictures

Tasks

Assign and track tasks

Recycle Bin

Recover deleted items, documents, and lists

TA B L E 1 . 4

Need to determine Recycle Bin configurations

Information Management Features

Feature

Description

Special Planning Considerations

Alert

Track changes to documents, items, lists, libraries, or the entire site

RSS feed

Subscribe to a site to be informed of what is new or changed

Requires RSS client application

Auditing

Flag what is happening on the site

Determine if you want specific auditing reports

Offline

Take documents or lists offline to continue working

Requires the necessary client application

Mobile

Access the site from mobile devices

Data connection

Access data from other systems and use web parts to display content

Search

Find information within a specific site, list, or document library, or across all sites in a site collection

Determine search scopes

Planning, Planning, and Planning a WSS 3.0 Solution

TA B L E 1 . 5

Special Site Types

Feature

Description

Special Planning Considerations

Blog

Publish and share owner’s thoughts and ideas

Permissions for blog sites are uniquely configured.

Wiki

Participate in peer authoring

Document Workspace

Publish a document for review or discussion

Use a Document Workspace site only when you need a separate space with unique permissions and specific information surrounding a document. Document Workspace sites can be created from several Windows SharePoint Services–compatible client applications.

Meeting Workspace

Publish meeting agendas and information

Meeting Workspace sites can also be created from Windows SharePoint Services–compatible client applications, such as Microsoft Office Outlook 2007.

Microsoft provides a downloadable “Site objectives and environments worksheet ” you can use to determine your user needs and features:

http://go.microsoft.com/fwlink/?LinkID=73269&clcid=0x409.

Determining the Number and Types of Users Now that you understand the needs of your users, you should know how many users will access your solution and when they will be using your sites. You also must determine whether your organization has any special access requirements for these users.

Determining the Number of Users To determine the number of users you need to plan for, you have to identify the total, concurrent, and peak users for your deployment. If you are planning for remote partner users or an Internet deployment, take into consideration the number of users who may access your WSS 3.0 solution.

21

22

Chapter 1



Getting Started with the WSS 3.0 Platform

Use the following metrics: 

Total number of users expected



Number of concurrent users (those users actively using your sites)



Average number of users (those users who have open connections to but are not active on the site)



Number of peak users



Peak user times

Determining the Types of Users The next step is to identify how these users will interact with your sites. You must determine what percentage of these users will access the specific features mentioned earlier in this section. These feature considerations include: 

Communication



Collaboration



Document storage



Search



Third-party legacy system integration

Identifying User Access Requirements The fi nal step is to determine the special access requirements your users might need. These requirements will be used to determine the authentication methods and the server configurations for which you need to provide. The user access requirements you need to determine include: 

Remote access users from your internal organization



Remote access users from external partners



General access users from the Internet



Secure access users from the Internet



Mobile access users



Users requiring offline capabilities



Anonymous users

Planning and Understanding the Logical Architecture

23

Microsoft provides a downloadable “Users and user types worksheet ” you can use to determine the number and types of users acing your deployment: http://go.microsoft.

com/fwlink/?LinkId=73270&clcid=0x409.

Planning and Understanding the Logical Architecture The effectiveness of your deployment depends primarily on how easily your users are able to locate the content they need. The structure of your sites and the architectural components you use provide the keys to a successful deployment and engaged users. Here are the factors you should consider: 

Understanding the logical architecture components



Understanding the deployment architecture

Understanding the Logical Architecture Components Even though there is an architectural hierarchy, you can arrange the components of your WSS 3.0 logical architecture in a variety of ways. You need to understand the purpose of and how to use effectively each of the components. You also have to understand where each component fits into the structure of the hierarchy. Once again, we’d like to remind you of synergy. The way you use and arrange these WSS components becomes a vital part of the synergy you create between your WSS implementation and your users. You want your deployment to be vital. You want it to be resourceful. You want it to be scalable. You want your users to enjoy using it. Let’s take a look at the components and see how each one can assist in creating the synergy. Figure 1.2 describes the different components of the WSS 3.0 hierarchy.

Chapter 1

24

F I G U R E 1. 2



Getting Started with the WSS 3.0 Platform

Components of the WSS 3.0 hierarchy

Farm

Servers Web FronEnd, SQL, Application

Web Applications Centerl Admin, Content

Databases Configuration, Content, Search

Site Collections “Container” of Sites

Sites/Webs Team, Meeting Workspace, Document Workspace, Wikis, Blogs

Lists Document Library, Announcements, Links, Discussions, Surveys, etc...

Items Document files, announcement items, event items, contacts, images, custom items

Farm A farm represents the top level of your design. It is a collection of WSS 3.0 servers the share the same configuration database. The configuration database stores all the necessary information to run the farm. Each farm is administered through a single implementation of Central Administration. Your organization might require one or many farms. Some criteria that affect the number of farms in your organization include: 

Dedicated resource funding



Security issues demanding isolation of resources



Separate application management

Planning and Understanding the Logical Architecture



Separate administrative responsibilities



Separate locations of datacenters



The requirement of more than one language for content and requests in your solution (all instances of WSS 3.0 in the farm must be in the same language)

25

There are means to resolve the isolation issues while using a single farm. For example, at the web application level, you can use separate web applications to achieve isolation. At the process level, you can achieve isolation by using different IIS application pools, with each having its own process identity. An application pool is a set of one or more websites in IIS served by a worker process. Each application pool has its own identity or security account and its own worker process. This process isolation prevents processes from interacting or interfering with one another. This isolation is also important to understand when you are making configuration changes for your websites. If it becomes necessary to restart services, you can recycle the application pool for the site rather than resetting your entire IIS server.

Servers The types of servers as well as the number of servers influence your farm topology. Each server of your farm is configured for a specialized role, such as a web front- end server, database server, or search server. Server topology and roles are discussed further in the next section.

Web Applications A web application is an IIS website that is created and used by WSS 3.0. Each web application corresponds to a different website in IIS and is assigned a unique domain name. Since each ASP.NET page creates a dynamic-link library (DLL) to the web application, with each DLL consuming memory, the number of web applications running on a server is limited to 99. Each web application has up to five zones that can be used to create separate access and policy conditions for user group types. These zones include Default, Intranet, Extranet, Internet, or Custom. Each zone is represented by a different website in IIS. When your web application is created, it is created in the Default zone. The Default zone is perhaps the most important zone to consider: 

The Default zone must be the most secure zone since, if a user cannot be mapped to one of the other zones, the Default zone’s authentication methods will be applied.



Administrative email is linked to the Default zone. Site owners and administrators who require alerts and administrative email messages must be able to access links through the Default zone.

26

Chapter 1



Getting Started with the WSS 3.0 Platform



Host-named site collections are available only through the Default zone. This means that any user who is accessing your site through its host-header name must have access through the Default zone.



The indexer needs access through at least one zone to crawl content. The default authentication method for the indexer is NTLM; however, it can be configured to authenticate using either basic authentication or a client certificate.

The crawler polls zones using the following order: Default, Intranet, Internet, Custom, Extranet. However, if the crawler first encounters a zone using Kerberos authentication, it will not authenticate and it will not proceed to the next zone to attempt further authentication.

You can later extend the web application to any of the other four remaining zones. Each zone can be configured for a different authentication provider, security level, web application policy, or alternate access mapping. You use alternate access mappings whenever you want to map internal URLs to a single public URL.

Databases WSS 3.0 uses either the Windows Internal Database (WID) in the single server Basic installation or SQL Server database. Here are the databases created with WSS 3.0: 

The configuration database holds the settings that manage the farm. There is exactly one configuration database per farm.



The Central Administration web application database is created to hold the content for the Central Administration application.



A content database is created for each web application. It contains content and configuration information for the web application. As site collections are added to the web application, their content is stored in the same web application content database by default.



The Windows SharePoint Search database holds the search content for the farm. There is only one search database per farm.

Site Collections A site collection is a set of websites that have a common administration unit and owner. Every site collection consists of a top-level website that is created at the time the site collection is created. This top -level site can include one or more child sites. Figure 1.3 shows the site hierarchy of a site collection

Planning and Understanding the Logical Architecture

F I G U R E 1. 3

27

Site collection hierarchy

Top Level Site of Site Collection

Child Site

Meeting Workspace

Child Site

Child Site

Document Workspace

The recommendation for the number of site collections per web application without degrading performance is 50,000. You can share the following within your site collection, but not between site collections: 

Master pages



Page layouts



Images



Site templates

Permissions, navigation, and search features are also isolated within a site collection as follows: 

Site collections have no built-in navigation between them. You need to provide the necessary links.



Permissions cannot be inherited from one site collection to another.



Subsites within the same site collection are able to inherit permissions from the top level site.



The WSS 3.0 search feature provides search results only within the current site collection. The following are configurable within a site collection:



There can be only one primary site collection administrator and one secondary site collection administrator.



You can apply quota templates within a site collection. The provided templates include 2,000MB for a team site.

Chapter 1

28



Getting Started with the WSS 3.0 Platform

You can use managed paths to contain multiple site collections within a single web application. Here are some factors regarding managed paths: 

By default, when you create a web application, two paths are created for you: the root path and the sites path.



The root path (/) is an explicit inclusion that can contain exactly one site collection. As an example, if you want the URL of your deployment to be http://mycompany/ default.aspx, you would use the root path to create the site collection.



The sites path (/sites) is a wildcard-included managed path that can contain several site collections. The term included comes from the fact that WSS 3.0 includes them as part of its virtual web. As an example, if you want to have separate site collections for department A and department B in your company, you could use the sites path and create the URLs as follows: http://localhost/sites/DeptA/default.aspx and http://localhost/sites/DeptB/default.aspx.



If you have a number of site collections and you do not want to use the sites path, you have the option of creating your own named paths. In the previous example, for departments A and B you could use an explicit managed path such as department. This yields the following address: http://localhost/department/DeptA /default.aspx and http://localhost/department/DeptB/default.aspx.

WSS 3.0 also supports host-named site collections as well as path-based site collections. When you deploy a host-named site collection, you can map WINS or DNS entries to the site collection in the web application. Host-named site collections enable WSS 3.0 to use host header names rather than managed paths to determine the site collection a user would access when entering a particular URL. Host-named site collections and path-based site collection can live together in the same web application.

Sites A site is a website comprised of .aspx pages that display information and manage data that is stored in lists and libraries. Sites are created using templates, such as a team site, document workspace, wiki, or blog. Therefore, whenever you create a new site, you need to choose a template for that site. Once a site has been created, you cannot change its template. So, once again, you need to plan ahead. Top -level sites, referred to as root sites, are the same as any other sites in the site collection; however, they also provide links to manage the site collection and contain galleries to hold templates for creating web parts, sites, lists, and workflow. A web is another name for a site and is often used by programmers. This term comes from the WSS 3.0 object model where the site object is named SPWeb. Within the object model, the site collection object is named SPSite. We realize this is rather confusing, but it’s just the way it is! Sites that you create below the root site are often referred to as child sites or subsites. Again, users often get confused thinking that there is something different or special about them, but they are just plain old sites, created with the same templates.

Planning and Understanding the Logical Architecture

29

Lists You use lists to contain and group together the information you store on a site. A library is a special type of list that uses templates to defi ne the type of content it stores. For example, you can have a document library, an image library, a forms library, and so on. Both lists and libraries are created by the same object in the WSS 3.0 object model, SPList. What makes lists, and also libraries, so special in WSS is the additional information or metadata that is collected and retained with each item. Retaining metadata that you can use for viewing and reporting makes lists and libraries very powerful tools. Depending on the site template you choose to create your site, a variety of library and list templates are also created. Each list or library template has default metadata assigned that is designed to collect information particular to that list type. The great part is that you are able to add additional metadata, even metadata that you create yourself, to any list or library.

Items An item is the individual piece of information you store within a list or library. You can think of an item as a row in a web-based spreadsheet. An item is also contained in the WSS 3.0 object model SPItem. We mention this because an item is the smallest unit in WSS 3.0 on which you can apply permissions, workflows, and other management features. So with every item you create in or upload into WSS 3.0 you have associated metadata and management.

Understanding the Deployment Architecture Implementations of WSS 3.0 can range from a single computer (a stand-alone installation) to many computers (a server farm). You can use the single-server approach, with all WSS 3.0 components residing on one server, or you can build your server farm using clustering technologies. Whether you use a single- or multiple-server approach, you need to understand each server’s role. Furthermore, you need to understand how the topology you create can be configured as your future requirements change.

Understanding the Server Roles WSS 3.0 components map to three server roles: Web Front-End (WFE) Server The WFE is a fast, lightweight server that responds to your users’ web page requests. This server is often referenced as the fi rst tier in the implementation since it is the fi rst server in the farm to interact with the client. IIS serves the web pages to the user. If you use multiple WFEs, the user requests must be managed and synchronized. Network load balancing (NLB) is the clustering solution used for multiple WFEs. Search Server The middle tier of WSS 3.0 includes a search server. It is the search server’s job to index the content at scheduled times for faster retrieval. The search and indexing

30

Chapter 1



Getting Started with the WSS 3.0 Platform

services must always be on the same physical server. The search server keeps records of keywords, location, and the properties of documents. In WSS 3.0, search results are limited to a site and its subsites. If the query load becomes too great, additional search servers can be added to the farm to increase the speed of the queries. If your WSS 3.0 requires more robust searching capabilities with larger scope, WSS 3.0 search can be easily replaced using an enterprise solution such as Microsoft Search Server 2008 or the search feature of Microsoft Office SharePoint Server 2007. Database Server The third tier is the SQL Server that holds the WSS 3.0 databases. There are three databases of note: the configuration database, the central administration database, and the WSS search database. All three of these databases are created at the time of installation of WSS 3.0. In addition, a new content database is built when you create each new web application in your WSS 3.0 environment.

Understanding Scalability Options in WSS 3.0 As you continue to plan your WSS 3.0 deployment, it is important for you to know not only what roles your servers perform, but also how and whether to scale up or scale out your farm to handle the increasing needs of your users.

Scaling Out In general, scaling out is used to increase capacity or performance. One method of scaling out your topology is to separate your WSS 3.0 server services onto separate physical servers. For example, you might want to increase your single server topology’s performance by placing your SQL Server on a dedicated physical server, thus creating a small farm. To move from a small farm to a medium farm, you can scale out by moving the search server to its own dedicated machine. Scaling out further from a medium farm to a large farm involves adding more dedicated front- end web servers and/or back- end SQL Servers to separate the data.

Scaling Up Scaling up ensures greater availability and performance. This is handled by adding redundant components. In WSS 3.0 there are two methods for scaling up: Increasing Performance Capabilities You can scale up by increasing the performance capabilities of your server. That is, you can add processors, increase RAM, or install additional network cards. You can do anything to “beef up” the server. Adding RAM to the front- end web server gives the server an improved capacity for caching your web pages. An additional NIC in your servers ensures you have continued network connection if the first NIC fails. Configuring disk RAID (Redundant Array of Independent Disks) provides yet another scaling up option. Using RAID increases the performance and reliability of your servers

Planning and Understanding the Logical Architecture

31

by spreading data over a number of disks. If one disk fails, no data is lost; the system continues to run, albeit less efficiently. Increasing the Number of Servers You can also scale up by increasing the number of servers on your farm. For example, on a small farm you can increase the number of front- end web servers and cluster them through network load balancing to increase the performance of their services. You could do likewise with your SQL Server by adding an additional server and using clustering to increase availability.

Defining Server Resources The Human Resources department of Justin’s company wants to migrate approximately 25GB of documents to an existing library on its WSS 3.0 site. The HR department also requests version control for these documents. As the WSS 3.0 administrator, Justin needs to ensure that the migration does not impact on the architecture of his deployment, which currently consists of a web front-end server, a dedicated SQL Server, and an additional application server handling the search facilities. Since the main impact on the topology affects the disk space on the database server, Justin decides to add another SQL Server to the farm. He is also concerned that the number of queries to the site will increase due to the added documents. So he considers adding an additional search server to crawl the migrated content. He is not really concerned with placing additional servers at the web front end since the number of users has not increased, the pages requested will remain the same, and the HR department does not anticipate heavy access to the migrated documents.

Understanding the Single-Server Implementation When you install WSS 3.0 using the single-tier implementation, you install all the components on one server. You are using a single piece of equipment to render the web pages for your clients, provide search and indexing services, and store all the configuration and content data on the local SQL database. The single server architecture is illustrated in Figure 1.4.

32

Chapter 1

F I G U R E 1. 4



Getting Started with the WSS 3.0 Platform

Single-server architecture

When you use a single-server installation, you have two installation options: Basic installation or Advanced installation. If you choose Basic installation, Windows Internal Database, a relational database based on SQL Server technology, is installed to maintain the WSS 3.0 databases. If you choose the Advanced installation option instead on a standalone computer that already has Microsoft SQL Server installed, WSS 3.0 will use the installed SQL Server for its databases. If you select the Basic installation or select Advanced and then choose the Stand-alone option, you will not be able to scale out to a farm installation. Therefore, if you are starting out small but are looking to scale out your implementation of WSS 3.0, always choose the Advanced installation option. When you select the Basic installation, these items are automatically provisioned: 

Application pools use the LocalSystem account.



WSS 3.0 installs Windows Internal Database (WID) for its database component.



You should be aware that the WID has a 4GB data limitation.

Although the Basic installation enables you to test your WSS 3.0 implementation quickly and without additional costs, it can cause several future issues, including:

Planning and Understanding the Logical Architecture

33



You are unable to add more servers to the farm.



If you change permissions for the LocalSystem account, you will most likely affect your WSS 3.0 installation.

There is no direct upgrade from a Basic installation or an Advanced installation using the Stand -alone option of WSS 3.0 to a farm installation.

If you are looking to provision a WSS 3.0 site for evaluation purposes, the stand-alone configuration is very useful. You can quickly set up your site and be able to spend your time evaluating its capabilities and features. You might also fi nd this configuration a good choice if you are deploying a small number of websites and desire minimal administrative overhead.

Understanding the Small Farm Implementation If your solution requires the capability to increase capacity or performance, you might want to initially build a two-tier implementation, the small farm. This solution splits the database server from the web and search servers. Furthermore, this scenario offers flexibility for increased load management and higher availability. The small farm architecture is illustrated in Figure 1.5.

F I G U R E 1. 5

Small farm architecture

34

Chapter 1



Getting Started with the WSS 3.0 Platform

The front- end server is the web server containing the WSS 3.0 and search services. The second physical server contains a dedicated SQL Server containing the WSS databases. Even though the minimum requirement for the installation is two servers, this architecture has the capability of scaling out, as is shown in Figure 1.5 where you see two front- end servers depicted.

Understanding the Medium or Large Farm Implementation A more robust deployment requires a three-tier implementation, the medium or large farm. At least three physical servers are required: a dedicated web server containing the WSS 3.0 services, a dedicated SQL Server for the WSS databases, and a third server dedicated to providing search facilities as well as other applications. The medium to large farm architecture is illustrated in Figure 1.6.

F I G U R E 1. 6

Medium or large farm architecture

This three-tier topology provides the most flexibility. The SQL Servers providing the database services can be either a single server or a failover cluster. Furthermore, this topology provides for the separation of the configuration, content, and administration content databases for large environments. The front- end web server topology can provide higher performance and availability by using network load balancing. Likewise, multiple servers can provide the search facilities.

Exam Essentials

35

The three-tier implementation supports a larger user community by providing redundant and extensible database services, improved data storage capabilities, separate search facilities, and faster data return.

Summary In this chapter you were introduced to WSS 3.0. We examined its components and learned the reasons organizations use WSS 3.0. We explored the technology features of WSS 3.0, including enhancements in the administrative model, compliance features, the operational tools, network support, and extensibility. We investigated the factors involved in planning your WSS 3.0 solution, including the purpose of the deployment, the needs of your users, and the number and types of users. Finally, we looked at the logical architecture and its components.

Exam Essentials Be able to configure the WSS 3.0 topology. Know how to configure the logical architecture from planning to design. Understand the two -tier administrative model. Know the various WSS 3.0 topology models and where they are used in business process solutions. Know the enhancements in WSS 3.0. Be familiar with the new features available in WSS 3.0. Know how you can use the storage, collaboration, compliance, and workflow features to create vital solutions. Identify the server roles. Understand and be able to configure the WSS 3.0 server roles from planning to design. Understand the scalability of WSS 3.0. Know when it is beneficial to add additional servers to your farm.

Chapter 1

36



Getting Started with the WSS 3.0 Platform

Review Questions 1.

You are the WSS 3.0 administrator for your organization. Your company has an Active Directory domain. You are planning an installation of WSS 3.0 on a front- end web server with Windows 2003 installed. You need to prepare the server prior to installing WSS 3.0. What should you do? A. Install Microsoft .NET Framework 1.1.

2.

B.

Install ASP.NET 1.1.

C.

Enable IIS 5.0 Isolation Mode.

D.

Disable IIS 5.0 Isolation Mode.

You are the WSS 3.0 administrator for your organization. You have deployed WSS 3.0 in a small farm implementation with two web front- end servers. A computer running Microsoft SQL Server 2005 is your database server. Your users complain that searches are slow. What should you do? A. Add another web front- end server.

3.

B.

Add another database server and create an active/passive cluster configuration.

C.

Add another server and configure it as a search server.

D.

Install more memory in your database server.

You are the WSS 3.0 administrator for your organization. You are planning a deployment of WSS 3.0 using a medium server farm implementation. Which of the following actions should you perform before you begin the deployment? A. Ensure that all instances of WSS 3.0 in your server farm are in different languages.

4.

B.

Ensure that all instances of WSS 3.0 in your server farm are in the same language.

C.

Install Microsoft .NET Framework 2.0.

D.

Install Microsoft .NET Framework 1.0.

You are the WSS 3.0 administrator for your organization. You are going to deploy WSS 3.0 on a single server. Which of the following operating systems can you use? (Choose all that apply.) A. Windows Server 2003 Standard edition B.

Windows Server 2003 Web edition

C.

Windows Server 2008 Standard edition

D.

Windows Server 2003 Enterprise edition

Review Questions

5.

37

You are the WSS 3.0 administrator for your organization. You have deployed a small farm configuration of WSS 3.0 using SQL Server 2003 Standard edition. Your organization has decided it needs to use the Business Data Catalog (BDC) for its LOB operations. What should you do? A. Implement a medium to large farm deployment of WSS 3.0.

6.

B.

Upgrade your SQL Server to the Enterprise edition.

C.

Install Microsoft Office SharePoint Server 2007.

D.

Add another SQL Server to hold the data for the BDC.

You are the WSS 3.0 administrator for your organization. You have deployed a singleserver implementation of WSS 3.0. Your IT team wants to be able to have a location where they can all share information such as bug fixes, configurations, and patches by updating the site themselves. What should you do? A. You should create a site collection for the team. B.

7.

You should create a wiki site for the team.

C.

You should create a blog site for the team.

D.

You should create a web application for the team.

You are the WSS 3.0 administrator for your organization. You are ready to deploy WSS 3.0 on a single default installation of Windows 2003 Server. Your server has met all the minimum hardware requirements. What should you do next? A. You should install ASP.NET 1.1.

8.

B.

You should enable IIS.

C.

You should configure the file system for FAT32.

D.

You should install .NET Framework 1.1.

You are the WSS 3.0 administrator for your organization. You have deployed a singleserver WSS 3.0 implementation on a Windows 2003 Server using the Basic installation. After several months, the usage and content has grown dramatically. You have decided to scale out your implementation to a medium farm architecture. What should you do? A. You should perform a new server farm installation. B.

Using the current installation, you should move the existing WSS 3.0 databases to a dedicated SQL 2005 server.

C.

Using the current installation, you should add another web front- end server.

D.

Using the current installation, you should move the existing WSS 3.0 databases to a dedicated SQL 2005 server and the search activities to a second dedicated server.

Chapter 1

38

9.



Getting Started with the WSS 3.0 Platform

You are the WSS 3.0 administrator for your organization. You need to configure your WSS 3.0 installation so your sites can accept and archive incoming email. What should you do? A. You should install an Exchange Server on your web front- end server. B.

You should install Outlook on your web front- end server.

C.

You should create a new virtual directory in IIS.

D.

You should install the IIS SMTP service on your web front- end server.

10. You are the WSS 3.0 administrator for your organization. You have just finished installing WSS 3.0 on a single server so your team can evaluate SharePoint. What do you do next? A. Create a site collection using Central Administration. B.

Create a web application using Central Administration.

C.

Extend a web application using Central Administration.

D.

Create a team site using Central Administration.

11. You are the WSS 3.0 administrator for your organization. Your HR department users want to update forms that are stored in a library on their WSS 3.0 site. They also want to keep both the current and updated forms in the library for auditing purposes. What should you do? A. You should create a renaming procedure for the HR department to keep track of its forms. B.

You should create another library to hold the older forms.

C.

You should configure the library to use check- out/check-in procedures.

D.

You should configure the library to use version control.

12. You are the WSS 3.0 administrator for your organization. You want to give a few users in the HR department administrative permissions on their HR team site. You don’t want to give them more permissions than they should have to manage the site. What should you do? A. You should make the users site owners of the HR site. B.

You should make the users farm administrators.

C.

You should make the users site collection administrators.

D.

You should make the users farm owners but give them permissions only to the HR site.

13. You are the WSS 3.0 administrator for your organization. Your developers have created a new onboarding workflow for your medium server farm. They have provided the workflow as a Feature solution. You need to make this Feature available to your farm. Your farm has three network load balanced (NLB) web front- end servers. What should you do? (Choose all that apply.) A. You should go to each web front- end server and deploy the Feature. B.

You should use the Stsadm command-line utility to deploy the Feature.

C.

You should use Central Administration to deploy the Feature.

D.

You should use IISreset to deploy the Feature.

Review Questions

39

14. You are the WSS 3.0 administrator for your organization. You have been charged to deploy a WSS 3.0 public site to promote your products. What should you do? A. You should create an Intranet solution using a default Active Directory account for all the users who want to view your products. B.

You should create an Internet solution using anonymous access.

C.

You should create an Internet solution using Basic authentication.

D.

You should use an Extranet solution using forms-based authentication.

15. You are the WSS 3.0 administrator for your organization. You are configuring a newly installed WSS 3.0 single Windows 2003 Server implementation. You want to configure incoming mail services. What must you do before you can accomplish this task? A. Install POP3 services on the Windows 2003 server. B.

Install SMTP services on WSS 3.0 Virtual SMTP server.

C.

Install SNMP services on the Windows 2003 server.

D.

None of the above.

16. You are the WSS 3.0 administrator for your organization. You want to customize your sites without a lot of programming. What should you use? A. Microsoft Office SharePoint Designer 2007 B.

FrontPage 2003

C.

Visual Studio 2005

D.

Visio

17. You are the WSS 3.0 administrator for your organization. You have implemented a medium farm using SQL Server 2005 as your back- end server. You have created a web application called Team. Which of the following databases have been configured by WSS 3.0? (Choose all that apply.) A. A WSS configuration database B.

A Team configuration database

C.

A WSS Central Administration content database

D.

A Team content database

18. You are the WSS 3.0 administrator for your organization. You have implemented a WSS 3.0 small farm that is used primarily for department teams. You have just been informed of a new research project for which you need to create a highly secure WSS 3.0 implementation. What should you do? A. Create a new subsite on your existing Team web application for the research project. B.

Create a new site collection in your existing Team web application for the research project.

C.

Create a new farm for the research project.

D.

Extend the current Team web application for the research project.

Chapter 1

40



Getting Started with the WSS 3.0 Platform

19. You are the WSS 3.0 administrator for your organization. You have deployed a web application for the departments in your organization to share internal information. You want to create a separate site collection for each department. What should you do first? A. You should use the root path to hold the site collections. B.

You should use the sites path or create an explicit managed path to hold the site collections.

C.

You should extend the web application to hold the site collections.

D.

You should create an alternate access mapping to hold the site collections.

20. You are the WSS 3.0 administrator for your organization. You plan to deploy WSS 3.0 on five servers. You need to support a large volume of requests and maintain high availability in your implementation. The servers are WSS01, WSS02, WSS03, WSS04, and WSS05. How should you configure the servers? (Choose three answers. Each answer is part of the solution.) A. Assign WSS01 and WSS02 as database servers using clustering. B.

Assign WSS01 and WSS02 as database servers using network load balancing.

C.

Assign WSS03 and WSS04 as Web servers using network load balancing services to distribute the load between them.

D.

Assign WSS03 and WSS04 as web servers using round-robin DNS to distribute the load between them.

E.

Assign WSS05 the search application role.

Answers to Review Questions

41

Answers to Review Questions 1. D. You should disable IIS 5.0 Isolation Mode. WSS 3.0 requires that IIS is running in IIS 6.0 Worker Process Isolation Mode. Disabling IIS 5.0 Isolation Mode ensures this happens. You should not install Microsoft .NET Framework 1.1. WSS 3.0 requires Microsoft .NET Framework 3.0. You should not install ASP.NET 1.1. WSS 3.0 requires ASP.NET 2.0 or later, which is installed as a component of Microsoft .NET Framework 3.0. 2. C. You should add an additional server and configure it as a search server. A small farm contains two types of servers: a database server and a front-end web server. Offloading the search activity off the front-end web servers and assigning those activities to a dedicated search server improves search performance. Since only search performance is affected in the scenario, you do not need to add another web front end. Adding another database server in active/passive cluster configuration does not improve performance, even if the database server were the bottleneck. Since the only problem users are having with performance is with the search activities and in a small farm the search facilities are contained on the web front end, adding memory to the database server will not improve search performance. 3. B. You should ensure all instances of WSS 3.0 in your server farm are in the same language. When you are deploying WSS 3.0 in a server farm environment, all instances of WSS 3.0 in the farm must be in the same language. If a second language is required, you need to deploy another farm. You should not install Microsoft .NET Framework 1.0 or 2.0; WSS 3.0 requires Microsoft .NET Framework 3.0. 4. A, C, D. You can use Windows Server 2003 Standard edition, Windows Server 2008 Standard edition, or Windows Server 2003 Enterprise edition for a single-server WSS 3.0 implementation. To use Windows Server 2003 Web edition, you must also use a remote SQL Server to store the WSS databases. 5. C. You must install Microsoft Office SharePoint Server 2007. The BDC requires MOSS 2007. Furthermore, it requires the Enterprise edition of MOSS. You cannot implement the BDC using only WSS 3.0 regardless of the version of SQL Server you have installed or how many database servers you have available. 6. B. You should create a wiki site for the team. Wiki sites are open sites where the users can freely create and edit content. A blog site is essentially an online journal and does not satisfy the need for team members to share information with one another. It is not necessary to create a web application or a site collection for their needs. You would still have to create a wiki site. 7. B. You should enable IIS. IIS is not enabled by default on a Windows 2003 server. You should not install ASP.NET 1.1 or .NET Framework 1.1. WSS 3.0 uses .NET Framework 3.0, which includes ASP.NET 2.0. You should not configure the fi le system for FAT32. WSS 3.0 uses the default fi le system for Windows servers, NTFS. 8. A. You should perform a new server farm installation. There is no direct farm

upgrade from a single-server implementation of WSS 3.0 using the Basic installation option. The Basic option installs Windows Internal Database (WID) for its database component. All the other options are incorrect because they assume that you will still use the current WSS 3.0 installation and just add new servers and move components.

42

Chapter 1



Getting Started with the WSS 3.0 Platform

9. D. You should install the IIS SMTP service on your web front-end server. Furthermore, you need to configure incoming email settings in Central Administration. You should not install Exchange or Outlook. You need the IIS SMTP service. You should not create a new virtual directory as it will not provide the IIS SMTP service you require. 10. B. You should create a web application using Central Administration. When the WSS 3.0 installation is complete, your next task is to create a web application to host your site collection(s) and sites. The option to extend the web application is not correct because you fi rst need to create it before you can extend it. Also, you cannot create a site collection or sites until you have created a web application. 11. D. You should configure the library to use version control. Configuring versioning enables users to see just the currently updated document; however, the earlier versions are readily available and stored in the library using their version number. Although the check-out/ check-in configuration always is good to make certain no two authors are editing the same content, it does not provide the necessary solution. A renaming procedure is clumsy and is what you would need to use if you did not have WSS or a document management system. Moving the older forms into another library does not satisfy the requirements that the previous versions of the forms be kept in the same library. 12. A. You should make the users site owners of the HR site. A site owner has full management of their site. You should not make them farm or site collection administrators. Either would give them more permissions than they need. There is no responsibility named farm owner. 13. B, C. You should use either the Stsadm command-line utility or Central Administration to deploy the Feature. Both methods deploy the Feature to each and every web front end. The option to deploy the Feature at each front end is not correct. Deploying at each web front end is not long necessary with the latest farm-wide tools. Using IISreset is not correct; this command merely recycles the IIS server. Also, in the instance of deploying the onboarding workflow Feature, an IISreset is not necessary. 14. B. You should create an Internet solution using anonymous access. Since you want all users to view your site, you need to set up anonymous access authentication. All the other options are not correct because they require authenticating to the site. 15. D. None of the solutions provided in A, B, or C are correct. To configure incoming mail in WSS 3.0, you need to install the SMTP services on the Windows 2003 server, not on WSS. POP3 is a protocol to transfer mail on a mail server. SNMP (Simple Network Management Protocol) is used for network management, not mail. 16. A. Microsoft Office SharePoint Designer 2007 has been designed specifically to customize and brand WSS 3.0 and MOSS 2007 implementations. FrontPage 2003 is not correct; it is an older design tool and does not contain the functionality for WSS 3.0 sites. Visual Studio 2005 can certainly be used for customization; however, this is a programming tool. Visio cannot be used to customize WSS 3.0. 17. A, C, D. A configuration database is created for the WSS 3.0 installation. A content database is created for the Central Administration web application. A content database is created for each web application, in this instance, the Team web application. Only one configuration database is created.

Answers to Review Questions

43

18. D. You should create a new farm for the research project. There are times, such as in this scenario, when information needs to be isolated. In such an instance, the most reliable means of isolation is to create a new farm. A new subsite, site collection, or extending the existing web application will not maintain the security isolation required by the scenario. 19. B. You should use the sites path or create an explicit managed path to hold the site collections. The sites managed path, as well as any other explicit managed path, enables you to create multiple site collections within your web application. You should not use the root managed path; only one site collection can be created below the root managed path. Extending the web application enables you to provide separate authentication and authorization rules for your web application; it does not provide for establishing multiple site collections. Alternate access mappings provide URL mappings; they are not used for creating multiple site collections. 20. A, C, E. You should assign WSS01 and WSS02 as database servers using clustering. Then you should assign WSS03 and WSS04 as web servers using network load balancing services to distribute the load between them. Finally, you should assign WSS05 the search application role. Database servers use clustering for high availability; they do not use NLB. However, NLB is an excellent solution for web server load balance; the DNS round-robin feature does not work well with WSS 3.0.

Chapter

2

Integrating Windows SharePoint Services in the Network MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:  Configure Security for Windows SharePoint Services 

Manage database permissions

 Configure Network Infrastructure for Windows SharePoint Services 

Configuring Network Load Balancing (NLB)



Configure WSS to support perimeter network



Configure Internet Security and Acceleration Server (ISA)

Now that you have been introduced to Windows SharePoint Services (WSS) 3.0, it’s time to start working with it. In Chapter 1 you learned the technology enhancements in WSS 3.0. In this chapter, you will learn how to configure those features to create a reliable, secure, and well-performing solution. Chapter 1 also showed you how to plan your WSS 3.0 solution — to listen to and work with the stakeholders to create a viable implementation where all users feel some extent of ownership. In this chapter, you will take those concepts past the planning phase and into design and configuration. Finally, you’ve learned how the WSS 3.0 components work together to create a synergy (remember how we love that word!)that can be deployed to a variety of environments. In this chapter, you will examine the physical architecture for each of those environments so that you are prepared to deploy your solution. We’ll show you the configurations that make your implementation available and secure for your internal and external users. In this chapter as well as all the chapters in this study guide, each section relates to an exam objective. So it is time to deplane from our 32,000 -foot view of WSS 3.0, roll up our sleeves, and get to work.

Understanding the Physical Architecture At this point you should have a good grasp of the logical architecture for both the single server or stand-alone implementation and the farm implementation of WSS 3.0. Therefore, the next step is to understand the physical aspects of their architecture. The standalone and server farm installations each have their own set of hardware and software requirements, so we are presenting each one separately. The minimums we are using are Microsoft’s official and recommended requirements for each type of installation. The hardware and software requirements presented in this chapter apply to both x32-bit and x64 -bit systems only; WSS 3.0 does not support Itanium-based systems. Let’s start with the study of the physical components, which include: 

Configuring a stand-alone installation



Configuring a farm installation



Understanding web browser support

Understanding the Physical Architecture

47

Configuring a Stand-Alone Installation If you have decided to implement the single-server version of WSS 3.0, you are most likely creating an environment for evaluation or one for a small deployment, such as department team sites. The two methods in the setup you can use to install WSS 3.0 on a single computer are: 

Basic



Advanced (you then select Stand-Alone)

When you perform a Basic installation, Windows Internal Database (WID) is automatically installed. When you perform an Advanced installation on a stand-alone computer that already has SQL Server installed, you can use this as your database server for WSS 3.0 as long as the hardware and software minimum requirements are met for a database server.

Stand-Alone Installation Hardware Requirements Here is a list of the minimum and recommended hardware requirements for deploying WSS 3.0. These requirements assume the deployment of WID. Processor Minimum: 2.5GHz Recommended: Dual processors each 3GHz or faster Memory

Minimum: 1GB

Recommended: 2GB Disk Space and Format free space

Minimum: NTFS fi le system partition with a minimum of 3GB of

Recommended: NTFS file system partition with a minimum of 3GB of free space plus adequate space for your websites Installation Media Source

Minimum: DVD drive

Recommended: DVD drive or installation source copied to a local drive or network share Display

Minimum: 1024 × 768

Recommended: 1024 × 768 or higher resolution monitor Network Connectivity computers

Minimum: 56Kbps connection between the server and the client

Recommended: 56Kbps or higher connection between the server and the client computers

Chapter 2

48



Integrating Windows SharePoint Services in the Network

Stand-Alone Installation Software Requirements The following are the software requirements for deploying WSS 3.0 on a standalone server:

If you chose to reinstall WSS 3.0 on a server where you have previously installed it, the Setup program could fail during the creation of the configuration database, which in turn fails the entire installation. You can prevent this particular failure by deleting the database from the previous installation or by using the psconfig command to create a new configuration database.

Operating System Requirements WSS 3.0 runs on Windows Server 2003 with SP1 or later: Windows Server 2003 or 2008, Standard Edition  

Windows Server 2003 or 2008, Enterprise Edition



Windows Server 2003 or 2008, Datacenter Edition



Windows Server 2003 or 2008, Web Edition

You need to use WSS 3.0 with SP1 if you are installing on Windows Server 2008.

As a reminder, if you are planning on using Windows Server 2003, Web Edition, for your single - server implementation, you must use the Advanced, front- end web server installation and use an additional database server for the WSS 3.0 databases. This restriction is due to Windows licensing constraints; SQL Server cannot be installed on the Web edition. Likewise, the Web edition does not support the Basic installation of WSS 3.0.

The administrative interface of WSS 3.0 requires that you have Internet Explorer 6 with the most recent service packs or Internet Explorer 7 or higher. Operating System Component Requirements Once you have installed all the current service packs and updates, you must have the following additional services on your server: Windows Components Your computer needs to be configured as a web server by enabling Internet Information Services (IIS) 6.0. The components of IIS that WSS 3.0 consumes include the common fi les WWW and Simple Mail Transfer Protocol (SMTP).

Understanding the Physical Architecture

49

You need to make certain the server is configured to use IIS 6.0 Worker Process Isolation Mode; this is the default setting for new installations of Windows Server 2003. Incoming and outgoing mail settings in WSS 3.0 require that you specify an SMTP email server. You can enable these settings by installing the IIS SMTP services on your server. Microsoft .NET Framework 3.0 WSS 3.0 requires Microsoft .NET Framework 3.0 with ASP.NET 2.0 enabled (see Exercise 2.1).

If you install ASP.NET 2.0 prior to enabling IIS, you need to enable ASP.NET 2.0 by running the command aspnet_regiis -i.

Database Services Requirements When you perform the Basic or Advanced (stand-alone) installation of WSS 3.0, WID is automatically installed. The 70 - 631 exam does not require you to know the configurations for SQL Server 2005; however, for information regarding SQL Server 2005 system requirements, see http://go.microsoft.com/fwlink/?LinkID=75010&clcid=0x409.

Exercise 2.1 will show you how to tell whether ASP.NET is enabled. E X E R C I S E 2 .1

Checking to See if ASP.NET Is Enabled Follow these steps to check whether ASP.NET is enabled:

1.

Open the IIS Manager from Administrative Tools on your server.

2.

Click Web Service Extensions.

3.

Check that ASP.NET has a status of Allowed, as shown in the following graphic.

50

Chapter 2



Integrating Windows SharePoint Services in the Network

Configuring a Farm Installation The major difference between the single-server and the server farm implementations is that your server roles are now separated. The small farm establishes one server as the web front end and the second server as the database server.

Farm Hardware Requirements Since the server farm includes at minimum a front- end web server and a separate database server, we will discuss each set of hardware requirements separately. WSS 3.0 lives on the web front- end server, so let’s take a look at those requirements fi rst.

Front- End Web Server The following lists the minimum and recommended hardware requirements for deploying WSS 3.0 on your front- end web server: Processor Minimum: 2.5GHz Recommended: Dual processors each 3GHz or faster Memory

Minimum: 2GB

Recommended: More than 2GB Disk Space and Format free space

Minimum: NTFS fi le system partition with a minimum of 3GB of

Recommended: NTFS file system partition with a minimum of 3GB of free space plus adequate space for your data storage requirements Installation Media Source

Minimum: DVD drive

Recommended: DVD drive or installation source copied to a local drive or network share Display

Minimum: 1024 × 768

Recommended: 1024 × 768 or higher resolution monitor Network Connectivity Minimum: 56Kbps connection between the server and the client computers; 100Mbps connection between servers in your server farm Recommended: 56Kbps or higher connection between the server and the client computers; 1Gbps connection between servers in your server farm

Database Server The 70 - 631 exam does not require you to know the hardware configurations for SQL Server. For information regarding SQL Server 2005 system requirements, see http://go.microsoft.com/fwlink/?LinkID=75010&clcid=0x409.

Understanding the Physical Architecture

51

Farm Software Requirements The software requirements include operating system and components that must be running on your servers prior to your WSS 3.0 installation. Again, we will discuss the front- end web server and database server requirements separately.

Front- End Web Server The following are the software requirements for deploying WSS 3.0 on the front- end web server of the farm: Operating System Requirements WSS 3.0 runs on Windows Server 2003 with SP1 or later:  Windows Server 2003 or 2008, Standard Edition 

Windows Server 2003 or 2008, Enterprise Edition



Windows Server 2003 or 2008, Datacenter Edition



Windows Server 2003 or 2008, Web Edition

You need to use WSS 3.0 with SP1 if you are installing on Windows Server 2008.

If you are planning on using Windows Server 2003, Web Edition, for your single - server implementation, you must use the Advanced, front- end web server installation and use an additional database server for the WSS 3.0 databases. This restriction is due to Windows licensing constraints; SQL Server cannot be installed on the Web edition. Likewise, the Web edition does not support the Basic installation of WSS 3.0.

The administrative interface of WSS 3.0 requires that you have Internet Explorer 6 with the most recent service packs or Internet Explorer 7 or higher. For farm deployments, you must install WSS 3.0 in an Active Directory (AD) directory services environment; WSS 3.0 cannot be installed in a farm on a Windows NT 4.0 domain.

Operating System Component Requirements Once you have installed all the current service packs and updates, you must have the following additional services on your server: Windows Components Your computer needs to be configured as a web server by enabling IIS 6.0. The components of IIS that WSS 3.0 consumes include the common fi les WWW and SMTP.

Chapter 2

52



Integrating Windows SharePoint Services in the Network

You need to make certain the server is configured to use IIS 6.0 Worker Process Isolation Mode; this is the default setting for new installations of Windows Server 2003. Incoming and outgoing mail settings in WSS 3.0 require that you specify an SMTP email server. You can enable these settings by installing the IIS SMTP services on your server. Microsoft .NET Framework 3.0 with ASP.NET 2.0 enabled.

WSS 3.0 requires Microsoft .NET Framework 3.0

To check if ASP.NET is enabled: 1.

Open the IIS Manager from Administrative Tools on your server.

2.

Click Web Service Extensions.

3.

Check that ASP.NET v2.0.50727 has a status of Allowed.

If you install ASP.NET 2.0 prior to enabling IIS, you need to enable ASP.NET 2.0 by running the command aspnet_regiis -i.

Database Server The computer you use for the database server role must have one of the following installations of SQL Server: 

SQL Server 2000 with SP3a, although SP4 or later is recommended.



SQL Server 2005 with SP1; however, you should install SQL Server 2005 SP2 before installing or upgrading to WSS 3.0.



SQL Server 2008; remember that SQL Server 2008 requires that you install WSS 3.0 with SP1.

The WSS 3.0 Setup program automatically creates the necessary databases at the time of installation. Optionally, if your organization’s policies require, you can preinstall the required databases. Configuring Surface Area Settings If you are using SQL Server 2005, you must also change the surface area settings (see Exercise 2.2). Implementing SQL Server and Database Collation You need to configure the SQL Server collation to be case-insensitive. You also need to configure the SQL Server database collation to be case-insensitive, accent-sensitive, Kana-sensitive, and width-sensitive to ensure fi lename uniqueness consistent with the Windows operating system. Establishing Required Accounts You must plan for the following server farm –level accounts. These accounts are used to configure Microsoft SQL Server and to install WSS 3.0. (You’ll learn more about the required accounts, including specific privileges required for these accounts, in Chapter 3.) 

The SQL Server service account is created during SQL Server installation. It is used as the service account for the MSSQLSERVER and SQLSERVERAGENT services.

Understanding the Physical Architecture

53



The Setup user account is used to run the Setup program on each server.



The Farm Search Service account is used for the WSS Search service. There is only one instance of this service in the server farm.



The Application Pool Process account is used to access content databases associated with the web application. Exercise 2.2 walks you through configuring surface area settings in SQL Server 2005.

EXERCISE 2.2

Configuring Surface Area Settings in SQL Server 2005 1.

Click the Start button.

2.

Select All Programs > Microsoft SQL Server 2005 > Configuration Tools, and then click SQL Server Surface Area Configuration.

3.

In the SQL Server 2005 Surface Area Configuration dialog box, click Surface Area Configuration for Services and Connections.

4.

In the tree view, expand the node for your instance of SQL Server.

5.

Expand the Database Engine node, and then click Remote Connections.

6.

Select the Local and Remote Connections radio button.

7.

Select Using both TCP/IP and Named Pipes, as shown in the following graphic.

8.

Click OK.

Chapter 2

54



Integrating Windows SharePoint Services in the Network

Understanding Web Browser Support WSS 3.0 supports many of your commonly used browsers. However, not all browser support is created equal. It is important that you review this section to make certain your clients will have the full experience of your WSS deployment. As an administrator, you will want to make sure that the browser you use for your administrative tasks is a Level 1 browser.

Understanding Browser Support Levels Web browsers are defi ned by the support they provide to WSS 3.0. There are two defi ned levels: Level 1 Web Browsers These browsers utilize the advanced features of Active X controls. Level 1 browsers are fully compatible with your WSS environment. And the winners are: 

Microsoft Internet Explorer 6. x (32-bit)



Microsoft Internet Explorer 7. x (32-bit)

Level 2 Web Browsers With Level 2 browsers, users are able to read and write in your WSS sites. However, since only Level 1 browsers support ActiveX controls, users might not experience full functionality of your sites. Table 2.1 lists the Level 2 browsers with their accompanying operating systems.

TA B L E 2 .1

Level 2 Browsers

Browser

Windows

Linux/Unix

Mac OS X

Firefox 1.5

X

X

X

Mozilla 1.7

X

Netscape Navigator 7.2 Netscape Navigator 8.1 Safari 2.0

X X X

Other Web Browsers If your browser is not listed in Table 2.1, nor is it a Level 1 browser, it is not supported. For example, older browsers such as Internet Explorer 5.5 and below are not supported in WSS.

Understanding the Physical Architecture

55

Understanding Browser Feature Compatibility Table 2.2 lists the specific feature compatibilities of the Level 2 browsers. An entry of Y means the feature is supported either totally or partially by the listed browser. An entry of N signifies no support for the stated feature.

TA B L E 2 . 2

Level 2 Browser Features Compatibility

Feature

Netscape Navigator 7.2 or 8.1 Safari 2.0

Firefox 1.5

Mozilla 1.7

Connect to Outlook/Client

Y

Y

Y

Y

Context Menu

Y

Y

Y

Y

Drag and Drop (of Web Parts)

Y

Y

Y

Y

Edit in Datasheet View

N

N

N

N

Edit In (Microsoft Office Application)

N

N

N

N

Explorer View

N

N

N

N

List Attachments

Y

Y

Y

N

Multiple File Upload

N

N

N

N

New Document

Y

Y

Y

Y

Part to Part Connections

N

N

N

N

People Picker

Y

Y

Y

Y

Rich Text Toolbar

N

N

N

N

Send To

Y

Y

Y

Y

Web Discussions

N

N

N

N

Web Part Menu

Y

Y

Y

Y

Export to Spreadsheet

Y

Y

Y

Y

Date Picker Control

N

N

N

N

Chapter 2

56



Integrating Windows SharePoint Services in the Network

The browser compatibility table is also available at http://technet .microsoft.com/en-us/library/cc288142.aspx.

Planning for Availability The next task in your WSS 3.0 implementation is to plan for availability. Availability is the capability of a system to respond to requests in a predictable manner. Availability is one of your fi rst considerations in your WSS 3.0 implementation; you need to consider deploying a server farm and planning the roles of your servers to provide high availability in your farm. You have several components to consider when planning for availability of WSS; your WSS 3.0 deployment relies on the health of the network as well as the server configurations. Your computer hardware, including power supplies, disk drives, and network cards, can all affect the availability of your implementation. A common measure of availability is the “number of nines.” This translates into the percentage of time your implementation is up and running. For example, a farm with 99.99 percentage of uptime is said to have four nines of availability. See Table 2.3 for a quick look at the number of nines and what it means as far as downtime for your implementation.

TA B L E 2 . 3 Number of Nines

Availability Measurement Uptime Percentage

Downtime per Day

Downtime per Month

Downtime per Year

Two

99

14.40 minutes

7 hours

3.65 days

Three

99.9

86.40 seconds

43 minutes

8.77 hours

Four

99.99

8.64 seconds

4 minutes

52.60 minutes

Five

99.999

0.86 seconds

26 seconds

5.26 minutes

With these figures at hand, you can gauge your organization’s acceptable downtime and plan accordingly. Consider the following: 

Is your organization’s WSS 3.0 availability requirement greater than 99 percent?



If service becomes unavailable, will users be able to effectively continue with their work?



If service becomes unavailable, will business transactions be lost?

Planning for Availability

57

If you answered yes to any of these questions, you should consider a minimum level of availability as you design your server farm topology. In this section, you will learn how to plan for the availability of your WSS 3.0 server farm by discussing the following aspects: 

Defining server redundancy requirements



Planning a minimum level of availability

Defining Server Redundancy requirements In Chapter 1 you learned about availability and redundancy of your WSS 3.0 solution in the architecture design of your farm. Let’s expand on that topic.

Small Farm Implementation You may recall the small farm implementation consists of two tiers: the web front end and the database. Let’s look at the types of small farm implementations: Two -Server Farm The smallest server farm consists of two servers: a front- end web server that also holds the search components and a database server, as shown in Figure 2.1. This configuration is a starting point and offers no redundancy. A failure of either server means your system is down. It is easy to see why this configuration is not generally meant for production environments where availability is a concern.

F I G U R E 2 .1

Two-server WSS 3.0 farm User Requests

Web Server Search Server

Database

Three -Server Farm With the three-server farm, you must choose which server role to make redundant. By adding a second server to the web tier, you add redundancy to the web server role. Although this configuration might not increase availability, it does increase

58

Chapter 2



Integrating Windows SharePoint Services in the Network

performance. So if your concern is performance and not higher availability, this solution might be optimal. If your choice is data availability, then you should retain just one web front end and add a second server to your database tier. The database servers should be part of a failover cluster or synchronous database mirroring configuration to provide the higher availability. Four-Server Farm The minimum server farm built for availability consists of four servers. Two servers are web front- end servers, with one of the servers containing the search components. The other two servers are database servers contained in either a clustered or mirrored environment, as shown in Figure 2.2. FIGURE 2.2

Four-server WSS 3.0 farm User Requests

Web servers Search installed on one computer

Clustered or Mirrored SQL Server

Medium or Large Farm Implementation In the farm configurations you have seen thus far, there are two levels of components: the web front end and the database. You can scale out your implementation by adding a third level: Five-Server Farm The most common configuration that optimizes the performance of the front- end web servers by offloading search to a dedicated server is the five-server farm. Two servers are web front- end servers. Two servers are clustered or mirrored database servers. The fi fth server is dedicated to the search components. This configuration is shown in Figure 2.3.

Planning for Availability

FIGURE 2.3

59

Five-server WSS 3.0 farm User Requests

Web servers Search installed on one computer

Search Server

Clustered or Mirrored SQL Server

Planning for a Minimum Level of Availability You can use each of the topologies presented as a starting point for your implementation. You just need to determine where to place the redundancies to fit the goals of your organization. With that said, let’s look at the redundancy options for each of the server roles.

Front-End Web Servers First you determine whether your organization requires redundancy at the web server tier. Here is a set of questions to help you assess the need: 

Can your organization live with an overall availability level below 99 percent?



Is your data availability critical?



Is your organization able to tolerate temporary data access loss?

If you answered yes to all three questions, you most likely do not need redundancy at the web server tier. If you answered no to any one of the questions, web server redundancy is an important aspect of your deployment; you should plan on implementing at least two web servers. Your next step is to determine the type of load balancing you need to implement. As you’ll see next, WSS 3.0 supports two methods of load balancing.

60

Chapter 2



Integrating Windows SharePoint Services in the Network

Software Load Balancing: Network Load Balancing (NLB) The only software load-balancing technology Microsoft recommends for WSS 3.0 is network load balancing (NLB). NLB services are provided by the Microsoft Windows Server 2003 or above operating system. NLB uses TCP/IP to route requests and distributes network traffic among the multiple cluster hosts. NLB ensures high availability by detecting host failures and automatically redistributing traffic to the surviving hosts. Running directly on the front- end web servers, NLB reduces the server resources available for serving web pages to your WSS 3.0 users. However, NLB’s impact on those system resources is not great. Even though an NLB software solution is able to handle up to 32 front- end web servers, Microsoft recommends no more than eight front- end web servers per SQL Server database server. NLB transparently partitions your WSS 3.0 client requests among the hosts and allows access to the cluster by using one or more virtual IP addresses. From the client’s point of view, the cluster appears as a single server answering their requests. As the need increases, you can simply plug another server into the cluster. All network adapters must have static IP addresses. The default operating mode for the NLB cluster is unicast mode. If you need to implement intrahost communication, you should either add another network adapter (NIC) to the servers’ configurations or change the operating mode of the NLB cluster to multicast. When you configure the NLB cluster for multicast mode, the cluster’s media access control (MAC) address is assigned to the network adapters that are used as the cluster adapters; however, the cluster adapter’s built-in address is retained, enabling both addresses to be used. Therefore, if you need to implement intrahost communication, or ping one of the cluster servers from another in the cluster, and you are using only one NIC, you must configure NLB in multicast mode. To create a new cluster, specify the following: 

The cluster IP address (this is the virtual IP [VIP] of the cluster)



The fully qualified domain name (FQDN) of the cluster



Unicast or multicast mode



The port to be balanced Here are some best practices for configuring NLB using the default unicast mode:



Only the TCP/IP protocol should be installed on the cluster adapter. Do not add any other protocols, such as IPX.



Properly secure the NLB hosts and the load-balanced applications since NLB does not provide any security configuration.



Use two or more network adapters in each cluster host whenever possible; however, install NLB on only one, the cluster adapter.



Ensure that all NLB hosts belong to the same subnet and that the NLB clients are able to access this subnet.

Planning for Availability

61



Ensure all servers in the NLB cluster use either unicast or multicast mode. Do not mix modes within the NLB cluster.



Use Network Load Balancing Manager to configure NLB.



Enable Network Load Balancing Manager logging to troubleshoot problems or errors.



Avoid uninstalling NLB.



Do not enable NLB on a server that is already using server clustering.

Software Load Balancing: Round- Robin DNS Another load-balancing method, round-robin load balancing with Domain Name System (DNS), is available but not recommended for WSS 3.0. Round-robin DNS load balancing uses significantly more resources, is slower than other load-balancing methods, and uses considerable system resources. Furthermore, it does not take into account the session load of a server, which can cause a server to become overloaded.

Hardware Load Balancing Hardware load balancing involves the use of a switch box or a router. The load-balancing hardware directs traffic between your front- end web servers. This method of load balancing does not affect your front- end web server resources; however, the cost of the load-balancing hardware makes it a more expensive choice. WSS 3.0 can use any loadbalancing hardware.

You can find instructions for configuring NLB for WSS 3.0 in section 6.3.1.2 of the Windows SharePoint Services Deployment Guide:

http://download.microsoft.com/download/f/6/a/f6acc021-a05a48a1-88e2-bc64ec0455d6/WINDOWS%20SHAREPOINT%20SERVICES%203.0% 20DEPLOYMENT/Windows%20SharePoint%20Services%203.0%20Deployment %20Guide.pdf.

Search Servers Search is the only application role included in WSS 3.0. Search is composed of two components, search and indexing, that cannot be divided. You can install search on a front- end web server or on its own dedicated application server. In a small farm deployment, search should be installed on the web front- end server, not the database server. If the server holding the search components fails, search is unavailable. Restoring search relies on restoring the content indexes used by search. The amount of downtime depends on whether existing content indexes are available or need to be regenerated by crawling the content. Most often, deploying multiple search servers is done for capacity planning, not availability. Each search server crawls its own set of content databases, thus creating no redundancy.

62

Chapter 2



Integrating Windows SharePoint Services in the Network

Generally, each search server can handle about 100 content databases. Thus the decision on the number of search servers to use depends on the number of content databases on your farm.

The WSS 3.0 search technology itself is not based on Microsoft SQL Server full-text searching, as in previous versions. Instead, WSS 3.0 search implements the SharePoint search technology used by Office SharePoint Server 2007. As a WSS 3.0 administrator, outside of a few settings for modifying access accounts and designating the search server(s), you have very little to configure for search since most of the search capabilities for WSS 3.0 are configured automatically during installation. WSS 3.0 search is quite straightforward, but it is not the enterprise search of Office SharePoint Server 2007. Here are some concepts you should understand about WSS 3.0 search: 

WSS 3.0 search covers only a single site collection. Search can only crawl SharePoint content within the site collection. It does not crawl databases, mail servers, application servers, or websites and file shares outside of the site collection. If your deployment has more than one site collection, each site collection provides search content only on that site collection. You cannot aggregate search results across site collections.



WSS 3.0 search automatically creates a single content source for each site collection with no exposing of administration details.



WSS 3.0 search is automatically scoped to current context. It is limited to sites and subsites, lists or libraries, or folders. The search scopes appear in the search drop down menu; however, scope management is not exposed to administrators. If you are working at a particular subsite, you are not able to search over the entire site collection. You can, however, search over all of the subsites of the current site you are on.



Full crawls occur automatically.



WSS 3.0 search provides a limited set of indexing filters called IFilters to search content in certain formats. You can install and register other IFilters as needed.



Search consists of search query and index roles with search queries performed using the network service account, or another account selected during installation. A separate content access account should be used for crawling content sources and indexing content.



Search results appear in order of relevancy.

Planning for Availability

63

Database The database server role affects the availability of your WSS 3.0 deployment more than any other role. If your database server fails, your downtime depends on how long it takes to rebuild the server and then restore the data from your backup media. In the case of a server failure, you need to take into account not only the server downtime but also the potential for loss of data due to the method you use for backing up your SQL Server. First, you need to determine if your organization requires redundancy at the database server tier. Here is a set of questions to help you assess the need: 

Can your organization live with an overall availability level below 99 percent?



Can your users continue to perform their job responsibilities in a reasonable manner if your solution is not available for one or more days?



Can the organization endure a loss of access from your customers for more than one day?

If you answered yes to all three questions, you most likely do not need redundancy at the database server tier. If you answered no to any one of the questions, database server redundancy is an important aspect of your deployment; you should plan on implementing at least two database servers. You can use failover clustering or synchronous mirroring to provide high availability of your database servers. Clustering is easier to implement but can be more expensive. Failover clustering provides high availability by combining one or more nodes with two or more shared disks. One of the cluster nodes is the owner of the cluster. Applications connect to the cluster through its virtual name; therefore, the application is unaware of which cluster node it is addressing. As long as the failure is not with one of the shared disks, failover clustering provides automatic failover from one node to another. All cluster nodes must be the same platform, either all 32-bit or 64 -bit. Database mirroring operates at the database level. You use this technology to maintain a single standby database for almost immediate failover. You create a mirror by restoring a backup of your production database and make it unavailable to users. The principal database then continually updates the mirror, keeping it synchronized. There are various options for configuring the mirror. The high availability option, synchronous mirroring, provides for a third server, which is used as a witness monitoring the health of the production database and performing failover procedures when necessary. Table 2.4 shows a comparison between SQL Server failover clustering and synchronous SQL Server high availability mirroring technologies.

64

Chapter 2

TA B L E 2 . 4



Integrating Windows SharePoint Services in the Network

Comparing Database Availability Strategies

SQL Server Failover Clustering

SQL Server High Availability (Synchronous) Mirroring

Mirror takes over immediately upon failure.

Mirror takes over immediately upon failure.

Transactionally consistent.

Transactionally consistent.

Transactionally concurrent.

Transactionally concurrent.

Shortest time to recovery (seconds to minutes).

Slightly longer time to recovery (seconds to minutes).

Failure is automatically detected by database nodes; WSS 3.0 references the cluster, so failover is seamless and automatic.

Requires scripting to achieve WSS 3.0 failover.

Does not protect against failed storage; storage is shared between nodes in the cluster.

Protects against failed storage; both the principal and mirror database servers write to local disks.

Requires more expensive shared storage.

Can use less-expensive direct-attached storage (DAS).

Requires same subnet.

Can tolerate up to 1 millisecond latency between SQL Server and web servers.

Can use SQL Server simple recovery Requires SQL Server full recovery model. model; however, available recovery point is the last full backup. No performance overhead.

Introduces transactional latency. Adds memory and processor overhead.

Minimal operational burden.

Additional operational burden: scripting and creating SQL Server aliases.

A whitepaper describing the configurations, number of mirroring sessions, and transferring of permissions when using database mirroring as a high availability solution for WSS 3.0 databases can be found at http://

go.microsoft.com/fwlink/?LinkId=83725&clcid=0x409.

Planning for Extranet Environments

65

Although failover clustering and database mirroring are the two most widely used solutions for WSS 3.0, there are two other methods you can use to ensure reliability of your content databases: Log Shipping Log shipping operates at the database level. You can use this method to provide a warm standby. Transaction logs from your production database are “shipped” to a standby database on another server. This process can cause a latency issue in the event of failure. Also, before a failover can take place, you need to manually apply all the backups that have not been shipped so that the warm standby is synchronized with the production database. Since this method involves manual intervention, it is often used in conjunction with a mirroring solution. Replication Replication allows real-time availability of your databases. Replication is part of a publisher-subscriber paradigm where the publisher or primary server distributes its data to one or more subscriber or secondary servers.

Planning for Extranet Environments An extranet environment is a private network that is a secure extension of an organization’s internal information and processes to accommodate sharing information with remote employees, external partners, or customers. You can use an extranet with WSS 3.0 to share your documents, lists, libraries, calendars, blogs and wikis. Here are some of the benefits an extranet can provide: For Remote Employees Remote employees are able to access your organization’s information using a web browser from any location at any time. Employees do not need to be set up with special access configurations as they would with a virtual private network (VPN). For External Partners External partners are able to access only the information you have chosen them to access while engaging in business processes with your company. Your internal employees can collaborate with external partners using content management features of WSS 3.0. For Customers You can provide anonymous access to your customers, thus enabling them to access information about your business. WSS 3.0 provides flexible options for configuring extranet access to your sites. For example, you can host the extranet content inside your corporate network and have it be available to your external users through an edge firewall. Another option is to isolate your server farm wholly inside a perimeter network. In any of the options, you can choose to include all the content of your sites or just a subset of sites or content of the sites to your external users. In the following section, you will learn some of the prevalent topologies used for extranet environments. We will cover these topics: 

Planning an edge firewall topology



Planning a back-to -back perimeter topology



Planning a split back-to -back topology



Planning the Internet Security and Acceleration server implementation

66

Chapter 2



Integrating Windows SharePoint Services in the Network

Planning an Edge Firewall Topology The edge fi rewall topology uses a reverse proxy server, such as Microsoft Internet Security and Acceleration (ISA) Server between the Internet users and your corporate network. The ISA Server intercepts user requests and forwards them to the appropriate web server located within the corporate intranet. The ISA Server uses a set of configurable rules to determine what information is allowed based on the zone from which a request originates. The external requests are in the form of a URL. The ISA Server translates the requested URL into an internal URL recognized by your server farm. Figure 2.4 illustrates the edge fi rewall topology. FIGURE 2.4

Edge firewall topology

Internet

Remote Users

Corporate Network

ISA Server

Internal Users Server Farm

The main disadvantage for this solution is that it provides only a single fi rewall to separate your corporate internal network from the Internet. The ISA Server becomes the single point of attack from unauthorized users. If the attack is successful, your entire corporate network is exposed. On the other hand, the edge fi rewall topology does have several advantages: 

Your entire server farm is contained within your corporate network.



It is the simplest of the extranet topology solutions in that it requires the least amount of hardware and configuration.



Your data is kept in one location, which is inside your trusted corporate network.



The maintenance of your data is done in only one location.



You have only one farm to deploy; it is used for both internal and external requests.

Planning a Multihomed Topology The multi - homed topology uses a single fi rewall server as in the edge fi rewall topology; however, a second network adapter is added to the fi rewall, thus creating a perimeter network. Your entire server farm is contained within the perimeter network as in the next topology discussed, the back-to -back perimeter.

Planning for Extranet Environments

67

This solution uses only one ISA Server and still has the disadvantage of providing a single point of attack and failure. As with the edge fi rewall topology, your ISA Server should never be a member of a domain.

Planning a Back-to-Back Perimeter Topology The back-to - back perimeter topology isolates your server farm wholly within a separate perimeter network between two ISA Servers, as shown in Figure 2.5.

FIGURE 2.5

Back-to-back perimeter topology

Internet

Perimeter Network

ISA Server A

Router A

Corporate Network

Router B

ISA Server B Users

Administrator Workstation Search Server

SQL Server

DNS

SQL Server

Active Directory Domain Controller Layer 3 DNS and Domain Controller

Web Servers

Layer 1 Web Servers

Layer 2 Search Server and Database Servers

This solution is more secure than the edge fi rewall topology because an intruder would need to pass through two ISA Servers to access your internal corporate network. In this solution, all components of WSS 3.0 reside within the perimeter network, giving you the ability to separate or combine the server roles in your farm across multiple layers as you see fit. If you choose to use multiple layers, each layer can be separated by routers or additional fi rewalls, thus ensuring a higher degree of security. The main disadvantages of the back-to -back perimeter topology are that it requires additional infrastructure, is more difficult to configure because of domain trust relationships, and is more expensive to maintain.

68

Chapter 2



Integrating Windows SharePoint Services in the Network

However, there are several advantages to this topology: 

External users can only access the perimeter network.



WSS 3.0 content is contained totally within a single farm in the perimeter network, an approach that simplifies sharing and maintenance of the content.



You can use a separate AD infrastructure to hold external user accounts so as not to affect your internal security.



If the extranet is compromised, the damage is potentially limited to the perimeter network or the affected layer.

Planning a Split Back-to-Back Topology The split back-to - back topology divides the farm between the perimeter and corporate networks. The database servers sit totally inside your corporate network. WSS 3.0 search components can be hosted either within the perimeter network or inside the corporate network. Placing the search server role inside the corporate network along with the database servers optimizes your search performance and crawling. If you do so, you must have an AD infrastructure within the corporate network to support them. The split backto -back topology is shown in Figure 2.6. FIGURE 2.6

Split back-to-back topology

Internet

Perimeter Network

Corporate Network

ISA Server A

ISA Server B

Search Server Web Servers

DNS

Search Server

Active Directory Domain Controller

SQL Server

SQL Server

DNS

Active Directory Domain Controller

Planning for Extranet Environments

69

In this topology with the database server located internally, a domain trust is required if you are using Windows accounts to access SQL Server. This scenario requires the perimeter domain to trust the corporate domain. This one-way trust relationship is required to support communication among the servers in your farm. The main disadvantages of the split back-to -back topology are: 

It requires a complex solution for communication among your server roles since they are typically split across two domains.



If the perimeter network is compromised, intruders could potentially gain access to farm content stored within your corporate network through the server farm accounts. Here are some advantages:



Since the external user accounts use a separate AD infrastructure, these accounts can be created without affecting your internal corporate directory.



Computers hosting the database role of your farm are fully contained with your corporate network behind two firewalls; they are not hosted within the perimeter network.



Farm components contained within the perimeter network or the internal corporate network can both share the same databases.

Planning the Internet Security and Acceleration Server Implementation Microsoft Internet Security and Acceleration (ISA) Server 2006 is an integrated network edge security gateway. It allows you to protect your WSS 3.0 sites from direct external access. ISA shields your WSS 3.0 extranet environment from Internet-based threats while also providing users with fast and secure remote access. ISA Server 2006 is available in two versions: Standard Edition and Enterprise Edition. WSS 3.0 is compatible with many edge security gateway servers; however, ISA Server 2006 includes a publishing wizard to help you create a publishing rule for WSS 3.0.

View the ISA Server 2006 Standard and Enterprise Edition comparisons at https://www.microsoft.com/forefront/edgesecurity/isaserver/en/us/ editions.aspx to determine which edition is right for your environment.

70

Chapter 2



Integrating Windows SharePoint Services in the Network

ISA Server 2006 lets you make your published WSS 3.0 deployment accessible in a more secure way to your remote users through its enhanced security features and rules. ISA Server 2006 provides security for your WSS 3.0 extranet environment by preauthenticating users before they gain access to any of your published servers; inspecting all traffic, even traffic that is encrypted, at the application layer in a stateful manner; and providing automated publishing tools. ISA Server offers three types of fi rewall functionality: packet fi ltering (also called circuitlayer), stateful fi ltering, and application layer fi ltering. ISA Server’s stateful inspection includes examining not just the header information but also the contents of the packet containing your data. It examines the packet up through the application layer in order to determine more about the packet than just information about its source and destination. Application-layer inspection is an ISA Server 2006 feature used to make assessments about the validity and safety of the web communications. WSS 3.0 takes advantage of the web publishing rules of ISA Server. Let’s take a look.

Reverse Proxy for Your WSS 3.0 Resources A reverse proxy routes connections coming from the Internet addressed to one of your WSS 3.0 front- end web servers. The reverse proxy may either deal with the request itself or pass the request wholly or partially to your web servers. A reverse proxy dispatches in-bound network traffic to a set of servers, thus presenting a single interface to the caller. For example, a reverse proxy could be used for load balancing a cluster of your web servers. In contrast, a forward proxy acts as a proxy for outbound traffic.

Web publishing is also referred to as reverse proxy.

Application Layer Inspection Deep application layer inspection of connections to your published websites is a function of ISA Server’s HTTP Security Filter. This fi lter allows you to control virtually any aspect of an HTTP communication and either block or allow connections based on almost any component.

Planning for Extranet Environments

71

Path Redirection and Remapping You can redirect connections based on the path indicated by the external user. ISA Server always forwards the client’s original host header to WSS 3.0, as shown in Figure 2.7.

F I GU R E 2 .7

ISA Server web publishing redirection

This information shows the zone that the client is coming from and is used by alternate access mapping in WSS 3.0. Alternate access mapping (AAM) is a WSS 3.0 feature that allows users from various locations to access your WSS 3.0 content using a unique URL. WSS 3.0 identifies the source of the request and matches that to a defi ned URL. Thus, WSS is able to return a URL that is consistent with the one provided by the user. For example, if an external user references WSS content from http://companyname.com , they should receive that referenced URL in their response, not the internal URL of http://internalwss.companyname.com.

Preauthentication of Connections to Published Sites You can configure web publishing rules to forward authentication credentials to the destination web server. You can preauthenticate the user at the ISA fi rewall before the connection is forwarded to the published web server, as shown in Figure 2.8. This preauthentication prevents unauthenticated connections from ever reaching your WSS 3.0 web servers, thus blocking attackers and other malicious users from leveraging unauthenticated connections to your sites.

72

Chapter 2

FIGURE 2.8



Integrating Windows SharePoint Services in the Network

ISA Server web publishing preauthentication

Delegation of User Credentials ISA Server’s authentication delegation option allows the ISA fi rewall to authenticate the user. ISA can then forward the user credentials to the published website if warranted. For example, the user might authenticate initially using a user certificate, which can then be forwarded as NT LAN Manager (NTLM) authentication. Delegation of authentication also prevents the user from being subjected to double authentication prompts. Here’s how it works: instead of the user answering the website’s request for authentication, the ISA Server answers the request, after having successfully authenticated the user. Authentication between your ISA Server and WSS 3.0 is automatically configured to use the NTLM authentication protocol. Even though other protocols are configurable, as shown in Figure 2.9, you should not change this delegation whenever you are authenticating with WSS 3.0.

Planning for Extranet Environments

FIGURE 2.9

73

ISA Server web publishing authentication delegation

Reverse Caching of Site Content Your ISA Server can cache responses from your WSS 3.0 websites. Once a user makes a request for content on the published website, that content can be stored on the ISA Server; therefore, when subsequent users request the same content, the content is served from the ISA Server web cache instead of being retrieved from your WSS 3.0 web server. Since the content is served from the ISA Server’s cache instead of the published website, network traffic between the ISA Server and your extranet website is reduced, increasing its overall efficiency and performance.

Ability to Publish Multiple Sites to a Single IP Address You can publish multiple websites that use a single IP address on the external interface of your ISA Server. This capability is part of ISA Server’s stateful application layer inspection feature that examines the host header on the incoming request and then decides how to carry out the request based on that host header information. For example, say you have a single IP address on the external interface of the ISA Server and you want to publish two WSS 3.0 sites that are held on different web servers: www.teamsiteA.com and www.teamsiteB.com. The only configuration you need to do is to create two web publishing rules, one for each site. Each rule will listen for requests on its configured site and relay them accordingly. Here is the key to making this work: make certain that you configure the public DNS to resolve the fully qualified domain names to the IP address on the external interface of the ISA fi rewall. After the DNS is configured correctly, you can publish two or more websites using this single IP address on your ISA Server.

74

Chapter 2



Integrating Windows SharePoint Services in the Network

Support for Several Methods of Credential Validation To authenticate users, ISA Server must communicate with the authentication servers for your network. For this purpose, your ISA Server needs to communicate with AD servers for Windows authentication and with remote authentication dial-in user service (RADIUS) servers located on your internal network. Furthermore, it supports single sign- on for authentication to your WSS 3.0 sites. As shown in Figure 2.10, clients must fi rst validate to your ISA Server and then your ISA Server must validate the client against the authentication servers in your network, which may include: Windows (Active Directory) ISA validates client credentials against your Windows AD domain; the ISA Server must be a domain member. LDAP (Active Directory) ISA validates client credentials against your Windows AD domain; the ISA Server does not need to be a domain member. RADIUS

ISA can be a RADIUS client; the RADUIS server validates the client credentials.

RADIUS OTP ISA can be part of a RADIUS solution where password changes occur based on either time or a counter. RSA SecurID

ISA can participate with an RSA SecurID authentication technology.

F I G U R E 2 .1 0

ISA Server web publishing authentication settings

Planning for Extranet Environments

75

For security purposes, you can also disable rules for authentication types you are not using in your environment, as shown in Figure 2.11.

F I G U R E 2 .11

ISA Server system policy configurations

SSL Bridging and SSL Tunneling Another important aspect to consider when giving access to external users is the need to encrypt traffic for connections between them and your WSS 3.0 web servers. Configuring SSL for your WSS 3.0 site is similar to enabling it for any other website. You need to obtain and install a certificate on your WSS 3.0 server. The certificate you install on your web server (and potentially on your ISA Server) can be obtained either from an internal certificate authority (CA) on your existing public key infrastructure (PKI) or from a publicly trusted certificate authority. Whether you use an internal CA or a publicly trusted authority depends on the type of users you are allowing external access to your sites as well as where you have decided to use the certificate. As a best practice, if you are placing the certificate on your ISA Server, you should use one from a publicly trusted authority. Otherwise, your users will most likely receive warning or error messages because their Internet browsers do not recognize the authority. Your ISA Server supports two types of SSL deployments: SSL tunneling and SSL bridging. Both types are shown in Figure 2.12.

76

Chapter 2

F I G U R E 2 .1 2



Integrating Windows SharePoint Services in the Network

ISA Server with SSL tunneling and bridging SSL Tunneling

Internet

Internal

SSL Bridging

Internal

Internet

SSL tunneling connects encrypted traffic directly between the client and the web server, letting it pass through the ISA Server. The ISA Server is used just for routing and does not require a certificate. The ISA Server does not decrypt or encrypt the traffic in this feature. With SSL tunneling, the ISA Server does not provide application layer fi ltering or conduct a stateful inspection of the contents of the packet. If you decide to use the SSL bridging feature, you are allowing your external users to establish a secure SSL connection to your ISA Server, which in turn can forward the connection as either secure SSL or as an unencrypted HTTP connection. A certificate must reside on the ISA Server for connection with external users. With bridging, ISA decrypts the traffic and performs a stateful inspection and application layer fi ltering. If the connection between ISA and your web servers is also encrypted, ISA then re- encrypts the traffic when it makes its request to your web server. Figure 2.12 shows the SSL bridging feature with encryption being used for the entire route between the client, ISA Server, and your web server. You can use ISA Server’s publishing wizards to properly configure the connection. Using SSL bridging with an unencrypted connection between your ISA Server and your web server reduces resource consumption on the web server; this feature is called SSL offloading.

Planning for Extranet Environments

77

Scheduling Traffic to Published Sites Your organization might not want to allow external access all the time. You might want to limit the time to certain hours of the day or to certain days of the week. Or perhaps you want to allow 24/7 external access to your environment for some sites, while restricting access to others. ISA Server publishing enables you to have this type of fi ne-tuned control over your sites, as shown in Figure 2.13. F I G U R E 2 .1 3

ISA Server web publishing schedule

Integrating with WSS 3.0 Alternate Access Mappings As mentioned earlier in this chapter, your ISA Server uses the alternate access mappings of WSS 3.0 to provide URL redirection for your sites. In our next chapter on installing WSS 3.0, you will learn how to extend your web application and create and maintain alternate access mappings. However, here are some best practices to guide you as you plan your extranet environment: 

Use alternate access mappings to configure URL redirection.



Do not use reverse proxy server link translation with WSS 3.0 instead of alternate access mapping.



Do not reuse the same URL in alternate access mapping. A URL can only be used once.



Updates made in alternate access mappings do not automatically update IIS bindings.

78

Chapter 2



Integrating Windows SharePoint Services in the Network



Do not forget to configure your environment to enable search to crawl your sites.



Make certain that you enter the URLs in alternate access mappings correctly and that they match the URLs in your publishing rule if you are using a reverse proxy server.

Migrating an Intranet Most recently I have been working on a project for a company that has decided to migrate its existing intranet into a WSS 3.0 solution. One of the major advantages they see in using a SharePoint technology is that departments are now the owners of their content and are thus responsible for maintaining it. This advantage alone is a winner for WSS. Users of the new intranet are authenticated by their AD credentials. Since the company is worldwide and has many mobile users, an edge topology firewall is being used with an ISA Server as a reverse proxy. Security to the site is also enhanced by using SSL. Since the site contains vital information and resources for users to do their daily work, it has been decided that performance, availability, and data redundancy are all important. Therefore, the company decided to implement a five-server farm: 

Two web front-end servers



An application server



Two mirrored SQL back-end database servers

This diagram shows their implementation:

User Requests

Web servers

Search Server

Clustered or Mirrored SQL Server

Planning for and Designing a Secure Infrastructure

79

Planning for and Designing a Secure Infrastructure Security planning for WSS 3.0 involves securing your servers as well as configuring your WSS 3.0 group or user accounts. This section is concerned with server security and authentication methods. In Chapter 4, “Configuring the Windows SharePoint Services 3.0 Environment,” you will learn about WSS 3.0 web application security. Microsoft has published security recommendations for servers and networks. Of interest for your WSS 3.0 implementation are the following guidelines from Microsoft Patterns & Practices group: 

Securing Your Web Server: http://go.microsoft.com/ fwlink/?LinkId=73705& clcid=0x409



Securing Your Database Server: http://go.microsoft.com/ fwlink/?LinkId=73706& clcid=0x409



Securing Your Network: http://go.microsoft.com/fwlink/ ?LinkId=73707& clcid=0x409

Since each of the servers that are a part of your WSS 3.0 deployment has a designated role, after you have followed Microsoft’s patterns and practice guidelines for securing your servers, you need to implement security hardening based on the server role. Topics in this section include the following: 

Securing the web front- end servers



Securing the application servers



Securing the database servers



Securing other features

Securing the Web Front-End Servers There are several categories of security settings that are important when securing your web servers. They are detailed in Figure 2.14.

Chapter 2

Integrating Windows SharePoint Services in the Network

web.config

Sites and v-dirs

Metabase

Shares

Auditing and Logging

Services

Files and Directories

Accounts

Registry

Protocols

Ports

Patches and Updates

NET

Machine config

IIS

Security setting categories in WSS 3.0 web servers

Network

F I G U R E 2 .1 4



Operating System

80

You should adhere to the following best practices when securing your web servers for WSS 3.0: 

To more securely administer your web servers, place them together in their own domain organizational unit (OU) and apply a group policy.



After patching and hardening the operating system on your web servers, install and harden IIS.



After installing and hardening IIS, install and harden Microsoft .NET Framework.



Place website files and folders on a dedicated disk volume. The default path to your websites is %systemroot%\Inetpub\WWWroot. Moving the files and folders to a separate volume helps you restrict their access.

Planning for and Designing a Secure Infrastructure

81



Create separate IIS application pool identity accounts for each web application. This domain user account is used to access content databases associated with the web applications that reside in the IIS application pool.



Configure IIS server logging and store the logs on a nonsystem striped or mirrored volume for increased performance. IIS logs can be used not only to log user access for auditing purposes, but also to identify information bottlenecks.



Secure well-known accounts by renaming them and using complex passwords.



Disable unnecessary IIS services such as FTP and NNTP.

Securing the Application Servers for WSS 3.0 The search server is the only application server used in WSS 3.0. To secure your search server and its components, follow the security recommendations for web servers.

Securing the Database Servers for WSS 3.0 After you follow the procedures to secure your database server, we have a few more recommendations for farm environments: 

Do not create additional SQL Server logins for access to WSS 3.0 content databases. WSS database tasks are handled through your web application.



By default, the farm administrator and server administrators do not have access to WSS 3.0 content databases. Do not give them extra permissions.



Block UDP port 1434 entirely.



Configure SQL Server named instances to be assigned to listen on nonstandard ports; do not use TCP port 1433 or UDP port 1434.



Block TCP port 1433, using another port number for the default SQL instance.



Configure SQL client aliases on all web front- end servers and application servers in your farm. If you have blocked port 1433, SQL client aliases are a necessity.

Securing Other Features in WSS 3.0 Table 2.5 includes some suggestions for securing other areas of WSS 3.0.

82

Chapter 2

TA B L E 2 . 5



Integrating Windows SharePoint Services in the Network

Securing Other WSS 3.0 Features

Feature or Area Authentication

Recommendation Do not use client-side automatic logon to access the Central Administration site. Allow only front-end web server computers to perform user authentication. Do not allow end-user accounts or groups to authenticate against your database servers.

Authorization

If possible, assign permissions to groups instead of individual accounts.

Permission levels

Assign users the least permissions required to perform their business processes.

Administration

Enable access permissions so that administrators can securely log into the Central Administration site remotely. Configuring Terminal Services access to the computer containing the Central Administration site is a greater security risk than allowing remote access.

Email integration

Configure Windows SharePoint Services 3.0 to accept only email that has been relayed through a dedicated mail server so email is filtered. When configuring workflow settings, Windows SharePoint Services 3.0 allows you to enable participants who do not have rights to access a document on a site to receive the document as an email attachment instead. In a secure environment, do not select the “Allow external users to participate in workflow by sending them a copy of the document” option. In WSS 3.0, this option is not selected by default.

Web part storage and security

Deploy only trusted code to your server farm. All code, XML, or ASP.NET code that you deploy should be from a trusted source. Make certain that the SafeControl list in the web.config file contains the set of controls and web parts that you want to allow. For a very secure farm, consider removing the Content Editor Web Part (CEWP) from the SafeControl list in web.config. This prevents users from adding JavaScript to the page as a web part and using JavaScript that is hosted on external servers.

Search

The search service account must not be a member of the Farm Administrators group; if it is, the search service will index unpublished versions of documents. Ensure that additional IFilters and word breakers you deploy are trusted. By default, the search index file is accessible only by members of the Farm Administrators group. Ensure that this file is not accessible to users who do not belong to this group.

Summary

83

Securing Ports and Protocols As a part of securing your implementation, you should never forget to disable unused ports and protocols on your servers. As mentioned earlier, you might also want to change wellused ports to another port number so they are not easily attacked. Here is a quick listing of protocols with their well-known ports that you might encounter: Client Access Ports

HTTP: TCP port 80

HTTPS: TCP/SSL port 443 File and Printer Sharing Service Ports TCP/UDP port 445

Direct-hosted server message block (SMB):

NetBIOS over TCP/IP: TCP/UDP ports 137, 138, 139 Search Crawling Ports

HTTP: TCP port 80

HTTPS: TCP/Secure Sockets Layer (SSL) port 443 Database Communication Ports

TCP/SSL port 1433 (default) for default instance

TCP/SSL random port for named instances UDP port 1434

Summary In this chapter you learned the physical aspects of a WSS 3.0 environment and how to keep them available and secure. You learned the installation requirements for stand-alone and farm deployments, and how Level 1 and Level 2 browsers perform with the various components of WSS 3.0. We showed you how to plan and maintain accessibility for your WSS 3.0 deployment. You learned how to configure network load balancing (NLB) for your web front- end servers and clustering and mirroring for your back- end database servers. We examined extending your implementation to include external users, and defi ned various extranet topologies: edge fi rewall, back-to -back perimeter, and split back-to -back. You learned the importance of configuring Microsoft’s ISA Server to be a part of your extranet solution and we showed you a methodology to create a secure environment for your deployment. We also explained how to secure your front- end web servers, the search server, and the back- end database servers.

84

Chapter 2



Integrating Windows SharePoint Services in the Network

Exam Essentials Understand how to plan your physical architecture. Understand the installation requirements for all components of your deployment, from the servers to the browsers. Know how to plan for high availability. Understand the redundancy requirements and how to implement them in a small, medium, and large server farm. Know how to plan for a minimum level of availability for your deployment. Know how to configure the extranet environment. Be able to configure and know when to use the various extranet topologies: edge fi rewall, back-to -back perimeter, and split back-to -back. Be able to configure Microsoft ’s ISA Server. Understand the configuration components of ISA and how they relate to your WSS 3.0 extranet deployment. Know how to design a secure infrastructure. Know how to secure the web front- end, search, and database servers and their components.

Review Questions

85

Review Questions 1.

You are the WSS 3.0 administrator for your organization. You are in the process of deploying WSS 3.0 in your organization. Your WSS server will host several websites for your employees. You want to reduce the effects of downtime for your implementation; however, at the same time you do not want to reduce the performance of the front- end web server. What should you do? A. Configure network load balancing (NLB).

2.

B.

Install SQL Express on the web front- end server.

C.

Deploy a server farm.

D.

Configure Domain Name System (DNS) round-robin.

You are the WSS 3.0 administrator for your organization. You have deployed WSS 3.0 on four web front- end servers: WS01, WS02, WS03, and WS04. To make certain network traffic is equally balanced among the servers, you have configured NLB in default mode. Currently each front- end server has only one network adapter. You try to ping the dedicated IP address of WS04 from WS02; however, the ping is not successful. You need to be able to ping the dedicated IP address of WS04 from WS02. What should you do? (Choose all that apply.) A. Add a second network adapter for intrahost communication.

3.

B.

Configure the NLB cluster to use unicast mode with a leased IP address.

C.

Configure the NLB cluster to use multicast mode.

D.

Configure the NLB cluster to use unicast mode.

You are the WSS 3.0 administrator for your organization. You have deployed WSS 3.0 on three web front-end servers: WS01, WS02, and WS03. Each server has two network adapters. You decide to configure NLB on the servers using unicast mode. What other precautions should you take while configuring NLB? (Choose two.) A. Make certain that IPX and TCP/IP are both enabled on the cluster adapter. B.

4.

Make certain NLB is configured on both network adapters.

C.

Make certain that NLB is configured on only one of the adapters.

D.

Ensure that the servers in the NLB cluster are in different subnets.

E.

Ensure that the servers in the NLB cluster are in the same subnet.

You are the WSS 3.0 administrator for your organization. You have deployed WSS 3.0 on four web front- end servers in a large server farm. You configure these servers as NLB servers running Windows Server 2003 Enterprise Edition. All of them have two network adapters. You decide to use the first adapter for NLB and the second one for usual network traffic. You also select the unicast mode for intrahost communications. When you add another server with two adapters to the NLB cluster, you get an IP conflict message. You want to add this new server to the cluster. What should you do?

Chapter 2

86



Integrating Windows SharePoint Services in the Network

A. Configure the adapters on the new server to dynamically obtain its IP addresses.

5.

B.

Configure the new server to use unicast mode for intrahost communications.

C.

Configure the new server to use multicast mode for intrahost communications.

D.

Configure the adapters on the new server to dynamically obtain its IP addresses and then configure the NLB host adapter to use multicast mode for intrahost communications and the other adapter to use unicast mode.

You are the WSS 3.0 administrator for your organization. You are deploying a solution for external users only. All external users will be accessing the same content. You have determined that you need to deploy three web front- end servers to meet the expected traffic to your sites. You need to optimize access to the content and at the same time minimize external exposure to your organization’s internal network. What should you do? A. Deploy a non-network WSS 3.0 farm with the load-balanced web front- end servers in a perimeter network and the database server in your internal network.

6.

B.

Deploy a network WSS 3.0 farm with the load-balanced web front- end servers and the database server in the perimeter network.

C.

Deploy a non-network WSS 3.0 farm with the load-balanced web front- end servers and the database server in the perimeter network.

D.

Deploy a network WSS 3.0 farm with the load-balanced web front- end servers in a perimeter network and the database server in your internal network.

You are the WSS 3.0 administrator for your organization. You are deploying four web front- end servers. You want your users to access the servers by using the same IP address. You want to optimize the availability of your content and ensure the resource load on your web front- end servers is kept to a minimum. What should you do? A. Configure the web front- end servers to use NLB. B.

7.

Configure the web front- end servers to use a RADIUS server.

C.

Configure the web front- end servers as two clusters.

D.

Configure the web front- end servers to use Domain Name System (DNS) round-robin.

You are the WSS 3.0 administrator for your organization. You create a split back-to -back topology with both your internal network and your extranet network sharing the database server contained within your corporate network. Since the corporate and extranet networks are in different Active Directory domains, which of the following options can you use to configure access of the perimeter network to the back- end database server? A. Use only one domain for both networks. B.

Remove the database server from the corporate domain and make it a stand-alone server.

C.

Establish a two -way trust between the domains.

D.

Establish a one-way trust between the domains.

Review Questions

8.

87

You are the WSS 3.0 administrator for your organization and have deployed a farm implementation of WSS 3.0. Your organization has decided to implement an extranet environment so employees can work from home one day a week. You have placed your two web front- end servers in a perimeter network and your SQL Server 2005 database server in your local internal network. What is the minimum number of logins that must be created for each content database on the SQL server? A. Two, one for each web front- end server.

9.

B.

Three, one for each web front- end server and one for the farm administrator.

C.

One for the web application.

D.

Two, one for the web application and one for the farm administrator.

You are the WSS 3.0 administrator for your organization. You have two front- end web servers that are load balanced using NLB. You have one back- end database server, SQL01. You have another server, WSS03, available. WSS03 is currently configured with Windows Server 2003 Standard Edition and a dynamic IP address. You want to add WSS03 to the NLB cluster. What should you do first? A. Configure WSS03 with a static IP address. B.

Configure WSS03 with IPX.

C.

Change the name of WSS03 to the same name as the other servers in the cluster.

D.

Install Windows Server 2003 Web Edition on WSS03.

10. You are the WSS 3.0 administrator for your organization. You have deployed an ISA Server on your perimeter network. Your network also contains two WSS 3.0 web frontend servers: WSS01, which hosts the company website, and WSS02. You have been told to configure the company website so that it is available to all Internet users. You create a web publishing rule to publish the website to the Internet. Since the site is to be readily available, you have chosen to use anonymous access to the site. You have also been told to host a confidential website on WSS02. You need to configure ISA so that only remote employees can use the site, which means its contents should be encrypted when sent across the Internet and the remote client IP addresses must be preserved. What should you do? A. Create a web publishing rule and configure it to use authentication. Configure the rule to select the Requests Appear to Come from the Original Client option. B.

Create a server publishing rule and configure it to use authentication. Configure the rule to select the Requests Appear to Come from the Original Client option.

C.

Create a web publishing rule and configure it to use authentication. Configure the rule to select the Requests Appear to Come from the ISA Server Computer option.

D.

Create a secure web publishing rule and configure it to use authentication. Configure the rule to select the Requests Appear to Come from the Original Client option.

11. You are the WSS 3.0 administrator for your organization. You have deployed a WSS 3.0 server farm. To allow external access to your sites, you decide to install an ISA Server. You need to configure it so that your additional hardware is minimized, your internal users still have access to the site, and you have minimal reconfiguration. What should you do?

Chapter 2

88



Integrating Windows SharePoint Services in the Network

A. Implement an edge firewall topology. B.

Implement a split back-to -back topology.

C.

Implement a multihomed perimeter topology.

D.

Implement a back-to -back perimeter topology.

12. You are the WSS 3.0 administrator for City University. The university is planning a WSS 3.0 deployment using four web front- end servers for the Undergraduate School. You have been told to design a plan that will allow for optimal access to the user content as well as provide for adding new web front- end servers for future needs as the implementation expands to include the Graduate School. What should you do? A. Configure the web front- end servers to use two clusters. B.

Configure the web front- end servers for Domain Name System (DNS) round-robin.

C.

Configure the web front- end servers for NLB.

D.

Configure the web front- end servers to use active/passive clustering.

13. You are the WSS 3.0 administrator for your organization. WSS01 is a WSS 3.0 web frontend server on your perimeter network. Your internal users access WSS01 using the URL http://wss01. You want the external users to access the site using the address of your company, http://www.companyname.com. You have named the default web page of the site default.aspx. You need to configure a publishing rule on your ISA Server to provide access to WSS01 for your internal users. What should you do? (Choose two answers. Each one is part of the solution.) A. On the To tab, specify the published site as wss01.companyname.com. B.

On the To tab, specify the published site as www.companyname.com.

C.

On the Public Name tab, add the name wss01.companyname.com.

D.

On the Public Name tab, add the name www.companyname.com.

14. You are the WSS 3.0 administrator for your organization. You have implemented a small farm and need to be able to access the Central Administration site remotely for its administration. You need to make certain you have full functionality of the site and use the most secure method possible. How should you configure your workstation? A. Use Internet Explorer 5.5 with remote access. B.

Use Internet Explorer 6 with remote access.

C.

Use Internet Explorer 7 with terminal services.

D.

Use Netscape 8.1 with terminal services.

15. You are the WSS 3.0 administrator for your organization. You are planning a WSS 3.0 large farm implementation. You plan to have 400 busy user content databases, your administration content database, and the configuration database. You need to design a topology to meet both high availability and high performance requirements. What should you do?

Review Questions

89

A. Install and configure two search servers. Configure one server to hold the user content databases and the other to hold the administration content and configuration databases. B.

Install and configure one search server for all the databases.

C.

Install and configure three search servers. Configure two search servers to hold the user content databases and one to hold the administration content and configuration databases.

D.

Install and configure five search servers. Configure four search servers to hold the user content databases and one to hold the administration content and configuration databases.

16. You are the WSS 3.0 administrator for your organization. For evaluation purposes, you are installing a WSS 3.0 implementation on a single stand-alone server. You want to ensure your configuration is as secure as possible. Which services should you disable? (Choose two.) A. WID B.

SMTP

C.

NNTP

D.

IIS 6.0 Worker Process Isolation mode

E.

WWW

F.

FTP

17. You are the WSS 3.0 administrator for your organization. You are deploying WSS 3.0. You want to ensure availability with minimum downtime and improve performance for your users. All users in your organization need to access the same content. You have an Active Directory domain and five servers you plan to use for your implementation. The solution involves only internal access to your WSS 3.0 environment. What should you do? A. Configure two web front- end servers load balanced using NLB, one search server, and two clustered SQL servers. B.

Configure two web front- end servers load balanced using DNS round-robin, one search server, and two clustered SQL servers.

C.

Configure three web front- end servers in a non– load balancing configuration and two clustered SQL servers.

D.

Configure all five servers as stand-alone servers.

18. You are the WSS 3.0 administrator for your organization. You want to provide high availability for the back- end database servers in your WSS 3.0 implementation. You have three SQL Server 2005 servers available for you implementation. You want to keep cost to a minimum while providing the highest availability. What should you do? A. Configure failover clustering. B.

Configure log shipping.

C.

Configure synchronous mirroring.

D.

Configure asynchronous mirroring.

Chapter 2

90



Integrating Windows SharePoint Services in the Network

19. You are the WSS 3.0 administrator for your organization. You are implementing an extranet solution for your employees. Your internal WSS 3.0 solution uses WSS01 to host a website your employees need to access remotely. You want to use your ISA Server that is presently providing both inbound and outbound Internet access to your network as part of your solution. Your employees must be able to access the site remotely and be authenticated prior to access. All the data traversing the Internet should be encrypted. The ISA server should perform a stateful inspection of the connection, allow application filtering of the HTTP packet contents, and record the IP source addresses of each request. You need to create a web publishing rule on your ISA Server. What should you do? A. Configure the web publishing rule to use SSL bridging. B.

Configure the web publishing rule to use SSL tunneling.

C.

Configure the web publishing rule to use link translation.

D.

Configure the web publishing rule using the Requests Appear to Come from the ISA Server Computer option.

20. You are the WSS 3.0 administrator for City University. You have deployed WSS 3.0 and provide university staff with access to a website published with your ISA Server at https:// wss.cu.edu. The university’s help desk has informed you that several staff members are having difficulty accessing the site because they have been typing http://wss.cu.edu and not https. They ask if there is something you can do to provide staff members access using both addresses while still maintaining security through encrypting. What should you do? A. Purchase an SSL certificate from a well-known certificate authority (CA) and install this certificate on both the ISA Server and your web server. B.

Create a new web application for the same content but do not use SSL for this site.

C.

Change the configuration of the firewall policy on your ISA Server to appropriately redirect http://wss.cu.edu to https://wss.cu.edu.

D.

Create and install a new SSL certificate from your local CA. Obviously the original one is no good.

Answers to Review Questions

91

Answers to Review Questions 1. C. You should deploy a server farm to ensure the high availability of your implementation. You need to deploy servers with specific roles as well as create redundant servers within those roles. To provide high availability, configure at least four servers in your farm. Configure two of the servers as web servers and the other two as clustered database servers. You should not configure NLB or DNS round-robin for the web servers because both use server resources. Installing SQL Express on the web front end does not increase availability. 2. A, C. The default mode for NLB is unicast. To enable intrahost communication, you should either add a second network adapter while still using unicast mode or use just the one network adapter but change the NLB configuration to use multicast mode. You should not configure unicast mode since it is already configured as the default mode for NLB. 3. C, E. When configuring NLB using the unicast mode, you need to make sure that NLB is configured on only one of the adapters. Also, you must ensure that the servers in the NLB cluster are in the same subnet. You should not enable any other protocols other than TCP/IP on the cluster adapter. 4. B. You need to configure the new server to use unicast mode for intrahost communications. You have chosen to use unicast for intrahost communications for your other web front-end servers. The new server must be configured using the same unicast mode. The error message you are receiving indicates that the modes do not match. 5. B. You should deploy a network WSS 3.0 farm with the load-balanced web front-end servers and the database server in the perimeter network. Network load balancing enables you to share the load equally among the servers, which optimizes performance. Placing the database server in the perimeter network also improves performance because it does not have to pass through a fi rewall. You should not deploy the non-network load balanced solution because some web front ends could carry more load than others, thus compromising performance. 6. A. You should configure the web front-end servers to use NLB. NLB is a native functionality of your Windows servers. It provides access to all the servers through a single IP address. The load is balanced among the servers in the NLB cluster, minimizing the resource load on any one web front end. You should not use DNS round-robin for WSS 3.0; it is not as efficient. Creating two clusters or configuring for RADIUS does not provide load balancing. 7. D. You should establish a one-way trust between the domains. By default, the domains do not have a trust relationship between them. You should establish a one-way trust with the perimeter domain trusting the corporate domain. You should not create a two way trust as this might expose your corporate network to possible attacks. You should not use only one domain, as this again might expose your corporate network. Removing the database server from the domain is also not an option because users will lose access to the server.

92

Chapter 2



Integrating Windows SharePoint Services in the Network

8. C. You need to create at a minimum one login to give the web application access to the database. You should not create a login for the web front end. SQL access is by the web application, not the web server. By default, the farm administrator and server administrators do not have access to content databases. 9. A. You should configure WSS03 with a static IP address. Before a server can be added as an NLB node, it must have a static dedicated IP address. You should not configure WSS03 with IPX; this protocol is unnecessary. You should not rename WSS03; each server on a network must have a unique name. You do not need to install Windows Server 2003 Web Edition on WSS03; Standard Edition is fi ne to use. 10. D. You should create a secure web publishing rule and configure it to use authentication. Configure the rule to select the Requests Appear to Come from the Original Client option. Since you want to encrypt the content when it is sent across the Internet, you need to create a secure publishing rule. For publishing WSS 3.0 sites, ISA uses web publishing rules, not server rules. Since you want to retain the IP addresses of the clients, you must choose to configure the rule to select the Requests Appear to Come from the Original Client option. 11. A. You should implement an edge fi rewall topology. With this technology, you can use your ISA Server as both a fi rewall and a reverse proxy server. All the WSS 3.0 servers are still maintained within the corporate network; therefore, you do not need to make any changes within the corporate network. You should not use multihomed topology because you would need to move your WSS 3.0 environment into a perimeter network, which would require reconfiguration. Back-to-back and split-back-to-back both require two ISA Servers and a perimeter network. 12. C. You should configure the web front-end servers for NLB. NLB is a native functionality provided with Windows Server products. NLB provides both load balancing as well as fault tolerance on each web front-end server. You should not configure round-robin for WSS 3.0 installations because it is not as efficient as NLB. Although using active/passive clustering and creating two clusters provide fault tolerance, they do not optimize access to the content. 13. A, D. You should specify wss01.companyname.com as the published site on the To tab. On the Public Name tab, add the name www.companyname.com. The public name is the name the users enter when requesting the site. The published site is the internal name of the WSS 3.0 server. 14. B. You should use Internet Explorer 6 with remote access. Internet Explorer 6.x and 7.x are Level 1 browsers that are fully compatible with WSS 3.0. You should also use remote access; terminal services are not as secure. You should not use Internet Explorer 5.5 because it is not compatible with WSS 3.0. You should not use Netscape 8.1 because it is a Level 2 browser and is not fully compatible with WSS 3.0. 15. D. You should install and configure five search servers. Configure four search servers to hold the user content databases and one to hold the administration content and configuration databases. In general, a search server can handle about 100 content databases. Also, placing the administration databases on a separate search server provides even greater performance. All the other solutions would cause performance issues with the search component becoming a bottleneck.

Answers to Review Questions

93

16. C, F. You should disable NNTP (Network News Transfer Protocol) and FTP (File Transfer Protocol). These services are not used by WSS 3.0. You should not disable WID (Windows Internal Database). It is installed automatically in a stand-alone configuration and is the source database for your WSS 3.0 content and administration. You should not disable the IIS 6.0 Worker Process Isolation mode as this mode is necessary for WSS 3.0. You should not disable WWW (World Wide Web publishing service) or SMTP (Simple Mail Transfer Protocol) as these services are also used by WSS 3.0. 17. A. You should configure two web front-end servers load balanced using NLB, one search server, and two clustered SQL servers. NLB provides for availability and performance. Separating the search components to another server also provides better performance. Clustering the SQL servers provides high availability. You should not use DNS round-robin as it uses more server resources. You should not configure the servers as stand-alone servers; this configuration does not provide the performance requirements that load balancing can answer. 18. C. You should configure synchronous mirroring. Database mirroring is a service of SQL Server 2005 and requires no new hardware. This high availability option uses three servers: one for the original content, one for the mirrored content, and one that is used as a witness monitoring the health of the production database and performing almost immediate failover procedures when necessary. Although failover clustering is also almost immediate, it is more costly and requires new hardware. Asynchronous mirroring and log shipping both require manual intervention and hence do not provide high availability. 19. A. You should configure the web publishing rule to use SSL bridging. When you enable SSL bridging, your ISA Server decrypts the encrypted packet it receives from the Internet and performs a stateful inspection before sending it to the web server. If required, ISA can also re-encrypt the packet before sending it on to the web server. In a like manner, ISA can inspect and encrypt the data coming from the web server back to the client. You should not use SSL tunneling because this solution does not inspect the traffic; it acts merely as a conduit. In general, you should not configure a web publishing rule to use link translation with WSS 3.0. In this particular instance, link translation will not perform the required application layer fi ltering. You should not configure the web publishing rule using the Requests Appear to Come from the ISA Server Computer option. Doing so will not enable ISA to capture the IP source addresses of your remote users. 20. C. You should change the configuration of the fi rewall policy on your ISA Server to appropriately redirect http://wss.cu.edu to https://wss.cu.edu. This solution provides the staff with access to the site without compromising the security requirement. You should not create another web application that uses HTTP with the same content; this solution violates the university’s security requirements. You should not create a new or purchase a new SSL certificate; there is nothing wrong with the certificate. Staff who type in the correct URL have no problem accessing the site.

Chapter

3

Installing and Deploying Windows SharePoint Services 3.0 MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:  Deploy Windows SharePoint Services 3.0 (WSS)


Install WSS

This chapter examines the process of installing WSS 3.0 in your environment. First, you need to plan and implement the security requirements for all your services to work together smoothly. If you want to evaluate the features and capabilities of WSS 3.0, you will fi nd a stand-alone deployment advantageous. It is likewise useful if your deployment calls for just a small number of websites. The stand-alone configuration provides collaboration, document management, and search components with minimal administrative overhead. As you perform the steps of the stand-alone installation, you will fi nd the process quite straightforward. However, keep in mind that there is no direct upgrade from the standalone installation to the farm configuration of WSS 3.0. Once you have completed that stand-alone installation, you have a web application and site collection, created by the installation process, up and ready to go. This chapter also looks at the farm topology. As you have discovered in previous chapters, you have quite a number of choices available when creating your environment. These choices result in a more sophisticated approach to your installation and configuration process. We feel it is important to provide you with these steps and best practices; we want you to have a successful experience. The farm installation leaves you with your servers configured, the Central Administration web application installed, and the WSS 3.0 search service started. Neither web applications nor site collections are created. The installation information in the following sections applies to Microsoft Windows Server 2003 since it is the environment supported by the 70 - 631 exam. However, if you are in a Windows Server 2008 environment, you will use different steps to install and configure Internet Information Services (IIS), the Microsoft .NET Framework 3.0, and WSS 3.0. For more information, see the article “How to Install Windows SharePoint Services 3.0 on a Computer That Is Running Windows Server 2008” at http://support. microsoft.com/kb/943587. Because the installing WSS objective for the 70 - 631 exam is such a broad topic, we have separated the sections to provide easy chunks for you to study. Before you delve in, you may wish to familiarize yourself with the Exam Essentials at the end of the chapter.

Implementing Security Requirements You need to plan your security requirements before you start your installation. You must create authorized accounts to access appropriate services using the least privilege administration paradigm. You do not want to give any account more privileges than

Implementing Security Requirements

97

it needs. If you are deploying a server farm, your service accounts must be able to communicate with services on other servers in your environment. In this section, we explain the accounts you need to create.

Creating Security Accounts Prior to your installation, you need to plan various Active Directory (AD) accounts that are essential not only to your installation but also to your implementation. Here are the security accounts and their requirements: SQL Server Service Account lowing SQL Server services:

To set up SQL Server, you need a service account for the fol-



MSSQLSERVER



SQLSERVERAGENT

You need a custom service account only if SQL Server is installed on a remote server. If you are installing SQL Server on the same server as WSS 3.0, the administrative account that is used to install WSS 3.0 will have access to the databases necessary for your implementation. If you use a custom service account and are also using Kerberos authentication, the account must be registered with a service principal name (SPN) in AD. Server Farm Account To install WSS 3.0, you need a domain user account that is a member of the administrators group on each web front- end server. This account is used to run the WSS 3.0 Setup program on each server. It should also be a member of the administrators group on each application server in the farm. Finally, it should be a member of the SQL Server groups (explained next). Database Access Account To access and use the databases, you need a domain user account that is a member of: 

The SQL Server logins for the instance of SQL Server you are using



The SQL Server Database Creator server role



The SQL Server Security Administrators server role

The Server Farm account can also be the Database Access account. Windows SharePoint Services Search Account To configure the WSS 3.0 search service, you need a domain account that is not a member of the farm administrators group. The permissions for this account, which are automatically configured when you install WSS 3.0, are Read/Write to Content Databases for Web Applications, Read from the Configuration Database, and Read/Write to the WSS Search Database. Search Content Access Account To crawl the content your WSS 3.0 sites as a service, you need a domain user account that has full read rights to your server farm. This account must not be a member of the farm administrators group; if it is, the search service will index unpublished versions of documents. Permissions needed for this account are automatically configured when you configure the search feature.

98

Chapter 3




Installing and Deploying Windows SharePoint Services 3.0

App Pool Identity Account To access content databases associated with your web application, you should plan one account for each application pool. No configuration is necessary for this account. The SQL Server privileges that are automatically assigned to this account are Member of Database Owner Group for Each Content Database Associated with the Web Application and Read from the WSS Configuration Database.

Configuring Security for Extranet Environments If you are creating your web front- end servers in a perimeter network that is in a different domain from your corporate domain, you must set up a one-way trust relationship in which the perimeter domain trusts the corporate domain. This one -way trust relationship is required to support communication among the servers in your farm. If your web front- end servers are in a perimeter network that is not a domain, you must have SQL Server – authenticated accounts that have the appropriate security memberships listed earlier.

Installing WSS 3.0 on a Stand-Alone Computer When you deploy WSS 3.0 on a single server using the default settings, the Setup program automatically installs the Windows Internal Database (WID), a relational data store that uses SQL Server technology. The WSS 3.0 installation process uses WID to hold the configuration database and content database for your sites. Furthermore, the installation process creates the SharePoint Central Administration website and your fi rst SharePoint site collection and site.

Verifying Hardware and Software Requirements Make certain you have met all hardware and software requirements for your WSS 3.0 installation. For a review of these requirements, see “Configuring a Stand-Alone Installation” in Chapter 2. With a single server installation, you also have the option of installing WSS 3.0 on a virtual Windows 2003 server using software such as Microsoft Virtual PC or VMware Workstation. This scenario is especially advantageous to designers and developers for branding and customizing WSS 3.0 sites. Virtualization is not covered in the 70 - 631 exam, so we won’t discuss its hardware and software requirements here. It is a best practice to install WSS 3.0 on a newly configured server to avoid having fi les on the server that might confl ict with the new installation. For example, if you chose to reinstall WSS 3.0 on a server where you have previously installed it, the Setup program could fail during the creation of the configuration database, which in turn causes the entire installation to fail. Always be sure to install the current service packs and updates.

Installing WSS 3.0 on a Stand-Alone Computer

99

To use the administrative interface of WSS 3.0, Central Administration, you must have Internet Explorer 6. x with the most recent service packs, Internet Explorer 7. x, or Internet 8. Prior to installing WSS 3.0, you must install and configure several more Windows components and services consumed by WSS 3.0. Let ’s take a look.

Configuring the Server as a Web Server Your fi rst step is to configure your server as a web server. IIS is not installed or enabled by default on Windows Server 2003. To make your server a web server, you must install and enable IIS. You must also ensure that IIS is running in IIS 6.0 Worker Process Isolation mode. Exercise 3.1 takes you through the process of installing and configuring IIS. E X E R C I S E 3 .1

Installing and Configuring IIS 1.

Select Start  Control Panel, select Add or Remove Programs, and then click Add/ Remove Windows Components.

2.

Select Application Server and then click Details.

3.

Select the check box for ASP.NET. When you do, some other services become selected automatically—do not deselect them.

4.

Select Internet Information Services (IIS) (do not deselect the check box) and then click Details.

5.

Select the check box for SMTP Service, as shown here:

100

Chapter 3




Installing and Deploying Windows SharePoint Services 3.0

E X E R C I S E 3 .1 ( c o n t i n u e d )

6. Click OK, and then click OK again. 7. (Optional) To install the POP3 (Post Office Protocol 3) service, select E-mail Services, click Details, select the POP3 Service check box, and click OK.

8. On the Windows Components screen, click Next. Windows installs the components, which may take a few minutes.

9. On the Completing the Windows Components Wizard page, click Finish. 10. Close the Add or Remove Programs window. 11. Click Start  Administrative Tools  Internet Information Services (IIS) Manager. 12. In the IIS Manager tree, click the plus sign (+) next to your server name to expand the options under the server.

13. Right- click the Web Sites folder and then click Properties. 14. In the Web Sites Properties dialog box, click the Service tab. 15. In the Isolation Mode section, ensure that the Run WWW Service in IIS 5.0 Isolation Mode check box is cleared, as shown here:

16. Click OK.

Installing WSS 3.0 on a Stand-Alone Computer

101

You only see the Run WWW Service in IIS 5.0 Isolation Mode check box selected if you have upgraded to IIS 6.0 on Windows Server 2003 from IIS 5.0 on Microsoft Windows 2000. By default, new installations of IIS 6.0 use IIS 6.0 Worker Process Isolation mode.

Installing Microsoft .NET Framework 3.0 Your next step is to install Microsoft .NET Framework 3.0. This free download from Microsoft is available at http://go.microsoft.com/fwlink/?LinkID=72322&clcid=0x409. On the Microsoft .NET Framework 3.0 Redistributable Package page, follow the instructions for downloading and installing the .NET Framework 3.0. Be aware there are separate downloads for x86 -based computers and x64 -based computers, so be sure to download and install the appropriate version for your computer. You should also download any service packs or updates to the .NET Framework 3.0. The .NET Framework 3.0 download includes the Windows Workflow Foundation (WF) technology, which is necessary for your WSS 3.0 workflow features. Exercise 3.2 takes you through the process of installing Microsoft .NET Framework 3.0.

You can also use Microsoft .NET Framework 3.5. You can download it here: http://go.microsoft.com/fwlink/?LinkId=110508.

EXERCISE 3.2

Installing Microsoft .NET Framework 3.0 1.

Download Dotnetfx3.exe and the service pack file to a folder on your server.

2.

Double - click Dotnetfx3.exe to start the installation of the .NET Framework 3.0.

3.

Click the option “I have read and accept the terms of the License Agreement ” and click Install.

4.

To check the progress of the install (it will take several minutes), you can click the Microsoft .NET Framework 3.0 Setup balloon.

5.

On the Setup Complete page, click Exit.

6.

If you have downloaded a service pack, also install it at this time by double - clicking the file.

102

Chapter 3




Installing and Deploying Windows SharePoint Services 3.0

Microsoft WF is included with the .NET Framework 3.0; therefore, you no longer need to install it separately.

Enabling ASP.NET 2.0 You need to have ASP.NET 2.0 installed for the proper functioning of web content, the Central Administration website, and many other features and functions of WSS 3.0. Exercise 3.3 takes you through the steps to enable ASP.NET 2.0. EXERCISE 3.3

Enabling ASP.NET 2.0 1.

Click Start  Administrative Tools  Internet Information Services (IIS) Manager.

2.

In the Internet Information Services tree, click the plus sign (+) next to your server name.

3.

Click the Web Service Extensions folder.

4.

In the details pane, click ASP.NET v2.0.50727. If the Status column reads Prohibited, click the Allow button to the left to change the status to Allow, as shown here:

Installing and Configuring WSS 3.0 with WID When you install WSS 3.0 on a single server and run the Setup program, you have two options. If you choose the Basic option, you use the Setup program’s default parameters to install WSS 3.0 and WID. If you choose the Advanced option, you can install your fi les to a location you specify as a stand-alone server or you can install WSS 3.0 as a web front end so that it can become part of a server farm.

Installing WSS 3.0 on a Stand-Alone Computer

103

WSS 3.0 is available to install as a component of Windows Server 2003, using Control Panel  Add or Remove Programs  Add/Remove Windows Components. A better solution, however, is to download the executable, SharePoint.exe, free with Service Pack 2 from Microsoft’s download site at www.microsoft.com/Downloads/details. aspx?FamilyID=ef93e453 -75f1- 45df-8c6f- 4565e8549c2a&displaylang=en. Exercise 3.4 takes you through the steps to install and configure WSS 3.0. EXERCISE 3.4

Installing and Configuring WSS 3.0 1.

Double - click SharePoint.exe to begin the installation program.

2.

On the Read the Microsoft Software License Terms page, review the terms, select the check box to accept the license agreement, and click Continue.

3.

On the Choose the Installation You Want page, click Basic or Advanced.

4.

Click Basic to install to the default location. To install to a different location, click Advanced, and then on the Data Location tab, specify the location you want to install to and finish the installation.

104

Chapter 3




Installing and Deploying Windows SharePoint Services 3.0

E XE RC I SE 3. 4 (continued)

5.

When Setup finishes, the screen prompts you to complete the configuration of your server. Ensure the Run the SharePoint Products and Technologies Configuration Wizard Now check box is selected.

6.

Click Close to start the configuration wizard.

Running the SharePoint Products and Technologies Configuration Wizard You use the SharePoint Products and Technologies Configuration Wizard to carry out basic tasks for the completion of your server deployment. The configuration wizard performs such functions as creating the configuration database, registering SharePoint services, installing a search instance, registering features, provisioning the SharePoint Central Administration web application, and creating sample data. In addition to using the wizard to perform the initial configuration, you can use the wizard at any time for tasks like the following: 

Identify missing components



Validate your configuration



Identify, repair, or reset security and low-level configuration settings

Installing WSS 3.0 on a Stand-Alone Computer

105

Running the SharePoint Products and Technologies Configuration Wizard in a singleserver environment installs all the components and features on a single computer under default settings. The wizard does not prompt you for any configuration settings or credentials. Instead, it uses default values to create the web application, core services, and standard security groups that are required to start Central Administration. You must successfully complete the configuration wizard to fi nish the server deployment and to access SharePoint Central Administration. Exercise 3.5 takes you through the steps to run the SharePoint Products and Technologies Configuration Wizard. EXERCISE 3.5

Running the SharePoint Products and Technologies Configuration Wizard 1.

On the Welcome to SharePoint Products and Technologies page, click Next.

2.

The next screen tells you that some services might need to be restarted or reset during configuration. Click Yes.

3.

On the Configuration Successful page, click Finish.

106

Chapter 3




Installing and Deploying Windows SharePoint Services 3.0

E XE RC I SE 3.5 (continued)

4.

Once the configuration wizard has closed, your WSS 3.0 site opens.

Performing Postinstallation Tasks At the conclusion of your installation, your browser window opens to the home page of your WSS 3.0 site at http://servername/default.aspx. Note that in our exercises, we are using Sytrain.com for our domain and WSS01 for our web server name. Even though you could start customizing or adding content to your site, we recommend that you check out and perform certain tasks, as described next.

Adding Your WSS 3.0 Site to the List of Trusted Sites If you are prompted for your username and password, you might need to add your WSS 3.0 site to the list of trusted sites. You might also need to configure user authentication settings in Internet Explorer. Exercise 3.6 takes you through the steps to add the WSS 3.0 site to your list of trusted sites. This same process can be used if you need to access other web pages on your server using Internet Explorer.

Installing WSS 3.0 on a Stand-Alone Computer

107

EXERCISE 3.6

Adding Your WSS 3.0 Site to the List of Trusted Sites 1.

If it ’s not already open, open Internet Explorer.

2.

Click Tools  Internet Options.

3.

Click the Security tab, and then select Trusted Sites in the Select a Zone to View or Change Security Settings box.

4.

Click Sites.

5.

Clear the Require Server Verification (https:) for All Sites in This Zone check box.

6.

In the Add This Website to the Zone text box, type the URL to your site and click Add.

7.

Click Close to close the Trusted Sites dialog box.

8.

Click OK to close the Internet Options dialog box.

Configuring Proxy Server Settings If you are using a proxy server in your organization, you may need to configure your proxy server settings so that local addresses bypass the proxy server. Exercise 3.7 takes you through configuring your proxy server settings. EXERCISE 3.7

Configuring Proxy Server Settings to Bypass the Proxy Server for Local Addresses 1.

In Internet Explorer, click Tools  Internet Options.

2.

Click the Connections tab, and in the Local Area Network (LAN) Settings area, click LAN Settings.

3.

In the Automatic Configuration section, clear the Automatically Detect Settings check box.

4.

In the Proxy Server section, select the Use a Proxy Server for Your LAN check box.

5.

Type the address of your proxy server in the Address box.

6.

Type the port number of your proxy server in the Port box.

7.

Select the Bypass Proxy Server for Local Addresses check box.

8.

Click OK to close the Local Area Network (LAN) Settings dialog box.

9.

Click OK to close the Internet Options dialog box.

108

Chapter 3




Installing and Deploying Windows SharePoint Services 3.0

Configuring the WID Management Interface If you are anything like us, you hate black boxes and the embedded data service of WID is just that. Even though it is indeed a SQL Server instance, it is quite confusing to manage as it does not appear as a SQL Server service; furthermore, there are no management tools included with your WSS 3.0 installation. You might not think that this is a concern and, if you are merely building and dismantling your WSS 3.0 stand-alone deployment, you are probably right. The databases are built and need little or no management. However, if you are using your stand-alone WSS 3.0 deployment to do more than develop and evaluate, and if you are indeed using it for a small production environment, you will need to get inside that black box to manage your database and transaction log size. However, keep in mind that Microsoft recommends that you not do any database administration beyond performing backups, moving, or shrinking the database fi les. With that in mind, we suggest that you install SQL Server Management Studio Express. You can download the fi le, SQLServer2005_SSMSEE.msi, at Microsoft’s site: www.microsoft .com/downloads/details.aspx?FamilyId=C243A5AE - 4BD1- 4E3D -94B8-5A0F62BF7796. After you install SQL Server Management Studio Express on the server running your WSS 3.0 deployment, you must register the instance using named pipes as this is the only configuration for connectivity. The server name you must use is \\.\pipe\ MSSQL$MICROSOFT##SSEE\sql\query, as shown in Figure 3.1.

F I G U R E 3 .1

Connecting to Windows Internal Database using named pipes

If you would rather not use a graphical interface, you can accomplish the same connection and management using the SQL Server 2005 command-line utility SQLCMD, which is a part of the SQL Server Express Utility available at www.microsoft.com/ downloads/details.aspx?FamilyID=fa87e828 -173f- 472e-a85c-27ed01cf6b02 . By default this tool is installed on your server at C:\Program Files\Microsoft SQL Server\90\Tools\ binn. To connect to the database instance, you must pass the instance name and your credentials: sqlcmd -S \\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query -E.

Installing WSS 3.0 on a Stand-Alone Computer

109

Configure Incoming Email Settings You can configure incoming email settings so that your WSS 3.0 sites accept and archive incoming email. Once you have configured your sites for incoming email, you are able to archive email discussions as they happen, save emailed documents, and show emailed meetings on your site calendars. Incoming email for WSS 3.0 uses the SMTP service. In Exercise 3.1, step 5, you installed the service as part of your IIS configuration. If you are using more than one web front end, such as in a server farm, you must install the SMTP service on each server that is used to receive and process incoming email. Once you’ve installed the SMTP service, you must configure it to accept relayed email from the mail server for the domain or from all servers except those you specifically exclude. Likewise, you could decide to block email from all servers except those you specifically include. As a local administrator on your server, you can configure the SMTP service using the steps in Exercise 3.8. EXERCISE 3.8

Configuring the SMTP Service 1. Click Start  Administrative Tools  Internet Information Services (IIS) Manager. 2. In IIS Manager, expand the server name that contains the SMTP server that you want to configure.

3. Right- click the SMTP virtual server that you want to configure and select Properties. 4. On the Access tab, in the Access Control section click Authentication. 5. In the Authentication dialog box, under Select Acceptable Authentication Methods for This Resource, verify that Anonymous Access is selected.

6. Click OK. 7. On the Access tab, in the Relay Restrictions section, click Relay. 8. To enable relaying from any server, under Select Which Computer May Relay Through This Virtual Server, select All Except the List Below.

9. To accept relaying from one or more specific servers, follow these steps: a.

Under Select Which Computer May Relay Through This Virtual Server, select Only the List Below.

b.

Click Add, and then add servers one at a time by IP address, or in groups by using a subnet or domain.

c.

Click OK to close the Computer dialog box.

10. Click OK to close the Relay Restrictions dialog box. 11. Click OK to close the Properties dialog box.

110

Chapter 3




Installing and Deploying Windows SharePoint Services 3.0

There may be other configurations that require working together with your Active Directory network administrator and email administrator to make certain that accounts have drop folder permissions and that the DNS records are in order for your mail server. Finally, as the WSS 3.0 administrator, you must configure incoming email settings in Central Administration using the steps in Exercise 3.9. EXERCISE 3.9

Configuring Incoming Email Settings in Central Administration 1.

Click Start  Administrative Tools  SharePoint 3.0 Central Administration.

2.

On the top navigation bar, click Operations.

3.

On the Operations page, in the Topology and Services section click Incoming E-mail Settings.

4.

If you want to enable sites on this server to receive email, on the Incoming E-mail Settings page, click Yes in the Enable Incoming E-mail section.

5.

Select either the Automatic or the Advanced settings mode.

Installing WSS 3.0 on a Stand-Alone Computer

111

6.

In the Directory Management Service section, if you do not want to use the Microsoft SharePoint Directory Management Service, click No. If you want to connect, click Yes.

7.

In the Incoming E-mail Server Display Address section, type a display name for your email server (for example, mail.sytrain.com ) in the E-mail Server Display Address text box.

8.

In the Safe E- Mail Servers section, select either Accept Mail from All E-mail Servers or Accept Mail from These Safe E-mail Servers. If you select the second option, type the IP addresses (one per line) of the email servers that you want to specify as safe in the corresponding box.

9.

Click OK.

Configuring Outgoing Email Settings You can also configure outgoing email settings so that your Simple Mail Transfer Protocol (SMTP) server sends email alerts to site users and notifications to site administrators. You are able to configure both the From and the Reply email addresses that appear in outgoing alerts. To enable outgoing email, let’s assume you’ve installed the Internet Information Services (IIS) SMTP service, and that you’ve configured it to allow anonymous access and to allow email messages to be relayed. If you want to be able to send messages to external email addresses, your SMTP server must have Internet access. As a WSS 3.0 administrator, your next step is to configure outgoing email settings in Central Administration. Exercise 3.10 takes you through the process.

112

Chapter 3




Installing and Deploying Windows SharePoint Services 3.0

E X E R C I S E 3 .1 0

Configuring Outgoing Email Settings in Central Administration 1.

Click Start  Administrative Tools  SharePoint 3.0 Central Administration.

2.

On the top navigation bar, click Operations.

3.

On the Operations page, in the Topology and Services section click Outgoing E-mail Settings.

4.

On the Outgoing E-mail Settings page, in the Mail Settings section, type the SMTP server name for outgoing email (for example, wss01.sytrain.com ) in the Outbound SMTP Server text box.

5.

In the From Address text box, type the email -friendly address as you want it to appear to email recipients (for example, [email protected]).

6.

In the Reply-to Address text box, type the email address to which you want email recipients to reply (for example, [email protected] ).

7.

In the Character Set menu, select the character set that is appropriate for your language (the default is Unicode UTF - 8).

8.

Click OK.

Installing WSS 3.0 on a Stand-Alone Computer

113

Configuring Diagnostic Logging Settings You can configure several diagnostic logging settings to help with troubleshooting. This includes enabling and configuring trace logs, event messages, user-mode error messages, and Customer Experience Improvement Program events. These topics are discussed in Chapter 11, “Monitoring Windows SharePoint Services.”

Configuring Antivirus Protection Settings You should install an antivirus program that is designed for Windows WSS 3.0. Antivirus settings enable you to control your documents. For example, you can configure antivirus setting to: 

Scan the documents that are uploaded to your WSS 3.0 sites



Scan documents your users download from your sites



Clean infected documents on your sites.

Creating SharePoint Sites When Setup fi nishes, you have a single web application that contains a single WSS 3.0 site collection that hosts a WSS 3.0 site. In Chapter 4, “Configuring the Windows SharePoint Services 3.0 Environment,” you will learn how you can create more site collections, sites, and web applications if needed for your topology.

Performing Administrator Tasks by Using the Central Administration Site The Central Administration site, created during the installation process, is the location where you, as a WSS 3.0 administrator, perform most of your tasks. Initially, you must check the services that are running in your installation. The home page also provides you with a list of some common tasks you need to perform, and offers links you can click to access the pages where you’ll configure them. Exercise 3.11 shows you the steps to get started with administrator tasks in Central Administration. E X E R C I S E 3 .11

Performing Administrator Tasks Using Central Administration 1.

Click Start  Administrative Tools  SharePoint 3.0 Central Administration.

2.

On the Central Administration home page, under Administrator Tasks click the name of the task you want to perform.

3.

On the Administrator Tasks page, to the right of Action, click the link for the task.

114

Chapter 3




Installing and Deploying Windows SharePoint Services 3.0

Installing WSS 3.0 in a Server Farm If you are hosting several sites, want to ensure performance and high availability, need the scalability of a multitier topology, or any combination of these, you should deploy WSS 3.0 in a server farm environment. In a server farm, you have one or more servers dedicated to running the WSS 3.0 application.

Remember, there is no direct upgrade from a stand -alone installation to a farm installation.

The deployment process has several more steps than the stand-alone installation, but is well worth the effort in giving you flexibility for now and the future. You will fi nd many of the steps the same or similar to the previous stand-alone installation. To keep the process easy to follow, let’s break it into two phases. The fi rst phase, which is covered in the following sections, consists of deploying and configuring the server infrastructure. The second phase (covered in Chapters 4 and 5) deploys and configures your WSS 3.0 site collections and sites. Phase 1 consists of the following steps: 

Verifying hardware and software requirements for WSS 3.0 servers



Preparing the database server and optionally preinstalling the databases



Running Setup on all the servers you want to include in your farm



Running the SharePoint Products and Technologies Configuration Wizard



Starting the WSS search service Phase 2 consists of these steps:



Creating and extending a web application



Creating site collections



Creating SharePoint sites

Verifying Hardware and Software Requirements Here is a quick refresher of the items you should verify: 

Make certain you’ve met all hardware and software requirements and configured everything as described in Chapter 2, “Integrating Windows SharePoint Services in the Network.”



It is a best practice to install WSS 3.0 on a newly configured server to avoid having files on the server that might conflict with the new installation. For example, if you choose to reinstall WSS 3.0 on a server where you have previously installed it, the

Installing WSS 3.0 in a Server Farm

115

Setup program could fail during the creation of the configuration database, which in turn causes the entire installation to fail. 

Always install all the current service packs and updates.



To use the administrative interface of WSS 3.0, Central Administration, you must have Internet Explorer 6. x with the most recent service packs, Internet Explorer 7. x, or Internet Explorer 8.



Prior to installing WSS 3.0, you must install and configure several more Windows components and services consumed by WSS 3.0 as explained in the following sections.

You must be using AD in your environment for your WSS 3.0 farm deployment. You cannot install WSS 3.0 in a farm on a Windows NT Server 4.0 domain.

Configuring the Server as a Web Server To deploy a server farm, you must have at least one server acting as both a web server and an application server, and another server as a database server. Since the database server configurations are not included in the 70 - 631 exam, we will limit our discussion to the changes necessary to the server holding WSS. You must configure your server as a web server. IIS is not installed or enabled by default on Windows Server 2003. To make your server a web server, you must install and enable IIS. You must also ensure that IIS is running in IIS 6.0 Worker Process Isolation mode. Exercise 3.12 takes you through the process of installing and configuring IIS. E X E R C I S E 3 .1 2

Installing and Configuring IIS 1.

Select Start  Control Panel, select Add or Remove Programs, and then click Add/ Remove Windows Components.

2.

Select Application Server and then click Details.

3.

Select the check box for ASP.NET. When you do, some other services become selected automatically—do not deselect them.

4.

Select Internet Information Services (IIS) (do not deselect the check box) and then click Details.

5.

Select the check box for SMTP Service. Click OK, and then click OK again.

6.

(Optional) Install the POP3 service:

a.

Select E-mail Services and then click Details.

b.

Click the POP3 Service check box and click OK.

116

Chapter 3




Installing and Deploying Windows SharePoint Services 3.0

E X E R C I S E 3 .1 2 ( c o n t i n u e d )

7. On the Windows Components screen, click Next. Windows installs the components; this process may take a few minutes.

8. On the Completing the Windows Components Wizard page, click Finish. 9. Close the Add or Remove Programs window. 10. Click Start  Administrative Tools  Internet Information Services (IIS) Manager. 11. In the IIS Manager tree, click the plus sign (+) next to your server name to expand the options under the server.

12. Right- click the Web Sites folder and then click Properties. 13. In the Web Sites Properties dialog box, click the Service tab. 14. In the Isolation Mode section, ensure that the Run WWW Service in IIS 5.0 Isolation Mode check box is cleared.

15. Click OK.

You only see the Run WWW Service in IIS 5.0 Isolation Mode check box selected if you have upgraded to IIS 6.0 on Windows Server 2003 from IIS 5.0 on Microsoft Windows 2000. By default, new installations of IIS 6.0 use IIS 6.0 Worker Process Isolation mode.

Installing the Microsoft .NET Framework 3.0 Your next step is to install Microsoft .NET Framework 3.0. This free download from Microsoft is available at http://go.microsoft.com/fwlink/?LinkID=72322&clcid=0x409. On the Microsoft .NET Framework 3.0 Redistributable Package page, follow the instructions for downloading and installing the .NET Framework 3.0. There are separate downloads for x86 -based computers and x64 -based computers, so be sure to download and install the appropriate version for your computer. As a best practice, you should also download any service packs or updates to the .NET Framework 3.0. The .NET Framework 3.0 download includes the Windows Workflow Foundation (WF) technology, which is necessary for your WSS 3.0 workflow features. Exercise 3.13 takes you through the process of installing Microsoft .NET Framework 3.0.

You can also use Microsoft .NET Framework 3.5, which you can download here: http://go.microsoft.com/fwlink/?LinkId=110508.

Installing WSS 3.0 in a Server Farm

117

E X E R C I S E 3 .1 3

Installing Microsoft .NET Framework 3.0 1.

Download Dotnetfx3.exe and the service pack file to a folder on your server.

2.

Double - click Dotnetfx3.exe to start the installation of the .NET Framework 3.0.

3.

Click “I have read and accept the terms of the License Agreement ” radio button and click Install.

4.

To check the progress of the install (it will take several minutes), you can click the Microsoft .NET Framework 3.0 Setup balloon.

5.

On the Setup Complete page, click Exit.

6.

If you have downloaded a service pack, also install it at this time by double - clicking the file.

Microsoft Windows WF is included with the .NET Framework 3.0; therefore, you no longer need to install it separately.

Enabling ASP.NET 2.0 You need to have ASP.NET 2.0 installed for the proper functioning of web content, the Central Administration website, and many other features and functions of WSS 3.0. Exercise 3.14 takes you through the steps to enable ASP.NET 2.0. E X E R C I S E 3 .1 4

Enabling ASP.NET 2.0 1.

Click Start  Administrative Tools  Internet Information Services (IIS) Manager.

2.

In the Internet Information Services tree, click the plus sign (+) next to your server name.

3.

Click the Web Service Extensions folder.

4.

In the details pane, click ASP.NET v2.0.50727. If the Status column reads Prohibited, click the Allow button to the left to change the status to Allow.

118

Chapter 3




Installing and Deploying Windows SharePoint Services 3.0

Installing and Configuring WSS 3.0 on All Servers in the Farm Your next step is to run the WSS 3.0 Setup program followed by the SharePoint Products and Technologies Configuration Wizard on all your farm servers. You can add servers to your farm at any time to provide high availability and performance.

It is a best practice to run the WSS 3.0 Setup program on all the servers that will be in the farm before you start configuring the farm.

Installing WSS 3.0 on your fi rst server establishes your farm. Any additional servers that you add must be joined to this farm. When you set up the fi rst server on the farm, you are actually performing two steps. The fi rst step is installing the components of WSS 3.0 on the server. The second step is configuring the farm. At the conclusion of the Setup program, you must also run the SharePoint Products and Technologies Configuration Wizard, which installs and configures the WSS 3.0 configuration database, installs WSS 3.0 services, and creates the Central Administration website.

Installing WSS 3.0 on the First Server Make certain you have SQL Server running on at least one of your back- end database servers before you begin installing WSS 3.0 on your farm servers. WSS 3.0 is available to install as a component of Windows Server 2003, using Control Panel  Add or Remove Programs and selecting Add/Remove Windows Components. A better solution, however, is to download the executable, SharePoint.exe, free with Service Pack 2 from Microsoft’s download site at www.microsoft.com/Downloads/details. aspx?FamilyID=ef93e453 -75f1- 45df-8c6f- 4565e8549c2a&displaylang=en.

The WSS 3.0 Setup program installs the Central Administration website on the first server on which you run the program. Therefore, make certain your first server is the one on which you want to run the Central Administration website.

Exercise 3.15 takes you through the steps of the Setup program.

Installing WSS 3.0 in a Server Farm

E X E R C I S E 3 .1 5

Installing WSS 3.0 on the First Server 1.

Double - click SharePoint.exe to begin the installation program.

2.

On the Read the Microsoft Software License Terms page, review the terms, select the check box to accept the license agreement, and click Continue.

3.

On the Choose the Installation You Want page, click Advanced.

4.

On the Server Type tab, click Web Front End.

119

120

Chapter 3




Installing and Deploying Windows SharePoint Services 3.0

5.

If you decide to install the files at a custom location, select the Data Location tab and either type or browse to the location.

6.

Once you have selected your options, click Install Now.

7.

When Setup finishes, the screen prompts you to complete the configuration of your server. Ensure the Run the SharePoint Products and Technologies Configuration Wizard Now check box is selected.

8.

Click Close to start the configuration wizard.

At this point, you have installed only the binaries. You have not installed any databases, nor have any modifications been made to IIS. Your next step is to run the SharePoint Products and Technologies Wizard.

Running the SharePoint Products and Technologies Configuration Wizard You must use the SharePoint Products and Technologies Configuration Wizard to carry out basic tasks for the completion of your server deployment. In addition to using the wizard to perform the initial configuration, you can use it at any time for tasks like the following: 

Identify missing components



Validate your configuration



Identify, repair, or reset security and low-level configuration settings

You must successfully complete the configuration wizard to fi nish the server deployment and to access SharePoint Central Administration.

Installing WSS 3.0 in a Server Farm

121

During this process you will be asked to enter the name of the server farm account. You use this account to access your SharePoint configuration database. This is also the application pool identity account for the SharePoint Central Administration application pool as well as the account that runs the WSS Timer service. The SharePoint Products and Technologies Configuration Wizard automatically adds this account to the SQL Server Logins, the SQL Server Database Creator server role, and the SQL Server Security Administrators server role. Unless your web front- end server is in a workgroup in a perimeter network, this service account must be a domain user account. Exercise 3.16 takes you through the steps to run the SharePoint Products and Technologies Configuration Wizard. E X E R C I S E 3 .1 6

Running the SharePoint Products and Technologies Configuration Wizard 1.

On the Welcome to SharePoint Products and Technologies page, click Next.

2.

On the screen that notifies you that some services might need to be restarted or reset during configuration, click Yes.

3.

On the Connect to a Server Farm page, click “No, I want to create a new server farm,” and then click Next.

122

Chapter 3




Installing and Deploying Windows SharePoint Services 3.0

4.

On the Specify Configuration Database Settings screen, in the Database Server text box, type the name of the computer that is running SQL Server.

5.

Type a name for your configuration database in the Database Name text box, or use the default name, SharePoint_Config.

6.

In the Username text box, type the username of the server farm account using the

DOMAIN\username format. 7.

In the Password text box, type the user ’s password, and click Next.

Installing WSS 3.0 in a Server Farm

123

8. On the Configure SharePoint Central Administration Web Application page, select the Specify Port Number check box. If you want the SharePoint Central Administration web application to use a specific port, type it in; otherwise, leave the check box cleared.

9. On the Configure SharePoint Central Administration Web Application screen, do one of the following:


If you want to use NTLM authentication (the default), click Next.




If you want to use Kerberos authentication, click Negotiate (Kerberos), and then click Next. Note: You should select Negotiate (Kerberos) only if it is already supported within your environment.

10. On the Completing the SharePoint Products and Technologies Configuration Wizard page, click Next.

124

Chapter 3




Installing and Deploying Windows SharePoint Services 3.0

11. On the Configuration Successful page, click Finish. 12. The SharePoint Central Administration website home page opens.

Installing WSS 3.0 in a Server Farm

125

Adding the Central Administration Website to the List of Trusted Sites If you are prompted for your username and password, you might need to add the SharePoint Central Administration site to the list of trusted sites and configure user authentication settings in Internet Explorer. Exercise 3.17 takes you through the steps of adding the Central Administration site as a trusted site. E X E R C I S E 3 .17

Adding the Central Administration Website as a Trusted Site 1.

If it ’s not already open, open Internet Explorer.

2.

Click Tools  Internet Options.

3.

Click the Security tab and then select Trusted Sites in the Select a Zone to View or Change Security Settings box.

4.

Click Sites.

5.

Clear the Require Server Verification (https:) for All Sites in This Zone check box.

6.

In the Add This Website to the Zone text box, type the URL to your Central Administration website and click Add.

7.

Click Close to close the Trusted Sites dialog box.

8.

Click OK to close the Internet Options dialog box.

Configuring Proxy Server Settings If you are using a proxy server in your organization, you may need to configure your proxy server settings so that local addresses bypass the proxy server. Exercise 3.18 takes you through the process of configuring your proxy server settings. E X E R C I S E 3 .1 8

Configuring Proxy Server Settings to Bypass the Proxy Server for Local Addresses 1.

In Internet Explorer, click Tools  Internet Options.

2.

Click the Connections tab, and in the Local Area Network (LAN) Settings area, click LAN Settings.

3.

In the Automatic Configuration section, clear the Automatically Detect Settings check box.

126

Chapter 3




Installing and Deploying Windows SharePoint Services 3.0

E X E R C I S E 3 .1 8 ( c o n t i n u e d )

4.

In the Proxy Server section, select the Use a Proxy Server for Your LAN check box.

5.

Type the address of your proxy server in the Address text box.

6.

Type the port number of your proxy server in the Port box.

7.

Select the Bypass Proxy Server for Local Addresses check box.

8.

Click OK to close the Local Area Network (LAN) Settings dialog box.

9.

Click OK to close the Internet Options dialog box.

Adding Servers to the Farm As a best practice, install and configure WSS 3.0 on all of your farm servers before you configure WSS 3.0 services and create your sites. You must have at least one database server running SQL Server before you install WSS 3.0 on your farm servers.

Microsoft warns that uninstalling WSS 3.0 from your first farm server might create problems within the farm.

Exercise 3.19 takes you through the steps of running the Setup program on additional servers. E X E R C I S E 3 .1 9

Installing WSS 3.0 on Additional Servers 1.

Double - click SharePoint.exe to begin the installation program.

2.

On the Read the Microsoft Software License Terms page, review the terms, select the check box to accept the license agreement, and click Continue.

3.

On the Choose the Installation You Want page, click Advanced.

4.

On the Server Type tab, click Web Front End.

5.

If you decide to install the files at a custom location, select the Data Location tab and either type or browse to the location.

6.

Once you have selected your options, click Install Now.

7.

When Setup finishes, you’re prompted to complete the configuration of your server. Ensure the Run the SharePoint Products and Technologies Configuration Wizard Now check box is selected.

8.

Click Close to start the configuration wizard.

Installing WSS 3.0 in a Server Farm

127

Running the SharePoint Products and Technologies Configuration Wizard on Additional Servers You need to complete the configuration by running the SharePoint Products and Technologies Configuration Wizard. On the additional web servers, the wizard completes the installation of the WSS 3.0 services and installs and configures the configuration database. Exercise 3.20 takes you through the steps to run the SharePoint Products and Technologies Configuration Wizard. EXERCISE 3.20

Running the SharePoint Products and Technologies Configuration Wizard 1.

On the Welcome to SharePoint Products and Technologies page, click Next.

2.

On the screen that notifies you that some services might need to be restarted or reset during configuration, click Yes.

3.

On the Connect to a Server Farm page, click Yes, I Want to Connect to an Existing Server Farm, and then click Next.

4.

On the Specify Configuration Database Settings screen, in the Database Server text box type the name of your SQL Server database server.

5.

Click Retrieve Database Names. From the Database Name list, select the configuration database name you created when you configured the first server in your farm.

6.

In the Username text box, type the username of the account used to connect to your SQL Server using the same user account you used when configuring the first web server.

7.

In the Password text box, type the password, and click Next.

8.

On the Completing the SharePoint Products and Technologies Configuration Wizard page, click Next.

9.

On the Configuration Successful page, click Finish.

Starting the WSS 3.0 Search Service On every server that you want to search content, you must start the WSS 3.0 search service. You must start this service on at least one of your servers. Exercise 3.21 shows the steps.

128

Chapter 3




Installing and Deploying Windows SharePoint Services 3.0

E XE RCISE 3. 21

Starting the WSS Search Service 1.

Open the SharePoint Central Administration home page at http://servername: portnumber/default.aspx or by clicking Start  Administrative Tools  SharePoint 3.0 Central Administration.

2.

On the top navigation bar, click the Operations tab.

3.

On the Operations page, in the Topology and Services section click Servers in Farm.

4.

On the Servers in Farm page, click the server on which you want to start the WSS search service.

5.

Next to Window SharePoint Services Search, click Start.

Installing WSS 3.0 in a Server Farm

129

6.

On the Configure Windows SharePoint Services Search Service Settings page, in the Service Account section, type the username and password for the user account you created to run the search service.

7.

In the Content Access Account section, type the username and password for the user account you created for the search service to use for searching over content. This is the account that must have read access to all the content you want searched. If you do not enter credentials, the search service account will be used.

8.

In the Indexing Schedule section, you can choose to accept the default settings or define your own schedule for searching content.

9.

After you have configured all the settings, click Start.

Chapter 3

130




Installing and Deploying Windows SharePoint Services 3.0

Performing Postinstallation Tasks Now that you have installed and configured the initial web front- end servers and database servers for your farm, you can continue with further configurations for WSS incoming and outgoing email, diagnostic logging, and antivirus settings.

Configuring Incoming Email Settings You can configure incoming email settings so that your WSS 3.0 sites accept and archive incoming email. Once you have configured your sites for incoming email, you are able to archive email discussions as they happen, save emailed documents, and show emailed meetings on your site calendars. Incoming email for WSS 3.0 uses the SMTP service. In Exercise 3.1, step 5, you installed the service as part of your IIS configuration. If you are using more than one web front end, such as in a server farm, you must install the SMTP service on each server that is used to receive and process incoming email. Once you install the SMTP service, you must configure it to accept relayed email from the mail server for the domain or from all servers except those you specifically exclude. Likewise, you could decide to block email from all servers except those you specifically include. As a local administrator on your server you can configure the SMTP service using the steps in Exercise 3.22. EXERCISE 3.22

Configuring the SMTP Service 1.

Click Start  Administrative Tools  Internet Information Services (IIS) Manager.

2.

In IIS Manager, expand the server name that contains the SMTP server that you want to configure.

3.

Right- click the SMTP virtual server that you want to configure and select Properties.

4.

On the Access tab, in the Access Control section click Authentication.

5.

On the Authentication screen, under Select Acceptable Authentication Methods for This Resource, verify that Anonymous Access is selected.

6.

Click OK.

7.

On the Access tab, in the Relay Restrictions section click Relay.

8.

To enable relaying from any server, under Select Which Computer May Relay Through This Virtual Server, select All Except the List Below.

9.

To accept relaying from one or more specific servers, follow these steps:

a.

Under Select Which Computer May Relay Through This Virtual Server, select Only the List Below.

Installing WSS 3.0 in a Server Farm

131

b.

Click Add, and then add servers one at a time by IP address, or in groups by using a subnet or domain.

c.

Click OK to close the Computer dialog box.

10. Click OK to close the Relay Restrictions dialog box. 11. Click OK to close the Properties dialog box.

There may be other configurations that require working together with your AD network administrator and Exchange administrator to make certain that accounts have drop folder permissions and the DNS records are in order for your mail server. Finally, as the WSS 3.0 administrator, you must configure incoming email settings in Central Administration using the steps in Exercise 3.23. EXERCISE 3.23

Configuring Incoming Email Settings in Central Administration 1.

Click Start  Administrative Tools  SharePoint 3.0 Central Administration.

2.

On the top navigation bar, click Operations.

3.

On the Operations page, in the Topology and Services section, click Incoming E-mail Settings.

4.

If you want to enable sites on this server to receive email, on the Incoming E-mail Settings page click Yes in the Enable Incoming E-mail section.

5.

Select either the Automatic or the Advanced Settings mode.

6.

In the Directory Management Service section, if you do not want to use the Microsoft SharePoint Directory Management Service, click No. If you do, click Yes.

7.

In the Incoming E-mail Server Display Address section, type a display name for your email server (for example, mail.sytrain.com) in the E-mail Server Display address box.

8.

In the Safe E-mail Servers section, select either Accept Mail from All E-mail Servers or Accept Mail from These Safe E-mail Servers. If you select the second option, type the IP addresses (one per line) of the email servers that you want to specify as safe in the corresponding box.

9.

Click OK.

Configuring Outgoing Email Settings You can also configure outgoing email settings so that your SMTP server sends email alerts to site users and notifications to site administrators. You are able to configure both the From and the Reply email addresses that appear in outgoing alerts.

132

Chapter 3




Installing and Deploying Windows SharePoint Services 3.0

To enable outgoing email, we assume you have installed the IIS SMTP service and that you’ve configured it to allow anonymous access and to allow email messages to be relayed. If you want to be able to send messages to external email addresses, your SMTP server must have Internet access. As a WSS 3.0 administrator your next step is to configure outgoing email settings in Central Administration. Exercise 3.24 takes you through this process. EXERCISE 3.24

Configuring Outgoing Email Settings in Central Administration 1.

Click Start  Administrative Tools  SharePoint 3.0 Central Administration.

2.

On the top navigation bar, click Operations.

3.

On the Operations page, in the Topology and Services section, click Outgoing E-mail Settings.

4.

On the Outgoing E-mail Settings page, in the Mail Settings section, type the SMTP server name for outgoing email (for example, wss01.sytrain.com ) in the Outbound SMTP Server text box.

5.

In the From Address text box, type the email -friendly address as you want it to appear to email recipients (for example, [email protected]).

6.

In the Reply-to Address text box, type the email address to which you want email recipients to reply (for example, [email protected]).

7.

In the Character Set menu, select the character set that is appropriate for your language (the default is Unicode UTF - 8).

8.

Click OK.

Configuring Diagnostic Logging Settings You can configure several diagnostic logging settings to help with troubleshooting. This includes enabling and configuring trace logs, event messages, user-mode error messages, and Customer Experience Improvement Program events. Chapter 11 examines these topics.

Configuring Antivirus Protection Settings You should install an antivirus program that is designed for WSS 3.0. Antivirus settings enable you to control your documents. For example, you can configure antivirus setting to: 

Scan the documents that are uploaded to your WSS 3.0 sites



Scan documents your users download from your sites



Clean infected documents on your sites

Reviewing the Installation

133

Performing Administrator Tasks by Using the Central Administration Site The Central Administration site, created during the installation process, is where you, as a WSS 3.0 administrator, perform most of your tasks. Initially, you must check the services that are running in your installation. The home page also provides you with a list of some common tasks you need to perform and offers links you can click to access the pages where you’ll configure them. Exercise 3.25 shows you the steps to get started with administrator tasks in Central Administration. EXERCISE 3.25

Performing Administrator Tasks Using Central Administration 1.

Click Start  Administrative Tools  SharePoint 3.0 Central Administration.

2.

On the Central Administration home page, under Administrator Tasks click the name of the task you want to perform.

3.

On the Administrator Tasks page, to the right of Action, click the link for the task.

The WSS 3.0 installation and configurations tasks are now complete. However, unlike with the stand-alone installation, you still need to create a web application and then configure it according to your topology plan. We are going to leave the discussion of deploying and configuring web applications, site collections, and sites to our next two chapters, where you will build on the components of your deployment to make your WSS 3.0 implementation a reality.

Reviewing the Installation Your installation of WSS 3.0 has modified many systems on your farm servers. Before we travel any further, let’s take a look at what has been added, changed, or touched. On the web front- end servers: 

File system



Registry



IIS On the database servers:



Databases

134

Chapter 3




Installing and Deploying Windows SharePoint Services 3.0

Creating and Maintaining Installation and Configuration Documentation One of the items most useful in the WSS 3.0 intranet migration we mentioned in Chapter 2 was keeping our documentation updated. The installation metrics, accounts, passwords, and configurations were all documented on an ongoing basis. If we found a particular behavior that we wanted to change in the site, we could easily go back to the documentation and look at the how, why, and when of the original configuration. An excellent example of how this process helped us was when we needed to modify security for our web application when a request came in for a set of users to be denied access. A first thought to accomplish this task was to change permissions for this particular group of users; however, in reviewing our security schema, we recalled we set up a policy for our web application in Central Administration. Therefore, to be efficient and correctly apply security, we needed to go back to the policy and revise it for the given set of users. Having the documentation at hand kept us from compromising our original security plan. There were other times as changes were required to the initial topology that we did not immediately remember why we had configured a process in a particular manner. Our configuration document kept us on track; sometimes to the point of keeping us from breaking a part of the installation we had previously tuned perfectly when someone asked for a new feature! We used a companywide document that was created for IT installations; however, if your company does not have such a document or form, just create one of your own. The important point is to be vigilant in its upkeep.

Inspecting the File System Changes WSS 3.0 installation has created a folder that contains critical setup fi les that you might need to rerun, such as fi les for reconfiguring or patching WSS. This folder is stored in C:\Program Files\MSECache\wssv3. The WSS 3.0 fi les that are global for the installation as well as the fi les specific to applications are contained in a location that is often referenced as the 12 hive. It holds the binaries for WSS 3.0. This is the default location that you chose at installation: C:\Program Files\Common Files\Microsoft Shared\web server extensions\12. Figure 3.2 shows the location of the 12 hive.

Reviewing the Installation

FIGURE 3.2

135

The 12 hive

The 12 hive contains several folders of interest to WSS 3.0 administrators and developers. For example, the Site Templates folder contains the necessary fi les to create WSS sites, the Layouts folder contains pages used for administrative maintenance of WSS, and the Images folder contains images that are addressable from any site. The 12 hive also contains many language-specific fi les that are stored in folders identified by their locale identifiers. For example, 1033 is EN-US or US English.

Reviewing Registry Entries When you ran the configuration wizard, you created many hundreds of Registry entries for DLLs, services, and features of WSS 3.0. As an example, the WSS 3.0 installer makes most of its entries to the Registry under HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\12.0, as shown in Figure 3.3. FIGURE 3.3

WSS 3.0 Registry entries

136

Chapter 3




Installing and Deploying Windows SharePoint Services 3.0

The configuration wizard also makes several entries; however, its entries are spread throughout the Registry.

Examining IIS Changes IIS changes include a website and application pool for SharePoint Central Administration, as shown in Figure 3.4. FIGURE 3.4

SharePoint Central Administration application pool and website in IIS

As you extend your business processes and your WSS 3.0 topology, you can create new websites and new application pools.

Viewing Database Changes Whether you deployed WSS 3.0 using a stand-alone or farm installation, several SQL Server databases were created. Figure 3.5 shows the farm installation, which includes the WSS 3.0 configuration database, Sharepoint_Config. You also see the Central Administration content database, SharePoint_AdminContent, and the search content database, WSS_Search. There is only one configuration database per farm. This database provides a centralized storage area for farm structure information as well as job parameters for the timer service. The Central Administration content database stores information related to document libraries, lists, tasks, and other content for the application that hosts the Central Administration site. The search database contains data related to and created during the search indexing process. It also stores the metadata related to the data. As you create more web applications for your implementation, additional databases will be added. Every WSS 3.0 web application requires at least one content database; however, you can also configure one for every site collection within the web application. Also notice the domain accounts you used for installation have also been added as SQL Server security login accounts. If you had used SQL Server authentication for your security provider, you would have had to create these accounts with the appropriate permission sets.

Exam Essentials

FIGURE 3.5

137

SQL Sever database changes

Summary In this chapter we explored the security account requirements and steps to complete a WSS 3.0 installation. You learned how to create and implement security account and extranet environment requirements, and how to install and configure WSS 3.0 on a stand-alone computer and in a server farm. You also saw how to examine the changes your WSS 3.0 installation creates on your web front- end and database servers.

Exam Essentials Know how to implement security requirements. Understand the accounts necessary for deploying WSS 3.0 stand-alone and server farm deployments. Know the required permissions for each. Understand the security requirements particular to extranet deployments. Be able to install WSS 3.0 on a stand-alone server. Know the hardware and software requirements as well as the installation steps. Understand the database implementation used. Be familiar with the postinstallation procedures.

138

Chapter 3




Installing and Deploying Windows SharePoint Services 3.0

Know how to install WSS 3.0 in a server farm. Know the hardware and software requirements. Be familiar with the steps for installing and configuring WSS 3.0 on the fi rst and additional web front- end servers. Understand the database implementation. Know how to start the search service and the postinstallation procedures. Understand SharePoint Central Administration. Know the additional steps to create Central Administration in the farm installation. Know how to access this feature, and understand how WSS 3.0 uses Central Administration. Know the steps for postinstallation services in Central Administration. Understand the configuration changes created by deploying WSS 3.0. Know what has changed on the web front- end fi le system, Registry, and IIS. Know the changes made to the SQL Server databases and logins.

Review Questions

139

Review Questions 1.

You are the WSS 3.0 administrator for your organization. You are preparing to deploy WSS 3.0 on a server whose operating system is Windows Server 2003 Web Edition. You have installed all service packs and prerequisite files and are ready to start the WSS 3.0 installation. Which installation option should you choose? A. Basic installation as a front- end web server

2.

B.

Advanced installation as a front- end web server

C.

Basic installation as a stand-alone server

D.

Advanced installation as a stand-alone server

You are the WSS 3.0 administrator for your organization. Your company recently acquired another company that has a Windows Server 2003 already running WSS 3.0. You need to use this server, install a clean copy of WSS 3.0, and add this server to your farm. What should you do before you install a clean copy of WSS 3.0 on this server? A. Perform a clean install of Windows Server 2003.

3.

B.

Uninstall WSS 3.0.

C.

Delete all WSS 3.0 sites.

D.

Uninstall Central Administration.

You are the WSS 3.0 administrator for your organization. You want to install WSS 3.0 on a server named WSS01 as a stand-alone server. WSS01 has the following software installed:


Windows Server 2003 Standard Edition with Service Pack 2




.NET Framework 3.0




Internet Information Server 6.0




Simple Mail Transport Protocol

What should you do to prepare WSS01 for WSS 3.0? (Choose all that apply.) A. Uninstall the .NET Framework 3.0.

4.

B.

Install the .NET Framework 2.0.

C.

Install ASP.NET and enable ASP.NET 2.0.

D.

Install SQL Server 2005 with Service Pack 2.

You are the WSS 3.0 administrator for your organization. You have just successfully installed WSS 3.0 on your web front- end server, WSS01. You have chosen to use the default location for the installed files. You need to review the installed files. What should you do? A. Open C:\Program Files\Common Files\Windows SharePoint Services\12. B.

Open C:\Program Files\Common Files\Microsoft Shared\web server extensions\60.

C.

Open C:\Program Files\Common Files\ Windows SharePoint Services\60.

D.

Open C:\Program Files\Common Files\Microsoft Shared\web server extensions\12.

Chapter 3

140

5.




Installing and Deploying Windows SharePoint Services 3.0

You are the WSS 3.0 administrator for your organization. You want to install WSS 3.0 on a server named WSS02 as a web front- end server in a farm environment. WSS02 has met all the hardware requirements and has the following software installed:


Windows Server 2003 Web Edition with Service Pack 2




.NET Framework 2.0




Internet Information Server 6.0 configured with WWW, common files, and SMTP




ASP.NET 2.0 enabled

What should you do to prepare WSS01 for WSS 3.0? (Choose all that apply.) A. Uninstall SMTP.

6.

B.

Upgrade Windows Server 2003 Web Edition to Windows Server 2003 Standard Edition.

C.

Install the .NET Framework 3.0.

D.

Install SQ Server 2005 with Service Pack 2.

You are the WSS 3.0 administrator for your organization. You want to install WSS 3.0 on a Windows Server 2003 Standard Edition server, WSS01, which has met all the hardware and software requirements. Initially WSS01 will be your only server with WSS 3.0 installed; however, you want to add more WSS servers in the future. You want to choose the installation option so that you can add more web servers without uninstalling WSS 3.0 from WSS01. What should you do? A. Choose the Basic installation.

7.

B.

Choose the Advanced installation and then select Web Front End as the server type.

C.

Choose the Advanced installation and then select Stand-Alone as the server type.

D.

Choose the Basic installation and then select Stand-Alone as the server type.

You are the WSS 3.0 administrator for your organization. You are in the process of installing WSS 3.0 on your Windows Server 2003 server. You are ready to enable ASP.NET 2.0. Which of the following steps should you use to complete this process? (Choose two. Each is a part of the solution.) A. Right- click the Web Service Extensions folder and select Properties.

8.

B.

Click the Web Service Extensions folder to select it.

C.

In the details pane, right- click ASP.NET v2.0.50727, and click Enable.

D.

In the details pane, click ASP.NET v2.0.50727, and click Allow.

You are the WSS 3.0 administrator for your organization. You are in the process of configuring WSS on a new server farm. You are on the Configure SharePoint Central Administration Web Application page. Which two of the following are options that are available for you to configure on this page? A. Specify the port number. B.

Specify the access account password.

C.

Configure security settings.

D.

Specify the database server name.

Review Questions

141

9. You are the WSS 3.0 administrator for your organization. You have just completed installing WSS 3.0 on WSS01, the first server in your server farm. What web page opens at the end of the installation for you to configure next? A. The home page of the WSS01 site B.

The home page of the SharePoint Central Administration site

C.

The Configure Your Server page

D.

The Search configuration screen

10. You are the WSS 3.0 administrator for your organization. You have deployed WSS 3.0 in a small farm topology. Users have informed you that they are getting no results when they search the WSS 3.0 sites on WSS01. What should you do? A. Open Windows Components on WSS01 and reinstall WSS 3.0. B.

Open Central Administration, and on the Operations page under Topology and Services, select WSS01 and start the search service.

C.

Open Central Administration, and on the Application Management page under Topology and Services, select WSS01 and start the search service.

D.

Open Central Administration, and on the Home page under Administrator Tasks, select WSS01 and start the search service.

11. You are the WSS 3.0 administrator for your organization. You are deploying your web front- end server in a perimeter domain network. Your back- end database server is a member of your internal corporate domain. What should you do to configure security? A. Set up a two -way trust between the two domains. B.

Make the perimeter domain a child of the corporate domain.

C.

Set up a one-way trust between the two domains so that the perimeter domain trusts the corporate domain.

D.

Set up a one-way trust between the two domains so that the corporate domain trusts the perimeter domain.

12. You are the WSS 3.0 administrator for your organization. You have deployed a WSS 3.0 farm. You have configured and started the search components. Users are complaining that unpublished versions of their documents are showing up in the searches. What should you do? A. Change the security on the search accounts so they are not members of the farm administrators group. B.

Delete the search content access account.

C.

Change the security on the search accounts so they are not members of the database server administrators group.

D.

Change the security on the search service account so it only has write access to the web application content databases.

Chapter 3

142




Installing and Deploying Windows SharePoint Services 3.0

13. You are the WSS 3.0 administrator for your organization. You have configured WSS 3.0 with an extranet environment. Your corporate network is an Active Directory domain. Your back- end database server is a member of the corporate network and is used for other applications. Your web front ends are in a workgroup in the perimeter network. You need to enable your web front- end servers and database server to communicate using the least amount of administration and hardware while still maintaining security. What should you do? A. Create a domain in the perimeter network for the web front- end servers. B.

Move the web front- end servers into the internal corporate domain.

C.

Install a new database server in the perimeter network just for WSS 3.0.

D.

Configure the database server for mixed mode, SQL, and Windows authentication. Use SQL authentication to communicate with the web front- end servers.

14. You are the WSS 3.0 administrator for your organization. You are deploying WSS3.0 on three web front- end servers: WSS01, WSS02, and WSS03. You want to ensure the Central Administration web application is installed on WSS02. What should you do? A. Install WSS 3.0 on WSS01 as the first server in the farm and WSS02 and WSS03 as additional servers. B.

Install WSS 3.0 on WSS02 as the first server in the farm and WSS03 and WSS01 as additional servers.

C.

Install WSS 3.0 on WSS03 as the first server in the farm and WSS01 and WSS02 as additional servers.

D.

Install WSS 3.0 on WSS01, WSS02, and WSS03 as the first server in the farm and then join the farms.

15. You are the WSS 3.0 administrator for your organization. As part of your deployment you need to ensure Workflow Foundation (WF) is included as part of the installation. What should you do? A. Download the workflow samples from the Microsoft site. B.

Ensure the .NET Framework 3.0 is installed.

C.

Ensure WF.msi is installed.

D.

Ensure WSS 3.0 Service Pack 1 is installed.

16. You are the WSS 3.0 administrator for your organization. You have deployed WSS 3.0 using a server farm installation with two web front- end servers, WSS01 and WSS02. You need to ensure ASP.NET 2.0 is enabled. What should you do? (Choose all that apply.) A. Open the IIS Manager, select WSS01, and ensure Allow is selected for ASP.NET v2.0.50727. B.

Open the DNS Manager, select WSS01, and ensure Allow is selected for ASP.NET v2.0.50727.

C.

Open the DNS Manager, select WSS02, and ensure Allow is selected for ASP.NET v2.0.50727.

D.

Open the IIS Manager, select WSS02, and ensure Allow is selected for ASP.NET v2.0.50727.

Review Questions

143

17. You are the WSS 3.0 administrator for your organization. You need to check the Central Administration application pool identity account for your WSS 3.0 server farm installation. What should you do? A. Open SharePoint Central Administration. B.

Open IIS.

C.

Open DNS.

D.

Open Active Directory Users and Computers.

E.

Open the SQL Server Surface Area Configuration tool.

18. You are the WSS 3.0 administrator for your organization. You have deployed WSS 3.0 in a server farm environment. Every time you try to access the Central Administration website, you are asked to log in again. You do not want to log in a second time. What should you do? A. Add the Central Administration site to your list of trusted sites in the Internet Explorer browser. B.

Add the Central Administration site to your list of restricted sites in the Internet Explorer browser.

C.

Nothing; you must always log in twice.

D.

Add the Central Administration site to your list of trusted sites in your Firefox browser.

19. You are the WSS 3.0 administrator for your organization. You have deployed WSS 3.0 on a single web server. You want to configure incoming email. What should you do? (Choose all that apply. Each answer is part of the solution.) A. Configure the SMTP service in IIS. B.

On the Operations page in Central Administration, configure incoming email settings.

C.

Configure SMTP service in DNS.

D.

On the Operations page in Central Administration, configure outgoing email settings.

20. You are the WSS 3.0 administrator for your organization. You have just completed your server farm installation of WSS 3.0. You have started the search service. Your web frontend server is named WSS01. You want to review the database changes on your back- end database server. What databases should you look for? (Choose all that apply.) A. SharePoint configuration database B.

Central Administration content database

C.

WSS01 content database

D.

Central Administration configuration database

E.

Search database

144

Chapter 3




Installing and Deploying Windows SharePoint Services 3.0

Answers to Review Questions 1. B. You should install WSS 3.0 using the Advanced installation as a front-end web server. You cannot install SQL Server on Windows Server 2003 Web Edition; therefore, you must install WSS as a front-end web server. Only the Advanced installation option has this feature. 2. A. You should install a clean copy of Windows Server 2003. This alleviates any remaining fi les or configurations from the original installation of WSS that you want to replace. 3. C. You should install ASP.NET and enable ASP.NET 2.0. You should not uninstall the .NET Framework 3.0 since it is necessary for WSS 3.0. It is not necessary to install SQL Server 2005 with Service Pack 2 since WSS 3.0 will create a Windows Internal Database on the server. 4. D. You should open the folder C:\Program Files\Common Files\Microsoft Shared\ web server extensions\12. This is the location commonly called the “12 hive,” which contains all the installation fi les for WSS 3.0. The other locations are not correct. 5. C. You should install the .NET Framework 3.0. You should not uninstall SMTP. You cannot upgrade Windows Server 2003 Web Edition to Standard Edition, and it is not necessary since the Web edition is fi ne for a front-end web server. You cannot install SQL Server 2005 on the Web edition of Windows Server 2003. 6. B. You should choose the Advanced installation and then select Web Front End as the server type. With this option, you can use either WSS01 or another server to hold the SQL Server databases created during the WSS 3.0 installation. The Basic installation and Advanced installation using the Stand-Alone option cannot be used to upgrade to a server farm environment. 7. B, D. You should fi rst click the Web Service Extensions folder to select it. Then in the details pane, you should click ASP.NET v2.0.50727, and click Allow. 8. A, C. On the Configure SharePoint Central Administration Web Application page, you can specify the port number for the web application and configure the security settings by either choosing NTLM or Kerberos. 9. B. The home page of the SharePoint Central Administration site opens at the end of the installation of WSS 3.0 on the fi rst web server for your farm. No other web applications have been created at this point. 10. B. You should open Central Administration, and on the Operations page under Topology and Services, select WSS01 and start the search service. No results are displaying because the search service has not been started on WSS01. 11. C. You should set up a one-way trust between the two domains so that the perimeter domain trusts the corporate domain. The other options will not satisfy the required security necessary for communication between the two domains. 12. A. You should change the security on the search accounts so they are not members of the farm administrators group. The WSS 3.0 search account should only have read access to the farm and the search content access account should only have read/write access to the content databases it is searching.

Answers to Review Questions

145

13. D. You should configure the database server for mixed mode, SQL, and Windows authentication. Use SQL authentication to communicate with the web front-end servers. The other options risk security or require extra hardware or administration. 14. B. You should install WSS 3.0 on WSS02 as the fi rst server in the farm and WSS03 and WSS01 as additional servers. The fi rst server installed in the farm hold the Central Administration web application. 15. B. You should ensure the .NET Framework 3.0 is installed. Microsoft Windows Workflow Foundation (WF) does not need to be installed separately. It is included with the .NET Framework 3.0. 16. A, D. You should open the IIS Manager, select WSS01, and ensure Allow is selected for ASP.NET v2.0.50727. Do the same for WSS02. ASP.NET is a component of IIS, not DNS. 17. B. You should open IIS. The SharePoint Central Administration v3 application pool is found in IIS under the name of the fi rst server installed as a web front end. 18. A. You should add the Central Administration site to your list of trusted sites in the Internet Explorer browser. You cannot use Firefox and have full functionality for Central Administration. 19. A, B. You should configure the SMTP service in IIS. Then on the Operations page in Central Administration, configure incoming email settings. 20. A, B, E. You should look for the SharePoint configuration database, Central Administration content database, and the Search database. There is only one configuration database per farm. Also, the only web application created during a server farm installation is the Central Administration web application; therefore, it is the only content database.

Chapter

4

Configuring the Windows SharePoint Services 3.0 Environment MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:
Deploy Windows SharePoint Services 3.0 (WSS) 

Create WSS namespace


Configure Security for Windows SharePoint Services 

Configure Web application authentication



Configure a Web application for SSL



Configure NTLM or Kerberos authentication



Implement access policies



Configure Information Rights Management (IRM)


Administer Windows SharePoint Services 

Manage Central admin


Configure Network Infrastructure for Windows SharePoint Services 

Configure names resolution

In the previous chapter, if you chose the Basic or Advanced single-server installation, you have both your Central Administration web application and your web application with its default site deployed. If you chose Advanced and a web front- end installation, you have only the Central Administration web application deployed. No matter which installation scenario you used, your next step is to understand Central Administration, the new model Microsoft uses for administering WSS 3.0. In this chapter, you will become familiar with the Home page of the Central Administration site as well as the configuration tools that are available on the other two pages. The Operations page provides the tools you use to complete the tasks associated with the global configuration options. The Application Management page lets you create and configure your web applications. Not only can you create and extend new web applications on this page, but you can also begin defi ning the hierarchical structure for your existing web applications by creating new site collections. A site collection is a group of websites on a virtual server; these websites have the same owner and administrative settings. This chapter incorporates the objectives of the 70 - 631 exam relating to managing and securing your web application using Central Administration. We will show you how to control your installation and how to create and maintain web applications using the tools of Central Administration.

Introducing Central Administration By default, the Central Administration site is enabled only on the fi rst installed server. However, to meet the needs of your environment you can enable the Central Administration site on additional servers. To access the Central Administration site from a remote computer, you must know the URL and the port number that it was assigned during installation. Recall that in the Basic installation, a random port number is created by the installation, or you can choose to create one. You can change the port number anytime by using the SharePoint Products and Technologies Configuration Wizard. You access the wizard by selecting Start  All Programs  Administrative Tools  SharePoint Products and Technologies Configuration Wizard. Figure 4.1 shows the Central Administration site at port 12345.

Introducing Central Administration

F I G U R E 4 .1

149

Central Administration site

The Central Administration Pages The site consists of three pages: 

The Home page shows a status view of the tasks and services.



The Operations page contains global configuration tools.



The Application Management page contains web application configuration tools.

The Central Administration site uses its own master page to present a consistent navigation within the site, as shown in Figure 4.2. You can customize this page as well as add additional pages to the site to fit your needs. Clicking in the Top Link or the Quick Launch bar lets you quickly access the pages on the site.

150

Chapter 4

FIGURE 4.2

␯

Configuring the Windows SharePoint Services 3.0 Environment

Navigation components on the Central Administration site

Security The Central Administration site is its own web application. It has its own IIS website and application pool to ensure its autonomy from other web applications on your server. Its application pool identity has specific permissions on the SQL Server databases and should not be shared with any other websites on your server. A best practice is to make certain that access to the Central Administration site is secure by using a Secure Sockets Layer (SSL) certificate to encrypt traffic. This certificate should be installed on the website that hosts Central Administration. You use the IIS Manager tool to add the certificate, as you will see in Exercise 4.1. E X E R C I S E 4 .1

Installing a Certificate for the Central Administration Site 1.

Click Start ➢ Administrative Tools ➢ Internet Information Services (IIS) Manager.

2.

In the Internet Information Services tree, click the plus sign (⫹) next to your server name.

3.

Expand the Web Sites folder.

4.

Click and right- click on the SharePoint Central Administration v3 website and select Properties, as shown here:

Introducing Central Administration

5.

Select the Directory Security tab.

6.

In the Secure Communications section, click the Server Certificate button.

7.

Complete the wizard to install the certificate.

151

152

Chapter 4

␯

Configuring the Windows SharePoint Services 3.0 Environment

You do not need to install a commercial certificate if you are only accessing the site internally. You can use Windows as your certificate authority (CA). Your network administrator should assist you with this solution.

Using the Central Administration Home Page The Home page of Central Administration is designed to give you, the farm administrator, an overview of the farm status and configurations enabled. You can link directly to the configuration pages for a particular task from this page; however, most often you will fi rst access either the Operations or the Application Management page for your administrative tasks. There are three web parts on this page: Administrator Tasks, Farm Topology, and Resources. Let’s take a look at each.

Using the Administrator Tasks Web Part The Administrator Tasks list is important since you can use it to define steps to configure the farm topology and assign them to the appropriate administrator. The Administrator Tasks web part is a view of the Administrator Tasks list. This is important because you are able to change or add content to this list, modify the metadata or columns of the list, and even create different views of the list if needed. You can also defi ne workflows that ensure the tasks are completed in a timely manner. Exercise 4.2 takes you through the steps of customizing the Administrator Tasks list.

EXERCISE 4.2

Maintaining and Customizing Administrator Tasks 1.

Click Start ➢ Administrative Tools ➢ SharePoint 3.0 Central Administration to open the Central Administration site. Alternatively, you can type http://: in your browser.

2.

Click the Administrator Tasks link on the Central Administration Home page.

3.

The Administrator Tasks list page opens. To add a new task, click the New button in the upper left.

Using the Central Administration Home Page

4.

153

To view, edit, or delete an item, hover over its title, click the down arrow, and select the action you want. If you click Edit Item, as shown here, the Edit Item page opens:

154

Chapter 4

␯

Configuring the Windows SharePoint Services 3.0 Environment

E XE RC I SE 4 . 2 (continued)

5.

On the Edit Item page, you can edit the Title, Action, Description, Order, Status, and Assigned To fields:

6.

When you have finished editing, click OK. If you do not want to save changes, click Cancel.

7.

On the Administrator Tasks list page, if you want to change the setting of the list, hover over the Settings button on the top menu, click the down arrow, and select List Settings, as shown here:

Using the Central Administration Home Page

155

8.

The Customize Administrator Tasks page opens. On this page you can change settings, configure additional columns and views, and manage permissions.

9.

To return to the Administrator Tasks list page, click the Administrator Tasks breadcrumb. To return to the Central Administration Home page, either select the Home tab on the Top Link bar or click the Central Administration breadcrumb.

Using the Farm Topology Web Part The Farm Topology web part on the Central Administration Home page gives you an overview of the servers in your farm and their services. The servers listed are not necessarily WSS 3.0 servers. You may see SQL Servers and the application servers used for search in this view as well. If you have a single server installation, all the services on your stand-alone server are listed. This web part is usually treated as an overview and not as a point of configuration. Use it as a reference, but do your configurations from the Operations and Application Management pages. Clicking a server’s link takes you to the Services on Server page from the Operations page focused on that server. Figure 4.3 shows server WSS02 running the following services we started at installation: 

Central Administration



Windows SharePoint Services Database



Windows SharePoint Services Help Search

156

Chapter 4

␯

Configuring the Windows SharePoint Services 3.0 Environment



Windows SharePoint Services Incoming E -Mail



Windows SharePoint Services Web Application

FIGURE 4.3

Farm Topology web part

Using the Resources Web Part The third web part on the page is the Resources list. You can use this list to create links to resources you as a farm administrator want to have at your fi ngertips.

Configuring Services Your next step is to configure any remaining services using the Services on Server page. You access these options by clicking on the server name in the Farm Topology view on the Home page or by clicking the Operations tab and clicking the Services on Server link under Topology and Services. Figure 4.4 shows the Services on Server page for our server, WSS02.

Configuring Services

FIGURE 4.4

157

Services on Server page

As you can see, the default services installed on WSS02 are: 

Central Administration



Windows SharePoint Services Search



Windows SharePoint Services Incoming Mail



Windows SharePoint Services Web Application Let’s take a look at each of these services.

Central Administration This service enables a server to host the Central Administration website. At least one server on the farm hosts the site. By default, the site is enabled on the fi rst server installed in the farm. If you have more than one web server in your farm, consider enabling the Central Administration website on at least one other server for fault tolerance.

Windows SharePoint Services Search This service indexes your WSS 3.0 content on the farm. In WSS 3.0, search is limited to content from sites within the site collection. WSS 3.0 does not support enterprise search. Of all the default services, this is the only one that is configurable. To begin, click on the service name, and the Configure Windows SharePoint Services Search Service Settings on Server WSS02 page opens. Notice the account names that you chose at installation appear in Figure 4.5: 

Search Service Account is a domain account under which the service runs.



Content Access Account needs full read permission to the content of your farm.



Search Database was chosen at installation.

158

Chapter 4

␯

Configuring the Windows SharePoint Services 3.0 Environment

F I G U R E 4 . 5 The Configure Windows SharePoint Services Search Service Settings on Server WSS02 page

You can configure indexing to run on a schedule, as shown in Figure 4.6. Be sure to configure this service since it relates directly to the volatility of your WSS content.

FIGURE 4.6

Indexing Schedule settings

Windows SharePoint Services Incoming Mail The incoming email service enables certain lists and libraries to have unique addresses to receive email. See the “Performing Postinstallation Tasks” section in Chapter 3 for details.

Using Central Administration to Create and Manage Web Applications

159

Windows SharePoint Services Web Application The web application service enables the web front- end capabilities so your server is able to host WSS 3.0 sites. We’ll look at web applications next.

Using Central Administration to Create and Manage Web Applications You use a web application to run your WSS 3.0 sites. Therefore, creating a web application is your next priority. A web application consists of an IIS site with a unique application pool. When you create a new web application, you also create a new database and defi ne the authentication method used to connect to the database. In the “Understanding the Logical Architecture Components” section in Chapter 1, you learned the concepts of a web application. Here we will concentrate on creating and managing the web application. If you are in an extranet environment where you want different users to access content by using different domains, you might also need to extend a web application to another IIS website. The action of extending a web application exposes the same content to different sets of users by using an additional IIS website to host the content. The IIS web application uses three methods of identification: IP address, port number, and host header. One of these methods must be unique on the server. The default value for the IP address is All Unassigned; for the port number, the default value is HTTP port 80. The web application uses these configurations to register its identity with the HTTP protocol stack, HTTP.sys, which processes the requests for the application. HTTP.sys acts as a forwarder, sending the web requests it receives to the request queue for the particular user-mode process that runs the web application. HTTP.sys also sends the responses back to the client. The web application runs within an application pool, which services user requests through worker processes. You can access the application pool’s folder by opening the IIS Manager application on your web server. One of the decisions you must make is whether you want to associate the web application you are creating with its own application pool or use an existing application pool. If you decide to put the web application in its own application pool, it will not affect any applications or sites other than its own; however, each application pool uses its own memory space and usually consumes 100MB to 150MB of physical RAM even before user access. Thus, whether to use one application pool per web application is often a business decision. The configurations for all web applications are stored in the Config_db of the SQL Server you have defi ned in your installation. The data for each web application is stored in its own content database, also in the SQL Server.

Chapter 4

160

␯

Configuring the Windows SharePoint Services 3.0 Environment

Creating a Web Application When you create a web application, you provide an authentication method and a fi le system location for custom fi les. You can secure traffic to your web application even if you are using anonymous access by enabling an SSL certificate. Installing and configuring the certificate is done in the IIS Manager tool using steps similar to those in Exercise 4.1. If your web application is accessed only by internal users, you can use Active Directory as your CA; otherwise you must install a commercial certificate for broader browser compatibility. In this section, you’ll create a new web application. We’ll then discuss authentication methods in the following section. If you used a Basic installation you have already created a default web application. However, if you used the Advanced installation option and chose a web front end, you still have this on your plate.

Exercise 4.3 shows you how to create a new web application using the SharePoint Central Administration website. EXERCISE 4.3

Creating a New Web Application 1.

Click Start  Administrative Tools SharePoint 3.0 Central Administration to open the Central Administration site, or type http://: in your browser.

2.

Click the Application Management tab.

3.

In the SharePoint Web Application Management section, click the Create or Extend Web Application button.

4.

On the Create or Extend Web Application page, in the Adding a SharePoint Web Application section click Create a New Web Application. This action also creates the content database and enables you to define the authentication method you want to use to connect your SharePoint application to that database.

5.

On the Create New Web Application page, in the IIS Web Site section configure the settings for your new web application:

a.

If you want to use an existing website, select Use an Existing Website, and specify the website on which to install your new web application by selecting it from the drop - down menu.

b.

To create a new website, select Create a New IIS Website, and type the name of the website in the Description text box.

c.

In the Port text box, type the port number you want to use to access the web application. If you are creating a new website, this field is populated with a suggested

Using Central Administration to Create and Manage Web Applications

161

port number (80 is the default). If you are using an existing website, this field contains the current port number.

6.

d.

Host Header is an optional field. If you want users to connect to your web application using a user-friendly URL, you should enter that name here. You also need to create a DNS entry to resolve names to the IP address of the web server. In our example, we are using http://Intranet since our web application will be used for collaboration within our company.

e.

In the Path text box, type the path to the site directory on the server. If you are creating a new website, this field is populated with a suggested path. If you are using an existing website, this field contains the current path.

In the Security Configuration section, configure authentication and encryption for your web application.

a.

In the Authentication Provider section, choose either Negotiate (Kerberos) or NTLM. To enable Kerberos authentication, you must perform additional steps to configure Service Principal Names (SPNs) in Active Directory in order to support Kerberos authentication. Therefore, if you are not currently using Kerberos authentication, this is not the time to enable it.

b.

In the Allow Anonymous section, choose Yes or No. If you want the web application to receive anonymous requests, you must enable anonymous access for the entire web application. After the web application and sites are created, site owners can configure how anonymous access is used within their sites.

c.

In the Use Secure Sockets Layer (SSL) section, select Yes or No. If you choose to enable SSL for the website, you must configure SSL by requesting and installing an SSL certificate. This certificate is installed on each web front end using IIS administration tools.

162

Chapter 4

␯

Configuring the Windows SharePoint Services 3.0 Environment

E XE RC I SE 4 .3 (continued)

7.

In the Load Balanced URL section, type the URL for the domain name users will use to access all sites in this web application. This URL domain is used in all links and will be shown on all pages in the application. By default, this text box is populated with the current server name and port (in our example, http://Intranet:80). Note that the Zone field is automatically set to Default for a new web application, and that the field is grayed out so that you cannot change it from this page.

8.

In the Application Pool section, you can choose to use an existing application pool by selecting Use Existing Application Pool. Then select the application pool you want to use from the drop - down menu. To create a new application pool, select Create a New Application Pool and, in the Application Pool Name text box, type a new name or keep the default. You should have a naming convention to easily identify the application pool with the web application(s).

9.

In the Select a Security Account for This Application Pool section, you can select Predefined (to use an existing application pool security account) or Configurable (if you want to choose an account that is not yet being used as an application pool security account). If you select Configurable, in the User Name text box, type the username of the account. In the Password box, type the password for the account. If you’re using an Active Directory account, this account must have been previously created. If you chose NTLM as your authentication provider, the domain account that you select for the application pool security account will be made the database owner (dbo) in SQL Server for the web application’s content database.

Using Central Administration to Create and Manage Web Applications

163

10. In the Reset Internet Information Services section, choose whether to allow WSS to restart IIS on other farm servers. The local server must be restarted manually for the process to finish. If this option is not selected and you have more than one server in the farm, you must wait until the IIS website is created on all servers and then run iisreset /noforce on each web server. The new IIS site is not usable until that action is completed. Also, if you choose Restart IIS Automatically, it does not affect the server running Central Administration since doing so would sever your connection with the admin page. You must still manually restart IIS on this server.

11. In the Database Name and Authentication section, select the database server, database name, and authentication method for your new web application.

a.

In the Database Server text box, type the name of the database server and Microsoft SQL Server instance you want to use in the format . You can also accept the default entry.

b.

In the Database Name text box, type the name of the database or accept the default entry. Select a database name that will be descriptive with your web application. If there are other databases on this server, you might want to keep the WSS preface to the name. In our example, we are using WSS_Intranet_Content.

c.

In the Database Authentication section, select Windows Authentication (Recommended), which is the default, or select SQL Authentication. In the Account text box, type the name of the account you want the web application to use to authenticate to the SQL Server database, and then type the password in the Password text box.

164

Chapter 4

␯

Configuring the Windows SharePoint Services 3.0 Environment

E XE RC I SE 4 .3 (continued)

12. In the Search Server section, select a server from the Select Windows SharePoint Services Search Server drop - down list.

13. Click OK to create the new web application, or click Cancel to cancel to return to the Application Management page without creating the web application.

Once you complete the exercise and click OK to create the new web application, the Operation in Progress page opens and your changes are processed. Upon successful completion of the web application, the Application Created page appears, listing your next tasks, as shown in Figure 4.7. F I GU R E 4 .7

The Application Created page

However, we are not quite ready to create a site collection. Since we used a host header to make our URL friendlier, we must notify DNS.

Using Central Administration to Create and Manage Web Applications

165

Creating a DNS Entry for the Host Header You must open the DNS Management console on your server and add Intranet as an alias (CNAME) record in DNS. Exercise 4.4 shows you the steps. EXERCISE 4.4

Creating a DNS Alias for Intranet 1.

Open the DNS Management Console by clicking Start  All Programs  Administrative Tools  DNS.

2.

Expand the DNS server. In our example we are using WSS02 as our DNS server.

3.

Expand Forward Lookup Zones.

4.

Expand the name of your domain. In our example, we are using sytrain.com.

5.

Right- click the domain name, sytrain.com, and select New Alias (CNAME). The New Resource Record dialog box opens.

6.

In the Alias Name (Uses Parent Name If Left Blank) text box, type Intranet .

7.

In the Fully Qualified Domain Name (FQDN) for Target Host text box, either type the name of your web front- end server or browse to it. In our example, since we are using a single - server installation, our web server is wss02.sytrain.com.

8.

Click OK.

166

Chapter 4

␯

Configuring the Windows SharePoint Services 3.0 Environment

E XE RC I SE 4 . 4 (continued)

9.

Check that you can access the site by pinging it. To do so, open a command prompt window and type ping Intranet. If you try to ping Intranet prior to DNS being able to resolve it, you could cache a false negative response. To flush the negative response, type ipconfig /flushdns. This command clears the local name service cache. On your DNS server, you can also clear the cache by right- clicking your server name in the DNS Management Console and clicking Clear Cache.

10. When you have successfully pinged Intranet, close the DNS Management Console and the command prompt.

Configuring Web Application Settings After you have created the web application, you can configure its general settings. These settings help you fi ne-tune your web application. They affect your site collections and any sites within the web application. If you fi nd that you need more than one option for a particular setting, it might mean that you have to create a separate web application to handle the setting. Let’s take a brief look at the web application settings: Default Time Zone This setting specifies the time zones used by site collections and sites within your web application. The time zone is used when posting and adding content within your web application; the setting applies the appropriate formatting for that time zone. Default Quota Template You use a quota template to limit the amount of storage available on all sites in the site collection. When you configure this setting at the web application level, it affects all site collections created within the web application; however, it is possible for you to apply quota templates to individual site collections at a later time. Once you have defined the amount of storage space available, you can determine the amount of storage space used to trigger an email alert warning you that the space is almost totally used. For example, if you set a quota of 100MB for a site, you can set an alert threshold of 90MB. Person Name Smart Tag and Presence Settings These options enable online presence information to be displayed adjacent to member names. Presence is detected from a

Using Central Administration to Create and Manage Web Applications

167

user’s Instant Messenger (IM) sign- on credentials. If the user is signed on using the same credentials as those registered in WSS, her online presence is shown. Online presence requires a common IM application to be used with WSS. The Person Name smart tag is displayed when users hover over the member’s name anywhere on the site. Maximum Upload Size This setting specifies the maximum size permitted for a single upload anywhere within the web application. The default is 50MB. This means that no single file, group of files, or content of any type can be uploaded if the combined size of the upload is greater than 50MB. You can change this setting to a larger number if desired. If you need to support very large files such as those greater than 500MB, you must apply additional configurations. For large file upload, adjust the TCP window size in the system Registry and set the IIS connection timeout values so that the upload will not time out before completing. Alerts If this setting is enabled, users can choose to be notified by using their Alert Me link when documents, document libraries, list items, or lists are updated. If enabled, this setting further allows you to specify the total number of alerts a user is allowed to create over all the site collections in the web application. The default is 500. RSS Settings Use these options to specify whether RSS will be available from lists and libraries on all sites hosted by your web application. Enabling this setting allows site collection administrators to control the RSS feed options for their site collections. Blog API Settings These options allow you to specify whether you want to expose the MetaBlog API for your web application. If Blog API Settings is enabled, you can specify whether to use the currently configured authentication method for accessing the API. Web Page Security Validation By default this setting is turned on. If you keep it enabled, you can configure the amount of time until the security validation expires, forcing the user to retry his operation. Send User Name and Password in E -mail This setting enables your web application to notify the user of her name and password by email. Without this setting enabled, a new user cannot access the site until you, as the administrator, change the account password and notify the user of the new password. Backward Compatible Event Handlers This setting allows backward- compatible event handlers to bind to document libraries. It is off by default. Change Log This setting specifies the amount of time an entry is kept in the change log. The default is 15 days. Recycle Bin If you set a quota template, you can also use this configuration to set a percent threshold for the second-stage Recycle Bin for your web application. The second-stage Recycle Bin contains items users have deleted from their own Recycle Bin. If you set your quota at 100MB as stated earlier, you can set the second-stage Recycle Bin to purge at 50 percent. This means that the second-stage Recycle Bin will hold at most 50MB of deleted items. Furthermore, this means that the web application is now allotted 150MB of space. Exercise 4.5 takes you through the steps to configure the general settings of your web application.

Chapter 4

168

␯

Configuring the Windows SharePoint Services 3.0 Environment

EXERCISE 4.5

Configuring General Settings for Your Web Application 1.

In the Central Administration site, click the Application Management tab.

2.

In the SharePoint Web Application Management section, click the Web Application General Settings link.

3.

The Web Application General Settings page opens. In the Web Application section, ensure that http://intranet is the selected web application. If it ’s not, choose Intranet from the drop - down list.

4.

In the Default Time Zone section, select the time zone. In our example, we chose Eastern Time (US and Canada).

5.

In the Default Quota Template section, you can either select a predefined quota template or create one.

a.

To create a new quota template, begin by clicking the Quota Templates link.

Using Central Administration to Create and Manage Web Applications

169

b.

The Quota Templates page opens, where you can choose to create a new quota template, limit your site’s storage size, and set an alert level.

c.

Click OK to save your quota configuration changes or click Cancel to configure your quota settings at a later time.

6. Back on the Web Application Settings page, in the Person Name Smart Tag and Presence Settings section, choose whether to keep the default of displaying the member online presence.

7. In the Maximum Upload Size section, change the maximum size of a single upload from the default value of 50MB to another setting if desired.

8. In the Alerts section, specify whether you want to keep alerts on or turn them off for the web application. If you keep them on, you can set a maximum number of alerts per user.

9. In the RSS Settings section, enable or disable RSS feeds. This setting is server wide. The default is to have RSS feeds enabled.

10. In the Blog API Settings section, enable or disable the blog API. If you choose Enable Blog API, define the user authentication method.

170

Chapter 4

␯

Configuring the Windows SharePoint Services 3.0 Environment

EXERCISE 4.5 (continued )

11. In the Web Page Security Validation section, specify whether to enable security validation and set an expiration time value. The default is for security validation to be enabled; the expiration time value default is 30 minutes.

12. In the Send User Name and Password in E-mail section, enabling the option ensures that users are sent their username and password automatically. If you disable the option, the administrator must make the changes and notify the user.

13. In the Backward-Compatible Event Handlers section, keep the default Off if you don’t want users to be able to bind document libraries to backward-compatible event handlers.

14. In the Change Log section, specify how long log entries are retained in the change log. The default is 15 days.

15. In the Recycle Bin section, specify how the Recycle Bin will be used for all sites in your web application. The default status is On, which means items are deleted after 30 days. There is also an option for the second- stage Recycle Bin, which contains those items users have deleted from their Recycle Bins. The default is to retain items until 50 percent of the live site quota is filled. You can set the percent up to 100 percent if desired.

Using Central Administration to Create and Manage Web Applications

171

16. After all your general configurations have been set, click OK.

Configuring Additional Settings The SharePoint Web Application Management section of the Application Management page in Central Administration also allows you to configure settings for: 

Defining managed paths



Deleting a web application



Managing the content database

Defining Managed Paths Defining managed paths enables you to specify one or more site collections using a URL namespace. When a web application is created, it contains a root managed path on which you can build exactly one site collection. Since a site collection can be thought of as an administrative boundary, when your team planned its SharePoint topology you might have decided that you needed more than just the one site collection within your web application. For example, if you wanted to create a special site collection for customers, you would create a managed path such as http://Intranet/customers. A site collection could then be created below the customers managed path for each of your customers, such as http://Intranet/ customers/ABC, http://Intranet/customers/DEF, http://Intranet/customers/XYZ, and so on. In this example, the managed path customers use is a wildcard inclusion managed path because all the site collections are associated with the customer’s named path. Let’s look at a different example where you use a managed path. Suppose that your web application is used by several departments of your company, each with its own need for security and subsites. You want to create a department-managed path and include the departments under this managed path. Each department must have its own site collection. Your URLs might look something like http://Intranet//sales, http://Intranet//hr, http://Intranet// manufacturing, and http://Intranet//research. Although each department has its own site collection, the pathname is embedded with only the site collection name displayed in the URL. This type of managed path is an explicit inclusion managed path.

172

Chapter 4

␯

Configuring the Windows SharePoint Services 3.0 Environment

Figure 4.8 shows the anatomy of a web application and its managed paths. FIGURE 4.8

Web application hierarchy

WSS Hierarchy WSS 3.0 Farm Web Application 2

Web Application 1

Site Collection

(root) Managed Path

Sites Managed Path

Wildcard Managed Path

Explicit Managed Path

Top-level Site

Subsite

Subsite

Subsite

Subsite

To create a managed path, follow the steps in Exercise 4.6. EXERCISE 4.6

Defining a Wildcard Inclusion Managed Path 1.

Select the Application Management tab in Central Administration.

2.

In the SharePoint Web Application Management section, select Define Managed Paths.

Using Central Administration to Create and Manage Web Applications

173

3.

On the Define Managed Paths page, select the web application in which you want to create the managed path. In our example, we are using http://Intranet.

4.

In the Add a New Path section, enter a name for the wildcard. In our example, we are using customers .

5.

Select Wildcard Inclusion from the Type drop - down list.

6.

Click OK. The Define Managed Paths page reopens with your new managed path in the Included Path section. It is now ready to be used.

7.

At any time to delete a path or paths, in the Included Paths section select the check boxes for those paths you want to delete. Then click Delete Selected Paths and click OK.

174

Chapter 4

␯

Configuring the Windows SharePoint Services 3.0 Environment

Deleting a Web Application The time may come when you need this option; however, you must use it carefully. When you select Delete Web Application in the SharePoint Web Application Management section of the Application Management page, the Delete Web Application page opens, as shown in Figure 4.9. FIGURE 4.9

The Delete Web Application page

First make certain the web application you want to delete is specified or select it from the drop -down list. If you want to delete the web application entirely, you should choose to delete both the content databases and the IIS websites. If you are deleting a web application that you have mapped to another application, or if it is a web application that you have extended, you would only want to delete the IIS website and not the content database. Before you do any deleting, be sure you have backed up your content databases, even if you are deleting everything. At some later date, someone may need to retrieve an item or items from the deleted web application.

Managing the Content Database The options for managing the content database are found in the SharePoint Web Application Management section of the Application Management page. Click the Content Databases link to open the Manage Content Databases page, as shown in Figure 4.10.

Using Central Administration to Create and Manage Web Applications

F I G U R E 4 .1 0

175

The Manage Content Databases page

You can configure the settings for the content database by clicking the database name’s link. The Manage Content Database Settings page opens, revealing several content database management options, as you can see in Figure 4.11.

F I G U R E 4 .11

The Manage Content Database Settings page

In the Database Information section, notice that the database status is Ready. If you change this to Offl ine, you can take the database offl ine. This selection prevents the database from creating any new site collections; however, existing site collections continue to function normally. With Offl ine status, if you wanted to create a new site collection within the web application, you would be forced to create it in a new content database.

176

Chapter 4

␯

Configuring the Windows SharePoint Services 3.0 Environment

This process is an excellent way of controlling which site collection goes into which database fi le. When you have multiple content databases, each new site collection is hosted in the database with the highest number of free site collections. You control the number of site collections that a content database supports by using the next section on the page, Database Capacity Settings. Site collections cannot be split among databases; once a site collection is started in a particular database, all the content for that site collection will be stored in that same database. It is important to plan your content databases and their size. The WSS 3.0 search feature associates itself with content databases, not web applications, as shown in the next section of the page, Search Server. Therefore, it is often important for you to keep the size of your content databases small. The last section on the Manage Content Database Settings page gives you the option to remove the content database. This action removes all site collections and their contents within in the database. We know you will have a reliable backup before you remove a database, won’t you?

Configuring Web Application Security Your next step is to configure your web application’s security settings. These settings appear on the Application Management page of Central Administration under the Application Security section, as shown in Figure 4.12.

F I G U R E 4 .1 2

Configuring security for your web application

Using Central Administration to Create and Manage Web Applications

177

This section enables you to manage available rights to users of your web application. The available security configuration settings in this section include: 

Security for Web Part Pages



Self-Service Site Management



User Permissions for Web Application



Policy for Web Application



Authentication Providers

Security for Web Part Pages The options on the Security for Web Part Pages page allow you to select the extent to which you want your users to have access to web parts in your web application. After you select the appropriate web application, this page displays two settings, as shown in Figure 4.13. F I G U R E 4 .1 3 Security for Web Part Pages

In the fi rst setting on the page, you specify whether you want to allow your web application users to create connections between web parts. The default is to allow connections. The second setting indicates whether you want your users to access the Online Web Part Gallery. Allowing access to the gallery (the default) enables users to view web parts and add them to their pages. Even though disallowing connections and access to the Online Web Part Gallery increases security and performance for your application, the functionality of the sites in your web application may suffer. This is because second-level administrators will not have the permissions to keep their sites up-to -date and access to their data meaningful.

178

Chapter 4

␯

Configuring the Windows SharePoint Services 3.0 Environment

Self-Service Site Creation You can enable users to create their own top-level websites by using the Self-Service Site Management page. In order for you to use this feature, your web application must have a site collection at its root level. Users can also create subsites for any sites on which they have the Create Subsites permission. By default, this permission is included in the Full Control permission level. When you open this page, as shown in Figure 4.14, make sure to select the appropriate web application and then choose whether you want to implement self-service site creation in your web application. When you enable this setting, an announcement is added to the Announcements list on the top -level site’s home page, providing a link to the site creation page. By default, this setting is off.

F I G U R E 4 .1 4

Self-Service Site Management page

User Permissions for Web Application The options on the User Permissions for Web Application page let you specify permission levels for your selected web application. You can disable a permission application wide merely by deselecting the permission on this page. Once a permission is deselected, it means that it is not available for any users within the web application. If a check appears in the check box next to a permission, it means it is enabled. The permission list includes three areas: list permissions, site permissions, and personal permissions. A portion of this page is shown in Figure 4.15.

Using Central Administration to Create and Manage Web Applications

F I G U R E 4 .1 5

User Permissions for Web Application page

Policy for Web Application There may be times you want users or groups to have different levels of access to sites within your web application. To best handle this type of security easily, you can defi ne a policy, using the options shown on the Policy for Web Application page, shown in Figure 4.16. F I G U R E 4 .1 6

Policy for Web Application page

179

180

Chapter 4

␯

Configuring the Windows SharePoint Services 3.0 Environment

Defining Permissions by Using a Web Application Policy I was involved in a SharePoint implementation for a worldwide company. The SharePoint implementation was to take the place of the company’s intranet, which had become cumbersome for users due to the large amount of content and number of sites. For the new implementation, departments were charged with keeping their site and corresponding content up-to-date. Therefore, a site administrator had only those permissions necessary to be in charge of their site. However, everyone in the company was to have at least read access to the new intranet through their login credentials. Each site had a specific set of users and permissions that had to be created. The problem was how to easily handle the permissions so that every authenticated user would have read access within the web application. We solved this problem by creating a policy for the web application. The policy was applied to all authenticated users. We defined this policy using steps similar to those you’ll see in Exercise 4.7.

A policy is also useful when your users are accessing your web application from different sources, such as an Extranet zone. Suppose your main set of users has credentials in Active Directory and a given set of required permissions. You want to add outside vendors to the mix. You want these vendors to have a different means of authenticating to the web application and yet another set of default permissions. You extend the web application to the Extranet zone for the vendors. To set your permissions, you can create a web application policy for the authenticated users in the Default zone and another policy for the vendors in the Extranet zone. Exercise 4.7 takes you through the steps to add users and defi ne a web application policy. EXERCISE 4.7

Managing User Permissions by Creating a Web Application Policy 1.

On the Application Management page in Central Administration, in the Application Security section click Policy for Web Application.

2.

To add users and define a policy, click Add Users in the menu bar.

Using Central Administration to Create and Manage Web Applications

181

3.

On the Add Users page, make certain the appropriate web application is selected. If it ’s not, click Change Web Application and select your web application.

4.

In the Select the Zone section, select from the drop - down list the zone for which you want to set the policy.

5.

Click Next.

6.

In the Choose Users section, add the names of the users for whom you want to set policy in the Users text box. In our example, we are giving the Active Directory global group of users Read permission to our web application.

7.

In the Choose Permissions section, select the permissions that you want users to have from the following permissions:

8.



Full Control: Has full control



Full Read: Has full read - only access



Deny Write: Has no write access



Deny All: Has no access

Click Finish.

182

Chapter 4

␯

Configuring the Windows SharePoint Services 3.0 Environment

EXERCISE 4.8 (continued )

When setting up new policies, be careful not to delete the default policies that have been set up. The NT AUTHORITY\LOCAL SERVICE account is used for caching on all front- end web servers. The Search Crawling account, SYTRAIN\WssCrawler in our example, is used to crawl the content using a default read- only policy.

Defining Authentication Providers If you have to access your web application through several sources and each source needs a different method of authentication, you can configure authentication providers. Recall that WSS 3.0 has five zones to which you can assign URLs: 

Default



Intranet



Internet



Custom



Extranet

Using Central Administration to Create and Manage Web Applications

183

You can establish an authentication method or membership provider in each zone. As in our previous example, Windows authentication can be used in the Default zone. For external vendors, another form of authentication, such as forms-based authentication, can be used in the Extranet zone to give both sets of users their appropriate permissions to your web application. The authentication types available for WSS 3.0 are: 

Windows



Forms



Web Single Sign On

Each membership provider must be configured in the web.config fi le for the IIS website that hosts your web application’s content. This file must be updated on each WFE. Also the membership provider must be added to the web.config fi le for the IIS site hosting Central Administration. When configuring authentication providers, you must remember that WSS 3.0 search only authenticates with NTLM. For search to access your site, one zone must use Windows authentication. Exercise 4.8 takes you through the options available when you click the Authentication Providers link in the Application Security section. EXERCISE 4.8

Configuring Authentication Providers 1.

On the Application Management page in Central Administration, in the Application Security section click Authentication Providers.

2.

On the Authentication Providers page, ensure your web application is selected and click the zone name for the authentication provider whose settings you want to configure.

3.

On the Edit Authentication page, in the Authentication Type section select one of the following options: 

Windows



Forms



Web Single Sign On

184

Chapter 4

␯

Configuring the Windows SharePoint Services 3.0 Environment

EXERCISE 4.8 (Continued )

If you select Forms or Web Single Sign On authentication, you must enter the name of the membership provider and optionally the name of the role manager.

4.

In the Anonymous Access section, if you want to enable anonymous access for the web application, check the check box. This enables anonymous access for all sites contained in your web application. You still have the ability to deny anonymous access at the site collection level or site level; however, if you disable anonymous access for the web application, it is disabled for all levels of the web application.

5.

In the IIS Authentication Settings section, specify either Integrated Windows authentication or Basic authentication (the password is sent in clear text).

6.

In the Client Integration section, you must decide whether to enable client integration. Clicking the Yes radio button enables features that launch client applications. If you select No, your users must download documents to modify them and then upload them after making changes.

7.

Click Save to save your changes.

Many authentication choices require additional configuration. Table 4.1 summarizes the necessary configuration steps based on the corresponding authentication method.

Using Central Administration to Create and Manage Web Applications

TA B L E 4 .1

185

Additional Authentication Configurations

Authentication Method

Additional Configuration

Anonymous

None

Basic

None

Digest

Configure Digest authentication in IIS:

Certificates

1. Select Windows authentication in Central Administration. 2. Configure certificate authentication is IIS. 3. Enable SSL. 4. Obtain and configure certificate from an internal or external Certificate Authority.

NTLM (Integrated Windows)

None

Kerberos (Integrated Windows)

1. Configure web application for Kerberos. 2. Configure Service Principal Name (SPN). 3. Register SPN for the domain user account in Active Directory.

Forms

1. Register the membership provider in the web.config for the WSS 3.0 web application. 2. Optionally register the role manager in the web.config for the WSS 3.0 web application. 3. Register the membership provider in the Web.config for the Central Administration site.

Web SSO

After completing the configuration steps required for ASP.NET forms authentication, register an HTTP module for the Web SSO provider.

Configuring Information Rights Management With the security controls built into WSS 3.0, both farm and second-level administrators can secure content while it is stored in SharePoint. However, for sensitive information this might not be enough; you may want to control what can be done with the content and where it can be sent. Microsoft Information Rights Management (IRM) enables you to create access controls that stay with your content. IRM is available in WSS 3.0 and is configured through document libraries on your sites. Appropriate access permissions for protected fi les can be set by site administrators. These rights-protected files are encrypted on the user’s computer when downloaded and permissions are set. When IRM is enabled, these permissions might include whether the user can print the fi le, whether the user can

186

Chapter 4

␯

Configuring the Windows SharePoint Services 3.0 Environment

run custom code in the fi le, and whether the user can upload a particular type of fi le into the IRM-protected document library. You enable IRM at the document library level; however, you must fi rst configure IRM for WSS 3.0 before you can implement it at the document library level. To enable IRM for WSS 3.0, you must be able to connect to a Microsoft Windows Rights Management Services (RMS) server and you must have installed the Windows Rights Management Services client with Service Pack 2 on each of your frontend web servers. You need to ensure that WSS and any other associated service accounts have the necessary permissions on that platform. Additional information on Microsoft Windows Rights Management Services can be found at the Windows Rights Management Services Technology Center ( http://go.microsoft.com/fwlink/?LinkId=73121).

WSS 3.0 does not include the Microsoft Office protector files that are necessary for you to automatically rights-protect a document when it is uploaded. If you want the automatic protection, you must install Microsoft Office SharePoint Server 2007.

Creating a Site Collection Now you are ready to create your WSS topology by creating site collection(s) using Central Administration. If you kept the Application Created page open after successfully creating your web application, your next step is to click the Create Site Collection link. If you have closed the Application Created page, you need to access the Create Site Collection page in Central Administration by clicking the Application Management tab and in the SharePoint Site Management section, clicking Create Site Collection. Exercise 4.9 takes you through the steps of creating a site collection at the root of our Intranet web application. EXERCISE 4.9

Creating a Root Site Collection 1.

On the Application Management page, in the SharePoint Site Management section, click Create Site Collection.

2.

On the Create Site Collection page, ensure your web application appears in the Web Application section.

3.

In the Title and Description section, type a title and description for your site collection.

Creating a Site Collection

4.

187

In the Web Site Address section, specify the URL name and path for the top site in your site collection.

If you select the root managed path (/), you can create at most one site collection.

If you select a managed path, such as the customer ’s wildcard inclusion managed path we created in Exercise 4.6, you must select it and type the name of the top site in the site collection. In our example, we’re using CustomerA.

For our exercise, select the root managed path.

5.

In the Template Selection section, select a template from the tabbed template control. Notice that our WSS 3.0 installation provides us with Collaboration and Meetings templates. Since our Intranet web application is being used for collaboration, select Team Site as shown here:

188

Chapter 4

␯

Configuring the Windows SharePoint Services 3.0 Environment

E XE RC I SE 4 .9 (continued)

6. In the Primary Site Collection Administrator section, specify the user account for the primary administrator of the site collection. Notice you can browse for the user account by clicking the Book icon. You can also check the user account by clicking the Check Names (People Picker) icon. The user account is a single user who is responsible for the site collection. Regardless of whether you check names or browse, your user account is confirmed with an underline.

7. Optionally, in the Secondary Site Collection Administrator section you can specify a secondary administrator for the site collection.

8. If you have created a quota template, you can select it in the Select a Quota Template drop - down list.

9. Click Create to create the site collection.

Creating a Site Collection

189

10. The Top - Level Site Successfully Created page appears when the site is created successfully. You can click the URL link to access the site.

If your site does not display, you might need to reset IIS first. Open a command prompt window and type iisreset.

11. Your top -level site opens in its own browser window. You might want to add or make this page the home page on your browser.

190

Chapter 4

␯

Configuring the Windows SharePoint Services 3.0 Environment

Managing Your Site Collection in Central Administration The Application Management page in Central Administration has some further site collection management tools you might fi nd useful. These tools are listed under the SharePoint Site Management section, as shown in Figure 4.17.

F I G U R E 4 .17

SharePoint Site Management options

Let’s take a look at some of these tools: Delete Site Collection You use this page to completely delete not only the top-level site but all sites in your site collection. All content is destroyed during the deletion. To process the deletion, fi rst ensure the site collection you want to delete is selected in the Site Collection list box and then click the Delete button, as shown in Figure 4.18.

Managing Your Site Collection in Central Administration

F I G U R E 4 .1 8

191

Delete Site Collection page

Site Use Confirmation and Deletion You use this page to require site owners to validate that their site collections are actively used. Ensure the correct web application is selected in the Web Application section. Configure the Confi rmation and Automatic Deletion Settings section by selecting the option to send email notifications to owners of site collections that have not been used for a specified number of days. You also have the option of deleting the site collection after a period of not being used or notified, as shown in Figure 4.19.

F I G U R E 4 .1 9

Site Use Confirmation and Deletion page

192

Chapter 4

␯

Configuring the Windows SharePoint Services 3.0 Environment

Site Collection Quotas and Locks You use this page to view or change the lock status that has been placed on the site collection by an application or by exceeding a quota. You can also use the page to modify a quota template. The configurations for the page are shown in Figure 4.20.

FIGURE 4.20

Site Collection Quotas and Locks page

Site Collection Administrators You use this page to view or change the primary and secondary site collections administrators for the appropriate site collection, as shown in Figure 4.21.

Extending Your Web Application

F I G U R E 4 . 21

193

Site Collection Administrators page

Site Collection List This page lists the site collections by displaying information for each one, as shown in Figure 4.22.

FIGURE 4.22

Site Collection List page

Extending Your Web Application Each time you create a new web application, in addition to an IIS website you create a new database. You also defi ne the authentication method used to connect to that database. Suppose you have your web application created and in use and now you want to expose this same content to a different set of users. This type of scenario is typically used for

Chapter 4

194

␯

Configuring the Windows SharePoint Services 3.0 Environment

extranet deployments where you want your extranet users to have authentication to your web application but a different set of permissions to the content. To accomplish this task, you must extend your existing web application. When you do so, you can specify to use that same website or create a separate IIS website, but you use the same content database as the initial web application. You extend the web application and defi ne its settings by specifying its load-balanced URL and using another zone. Exercise 4.10 takes you through the process of extending our Intranet web application to an Extranet zone. E X E R C I S E 4 .1 0

Extending a Web Application 1.

On the Application Management page in Central Administration, in the SharePoint Web Application Management section, click the Create or Extend Web Application link.

2.

On the Create or Extend Web Application page, in the Adding a SharePoint Web Application section, click the Extend an Existing Web Application link.

3.

The Extend Web Application to Another IIS Web Site page opens. Ensure the web application you want to extend is selected in the Web Application section. If it ’s not, on the Web Application menu, click Change Web Application and select the appropriate one. For this exercise, ensure http://intranet/ is selected.

4.

The options in the IIS Web Site section allow you to use an existing IIS web site or create a new one. For our exercise, select Create a New IIS Web Site.

5.

In the IIS Web Site section, configure the following:

a.

In the Description text box, type Extranet Site.

b.

In the Port text box, type a value for the port. For our exercise, enter 80.

c.

In the Host Header text box, type Extranet.Sytrain.com.

d.

In the Path text box, accept the given path but shorten the name of the website to

Extranet80. 6.

In the Security Configuration section, configure the following:

a.

For Authentication Provider, select NTLM.

b.

For Allow Anonymous, select No.

c.

For Use Secure Sockets Layer (SSL), select No.

If you select SSL, you must add the appropriate certificate on each server. If the web application is accessed by external users, you must have a valid third -party certificate.

Extending Your Web Application

7.

In the Load Balanced URL section, accept the URL of http://Extranet.Sytrain .com:80. From the Zone drop - down list, choose Extranet. (Note that there are four zones to choose from at this time.)

8.

Click OK.

195

Next you must create a DNS entry for the host header by creating an alias resource record. Use the steps in Exercise 4.11. E X E R C I S E 4 .11

Creating a DNS Alias for Extranet 1.

Open the DNS Management Console by clicking Start  All Programs  Administrative Tools  DNS.

2.

Expand the DNS server. In our example, we are using WSS02 as our DNS server.

3.

Expand Forward Lookup Zones.

4.

Expand the name of your domain. In our example, we are using sytrain.com.

5.

Right- click the domain name, sytrain.com, and select New Alias (CNAME). The New Resource Record dialog box opens.

6.

In the Alias Name (Uses Parent Name If Left Blank) text box, type Extranet.

7.

In the Fully Qualified Domain Name (FQDN) for Target Host text box, either type the name of your web front- end server or browse to it. In our example, since we are using a single - server installation, our web server is wss02.sytrain.com.

8.

Click OK.

196

Chapter 4

␯

Configuring the Windows SharePoint Services 3.0 Environment

E X E R C I S E 4 .11 ( c o n t i n u e d )

9.

Check that you can access the site by pinging it. To do so, open a command prompt window and type ping Extranet. If you tried to ping Extranet prior to DNS being able to resolve it, you could cache a false negative response. To flush the negative response, type ipconfig /flushdns. This command clears the local name service cache. On your DNS server, you can also clear the cache by right- clicking your server name in the DNS Management Console and choosing Clear Cache.

10. When you have successfully pinged Extranet, close the DNS Management Console and the command prompt.

To access your new site, type the URL http://extranet.sytrain.com. You will most likely need to log in to the site using your administrator’s credentials. You can also add this site to your list of trusted sites in your browser window. When the site opens, the URL appears as extranet, but the site displays the Intranet title, showing that you are now accessing the same content on the Intranet site even though you have authenticated differently to the site. If warranted, at this point you could create a new membership provider for Extranet access. Since you decided to create a new IIS website, you must modify the web.config fi le for Extranet as well as the Central Administration IIS website with the configuration of the new membership provider. Finally, you must access the Authentication Providers page in the Application Security section on the Application Management page of the Central Administration site to modify the authentication provider. Let’s take a look at this before moving on. The Authentication Providers page for the Intranet web application is shown in Figure 4.23.

FIGURE 4.23

Authentication Providers page for Intranet

To modify the authentication provider on the Edit Authentication page, click the Extranet link. In the Authentication Type section, you can modify the authentication type and type the name of the membership provider in the area shown in Figure 4.24.

Extending Your Web Application

FIGURE 4.24

197

Editing the authentication provider

Configuring Alternate Access Mappings When you extend your web application, WSS 3.0 creates an alternate access mapping for the new URL and zone, as shown in Figure 4.25.

FIGURE 4.25

Alternate Access Mappings page

This page gives you three options: Edit Public URL Click this link to enter the public URL, protocol, host, and port for any zone that is blank. Add Internal URLs Click this link to enter the URL protocol, host, and port of any URL that should be associated with a particular zone.

198

Chapter 4

␯

Configuring the Windows SharePoint Services 3.0 Environment

Map to External Resource of SharePoint.

Click this link to defi ne a URL mapping to a resource outside

Alternate access mappings provide users with the correct URLs during their interaction with WSS 3.0. They enable the mapping of web requests to the correct web applications and sites, allowing WSS 3.0 to serve the correct content back to the users. For example, in the previous section we extended our web application using the Extranet zone and a URL of http://extranet.sytrain.com. Even though the WSS resources are the same as our original web application, as users browse this site using extranet they expect to have the correct content returned to them using extranet in the URL. Figures 4.26 and 4.27 show the mappings in the URL. Notice that both URLS begin with http://extranet .sytrain.com.

FIGURE 4.26

Extranet.sytrain.com home page

FIGURE 4.27

Extranet.sytrain.com Shared Documents page

Extending Your Web Application

199

When entering the site internally, using the Default zone, WSS 3.0 will still continue to reference http://intranet. Alternate access mappings are also especially useful when using a reverse proxy server to enable external access to your web application. If you use bridging to redirect your external users’ requests, you must map the external URL to the internal resource. You also want to hide this internal resource name from the external user. For example, if your external users are entering your web application using http://www.sytrain.com (which has been defi ned internally using the Internet zone and a host header of internet.sytrain.com), all their content will be sent back to them using the www.sytrain.com URL. Figure 4.28 shows the configuration for extending the web application. FIGURE 4.28

Extending the Intranet web application to the Internet zone

Figure 4.29 shows the mapping of the public URL, http://www.sytrain.com, to the internal URL, http://internet.sytrain.com.

200

Chapter 4

FIGURE 4.29

␯

Configuring the Windows SharePoint Services 3.0 Environment

Alternate access mappings for http://www.sytrain.com

Summary In this chapter you learned the configurations necessary to complete your WSS 3.0 environment. You learned the following topics: 

Managing Central Administration



Configuring Central Administration security



Configuring administrative tasks and services



Creating and managing web applications



Creating a WSS 3.0 namespace



Configuring web application authentication



Extending a web application



Configuring alternate access mappings



Configuring names resolution



Implementing access policies



Configuring Information Rights Management



Creating and configuring the site collection hierarchy

Exam Essentials Know how to manage Central Administration. Be familiar with the pages in the Central Administration website and know how to use them to configure your environment. Be able to implement security. Know how to create and manage web applications. Be able to create and manage a WSS namespace. Know how to extend your web application.

Exam Essentials

201

Know how to configure web application security. Be able to configure authentication for your web application, including NTLM, Kerberos, and forms-based authentication. Know how to configure SSL and how to implement access policies. Understand how to use and configure alternate access mappings. Understand how WSS 3.0 uses alternate access mappings to present content to different users. Know how to configure alternate access mappings for external users when using a reverse proxy server. Understand how to configure Information Rights Management (IRM). Understand when IRM is necessary in your WSS environment. Know the components needed to implement IRM in WSS 3.0. Know how to create and manage site collections. Be able to create managed paths, and know how to implement and manage site collection tasks.

Chapter 4

202

␯

Configuring the Windows SharePoint Services 3.0 Environment

Review Questions 1.

You are the WSS 3.0 administrator at cityu.edu. You deploy a single web front- end server named server1.cityu.edu as a stand-alone server. You need to deploy a site for managing the graduate research documents of the university. Users are to access this site by using the URL http://gradresearch.cityu.edu/default.aspx. The solution you choose should use a minimum of hardware resources while keeping the deployment and maintenance tasks at a minimum. What should you do? A. Deploy another stand-alone web front- end server and name it gradresearch.cityu.edu. B.

2.

Create a new web application on server1.cityu.edu.

C.

Install a second stand-alone instance of WSS 3.0 on server1.cityu.edu.

D.

Deploy another web front end and make it part of a server farm.

You are the WSS 3.0 administrator for your organization. Your WSS 3.0 implementation consists of a small farm with two load-balanced web front-end servers. You have deployed two web applications. One of the web applications requires Secure Sockets Layer (SSL). You have obtained the necessary certificate(s) from a trusted certificate authority. What should you do? A. Install a certificate on each web front- end server. B.

3.

Install a certificate on the database server.

C.

Install a certificate on the first configured web front- end server.

D.

Install a certificate on each web front- end server and the database server.

You are the WSS 3.0 administrator for cityu.edu. Your WSS 3.0 server farm has two loadbalanced web front- end servers named WSS01 and WSS02. You are using database server SQL1 to hold the WSS databases. You will be deploying multiple site collections for the Graduate department. You need to determine the WSS namespace to use. What should you do? A. Use http://WSS01.cityu.edu as the URL. B.

4.

Use http://Grad.cityu.edu as the URL.

C.

Use http://Grad.cityu.edu/sites as the URL.

D.

Use http://WSS01.cityu.edu/sites as the URL.

You are the WSS 3.0 administrator for your organization. You are using network load balancing (NLB) for your two web front- end servers, WSS01 and WSS02. You defined the IP address of your NLB cluster as 10.10.24.10. Now you need to configure the namespace of your WSS 3.0 deployment on the Domain Name Server (DNS) to support the configuration. What should you do? A. Create a single host record called WSS and configure it with the IP address of 10.10.24.10. B.

Create a host record for WSS01 and a second host record for WSS02. Configure both to use the IP address of 10.10.24.10.

Review Questions

5.

203

C.

Create two CNAME records in DNS, one for WSS01 and one for WSS02. Target each one of the aliases to the fully qualified domain names (FQDN) of the respective physical servers.

D.

Create a host record for WSS01 and a second host record for WSS02. Configure both to use the IP address of 10.10.24.10. Configure DNS round-robin in the settings.

You are the WSS 3.0 administrator for cityu.edu. Your WSS 3.0 server farm consists of two web front- end servers, WSS01 and WSS02, and a back- end database server, SQL01. You have already deployed several site collections using the load-balanced URL http:// local.cityu.edu/sites. You want to deploy several sites for the History department. You want to group these sites together and yet keep them isolated from the existing content. You need to determine the WSS namespace to use. What should you do? A. Use http://local.cityu.edu as the load-balanced URL.

6.

B.

Use http://local.cityu.edu/history as the load-balanced URL.

C.

Use http://local.cityu.edu/sites/history as the load-balanced URL.

D.

Use http://local.cityu.edu/sites as the load-balanced URL.

You are the WSS 3.0 administrator for your organization. You deploy a single web front- end server named wss01.company.com for your environment. You want to create a namespace for your HR documentation files. You create a site collection at the root path of your web application. How would users access the site collection? A. Using http://www.company.com/default.aspx

7.

B.

Using http://www.company.com/sites/default.aspx

C.

Using http://wss01.company.com/sites/default.aspx

D.

Using http://wss01.company.com/default.aspx

You are the WSS 3.0 administrator for your organization and have deployed a stand-alone installation of WSS 3.0 that is used solely by remote clients. Each user must provide a username and password to access the site. So that all your clients are supported, you have configured the web application to use both Windows Integrated and Basic authentication. You have configured both the Internet Information Services (IIS) management console and SharePoint Central Administration to allow Basic authentication. Next you need to secure your users’ credentials. What should you do? A. Configure Kerberos authentication.

8.

B.

Enable Secure Sockets Layer (SSL).

C.

Modify the web.config file to allow forms-based authentication.

D.

Enable Internet Protocol Security (IPSec).

You are the WSS 3.0 administrator for your organization. Your WSS 3.0 environment supports both internal and external users. Your web front- end server is deployed in a perimeter network and the back- end database server is contained on your internal network. For internal users, you configure the Default zone of your web application to use Windows authentication. For the external users you want to use forms-based authentication to the web application. You want to keep the administrative overhead to configure your external users to a minimum. What should you do?

Chapter 4

204

␯

Configuring the Windows SharePoint Services 3.0 Environment

A. Add a second zone to the existing web application and configure it to support forms-based authentication.

9.

B.

Create another web application on the same web front end and enable it to duplicate the content of the original web application. Configure the new web application for forms-based authentication.

C.

In addition to Windows authentication, enable anonymous access to the web application.

D.

Create a second web application on another web front end. Link all the content from the original web application to the new web application. Configure the new web application for forms-based authentication.

You are the WSS 3.0 administrator for your organization and have installed a server farm WSS 3.0 environment with four web front- end servers, a back- end database server, and an application server configured for search. You have Rights Management Services (RMS) for Windows Server 2003 installed on your network. You want to protect your sensitive documents and have to enable Information Rights Management (IRM) for WSS 3.0. You must install Windows Rights Management Services Client, version 2. On what computer or computers should you install Windows Rights Management Services Client, version 2? A. On the back- end database server. B.

On the application server configured for search.

C.

On each user’s computer.

D.

On the first installed web front- end server.

E.

On all web front- end servers.

10. You are the WSS 3.0 administrator for your organization. You have deployed WSS 3.0 to internal users using the URL http://orgname. You want to configure your site for external users using the URL http://www.organame.com. You add the domain name www.orgname.com as a host record in DNS. What should you do next? A. Configure a reverse proxy server to forward all requests for http://www.orgname.com to http://orgname. B.

Configure a reverse proxy server to forward all requests for http://orgname to http://www.orgname.com.

C.

Configure an alternate access mapping and add http://www.orgname.com as an internal URL.

D.

Configure an alternate access mapping and add http://www.orgname.com as a public URL.

11. You are the WSS 3.0 administrator for your organization. You have deployed WSS 3.0 and want to make certain access to your Central Administration website is secured by using an SSL certificate to encrypt traffic. What should you do? A. Install the certificate on the database server containing the configuration database for your WSS 3.0 installation. B.

Install the certificate on the database server containing the content database for the Central Administration site.

Review Questions

205

C.

Install the certificate on the web front- end server(s) containing the Central Administration web application.

D.

Install the certificate on all web front- end servers containing web applications for your WSS installation.

12. You are the WSS 3.0 administrator for your organization. You have completed your installation and want to customize the administrator tasks for WSS 3.0. What should you do? A. Click the Administrator Tasks link on the Home page of the Central Administration site. B.

Click the Farm Topology link on the Home page of the Central Administration site.

C.

Click the Resources link on the Home page of the Central Administration site.

D.

Click the Services on Server link on the Operations page of the Central Administration site.

13. You are the WSS 3.0 administrator for your organization. You have completed your installation and want to view and configure the services on all the servers in your farm. What should you do? (Choose all that apply.) A. Open the Administrative Tools  Services Management Console on each of the servers and configure the appropriate services. B.

Open the Services on Server page from the Operations page of Central Administration, select the desired server, and configure the services.

C.

Open the Servers in Farm page from the Operations page of Central Administration, select the desired server, and configure the services.

D.

Open the Administrative Tools  Services Management Console from the Action menu connected to the server you want to configure services on, and configure the appropriate services.

14. You are the WSS 3.0 administrator for your organization. You are creating a new web application for your environment. You want the web application to be secure. What should you do? A. Select Kerberos in the Security Configuration section of the Create New Web Application page in Central Administration and add a certificate from a trusted certificate authority to the web front- end servers containing the web application. B.

Select SSL in the Security Configuration section of the Create New Web Application page in Central Administration and add a certificate from a trusted certificate authority to the database server containing the content database.

C.

Select SSL in the Security Configuration section of the Create New Web Application page in Central Administration and add a certificate from a trusted certificate authority to the web front- end servers containing the web application.

D.

Select SSL in the Security Configuration section of the Create New Web Application page in Central Administration and add a certificate from a trusted certificate authority to the web front- end servers containing the web application and the database server containing the content database.

Chapter 4

206

␯

Configuring the Windows SharePoint Services 3.0 Environment

15. You are the WSS 3.0 administrator for your City University. You have deployed WSS 3.0 for your intranet users who access the site as http://cityu.edu. You want external users to access the site using the fully qualified domain name www.cityu.edu. What should you do? A. Configure an alternate access mapping and add http://www.cityu.edu as a public URL. B.

Configure an alternate access mapping and add http://www.cityu.edu as an internal URL.

C.

Create a new web application with a load-balanced URL of http://www.cityu.edu.

D.

Configure a reverse proxy server to forward all requests for http://www.cityu.edu to http://cityu.edu.

16. You are the WSS 3.0 administrator for your organization. You have configured your WSS implementation on a server named WSS01. This server is a member of the internal.cityu .edu domain. A reverse proxy server maps requests for wss.cityu.edu to wss01.internal .cityu.edu. Users accessing the site using wss.cityu.edu report that some images are not displaying. When you enter the site internally using wss01.internal.cityu.edu, all images display correctly. When you use http://wss.cityu.edu, you find that some links are using the incorrect URL of wss01.internal.cityu.edu. What should you do? A. Create a new host record in DNS for wss.cityu.edu. B.

Create an alias or CNAME record in DNS for wss.cityu.edu.

C.

Create an alternate access mapping for the Default zone that specifies http://wss .cityu.edu as a public URL.

D.

Create an alternate access mapping for the Default zone that specifies http://wss .cityu.edu as an internal URL.

17. You are the WSS 3.0 administrator for your organization. You have both internal users and external users to your WSS 3.0 web application. You must implement a solution so that both the internal and external users can access the content using different URLs. Your solution should minimize administrative overhead and hardware requirements. What should you do? A. Extend the web application by defining separate zones for internal and external users. B.

Create separate web applications for internal and external users.

C.

Create separate WSS 3.0 deployments for internal and external users.

D.

Create separate content databases for internal and external users.

18. You are the WSS 3.0 administrator for your organization. You are creating a new site collection in your current web application. Since this new site collection will contain a large amount of data, you want to create it in its own content database. What should you do to ensure the new site collection is created in a new content database? A. In Central Administration, remove the web application’s current content database. B.

In Central Administration, set the status of the web application’s current database to Offline.

Review Questions

207

C.

In Central Administration, set the status of the web application’s current database to Ready.

D.

Using SQL Server Management Studio, select the properties of the current database for the web application and set its status to Offline.

19. You are the WSS 3.0 administrator for City University. You have deployed WSS 3.0 on a single server, WSS1. All users at the main campus are accessing your WSS site. You want the three satellite campuses to access the site but using a different URL, http://campus .cityu.edu. You configure your DNS server with the appropriate settings. What should you do next? A. Create an alternate access mapping on WSS1 for http://campus.cityu.edu and associate it with the Extranet zone. B.

Add a host header for http://campus.cityu.edu in the IIS properties of the college website.

C.

You need to take no further action.

D.

Edit the hosts file on WSS1.

20. You are the WSS 3.0 administrator for your organization. Your environment hosts an internal web application on your company’s domain using the Default zone URL of http:// internal. You want to make the web application available to users over the Internet using http://www.cityu.edu. How must you configure the alternate access mappings for the web application? (Choose all that apply.) A. Configure http://internal.cityu.edu as an internal URL for a reverse proxy publishing rule in the Internet zone. B.

Configure http://internal.cityu.edu as an internal URL for a reverse proxy publishing rule in the Default zone.

C.

Configure the reverse proxy server to forward all requests for http:// www.cityu .edu to http://internal.

D.

Add http://www.cityu.edu as a public URL in the Internet zone.

208

Chapter 4

␯

Configuring the Windows SharePoint Services 3.0 Environment

Answers to Review Questions 1. B. You should create a new web application on server1.cityu.edu. A WSS 3.0 installation can contain more than one web application. Whenever you create a new web application, you specify a unique URL for that web application. Since your solution requires you to minimize hardware requirements, you should not deploy another web front end. Since your solution also requires you to keep deployment and maintenance tasks to a minimum, you should not install a second stand-alone instance of WSS 3.0 on server1. 2. A. You should install a certificate on each web front-end server. Since you are using load balancing, you need a certificate on each. You do not need a certificate on the database server because authentication and encryption occur on the web front-end servers. 3. C. You should use http://Grad.cityu.edu/sites as the URL. Since this is a loadbalanced URL, you should not use the name of one of the servers but use the hostname of Grad or something similar to distinguish the Graduate department. Because you are creating multiple site collections, you should not use the root path since it only contains one site collection; you should use a path that allows multiple site collections such as the sites path. 4. A. You should create a single host record called WSS and configure it with the IP address of 10.10.24.10. Since you are using NLB and have only one address for the cluster, you should create a Host or A record to signify the mapping between the IP cluster address and the name users will use. The NLB service will then distribute the requests across all the cluster nodes. You should not create two host or CNAME records; neither action will take advantage of the NLB configuration you have put in place. 5. B. You should use http://local.cityu.edu/history as the load-balanced URL. With this URL you can group the History department’s sites together and use a dedicated path. You should not use http://local.cityu.edu because this load balanced URL is a root path and only allows one site collection. You should not use http://local.cityu.edu/ sites or http://local.cityu.edu/sites/history as both of these would not allow the history sites to be grouped together and yet isolated. 6. D. Users should access the site collection using http://wss01.company.com/default .aspx. The root path is automatically created when you create the web application. The default web application used the server name as the application path by default. Users should not use http://wss01.company.com/sites/default.aspx. This is not a valid pathname. When you create a site collection using the sites path, you must use a pathname that includes the site itself, such as http://wss01.company.com/sites/ HRData/default.aspx. 7. B. You should enable SSL. You must enable SSL for the web application using Central Administration and for the website using the IIS management console. You will also need to add a certificate from a trusted certificate authority to the IIS server. You have to enable SSL to encrypt the username and password because Basic authentication passes them in clear text.

Answers to Review Questions

209

8. A. You should add a second zone to the existing web application and configure it to support forms-based authentication. A web application can be extended to contain multiple zones, with each zone having a different method of authentication. Therefore, you should create a second zone, such as the Extranet zone for this authentication. This solution meets the requirements of keeping administrative overhead to a minimum. 9. E. Since the process of encrypting and decrypting the WSS 3.0 content is handled on the web front-end servers, the Windows Rights Management Services Client, version 2 must be installed on every web front end. 10. D. You should configure an alternate access mapping and add http://www .orgname.com as a public URL. You should not configure an internal URL because this site is used by external users. You should not use a reverse proxy because WSS 3.0 embeds its URLs, which are only changed consistently by using an alternate access mapping. 11. C. You should install the certificate on the web front-end server(s) containing the Central Administration web application. The certificate is installed in IIS for the website containing the Central Administration application. Because administrators access the Central Administration web application through its website, this is where the certificate must be installed, not on the back-end databases. 12. A. You should click the Administrator Tasks link on the Home page of the Central Administration site. This link takes you to the lists where you are able to customize and reorder your administrator tasks. 13. B, C. You should open either the Services on Server page or Servers on Farm page from the Operations page of Central Administration, select the desired server, and configure the services. Your farm services are configured using the Central Administration website. 14. C. You should select SSL in the Security Configuration section of the Create New Web Application page in Central Administration and add a certificate from a trusted certificate authority to the web front-end servers containing the web application. You should not add a certificate to the database server. 15. A. You should configure an alternate access mapping and add http://www .cityu.edu as a public URL. You should not create a new web application. You should not configure a reverse proxy to forward the requests because you want WSS to handle the content users request with the www.cityu.edu URL. 16. C. You should create an alternate access mapping for the Default zone that specifies http://wss.cityu.edu as a public URL. To return content to users so that links are translated correctly, you must specify an alternate access mapping. You must specify a public URL since it is a URL users access as opposed to an internal URL which is access by a reverse proxy server. 17. A . You should extend the web application by defi ning separate zones for internal and external users. Both zones access the same content, thus keeping administrative overhead at a minimum. Since both zones of the web application are held on the same server, the hardware necessary for the solution is also kept to a minimum.

210

Chapter 4

␯

Configuring the Windows SharePoint Services 3.0 Environment

18. B . In Central Administration, you should set the status of the database currently being used by the web application to Offl ine. Setting the database to Offl ine prohibits any new sites from being created using the content database; therefore, when you create your new site collection, a new database will be created. 19. A. You should create an alternate access mapping on WSS1 for http://campus .cityu.edu and associate it with the Extranet zone. You should not add a host header; a host header will not return content to the user with the correct URL links. Creating a hosts fi le does not provide a solution. 20. A, D. You should configure http://internal.cityu.edu as an internal URL for a reverse proxy publishing rule in the Internet zone and add http://www.cityu.edu as a public URL in the Internet zone. Alternate access mappings make content available to different sets of users using different URLs.

Chapter

5

Building and Configuring the Windows SharePoint Services 3.0 Topology MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:  Administer Windows SharePoint Services


Configure site settings

In Chapter 4, “Configuring the Windows SharePoint Services 3.0 Environment,” you learned that the Central Administration website is the primary interface for managing the SharePoint farm and web applications. Central Administration is also the principal method for creating site collections and managing their default settings. Once a site collection has been created, management and control passes to the site collection administrators. They will use the Site Settings page of the top -level site to manage the site collection and top-level site. They may also choose to create additional subsites to expand the site collection hierarchy. These subsites can then be managed either by the site collection administrators or by individual site owners using the Site Settings page in each site. In this chapter, you’ll learn how to expand and manage a site collection from a single site to a hierarchy of sites. The primary focus will be the Site Settings page and how it can be used to manage either a site collection or an individual site. You’ll also examine the process and potential reasons for creating additional subsites. Using the Site Settings page, you’ll learn how to modify the basic look and feel of a site. You’ll also learn the purpose of and how to use the galleries in the top-level site and subsites. Finally, you’ll review how to manage both an individual site and site collection using other links on the Site Settings page.

Planning the Site Collection Hierarchy By now you’ve seen how the farm administrators use the Central Administration website to create a web application and site collection. As part of the creation process, control of the site collection was delegated to a primary and secondary site collection administrator. If you are that site collection administrator, then you are wondering, “Where do I go from here?” Your fi rst task will be to decide whether to leave the site collection as a single top level site or build it out to include a hierarchy of sites.

One Site or a Hierarchy? SharePoint sites function best when they are centered on a particular task, like a project, or are used by a specific group of people, such as a project team or department. Sites that don’t have a good focus will become stale and will fall into disuse. For example, if a site is used to store critical company information, develop documentation for new product releases, and track customer responses, the site will become increasingly diffi cult to

Planning the Site Collection Hierarchy

213

organize and manage. Of course, there is also an opposite extreme, where site usage is so individualized that no one can fi nd anything because of the overwhelming fragmentation of content. Site collection administrators should strive for a balance that maintains the focus of each site without detracting from the overall organization of the site collection. To decide how many sites you want and how to organize them in a site collection, you must consider a number of factors, including: 

How many users will use the sites



How the users will interact with one another



Whether the site will be used for collaboration or distribution of information



What kind of information will be stored in the sites



Whether content on the site needs to be secured

Although the focus of this chapter is on managing a site collection, there may be times when you should consider asking the farm administrators for another site collection rather than creating subsites within a site collection. Subsites within a site collection have the advantage of sharing the following elements: 

Navigation (Top Link bar and breadcrumbs)



Site columns and content types



Site templates



Workflows



Security inheritance



Lookup fields across lists



Search scopes

But there are times when you might want to use top-level websites in specific site collections because you need to: 

Implement a different default security



Back up the site collection database separately



Reorganize the site hierarchy



Limit workflows or web parts available for use



Be able to search that set of sites only



Manage the amount of space used by sites

You should also take into account whether you actually need a new site instead of just a new web part page, list, or library within a site. Although each new site created includes a default.aspx page, if all you need is more screen real estate to display information stored in a site, then you can just create a new page for the existing site. You can also create additional lists or libraries to store different kinds of content without having to create a new subsite. Subsites are best used when you want to create something that you can use to store a collection of various kinds of information for a specific group of users or a specific purpose.

214

Chapter 5




Building and Configuring the WSS 3.0 Topology

Determining Site Objectives Once you’ve decided to create additional subsites in the site collection, you have to determine how many and what type of sites you need. You must fi rst consider what the objective is for the creation of each site. Three primary objectives form the underlying purpose for most SharePoint sites: Document Storage Many sites are created to replace other systems of centrally storing fi les, like network fi le shares. SharePoint sites provide a variety of types of libraries specifically designed for storing different kinds of fi les. For example, an image library that provides a built-in slideshow view can be used to store graphics fi les. Libraries also provide capabilities like check-in/check- out, versioning, and approvals that make them a better place to store fi les than traditional network fi le shares. Collaboration Sites can also be used as places that help members of a group or organization work together. Collaboration sites provide features that focus on sharing information, discussing ideas, and working toward a specific goal or deliverable. Collaboration sites can vary depending on such factors as the size and complexity of the team or the objective. For example, a site may be used by a small group project team to organize and store information about the project that they are working on, while another site may provide a geographically distributed organization with a location where all employees can discuss and plan for the growth of the organization. Communication Sites can also be used as an effective mechanism for distribution of information to a wider audience. The information can be in the form of either unstructured content, such as documents, or structured content, such as a list view. For example, a company may use a centralized SharePoint site to house the 401(k) prospectus for an upcoming HR open enrollment or to display a list of company contact information. A communications site may even be combined with a collaboration site to both collect information and distribute it to a different group.

Identifying the Site Environment Another important factor that you will need to identify is the kind of environment for which your sites are intended. Intranet sites often have different requirements from an extranet or Internet site. For example, intranet sites designed for collaboration often have a variety of security levels controlling who can view, add, modify, delete, or approve content on a site. In contrast, Internet sites are often used for communication where the majority of users will access the site to read content anonymously. Table 5.1 summarizes some of the factors related to the environment that you should consider when you’re planning your site hierarchy. They may influence the number of sites or the type of sites that you will build.

Planning the Site Collection Hierarchy

TA B L E 5 .1

215

Environment Factors to Consider During Site Planning

Environment

Typical Factors

Examples

Intranet

Organization size

Small project group Department or division in a larger organization Entire company

Extranet

Mix of internal and external users

An intranet extended to external trading partners

Use of a hosting service

Dedicated extranet hosted by organization An extranet supported by a hosting company

Internet

Mix of internal and external users Use of a hosting service

An Internet authored by internal users An extranet supported by a hosting company

Anonymous access

Each of these target environments has characteristics that shape how you will manage your SharePoint environment. It may influence what kind of site you build. For example, some site features like blog comments may present problems in an anonymous access environment. The environment may even dictate how your users are authenticated. Finally, use of an external hosting service may limit your ability to deploy customizations. Knowing the strengths and limitations of your target environment will help you decide what SharePoint sites and capabilities are available in your site collection.

Mapping User Needs to SharePoint Capabilities It’s also important to ask yourself what users intend to use the site for. Determining the needs of your users and mapping them to specific SharePoint capabilities will help you determine what type of SharePoint site or sites you will build for your users. You’ve already considered whether your sites will be used primarily for document storage, collaboration, or communication. In addition to these high-level factors, you should also consider any specific needs your users will have. For example, determine whether your users will need to: 

Access information or documents while traveling or working offline



Use email to communicate with other site members, send attachments, or archive messages



Quickly disseminate ideas using Internet blogs or wikis



Be alerted to changes to the site



Work with data from non-SharePoint sources

216

Chapter 5




Building and Configuring the WSS 3.0 Topology

Each of these user needs can be mapped to different lists, libraries, site templates, or Features. Building sites in your hierarchy that either include these capabilities or sites where they can be easily added is your goal in designing your site hierarchy.

Other Considerations There are two fi nal general considerations that should be taken into account when planning your site hierarchy. The fi rst is the way that the Windows SharePoint Services (WSS) 3.0 search function operates. The ability to search content stored in multiple sites may determine where a site is placed in your hierarchy. You will also need to take into account how users will navigate from site to site. By default, navigation in WSS is generated dynamically, so you will want to consider how deep and how wide you will build your hierarchy to make maximum use of SharePoint’s built-in navigation.

Search Limitations Search in WSS is automatically scoped to search the current context and things below it. That means if you are in a subsite, the search scope will include all the content in that site and any sites below it in the hierarchy, but it will not return content that is in the parent site or sites higher in the hierarchy. When you’re in a document library or list, there is also a This List scope that searches only the current list, library, or folder. These search scopes automatically appear in the search drop -down menu and can’t be modified. This means that the organization of your hierarchy will impact how easy it is for users to fi nd information. Many of the limitations of WSS search have been overcome through the release of Microsoft Search Server Express 2008. However, for the purpose of preparing for the 70-631 exam, you should limit yourself to the built-in capabilities of WSS search. You can get more information about Search Server at http://www.microsoft

.com/enterprisesearch/serverproducts/searchserverexpress/.

Navigation Considerations WSS incorporates three dynamic navigation controls: breadcrumb trails, the Quick Launch bar, and the Top Link bar. Each control is configured to dynamically show different aspects of the SharePoint hierarchy of sites, lists, and libraries. Top Link Bar The Top Link bar is displayed horizontally across the top of the page and displays the top two levels of sites in the site hierarchy. This control provides users with instant access to the upper layers of the site collection hierarchy from anywhere. By breaking inheritance of the Top Link bar on a site, you can create multiple layers of Top Link bars in your site hierarchy.

Creating Sites

217

Quick Launch Quick Launch is displayed vertically down the left side of most pages and displays the navigation within the current selected site. It changes each time you navigate to a new site and shows the lists, libraries, and subsites contained by or below the current site. This control provides the user with local navigation. Breadcrumb This control is used in two places on the page. The global breadcrumb is displayed in the extreme upper-left corner of the page. This breadcrumb displays the portal site connection and any site in the hierarchy where inheritance of the Top Link bar has been broken. The Content breadcrumb is displayed horizontally across the top of the content area in most pages. It provides links that let users navigate within the hierarchy of a site. For example, if you are on one of the Site Settings page links, you will see links to the site, site settings, and the administrative page you are currently on. Content breadcrumbs do not appear on the home page of a site. In addition to the links added dynamically, you can manually add navigation elements to either the Quick Launch or the Top Link bar. This capability should normally be used only for external websites. Adding several manual links to navigation will significantly increase your maintenance load since these links will not be removed if the site is deleted, nor will they be security trimmed.

Creating Sites Once you’ve decided how many sites you need in your site collection and the capabilities required for each site, you are ready to start building your hierarchy. WSS 3.0 comes with 10 site defi nitions that can be used to create sites that contain a specific set of functionality. Once a site has been built, you can also customize it and save that site as a template for creating additional sites with different functionality. Since they are used the same way, site defi nitions and site templates are frequently combined and referred to collectively as site templates. You’ll learn how to save a site as a template later in this chapter.

Site defi nitions or templates are like blueprints that tell SharePoint which pages, lists, libraries, and web parts should be included in the new site. But just like building a house from a blueprint, changing the blueprint after the house is built won’t change the existing house. Existing sites can be extended by activating additional SharePoint Features or adding lists and libraries, but changing an existing site defi nition or template won’t upgrade the functionality of an existing site. So it is critical to choose the right site template when creating a new site.

218

Chapter 5




Building and Configuring the WSS 3.0 Topology

Site Definition vs. Site Template Many people use the terms site definition and site template interchangeably, but they are two distinctly different, albeit related, concepts. You should have a clear understanding of both before you start to design and build your site collection hierarchy. Site Definition Every SharePoint site is ultimately based on a site definition. Site definitions are a group of files that determine how a specific site is provisioned when it is built. These files are physically stored in a subdirectory in the 12 hive called “SiteTemplates.” It’s not surprising that people confuse them with site templates. A specific site definition may include configurations for several types of sites, but each configuration specifies what lists, libraries, and files are added to a site when it is created. It also specifies which features are activated during site creation. For example, the STS site definition includes configurations for the team, blank, and document workspace types. The blank site configuration specifies that a blank site has no lists or libraries to begin with, but the team and document workspace configurations both create different sets of lists and libraries in each site type. In addition to the site definition configurations that you can see when you create a site, there are hidden site definitions. For example, the Central Administration website is built from a site definition. Programmers can create custom site definitions that will act just like the built-in site definitions. Site Template Site templates are essentially snapshots of an existing site and are used just like site definitions to control what is part of a site when it is created. When users save an existing site as a template, they are saving two things. First, they are saving a reference to the original site definition used to build the site. This means that site templates are dependent on the existence of specific site definitions. Second, a record of all the changes made to the site since it was first created is also saved. These changes may include a copy of all the content that was added to the site. A reference to the original site definition and the changes are then saved in an XML file format and stored in a file with an .stp extension in the Site Template gallery of the top-level site of the site collection. When you create a new site using a site template, it first creates the new site using the original site definition and then applies all the changes recorded in the site template. Site templates provide a facility for easy expansion of the available types of sites by using existing sites as a pattern.

SharePoint Site Templates When you create a new site, you are presented with a tabbed interface that includes the built-in site defi nitions, custom site defi nitions added by programmers, and site templates added by users. The built-in site defi nitions are divided between two tabs: Meetings and Collaboration. The Meetings tab contains five variations on a meeting workspace, and the Collaboration tab contains the other five built-in defi nitions. Before you start considering how you might want to expand on the built-in site defi nitions with either

Creating Sites

219

custom site defi nitions or site templates, you should understand the functionality provided by each of the built-in site defi nitions. Matching site templates with user requirements is one of the key skills that will be measured by the 70 - 631 exam. Be sure you have a good grasp of the capabilities provided by each of the built-in site definitions.

Team Site Team sites are probably the most common type of site created. This template creates a site that can be used by a group of people to collaborate on the creation of a variety of types of information. It includes the following types of lists and libraries: 

Shared Documents library



Announcements list



Calendar



Team Discussion list



Contacts list



Links list

Blank Site The blank site template is a good choice when you want a blank slate to customize. It is provisioned with a single web part page that only contains an image web part. Blank sites don’t start out containing any prebuilt lists or libraries. They are a good starting point when you want to create a custom site template by building a site from nothing.

Document Workspace Document workspaces are specifically designed to facilitate the development of one or more related documents by a group of people. The inclusion of a Members list makes it easy to give new people access to the site, and the workload can easily be divided up by creating todo items in the task list. It also has the advantage of being integrated with Microsoft Word 2003 and Word 2007 so that members can manage the workspace from inside the Office environment. Document workspace sites can also be created from inside Microsoft Word 2003/2007 or when sending an attachment using Outlook 2003/2007. But workspaces are often more temporary than other sites. Once collaboration on the document is complete, it is copied to another site and the workspace is deleted. Figure 5.1 shows a document workspace site. The following lists and libraries are created by default: 

Shared Documents library



Announcements list



Tasks list



Members list



Links list

220

Chapter 5

F I G U R E 5 .1




Building and Configuring the WSS 3.0 Topology

A document workspace site

Wiki Site Sites built from this template are a collection of web pages that can easily be edited and linked together. Wikis are often used to collaborate on the capture and sharing of knowledge by a group of people. As pages are edited, a revision history is created so that you can restore a previous version if necessary. A facility is also provided that allows for the creation and linking of new pages directly from the editing surface. Wiki sites are provisioned with just a document library for storing the wiki pages. Figure 5.2 shows a wiki site just after it was created.

Creating Sites

FIGURE 5.2

221

A wiki site

Blog Blog sites provide an environment that supports journaling. Figure 5.3 shows a new blog site. On a blog site users can create posts that will be listed on the home page in reverse chronological order, with the most recent at the top. In addition to posts, it provides a facility for other users to comment on each post. Blog posts can also be categorized to facilitate easier retrieval or previous posts. SharePoint blog posts can be created and edited using a number of external software programs, including Word 2007 and Windows Live Writer. Blog sites include the following lists and libraries by default: 

Posts list (for storing blog posts)



Other blogs list (for links to related blogs)



Categories list



Comments list



Links list (for links to related resources)



Photos (picture library)

222

Chapter 5

FIGURE 5.3




Building and Configuring the WSS 3.0 Topology

A blog site

Basic Meeting Workspace This is the simplest of the meeting workspaces and is suitable for planning a general meeting. Like most of the workspaces, it consists of one site and one page and does not provide the ability to create additional pages or subsites. Figure 5.4 shows what a basic meeting workspace looks like. Any meeting workspace can be created either from the SharePoint user interface or from the meeting planning wizard in Outlook 2007. This template provisions the workspace with the following lists and libraries: 

Objectives list



Attendees list



Agenda



Document library

Creating Sites

FIGURE 5.4

223

A basic meeting workspace site

Blank Meeting Workspace Like the blank site template, this template creates a meeting workspace with nothing in it except a web part page. Use this template when you want to create a custom meeting workspace and don’t want to include functionality provided by other meeting workspace templates.

Decision Meeting Workspace This template adds two additional lists and libraries to the basic meeting workspace: a Tasks and a Decisions list. These additions make this a perfect choice for meetings where you need to record what decisions were made and who is responsible for carrying them out. This template includes the following lists and libraries: 

Objectives list



Attendees list

224

Chapter 5






Agenda



Document library



Tasks list



Decisions list

Building and Configuring the WSS 3.0 Topology

Social Meeting Workspace This workspace is a good choice when you are planning a less formal meeting such as a social gathering or a charity event. The following lists and libraries are included: 

Attendees list



Directions



Things to Bring list



Photos (picture library)

Multipage Meeting Workspace This template is similar to a basic meeting workspace with two important exceptions. The fi rst is that this site does not contain a document library by default. However, it does start with two additional web part pages presented in a tabbed interface in the content space of the home page. Additional pages can be added, up to 10, via the Site Actions menu. The additional pages contain only blank web part zones at the start. Figure 5.5 shows a multipage meeting workspace. As you can see, you will need to add web parts to the page to display content. The lack of a document library and the presence of extra pages make this workspace a good choice for a complex meeting that doesn’t focus just on documents or decisions. Necessary lists and libraries can be added to the site and the additional pages can be used to display their contents in a variety of ways. This site starts with the following lists and libraries: 

Objectives list



Attendees list



Agenda

Creating Sites

FIGURE 5.5

225

A multipage meeting workspace site

Creating a Subsite Now that you’ve considered the various factors that go into choosing what type of site and how many sites to build, it’s time to learn how to build your fi rst site. Exercise 5.1 will get you started. Using the site collection you created in Chapter 4, you’ll learn how to build a team site. You can use the same set of instructions to practice building other types of sites as well. E X E R C I S E 5 .1

Creating a Subsite 1.

On any page of the site that will be the parent site, click Site Actions in the top -left corner of the page, and then click Create.

2.

On the Create page, in the Web Pages column, click the Sites and Workspaces link.

Chapter 5

226




Building and Configuring the WSS 3.0 Topology

E X E R C I S E 5 .1 ( c o n t i n u e d )

3.

4.

On the New SharePoint Site page, fill in the following information:


In the Title text field, give your site a name.




In the Description text field, enter a longer optional description.




In the URL text field, provide the address for your site. Keep it short with no spaces.




In the Template Selection section, select Team Site on the Collaboration tab.




In the Permissions section, accept the default to inherit permissions from the parent site.




In the Navigation section, accept the defaults to display this site as both a link in the Quick Launch bar and a tab in the Top Link bar of the parent site.




In the Navigation Inheritance section, accept the default to display the Top Link bar of the parent site in your site.

Click Create and wait for your new Team Site home page to appear.

Managing Sites and Site Collections

227

Managing Sites and Site Collections Using Site Settings Now that your site collection has been expanded to include an appropriate hierarchy of subsites, it is time to learn how to customize and manage those sites. The Site Settings page is a collection of links to administrative pages that you can use to manage all aspects of your site collection and the sites it contains. You can reach this page by clicking the Site Actions button in the top -left corner of any page and selecting Site Settings from the resulting menu. You’ll see a page similar to the one shown in Figure 5.6. FIGURE 5.6

The Site Settings page

Links on the Site Settings page are organized into four or five columns depending on whether or not you are a site collection administrator. For now we’ll do a quick overview of each column and then examine the links in each column in detail.

228

Chapter 5




Building and Configuring the WSS 3.0 Topology

Users and Permissions This column contains links to pages where you can administer users, groups, and permissions. It is your main entry point for setting site collection and site-level security.

You’ll learn more about adding users and assigning permissions in Chapter 7, “Configuring Authentication and Security,” so we won’t cover the details here.

Look and Feel This column contains links to pages that allow you to adjust the appearance of a site and its navigational elements. Galleries This column contains links to custom lists and libraries that store configuration information for the building blocks you can use to enhance your site. Site Administration This column contains links to pages where you can modify administrative settings for the current site. Site Collection Administration In the top -level site, this column contains links to pages where you can modify administrative settings for the site collection. In subsites it contains a link to the Site Settings page of the top -level site. This column is only displayed if you are a site collection administrator.

Changing a Site’s Look and Feel The Look and Feel column focuses on changing what the end user sees in the user interface. Most of the links are used to modify settings that are either the default settings or were established on the New SharePoint Site page when the site was created.

Title, Description, and Icon This page lets you edit the title and description that you set when you created the site. You can also use it to change the default icon that is displayed to the left of the title. If you are on the Site Settings page of a subsite, you can even change the relative URL address of a subsite. The default icon is a graphic fi le called titlegraphic.gif that is stored in the template\ images directory of the 12 hive. You can enter the URL of any graphics fi le to use as the icon, but it’s usually best to keep the size of the graphic relatively small since the page will expand to make room for the icon. You can use any valid URL, but we recommend using a relative URL for the site. Three different locations are commonly used: /_layouts/images/graphicfilename This is the same subdirectory in the 12 hive as the default graphic. You would normally need a farm administrator to put the file in this location on every SharePoint server.

Managing Sites and Site Collections

229

/picturelibraryname/graphicfilename This would be a picture library located on this site. Using a picture library makes it easy for you to delegate who uploads the new graphic fi le. Just make sure all users have at least read access to the library. /images/graphicfilename This places the graphic fi le in the images subdirectory of the site. You can upload the fi le to this location using SharePoint Designer.

If you change the site icon, you can also enter a description for the new site icon. This description will be used as the alternate text that will be displayed by screen readers or if the graphic fi le is unavailable. Changing the URL address of a subsite should not be done lightly. If you change the URL of the site, you will invalidate any links that have been manually entered for the site, including links sent out to users via email. You will also temporarily break the ability of users to search for information on the site, at least until the next full crawl of the index service. This URL change would also have a cascading effect on any sites that are below this site in the hierarchy since their URLs contain the address of this site. Changing a parent site’s address will break established links for all lower sites also. You should only change this URL if it’s absolutely necessary. In the next exercise you’ll learn how to customize an existing site by changing the site, description, and icon displayed by the site. EXERCISE 5.2

Changing a Site’s Title, Description, and Icon 1.

On a site where you want to change the title, description, or icon, click Site Actions in the top -left corner of the page, and then click Site Settings.

2.

On the Site Settings page, in the Look and Feel column, click the Title, Description, and Icon link.

3.

On the Title, Description, and Icon page, fill in the following information:


In the Title text field, change the site’s title.




In the Description text field, enter a new longer description for your site.




In the URL text field, enter the relative address for a new site graphic, such as /Lay-

outs/images/homepage.gif.


In the Enter a Description text field, enter the alternate text you would like displayed when the graphic isn’t available.




Leave the URL name text field in the Web Site Address section set to the default.

4.

Click OK and wait for the Site Settings page to reappear.

5.

Click on the tab of your site in the Top Link bar.

230

Chapter 5




Building and Configuring the WSS 3.0 Topology

E XE RC I SE 5. 2 (continued)

Your site should now look something like the following graphic. Callouts indicate where changes were made to the page.

Tree View The default navigation on the left side of a site is the Quick Launch bar. Using the Tree View administrative page, you can change the left side navigation to include the Quick Launch bar, a hierarchical tree view, both controls, or neither control. Figure 5.7 shows a site with just the tree view enabled. One of the advantages of the tree view is that it can display multiple levels of subsites below the current site as expandable nodes. The Quick Launch bar will only show a link to subsites one level below the current site.

Managing Sites and Site Collections

F I GU R E 5.7

231

Site page with tree view navigation enabled

Removing both navigation controls does not shrink the area of the page reserved for them. It just leaves a wide border on the left side of the page.

Site Themes Site themes are an easy way to change the appearance of your site. They are composed of a set of background graphics and alternate Cascading Style Sheet (CSS) fi les that are stored together in a subdirectory. Selecting a theme changes the colors, background graphics, banners, and borders used by a site. There are 18 built-in themes available, but these can be extended by your farm administrators by adding additional theme directories to the 12 hive of your SharePoint servers. In the next exercise we will change the look and feel of an existing site by applying a theme.

232

Chapter 5




Building and Configuring the WSS 3.0 Topology

EXERCISE 5.3

Applying a Theme 1.

On a site where you want to change the theme, click Site Actions in the top -left corner of the page, and then click Site Settings.

2.

On the Site Settings page in the Look and Feel column, click the Site Theme link.

3.

On the Site Theme page, choose a theme from the Select a Theme list. You will see a preview of a typical page with the theme applied to the left of the list.

4.

Click OK and wait for the Site Settings page to reappear.

5.

Click on the tab of your site in the Top Link bar.

Your site would now look something like the following graphic; as you can see, we applied the Reflector theme. Since Reflector uses a black background, the change is apparent even in a black-and -white book.

Managing Sites and Site Collections

233

Top Link Bar The Top Link Bar page in the top-level site can be used to manually add custom links to the Top Link bar. By default, all subsites inherit the Top Link bar of their parent site, going all the way back to the top -level site. This provides quick access to the top couple of layers of the site hierarchy from any subsite in the site collection. However, if you want to manually edit the Top Link bar at a specific level, you can use the Top Link bar page on a subsite to break inheritance of the Top Link bar. You can then use the page to manually add, edit, delete, or reorder links just as you can on the top -level site. Subsites below the site where inheritance was broken will then use the new edited Top Link bar in place of the one established in the top -level site. Each time inheritance of the Top Link bar is disabled, a new link is added to the global breadcrumb trail at the top -left corner of the page. These breadcrumbs can be used to navigate between different layers of Top Link bars. In the next exercise you will learn how to customize navigation in WSS by adding a manual link to the Top Link bar. EXERCISE 5.4

Adding a Manual Link to the Top Link Bar 1.

On the top -level site in your site collection, click Site Actions in the top -left corner of the page, and then click Site Settings.

2.

On the Site Settings page, in the Look and Feel column click the Top Link Bar link.

3.

On the Top Link Bar page, click New Link in the Toolbar.

4.

On the New Link page, fill in the following information:


In the Web Address text field, type the address of a website that you would like to add to the Top Link bar. For example, you might want to add the URL for the Microsoft SharePoint Office Online site (http://office.microsoft.com/en-us/ sharepointserver/default.aspx).




In the Description text field, type the name you would like displayed on the navigation tab.

5.

Click OK and wait for the Top Link Bar page to reappear.

6.

On the Top Link Bar page, click Change Order in the Toolbar.

7.

Notice that you can change the order of the navigation tabs by using the Link Order drop - down lists.

8.

Click Cancel and wait for the Top Link Bar page to reappear.

9.

You should now see the tab you added as the last tab on the right side of the Top Link bar.

Chapter 5

234




Building and Configuring the WSS 3.0 Topology

Quick Launch The Quick Launch page can be used just like the Top Link Bar page to add edit, delete, and reorder navigation entries in the Quick Launch bar of a site. However, since the Quick Launch bar displays local navigation, it is never inherited from the parent site and can always be edited. You can also use this page to add headings that will be used to organize individual navigation links in the Quick Launch bar into groups. Links that are manually added to the Top Link bar or Quick Launch bar will not be removed if the site, list, or library to which they point is deleted. They must be removed manually.

Save Site as Template Once you’ve completed customizing a site by adding lists, libraries, or web parts, or by modifying the Quick Launch bar navigation, you can take a snapshot of the site to be used to create other sites just like it. Saving a site as a template will allow you to easily expand the number of site templates available when creating subsites. You can even include sample content in the lists or libraries you’ve added to the site. Exercise 5.5 steps you through saving a site as a template. By default, site templates are limited to no more than 10MB in size, so you can’t store much sample content. This default size can be increased by using the following Stsadm command: stsadm -o setproperty -pn max-template-document-size -pv newsize For example, a newsize of 100MB would be 100000000. You’ll learn more about Stsadm in Chapter 8, “Administering the Implementation.”

EXERCISE 5.5

Creating a Template from an Existing Site 1.

On a site you want to save as a template, click Site Actions in the top -left corner of the page, and click Site Settings.

2.

On the Site Settings page, in the Look and Feel column click the Save Site as Template link.

3.

On the Save Site as Template page, fill in the following information:


In the File Name text field, type in a filename with no extension. Your template will be saved as with an .stp extension.

Managing Sites and Site Collections










235

In the Template Name text field, type a short display name for your template. In the Template Description text field, provide a longer description of the template you are creating. If you want to include the content from the site as sample content, select the Include Content check box.

4.

Click OK.

5.

On the Operation Completed Successfully page, either click OK to return to the Site Settings page or click the Site Template Gallery link to navigate to the gallery where the new site template is stored.

236

Chapter 5




Building and Configuring the WSS 3.0 Topology

E XE RC I SE 5.5 (continued)

Now that you have saved the site as a template, you can use it to create a new subsite within this site collection. The next time you create a new site, you will see an additional tab like the one shown in the followed graphic labeled Custom in the Template Selection section of the New SharePoint Site page. When you click the tab, you will see the new site template that you just created.

Managing Sites and Site Collections

237

Saving a Site as a Template Susan is a project manager in your company who has been using WSS 3.0 team sites to manage all her projects. Recently the CIO of your company has called you to ask you to help Susan communicate what she has learned about using SharePoint for project management to other project managers in your company. In your conversations with Susan, you find that she is using all the basic functionality of a standard team site but has also added some extra lists that she uses to help manage projects. In addition to the standard team site functionality, she has added the following:


A Project Tasks list with a Gantt chart view web part on the home page




An Issues list




Links in the existing Links list to project documentation samples stored in a centralized read-only document library

In addition, Susan has changed the Site Image web part to show the corporate logo and set the site to use a theme that matches the company color scheme. With Susan’s help you modify the root-level team site in a new site collection to be a sample project starter site with the capabilities listed here. You then save the site as a template, including the content, and assign the template the name Project Site. Other project managers will now be able to use this template to create new subsites for each project they manage.

Reset to Site Definition When a site is fi rst created, it is provisioned with “noncustomized” pages, like the default. aspx page, that are physically stored in the 12 hive rather than the content database for the site. You can customize the layout or controls of these pages using SharePoint Designer.

You’ll learn more about using SharePoint Designer to customize sites and pages in Chapter 9, “Managing Customization.”

Once a page has been customized, it is stored in the content database along with other content created directly on the site. The Reset Page to Site Defi nition Version page can be used to return either a single customized page or all the customized pages in a site back to their original form. Figure 5.8 displays the page used to reset pages to the original. This will only affect the layout and any custom controls that were added to the page; this does not affect content added to the site because content is stored in lists and libraries and not directly on the page. Web parts added to web part zones on the page will also be unaffected.

238

Chapter 5

FIGURE 5.8




Building and Configuring the WSS 3.0 Topology

Reset Page to Site Definition Version page

To reset a single page to its original form, select the Reset Specific Page to Site Defi nition Version radio button and fi ll in the URL address of the page in the Local URL for the Page text field. Clicking the Reset button will reset that one page. To reset all the customized pages on a site, select the Reset All Pages in This Site to Site Defi nition Version radio button and click the Reset button.

Configuration Galleries Galleries are customized lists and libraries that are used to store configuration information about various components used by SharePoint in a site collection or site. Most of the galleries are document libraries that are used to store templates or XML configuration fi les, such as the Site Templates gallery or the Web Parts gallery. But some of the galleries are also lists. For example, the Site Content Types gallery is a list that stores configuration about the content types available in a particular site.

Managing Sites and Site Collections

239

Seven galleries are available in the top-level site of the site collection: 

Master Pages



Site Content Types



Site Columns



Site Templates



List Templates



Web Parts



Workflows

Three of these galleries, Master Pages, Site Content Types, and Site Columns, are also available on the Site Settings page of each subsite. Specific uses for these galleries will be covered in other chapters in the book.











Site templates were covered earlier in this chapter. Site columns, site content types, list templates, and workflows will be covered in Chapter 6, “Configuring Lists and Managing Documents.” Master pages will be covered in Chapter 9, “Managing Customization.” Web parts will be covered Chapter 10, “Extending Windows SharePoint Services.”

Managing Sites The links in this column can be used by the site owner or site collection administrator to perform administrative and maintenance tasks for the site. They can be used to change default settings for a site; navigate to lists, libraries, or subsites; extend the functionality of the site; or even delete the site. This column is where most of the configuration of an individual site is done.

Regional Settings The Regional Settings page controls how location-specific elements are displayed and formatted by SharePoint. Using this page, you can control the default time zone for a site, specify how dates and money are formatted, indicate what alphabet will be used in sorting, specify what days are in a workweek, and indicate whether time is displayed in a 12-hour or 24 -hour format. Regional Settings can be customized at several levels in a SharePoint installation. Using the Regional Settings page, you can change seven settings

240

Chapter 5




Building and Configuring the WSS 3.0 Topology

that will affect how your site displays and formats certain information. Figure 5.9 shows the Regional Settings page. The individual settings are: FIGURE 5.9

Regional Settings page

Locale This setting describes the country and language to be used by your site. It has no effect on the actual language used in the user interface, but will modify things like how dates are displayed, how money and numbers are formatted, and other region-specific formatting. For example, selecting English (US) will display dates with the month followed by the day (mm/dd/yyyy), but selecting English (Canada) will display dates with the day followed by the month (dd/mm/yyyy). Sort Order This setting affects how lists and libraries are sorted. Some languages have different character sets that change how items are sorted alphabetically. Unless you have loaded an alternate language pack, you will rarely change the sort order. Time Zone SharePoint stores time in Universal Time Code (UTC) format in the content database. But it displays time based on the regional time zone setting. Changing this can adjust times and dates for a website used by people in one time zone when the server is physically located in another time zone.

Managing Sites and Site Collections

241

Set Your Calendar This setting can be used to change the default calendar that your site will use. Most sites will use Gregorian, which is the default, but some sites may need to adjust for the calendars used by other cultures in the world. It can also be used to display the week number in the date picker control used to select a specific day when entering date information. Enable an Alternate Calendar This allows you to track dates in two different calendar formats and display them on the same calendar page. Figure 5.10 displays a calendar in Hebrew. F I G U R E 5 .1 0

Calendar page with Alternate Hebrew Lunar calendar enabled

Define Your Work Week This setting changes the default days of a workweek and the default start and end times for a normal workday. Time Format This setting allows you to select between a 12-hour and 24 -hour format for time values. Changing the Locale setting may automatically change this setting.

Chapter 5

242




Building and Configuring the WSS 3.0 Topology

The global settings for the farm are established based on the Regional Settings of the SharePoint server. The time zone can then be overridden for a specific web application in the Web Application General Settings on the Application Management tab of the Central Administration website. The Regional Settings page can then override the web application defaults for a specific site. The Regional Settings of a site will inherit from the parent site when the site is created. After that, you will need to manage each site’s Regional Settings independently. If you change the Regional Settings for the top-level site of the site collection, they will not be inherited by existing sites in the site collection. Individual users can override the default Regional Settings for a site by using the My Regional Settings link in the toolbar on their User Information page. You can see your own User Information page by clicking on the Welcome menu and selecting My Settings. In the next exercise you will learn how to override the default regional settings for a specific SharePoint Web site. EXERCISE 5.6

Overriding the Default Regional Settings 1.

On a site where you want to override the default regional settings, click Site Actions in the top -left corner of the page, and then click Site Settings.

2.

On the Site Settings page, in the Site Administration column click the Regional Settings link.

3.

On the Regional Settings page, fill in the following information:


In the Locale drop - down, select a different locale. For example, selecting English (Canada) will change your default date formatting to dd/mm/yyyy instead of mm/ dd/yyyy.




Leave the Sort Order option set to General.




In the Time Zone drop - down, change the time zone to match your local Time Zone.




Leave the Calendar and Alternate Calendar options set to their defaults.




Select the Show Week Numbers in the Date Navigator check box.







Leave the Default Work Week settings at their defaults, but for the workday, change Start Time to 9:00 AM and End Time to 6:00 PM From the Time Format drop - down list, select 24 Hour.

4.

Click OK.

5.

Click on the tab of your site in the Top Link bar.

6.

In the Quick Launch bar on the left side of the page, click Calendar. (If this site doesn’t contain a calendar, then create one by clicking on Site Actions and selecting Create.)

Managing Sites and Site Collections

243

7. On the Calendar page in the Calendar toolbar, click New. 8. On the Calendar: New Item page, examine the formatting of the date in the Start Time text field. It should reflect the locale you chose.

9. Click the Calendar button next to the Start Time text field. You should see week numbers on the left side of the date picker control.

10. Click Cancel to exit the Calendar: New Item page.

Site Libraries and Lists This page displays a list of the lists and libraries in the current site. Selecting any of the Customize links next to the list or library names will take you directly to the Customize page for that list or library. This same page can be accessed by selecting Settings on the toolbar inside a specific list or library.

You’ll learn more about managing lists and libraries in Chapter 6.

Site Usage Reports You can use site usage reports to monitor how your users are using SharePoint. They can identify what sites should be considered for deletion because they are not used or can tell you which users are accessing sites frequently. Site usage reports won’t be available until the Usage Analysis Processing feature is configured by the farm administrator in the Central Administration website.

You’ll learn more about configuring and analyzing site usage in Chapter 11, “Monitoring Windows SharePoint Services.”

User Alerts The User Alerts page gives you an easy way to display and manage alerts created by users on lists and libraries in your site. Figure 5.11 shows the User Alerts page. Using the drop down on the page, you can select a specific user and display the alerts they have created on your site. Once you’ve displayed them, you can delete individual alerts. You cannot use this page to either add or edit alerts for users.

244

Chapter 5

F I G U R E 5 .11




Building and Configuring the WSS 3.0 Topology

Deleting user alerts

Really Simple Syndication (RSS) In the top-level site, the RSS page can be used to enable or disable RSS feeds for the entire site collection. Figure 5.12 shows the RSS page from a top -level site. On subsites the page can be used to enable or disable feeds for this subsite only. You can also set the Copyright, Managing Editor, and Webmaster values that will be included in the feed. Finally, you can specify how frequently a user can request an updated RSS feed from the site by setting the Time to Live.

Managing Sites and Site Collections

F I G U R E 5 .1 2

245

RSS feed settings

Search Visibility The fi rst section of the Search Visibility page can be used to globally control whether the contents of this site are included in search results. Similar settings are also available in each list and library. Figure 5.13 shows the Search Visibility page. Selecting the No radio button under “Allow this web to appear in search results?” will prevent the site from being returned in search results. For example, you might want to limit the visibility of a site dedicated to drafting new documents from showing in the search results. Since search results are already trimmed based on permissions, this isn’t normally required.

246

Chapter 5

F I G U R E 5 .1 3




Building and Configuring the WSS 3.0 Topology

The Search Visibility page

The second section of the Search Visibility page controls how ASPX pages on the site are indexed. Since these pages are typically used to display content in the site using web parts, indexing them will often result in duplicate search entries, once for the content in the list or library and once for its display on the ASPX page. Another problem arises if some content on the site is secured with permissions that are more stringent than the permissions applied to the ASPX page. This difference in permissions is called “fi ne-grained permissions.” Content on the page will be indexed based on the permissions of the page and not the underlying permissions of the content. This could result in improper security trimming of content by the indexing service based on the permissions of the page. The default setting of “Do not index ASPX pages if this site contains fi ne-grained permissions” prevents pages on a site like this from being indexed. You can also change the setting to never index or always index the ASPX pages on a site.

Sites and Workspaces The Sites and Workspaces page, seen in Figure 5.14, displays a list of subsites directly below the current site. The sites are divided into these categories: Sites, Document

Managing Sites and Site Collections

247

Workspaces, and Meeting Workspaces. This page can be used to create new subsites or delete existing ones. You can also navigate directly to a subsite by clicking on its name in the list.

F I G U R E 5 .1 4

The Sites and Workspaces page

In the top-level website the toolbar on the page will also contain a link labeled Site Creation Permissions. Clicking this link will take you to the Site and Workspace Creation page. Any permission level that includes Browse Directories permission but does not have Create Subsites permission will be listed on the page. Checking the box next to a permission level and clicking OK will add the Create Subsites permission to that permission level.

Site Features This administrative page shows all the visible Features that are installed and scoped at the “web” level. Features can be used to customize or extend the functionality of a SharePoint site. Individual Features can be activated or deactivated using the Activate/Deactivate button to the right of each Feature.

248

Chapter 5




Building and Configuring the WSS 3.0 Topology

You’ll learn more about extending SharePoint by activating Features in Chapter 10.

Delete This Site The Delete This Site page can be used to delete the current site. Deleting a site is not something you should do without giving it a lot of thought. Deleting a site deletes all the content stored in lists and libraries in the site. Trying to delete a site that has subsites under it will also result in an error. Since site deletion is so dangerous, you are asked to confi rm the deletion in a pop -up message before it is performed. Remember, once a site is deleted it’s truly gone and the only way to get it back is to restore it from a backup. Deleted sites don’t go into the Recycle Bin. Figure 5.15 shows a site about to be deleted with the confi rmation pop -up displayed. F I G U R E 5 .1 5

Deleting a site

Managing Sites and Site Collections

249

Managing Site Collections The links in this column are different depending on whether you are on the top-level site or a subsite. On a subsite, there is only one link that will take you to the Site Settings page in the top-level site. In the top-level site, the links can be used by the site collection administrator to perform administration and maintenance of the entire site collection. Site collections are administered both in the top -level site and on the Central Administration site’s Application Management page (which we discussed in Chapter 4). You should know what can be administered in each place for the 70 - 631 exam.

Recycle Bin As we just mentioned, deleted sites and site collections do not go into a Recycle Bin. However, the Recycle Bin provides a safety net when you’re deleting fi les, list items, folders, lists, or libraries. Any deleted object will remain in a Recycle Bin associated with the user until it is deleted from the Recycle Bin or a set number of days passes. By default, items remain in the Recycle Bin for 30 days, but this can be changed by the farm administrators in the Central Administration website. If the user deletes the item from the Recycle Bin itself, then the item moves to the Site Collection Recycle Bin, otherwise known as the second-stage Recycle Bin. The item will then remain in this Recycle Bin until either the original time limit passes or it is deleted by the site collection administrator. The time limit does not reset when the item moves from the user Recycle Bin to the site collection Recycle Bin. Using the Recycle Bin link on the Site Settings page, the site collection administrator can view the contents of all the users’ Recycle Bins or the contents of the site collection Recycle Bin. The administrator can then restore items to their original location from either Recycle Bin, as you’ll see in Exercise 5.7. Items can only be restored to their original location. EXERCISE 5.7

Restoring a Deleted List from the Recycle Bin 1.

On a subsite in your site collection, click Site Actions in the top -left corner of the page, and then click Site Settings.

2.

On the Site Settings page, in the Site Administration column click the Site Libraries and Lists link.

3.

On the Site Libraries and Lists page, click the Customize “Announcements” link.

Chapter 5

250




Building and Configuring the WSS 3.0 Topology

E XE RC I SE 5.7 (continued)

4.

On the Customize Announcements page, click the Delete This List link.





Click OK in the dialog box that asks, “Are you sure you want to send this list to the site Recycle Bin? ” Wait for the Site Libraries and Lists page to appear. Select Site Settings in the Content breadcrumb just above the Site Libraries and Lists label at the top of the page.

5.

On the Site Settings page for the subsite in the Site Collection Administration column, click the click the Go to Top - Level Site Settings hyperlink. Wait for the top -level Site Settings page to appear.

6.

On the Site Settings page, click the Recycle Bin link. Wait for the Site Collection Recycle Bin page to appear.

7.

Check the left side of the page to make sure that the End User Recycle Bin view is selected. You should see the Announcements list that you deleted in the view.














8.

Click OK in the dialog box that asks, “Are you sure you want to remove ‘Announcements’ from the end user ’s Recycle Bin? ” Wait for the Site Collection Recycle Bin page to refresh. On the left side of the page, select the Deleted from End User Recycle Bin view. Wait for the view to refresh. You should now see the Announcements list again. Select the check box next to the Announcements list and click Restore Selection in the toolbar. Click OK in the dialog box that asks, “Are you sure you want to restore ‘Announcements’? ” Wait for the Site Collection Recycle Bin page to refresh.

Using the Top Link bar, navigate to the original subsite where you deleted the Announcements list.





9.

Select the check box next to the Announcements list and click Delete Selection in the toolbar.

On the left side of the page, select the View All Site Content link. Wait for the All Site Content page to appear. Notice that the Announcements list was restored with all its content.

Using the Top Link bar, navigate back to the home page of the subsite.


Notice that the Announcements list web part that was originally on the page is missing. The list was restored, but dynamic references to the list were not.

Managing Sites and Site Collections

251

Usage Summary The Site Collection Usage Summary link only appears if the Usage Analysis Processing feature has been enabled in Central Administration. The page displays information about a site collection, including storage space used, number of users, and activity levels. Figure 5.16 shows a typical Usage Summary page. Let’s look at each of these sections in detail: F I G U R E 5 .1 6

The Site Collection Usage Summary page

Storage This section displays three metrics: how much disk space is consumed by the site collection’s content, how much of that consumption is used by web discussions, and fi nally, what the maximum disk space quota is, if any, assigned to the site collection. Users The total number of users who have been given access to sites in the site collection. Activity The number of hits that have been recorded for the site collection and the average amount of bandwidth used per day over the last 30 days.

252

Chapter 5




Building and Configuring the WSS 3.0 Topology

Site Collection Features This administrative page shows all the visible Features that are installed and scoped at the “Site” level. Features can be used to customize or extend the functionality of a SharePoint site collection. Individual Features can be activated or deactivated using the Activate/ Deactivate button to the right of each Feature.

You’ll learn more about extending SharePoint by activating Features in Chapter 10.

Site Hierarchy This page displays a list of all the subsites created in the site collection, not just the direct descendants like the Sites and Workspaces page in the Site Administration column. Using the page in Figure 5.17, you can navigate directly to any site by clicking on the address in the Site URL column. Or you can go to the Site Settings page for the site by clicking the Manage link to the right of each site’s entry. F I G U R E 5 .17

The Site Hierarchy page

Managing Sites and Site Collections

253

Portal Site Connection This page lets you add a link to another SharePoint site collection that is acting as a centralized “portal” for your SharePoint farm. The link will show up on the left end of the global breadcrumb at the top of the page. Using this breadcrumb link, you can quickly navigate from this site collection to a page containing links to multiple other site collections. By implementing such a link page in one central site collection and linking to it via the portal site connection, you can expand the navigation of your SharePoint site across the site collection boundary. Figure 5.18 shows the page used to create a portal site connection. F I G U R E 5 .1 8

The Portal Site Connection page

254

Chapter 5




Building and Configuring the WSS 3.0 Topology

Summary In this chapter you learned how to expand the hierarchy of a site collection to include additional sites. You also learned how to manage existing sites and site collections. You should now know how to: 

Plan a site collection hierarchy



Create new subsites to expand the hierarchy of a site collection



Customize the look and feel of a site using the Site Settings page



Administer an individual site using the Site Settings page



Administer and monitor a site collection using the Site Settings page

Exam Essentials Be familiar with the default site templates. It’s important to know the capabilities of each site template so that you can identify which to use when planning for the creation of sites. You must also know how to enhance and save one of the existing site templates to create new custom templates. Finally, you will need to know how to create a new site using either one of the existing site templates or a custom one that you have saved. Be able to customize the look and feel of a site. You should be familiar with each of the options in this column and how they can be used to customize an individual site. Be sure you have a clear understanding of how to reset customized pages to their original state and know why you don’t lose content in the process. You should also take the time to get a good grasp of the various navigation options available in WSS. Know how to administer a site using the Site Settings page. Managing and administering sites is the focus of this chapter, so be sure you understand all the options available in the Site Administration column of the Site Settings page. Know how to administer a site collection using the Site Settings page. Site collection administrators use the Site Settings page of the top-level site to administer the whole site collection. One of the most important links in this column is the Recycle Bin. Make sure you understand the whole process involved in deleting and restoring a file.

Review Questions

255

Review Questions 1.

You are the WSS 3.0 administrator for your company. There are several new small group projects that will be starting in your company soon. You have been asked to provide a website for each project where group members can store and access shared information. Each group will need to store project documentation, important dates, and links to reference information. You decide to create a SharePoint subsite for each group in a specific site collection. What site template will best provide the capabilities required by the project groups? A. Document Center

2.

B.

Blank site

C.

Team site

D.

Multipage meeting workspace

You are the site collection administrator for your department. You have been asked by your department manager to create a site for a series of meetings to be held by your department’s team leaders to discuss project standards. The team leads will use the site to create agendas, share documents, record consensus, and track status. What site template will best provide the capabilities required by the project groups? A. Use a decision meeting workspace template to create a decision meeting workspace.

3.

B.

Use a collaboration site template to create a team site.

C.

Use a collaboration site template to create a blank site.

D.

Use a meetings site template to create a basic meeting workspace.

You are the SharePoint administrator for your company. At the request of the research and development department, you have created a custom site based on their requirements. They want you to save the site as a template so that different groups in their department will be able to build sites based off this custom model. Of the following options, which ones are part of the process of saving a site as a template? (Choose two.) A. On the Site Settings page, in the Look and Feel column click Save Site as Template. B.

4.

On the Site Settings page, in the Site Administration column click Save Site as Template.

C.

On the Save Site as Template page, in the File Name field give the template file a name.

D.

On the Save Site as Template page, either accept the site name as the default or change the filename.

You have deployed WSS 3.0. You used SharePoint Designer to customize the layout of the default.aspx page in the WSS site. You need to remove all customizations on this page without losing any data. What should you do? A. Restore an earlier version of the site from backup. B.

Type the URL of the page into the Reset Specific Page to Site Definition Version option in Site Settings.

C.

Use Microsoft Office SharePoint Designer to re- create the original page.

D.

Retrieve the previous version of the page from the site collection Recycle Bin.

Chapter 5

256

5.




Building and Configuring the WSS 3.0 Topology

You have deployed WSS 3.0. Managers store reports in a document library on a WSS website. A manager reports that a certain report is no longer in the list of documents in the document library. She remembers that she last used the document three weeks ago. You need to recover the lost document. What should you do? A. Instruct the user to recover the document from the Recycle Bin on her computer.

6.

B.

Instruct the user to recover the document from the Recycle Bin on the Site Settings page.

C.

Recover the document from the end user Recycle Bin of the site collection Recycle Bin.

D.

Recover the document from the Recycle Bin on the WSS server desktop.

You are the WSS 3.0 administrator for your company. You have decided to set up a site that your help desk area can use to create a self-help site for SharePoint users in your company. The help desk plans to continually expand the site as users contact them with new challenges. They would like the site to be easy to edit, without requiring HTML skills. What site template will best provide the capabilities required by the help desk area? A. Blog site

7.

B.

Blank site

C.

Team site

D.

Wiki site

You are a site collection administrator for WSS 3.0. You need to deploy a custom image at the top of all pages in your site collection. What should you do? A. Use a text editor program to edit the Application.master file stored in C:\Program Files\Common Files\Microsoft Shared\web Server Extensions\12\TEMPLATE\ Layouts to add the banner image.

8.

B.

Edit the CSS style sheet for the default site to include a reference to the banner image.

C.

Use Microsoft Office SharePoint Designer 2007 to edit the default.master file.

D.

Use the Title, Description, and Icon link in the Site Settings page to change the site icon.

You are the site collection administrator for your department. You have created a custom group project site that you would like to model other project sites on by saving it as a template. If you save the site as a template with content, which of the following site elements will not be saved as part of the template? A. A custom list that was added to the site B.

A web part that was added to the default page of the site

C.

An additional web part page added to a document library on the site

D.

Custom security permissions assigned to a list in the site.

Review Questions

257

9. You are the SharePoint administrator for your company. You have been asked to create site templates for each division in your company. Each division has specific requirements that can’t be satisfied by just one template. You create site templates called Management, Operations, Manufacturing, and Shipping. You now need to use these templates to create new subsites. On the New SharePoint Site page, where will you find the new site templates? A. Under a template tab called Custom. B.

Under tabs called Management, Operations, Manufacturing, and Shipping.

C.

When you saved the site templates, you were given an option to create a tab to store them on.

D.

All sites saved as templates are located on the default Collaboration tab.

10. You are a consultant who specializes in WSS 3.0. You are having your first meeting with the SharePoint project team at Company XYZ. One of the team members asks you to explain what a site collection is. Of the following, which correctly describes common elements in a site collection? (Choose all that apply.) A. A common owner for the collection B.

A single shared top -level site

C.

At least two sites in the collection

D.

Shared administrative configuration settings

11. You have deployed WSS 3.0. On one of your sites that is used for centrally storing company documentation, you would like to create some links to external websites that contain international standards that your company upholds. You only want the links available in this site and you don’t want them to show up in search results. What should you do? A. Add links to the Links list in the site for each external site. Add the Links list as a web part on the site’s home page. B.

Go to the Top Link bar in the Look and Feel column of the Site Settings page of the site. Add a manual link for each external site.

C.

Go to the Quick Launch link in the Site Administration column of the Site Settings page of the site. Add a manual link for each external site.

D.

Go to the Quick Launch link in the Look and Feel column of the Site Settings page of the site. Add a manual link for each external site.

12. You have deployed WSS 3.0. Managers store reports in a document library on a WSS website. A manager reports that he deleted a certain report last week and then emptied the document library Recycle Bin. You need to recover the lost document. What should you do? A. Instruct the user to recover the document from the Recycle Bin on her computer. B.

Recover the document from the Deleted from End User Recycle Bin view of the site collection Recycle Bin.

C.

Restore the document from a recent full backup of the WSS website.

D.

Recover the document from the Recycle Bin on the WSS server.

Chapter 5

258




Building and Configuring the WSS 3.0 Topology

13. You have deployed WSS 3.0. Your users store expense reports in a document library on a WSS website. A user tells you that she deleted an expense report six weeks ago. You need to recover the lost document. What should you do? A. Instruct the user to recover the document from the Recycle Bin in the WSS site. B.

Recover the document from the Deleted from End User Recycle Bin view of the site collection Recycle Bin.

C.

Restore a recent full backup of the WSS website to a test server. Copy the expense report to the original document library.

D.

Recover the document from the Recycle Bin on the WSS server desktop.

14. You deployed WSS 3.0. You used SharePoint Designer to customize several pages in the WSS site. You need to remove customizations from all the pages in the site without losing any data. What should you do? A. Enable the Reset All Pages in This Site to Site Definition Version option in the Site Settings. B.

Restore an earlier version of the site from backup.

C.

Restore the previous page layout from the site collection Recycle Bin.

D.

Use Microsoft Office SharePoint Designer to re- create all the original pages.

15. You are the SharePoint administrator for your company. Your company’s servers are located in Los Angeles, but you have one group of SharePoint users who are located in Cleveland. Most of these users use one specific site. When calendar items are rolled up for display on the top -level site from that site, they are displayed in Pacific time. This has caused some miscommunication of times and dates between the Cleveland and Los Angeles offices. You want to make sure that users in Cleveland can enter time in their site relative to Cleveland time and still have it display on the roll-up event list in the top -level site on Pacific time. What do you do? A. Have each of the Cleveland users modify their My Regional Settings to use their local time zone, which is (GMT -5:00) Eastern Time (US and Canada). B.

Back up the site used by the Cleveland users and restore it to a site collection on a server in Cleveland.

C.

Modify the site collection’s Regional Settings to use Cleveland’s local time zone, which is (GMT -5:00) Eastern Time (US and Canada).

D.

Modify the Regional Settings of the site used by the Cleveland users to use their local time zone, which is (GMT -5:00) Eastern Time (US and Canada).

16. You are the site collection administrator for your department. Your department has begun using the site collection that you administer very heavily. Your company imposes a strict quota on how large a site collection can get and you are wondering how close you are to the limit. You know that the farm administrators have configured Usage Analysis Processing to track usage of sites in the WSS environment. Where can you go to find out how much of your quota you have already used?

Review Questions

259

A. Look on the Usage Summary page in the Site Collection Administration column of the Site Settings page. B.

Ask the farm administrators to look at the statistics for the content database for your site in the Central Administration website.

C.

Ask your SQL DBA to find out how big the content database for your site collection has become.

D.

Look on the Usage Summary page in the Site Administration column of the Site Settings page for each site. Add up the total usage.

17. You are the site collection administrator for your department. Project managers in your department use team sites to manage projects. Recently one of the project managers created a site for a project that has now been canceled. Since they hadn’t really started to use the site, they would like to delete it but don’t know how. You want to show them how to delete the site. What two ways can you show them that they can use to delete the site? A. Navigate to the Site Settings page on the site and select Delete This Site from the Site Administration column. B.

Navigate to the Site Settings page on the site and select Delete This Site from the Users and Permissions column.

C.

Navigate to the Site Settings page on the top -level site and select Sites Hierarchy from the Site Collection Administration column. Click the Delete link next to the site on the Sites Hierarchy page.

D.

Navigate to the Site Settings page on the parent site and select Sites and Workspaces from the Site Administration column. Click the Delete link next to the site on the Sites and Workspaces page.

18. You are the site collection administrator for your department. Several sites in your site collection are used for the creation of documentation drafts. Once completed and approved, the documentation files are moved to the top -level site for distribution. Users have recently been confused when they appeared to get duplicate hits in their search results for some documentation files. It is difficult for your users to tell from the search results which are draft versions and which are approved. You would like to filter the contents of the sites where the drafts are removed from the search results to avoid this confusion. How can you accomplish this? A. Go to the Search Visibility link on the Site Settings page for each site and select Never Index Any ASPX Pages on This Site. B.

Go to the Search Visibility link on the Site Settings page for the top -level site and set Allow This Web to Appear in Search Results to No.

C.

Go to the Search Visibility link on the Site Settings page for each site and set Allow This Web to Appear in Search Results to No.

D.

In the Central Administration website, adjust the Search Scope settings to prevent these files from being indexed.

Chapter 5

260




Building and Configuring the WSS 3.0 Topology

19. You are the site collection administrator for your department. Your company has purchased and deployed some SharePoint training material on a SharePoint site that is not in your site collection. All SharePoint users in the company have been given access to the site, but you would like to make it easy for your users to reach the site by adding it to the Top Link bar navigation of your site collection. How can you accomplish this? A. Add a link to the Links list in the top -level site of the site collection. Select the Include on Top Link Bar radio button. B.

Go to the Top Link bar in the Look and Feel column of the Site Settings page of the top -level site. Add a manual link by entering the name and URL address of the training site.

C.

Go to the Top Link bar in the Site Administration column of the Site Settings page of the top -level site. Add a manual link by entering the name and URL address of the training site.

D.

Go to the Top Link bar in the Site Collection Administration column of the Site Settings page of the top -level site. Add a manual link by entering the name and URL address of the training site.

20. You are the site collection administrator for your department. Your company has created a central site collection that it wants to use as a portal to disseminate information to all users and coordinate navigation between different site collections. A link to the top-level site in your site collection has already been added to the central site. You want to add an easy way for your users to navigate back to the central portal site. How can you accomplish this? (Choose two.) A. Go to the portal site connection list in the central site collection. Add a link to your site by entering the name and URL address of the top -level site in your site collection. B.

Go to the portal site connection link in the Site Collection Administration column of the Site Settings page of your top -level site. Add a manual link by entering the name and URL address of the training site.

C.

Go to the Top Link Bar link in the Look and Feel column of the Site Settings page of your top -level site. Add a manual link by entering the name and URL address of the training site.

D.

Ask the farm administrators to connect your site collection to the central site collection using the Central Administration website.

Answers to Review Questions

261

Answers to Review Questions 1. C. You should select the team site template to create a site that contains a document library for documentation, a calendar for important dates, and a link list for references. The blank site and multipage meeting workspace templates don’t include a document library. The Document Center is a Microsoft Office SharePoint Server (MOSS) template and is not available in WSS. 2. A. You should use the decision meeting workplace template since it contains a task list to record status and a decision list to document the consensus of the group. None of the other templates contain both of these lists. 3. A, C. The Save Site as a Template link is in the Look and Feel column, not the Site Administration column. The Save Site as Template page does not supply a default for the template fi lename. 4. B. You should type the URL of the page into the Reset Specific Page to Site Defi nition Version page that is linked to the Site Settings page. Restoring an earlier version from a backup or using SharePoint Designer will leave the page customized. Previous versions are not stored in the Recycle Bin. 5. C. The document will be in the end user Recycle Bin of the site collection Recycle Bin. Only site collection administrators can access the Recycle Bin in Site Settings. The report was deleted from the server and won’t be in the workstation Recycle Bin and won’t be in the general Recycle Bin on the server desktop. 6. D. You should select the wiki site template to create a site that contains a set of interconnected pages that are easy to edit. The blank site and team site templates provide pages that are designed to display web parts and not edited directly. The blog site could be used to report the help desk’s fi ndings as they occur and categorize them. Categorization is helpful, but doesn’t provide the browsing interconnectivity available in a wiki site. 7. D. You should change the site icon. As a site collection administrator you don’t have access to the 12 hive. Changing CSS will only affect one site, and editing the default.master fi le will affect sites on other site collections. 8. D. Site templates don’t store security permissions even if you include content. Custom lists and web parts added to the site will always be stored. Web part pages added to a document library will be stored if you include content 9. A. Site templates are always on the Custom tab. Site templates don’t create their own tabs, nor is there an option to create a tab. Site templates do not appear on the Collaboration tab. 10. A, B, D. Site collections are owned by the site collection administrators. They also have a single top-level site and share administrative configuration settings. Site collections may or may not have multiple sites.

262

Chapter 5




Building and Configuring the WSS 3.0 Topology

11. B. Manual additions of external websites can be made through the Quick Launch entry on the Site Settings page in the Look and Feel column of the site, not the Site column. Adding the links to a link list on the site will make the links searchable, and adding them to the Top Link bar will add them to every site in the site collection. 12. B. Since the manager deleted the fi le from the Recycle Bin, you will need to restore it from the second-stage Recycle Bin of the site collection. The document was deleted from the SharePoint library, so it won’t be in the user workstation or server desktop Recycle Bins. You can get it from the Recycle Bin and won’t need to restore it from backup. 13. C. You need to restore the fi le from a previous backup. Files are removed from both stages of the Recycle Bin by default after 30 days. The fi le will not be in the WSS server’s desktop Recycle Bin. 14. A. You should remove all page customizations using the Reset All Pages in This Site to Site Defi nition Version option. Restoring an earlier version or using SharePoint Designer will result in customized fi les. Files are not placed in the Recycle Bin when they are customized. 15. D. The best way to accomplish this would be to set the Regional Settings for the site used by the Cleveland users to represent their local time zone, which is (GMT -5:00) Eastern Time (US and Canada). Moving the site to another site collection will complicate rolling up the information to the top-level site. Having users change their personal settings would be overly complex, and there are no Regional Settings at the site collection level. 16. A. The percentage of your quota currently being used by your site collection can be found on the Usage Summary page in the Site Collection Administration column. Central Administration can be used to set or increase your quota, but doesn’t display how much is currently in use. The content database stored in the SQL Server may contain more than just your site collection, so its size won’t tell you what you need to know. Finally, there is no Usage Summary link in the Site Administration column. 17. A, D. Sites can be deleted from their own Site Settings page or from the Sites and Workspaces list on their parent site. The Delete link is in the Site Administration column, not the Users and Permissions column. The Sites Hierarchy page provides links to manage all the sites in a site collection, not delete them. 18. C. The Search Visibility page in each site can be used to prevent that site from being indexed. Not indexing the ASPX pages in a site will not prevent the content in the document libraries from being indexed, and the Search Visibility link in the top-level site will only affect that site, not other sites in the site collection. You also can’t use the Central Administration website since WSS does not allow administration or search scopes. 19. B. Manual additions of external websites can be made through the Top Link bar entry on the Site Settings page in the Look and Feel column, not the Site Administration or Site Collection Administration column. There is no way to flag a link in a Links list to include it on the Top Link bar. 20. B, C Adding a portal site connection to your site will add the central site collection to the global breadcrumb navigation of your sites and adding a manual link to the Top Link bar will create a tab for the central site. Adding a link to your site to the central site has already been done and will allow users to navigate to your site, not back to the portal. Also, there is no way to hook two site collections together in Central Administration.

Chapter

6

Configuring Lists and Managing Documents MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:  Administer Windows SharePoint Services 

Configure site settings

 Configure Security for Windows SharePoint Services 

Configure Information Rights Management (IRM)

Creating and managing lists and documents is not extensively tested in the 70 - 631 exam; however, if you are reading this book because you are implementing WSS 3.0, this chapter is vital to you. We felt that the guide would be incomplete without its inclusion. Therefore, we tell you up front, if your only purpose at this point is to pass the test, concentrate on the salient exam topics in the Exam Essentials and study the Review Questions at the end of this chapter. When you are ready to continue building your environment, you can take time to savor the content. In Chapter 5 you used the Site Settings page to customize and manage your site collection and sites. In this chapter you will devote your time to content. The fi rst three sections explain how WSS 3.0 manages your information. The topics we have chosen include document management, governance, and utilizing metadata. The remainder of the chapter explores implementing content by creating and maintaining your lists and libraries.

Understanding Document Management As the administrator of your site, you are the one responsible for the planning of content on your site. Even though your site might start out its life as a small collaboration site, it might evolve into a highly used document management site for your company. It is far better for you to plan ahead (remember that sign?) than to do over. Most often content on a site becomes difficult to fi nd or use because the content has been moved directly from a network fi le share into WSS 3.0. WSS 3.0 makes it easy to migrate your content. You can easily cut and paste it into SharePoint. However, attempting to emulate the fi le and folder structure of the fi le system is one of the biggest mistakes made in implementing content because this approach leads to frustrations down the line for searching and handling large volumes of content. Since users cannot use folder names to refi ne search strategies, you should utilize metadata that is easily searchable. Metadata is the process of describing information by implementing properties. Therefore, in WSS 3.0 document management environments, you should use folders sparingly as a best practice. The concept of creating a useful content management information system within the WSS structure advances the second-level administrators (both site collection and site) into information managers. After all, it is the information managers and information workers who best know their content. With that said, we want you to understand how WSS 3.0 manages content. You should be attentive as to how your content is stored and displayed. In Chapter 1 you learned

Defining Governance

265

that one of the top ten benefits of WSS 3.0 is the ability to manage documents easily and securely. So let’s see how it is done. Categorizing your organization’s content is the fi rst step in building a successful content management system. Some sample breakdowns might include: 

Content pertinent to the entire organization



Content pertinent to departments or regions of the organization



Collaboration content for information workers



Special short-term collaborative sites such as surveys or workspaces for meetings and documents



Wikis or blogs

Whereas you might have used folders in the past for some of this content, in WSS 3.0 these concepts can be efficiently handled using lists and libraries in a hierarchal site structure. So we are back to design considerations. You might fi nd you need multiple web applications, site collections, or sites to support your organization’s content. Factors directing your topology include the amount of data, the security you want to provide to the data, and its life- cycle management.

Defining Governance Once you have determined how to manage your content in WSS 3.0, you can concentrate on how you will support the use and maintenance of that content through user control, workflow processes, and technology implementation. Governance relates to management of WSS 3.0 services. As your organization embraces this technology, it must develop a governance plan that addresses how it will align WSS in these areas: 

Business requirements support



Risk and cost management



Implementation

Creating a governance plan is critical to your organization’s success in managing the use and growth of your implementation. The process to create the plan is both a business and technical exercise. Be sure to involve your stakeholders so that they understand the importance of governance and are supportive of the team charged with creating the plan. Microsoft provides the following resources for WSS governance implementation and toolsets: http://technet.microsoft.com/en-us/ office/sharepointserver/bb507202.aspx and http://www.codeplex .com/governance.

266

Chapter 6



Configuring Lists and Managing Documents

Areas to Address in Your Governance Plan Here are some areas you must address in your governance plan: Managing Navigation Governance should include the navigation structure of your implementation. You want to provide your users with easy access to the features they need to use for their work. For example, since WSS 3.0 does not natively support easy cross-site navigation, you must provide alternatives that are within your users’ comfort zone. Managing Lists and Libraries Since lists and libraries are often the domain of less technical, secondary administrators in your SharePoint implementation, your governance plan must provide automation, provisioning, and guidance to ensure consistency and compliance. A most important policy that is often overlooked in this area is the establishing of a naming convention for lists and libraries that ensures easy access and searchability. Furthermore, you might want to couple this policy with guidelines for customizing lists and libraries; for example, you might consider providing only templates approved for use as part of a customized site defi nition. Managing Content When all is said and done, it is your content that matters most to your business. Your governance plan must ensure your content is controlled, reliable, useful, and easily accessed by the right users.

Items to Consider in Your Governance Plan As you defi ne your content management concepts in your governance plan, consider the following items: Metadata Defi ned more explicitly in the next section of this chapter, metadata provides descriptive information with your content that enables users to locate and analyze business data. Quotas You can use quotes to limit your content’s growth. You need to consider the impact of your server’s response to user requests as well as the time and resources necessary to provide an acceptable backup and recovery plan. With these issues in mind, your governance plan must direct the quantity of allowable content in each of your various categories. Information Management Policy Your governance plan must address how you handle outdated content. You must configure a content expiration policy that handles the rule as well as the exceptions to outdated content. Content expiration can be handled manually or automated by using custom workflows. In either case, you must ensure auditing can be maintained according to your organization’s directives. Compliance Your governance plan must protect crucial documents and ensure compliance standards are met. By default, WSS 3.0 is a secure platform. You can build applications compliant with the Sarbanes – Oxley Act of 2002 (SOX), Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other standards.

Defining Metadata

267

You must understand that whereas WSS 3.0 provides the underlying structure for auditing, you need Office SharePoint Server 2007 or other external solutions to access audit logs. Access the whitepaper at http://go.microsoft.com/fwlink/ ?LinkId=92903&clcid=0x409 for compliance feature details in WSS 3.0.

Search Management As mentioned previously, WSS 3.0 supports search only within a site and its child sites. This fact limits users’ maximum scope of search to a site collection from its top -level site. If you need a search tool that provides a greater extensibility, you must look to Office SharePoint Server 2007 or Search Server 2008 for your needs.

Defining Metadata In WSS 3.0 lists, metadata refers to the columns used to provide supportive information for an item contained in the list. Metadata in libraries are most often called properties or attributes of the document, containing descriptive information significant for locating and analyzing the content contained within the document. As you defi ne your governance plan, much emphasis should be spent on metadata. Your plan must determine the necessary information to capture as metadata and streamline its capturing across your implementation for a particular type of content. For example, you might determine that any contract content stored in your libraries should contain particular pieces of information regardless of the type of library storing the content. You create metadata by adding custom columns, which you can configure as required if necessary. However, the most enforceable way to defi ne metadata is to create content types. Content types not only defi ne metadata that is associated with a particular class of content, but can also be used to defi ne workflows and other characteristics of the content. You can distribute content types through site templates, site defi nitions, or solution deployment. Content types are explained and created later in this chapter in the section “Introducing and Creating Content Types.”

In your governance plan, consider the life cycle of your metadata as you defi ne the life cycle of your content. Defi ne how the metadata is gathered, how it is made available to your users, which pieces of metadata are required, and most importantly, how it is used in your organization. Metadata plays an important part in analyzing content, reporting on content, and searching content. How you defi ne and streamline your metadata is significant to the success of your implementation.

268

Chapter 6



Configuring Lists and Managing Documents

In this chapter we will discuss how you implement metadata in both lists and libraries to consume, organize, and analyze your content.

Enforcing Metadata Consistency I recently consulted on a WSS 3.0 implementation at a large organization. I spent a lot of time with their governance board defining the metadata needed for the various content types. In my experience, enforcing consistency in implementing metadata is key to managing content. Since metadata provides a basic vocabulary for an organization’s line of business, user involvement in defining metadata is critical. Here are a few of the prerequisites we developed to maintain consistency in metadata for the implementation: 



Define content metadata using current business vocabulary as much as possible. Identify user groups and promote their involvement with regard to the importance, use, and customization of metadata.



Use attributes that are resistant to changes in time and organizational structuring.



Focus on reuse.



Minimize end-user metadata creation.

We documented the metadata to make certain the metadata we created was indeed used and useful. We found this to be a living document—evolving as needed for search and special list requirements. The initial results of our work were very gratifying. Those users who did their work in more than one site felt very comfortable in moving between locations. Search is currently giving quick and accurate results. Meanwhile, the users are finding the information can be accessed very quickly. As we stated in earlier chapters: plan, plan, and then plan. It is the key to success in SharePoint!

Creating and Maintaining Lists A list is a collection of information that is shared within your WSS 3.0 implementation. Lists are useful for managing and displaying important data such as calendar items, announcements, or tasks.

Creating and Maintaining Lists

269

When creating a site, you have discovered that default empty lists are also created depending on the site template you choose. Each list contains the metadata and forms most often required for the data being managed. However, you can customize any list with different or additional metadata. Furthermore, you can create new lists using the available included templates or you can create custom lists with your own settings and metadata. In this section, we will cover the following topics: 

Understanding the included lists



Creating and customizing lists



Maintaining lists by implementing settings

Understanding the Included Lists WSS 3.0 includes the following lists: Announcements You use an Announcements list to share news and other pieces of information. You can use images, formatted text, and links to display content. Calendar You use a calendar to display events. The calendar list includes a view for visualizing the content as you would see it on a desk calendar. This list can also be used in conjunction or synchronization with other calendar applications, such as Microsoft Outlook 2007. You can also enable email integration for this list, allowing you to send meeting requests to the calendar. Contacts You use a contacts list to contain and share information about people or groups you work with, such as customers or partners. You can share contacts lists with other programs compatible with WSS. Custom If you want to totally specify your own metadata for a list, you can use a custom list. You can use the list settings to add your own columns that provide descriptive information for your content. Since spreadsheets are widely used to contain content in organizations, if your spreadsheet program is compatible with WSS you can even create a list that is based on your spreadsheet. Discussion Boards You use a discussion board to provide a central place to store discussions in a newsgroup format. You can manage the discussion threads and allow only approved content to be displayed. Issue Tracking You use an issue-tracking list to manage issues such as service or helpdesk problems. Issues can be edited, prioritized, commented on, and chronologically recorded from inception to completion. Links You use a links list to provide a readily available location for links to resources you want to share with your users.

270

Chapter 6



Configuring Lists and Managing Documents

Tasks You use a tasks list to track information about projects and groups of items for your users to complete. If your email program is compatible with WSS, you can even synchronize your tasks list with it. Project Tasks This list is similar to a tasks list but also provides a graphical view or Gantt view of your tasks. You can use a WSS - compatible email program to also view or update your tasks. Survey You use a survey list to poll users and collect their feedback. You can design questions as well as the structure of the answers to gain the most analysis for your survey. You can export the results to a WSS - compatible program for further analysis.

Creating and Customizing Lists You create lists and libraries using the Create page, as shown in Figure 6.1.

F I G U R E 6 .1

The Create page

You access this page from the Site Actions drop -down menu or by clicking View All Site Content on the Quick Launch bar and selecting Create Once. The View All Site Content page displays, as shown in Figure 6.2.

Creating and Maintaining Lists

FIGURE 6.2

Accessing the Create page

Exercise 6.1 takes you through the steps to create a custom list. In this example we create a vendors list and add appropriate columns to provide detailed information about each vendor. E X E R C I S E 6 .1

Creating a Custom List 1.

Access the Create screen from the Site Actions drop - down menu, as shown in Figure 6.2.

2.

Select Custom List.

3.

On the New page, type the name and description of the list in the appropriate text boxes. Keep the default to display the list on the Quick Launch bar.

4.

Click Create.

271

272

Chapter 6



Configuring Lists and Managing Documents

E X E R C I S E 6 .1 ( c o n t i n u e d )

5.

To add columns for vendor description, on the Vendors page click the Settings menu and select List Settings.

6. On the Customize Vendors page, in the Columns section in the middle of the page, notice that Title is the only required column. Two other optional columns, Created By and Modified By, are already a part of the list description. To add more columns for descriptions, you can either select Create Column or Add from Existing Site Columns. (To keep your metadata consistent, if there is no column available to suit your purpose, rather than create a column for just this list you should create the column in the Site Column Gallery so it is available for your entire site collection.)

7. Select Add from Existing Site Columns. 8. On the Add Columns from Site Columns: Vendors page, use Ctrl- click to add the columns you want to include in the Vendors list. For our example, we are selecting Address, Business Phone, City, Country/Region, Fax Number, and ZIP/Postal Code.

9. If you want to add these columns to the default view, leave the check box selected. 10. Click OK.

Creating and Maintaining Lists

273

Another important section of the Customize page for a list or library is the Views section, which can be found at the bottom of the page. You use views to display items in a list or library in a particular manner, and metadata or columns to provide additional information about the items. When you created your list, a default view was also created. As you added columns to your list, the new columns were added to the default view as long as you did not deselect the check box to do so. You can also choose to create new views. Creating new views provides value to your lists and libraries; users are presented with the items that are important for them to do their work. A view makes these items readily available by displaying them in a well-designed, useful manner. For example, you can create a view to sort and group the items in a list or library. You can also use a view to filter the items, such as displaying the announcements pertaining only to the Sales department. The View section at the bottom of the Customize page for a list or library provides a link to create a view, as you can see in Figure 6.3. FIGURE 6.3

Creating a view

Although creating and implementing views is not covered on the 70 - 631 exam, it is vital to understand how views work with lists and libraries so you can provide your users with just the items they need to have available to them in a readily usable format.

Maintaining Lists by Implementing Settings Lists and document libraries have the same underlying architecture. Therefore, many feature settings are included in both. For example, both lists and libraries include versioning, check-in and check- out, approval, and workflow. In addition, each provides for Information Rights Management (IRM) control over attached fi les. Settings are found in the top section of the Customize page of the lists or library, as shown in Figure 6.4.

274

Chapter 6

FIGURE 6.4



Configuring Lists and Managing Documents

Implementing settings

Notice that settings are organized into three distinct sections: General Settings, Permissions and Management, and Communications.

Modifying General Settings You have the following options available under the General Settings: Name, Description, and Navigation shown in Figure 6.5:

The Name, Description, and Navigation options are

Name After the list has been created, you can change its name to provide a more descriptive one for your users. A best practice in creating a list or library is to give it a short but descriptive name that includes no spaces. You can always change the name in the General Settings section of the Customize page for the list or library so it includes spaces and is more descriptive. You should also have a naming convention for your lists and libraries throughout your WSS 3.0 implementation to make it easy for your users to find information as they search different sites.

Description Type a brief description to assist users in knowing what is contained within the list or library. Navigation Specify whether or not a link to this list or library appears on the Quick Launch bar.

Creating and Maintaining Lists

FIGURE 6.5

275

Title, description, and navigation settings

Versioning Settings Versioning settings allow you to manage the features of content approval, version history, and draft item security: Content Approval This setting specifies whether new or changed items should remain in a draft or pending state until they have been approved. By default, only users with permission to approve content will be able to see the item while it has not been approved. If Require Content Approval is selected and the item is new to the list or library, it will not be available at all to general users until approved. If Require Content Approval is selected and the item is already contained in the list or library and has been modified, general users will not see the modifications until the item is approved. Item Version History Version history specifies whether a version is created each time you edit an item in the list or library. To preserve space on your servers, you can optionally specify how many draft items to retain. If you optionally track major and minor versions, you can choose how many major versions to retain and how many major versions to keep the minor versions for. The default number of drafts a major version can have is 511. Draft Item Security Drafts are minor versions of items that are awaiting approval. This setting allows you to specify who can view the drafts of an item in the list or library. By default, only users who can approve items and the author of the item are permitted to see the draft. This setting enables you to change those who should see the draft items to be either any user who can read items or only users who can edit items. Figure 6.6 shows the versioning settings for our vendors list. We’ve specified content approval and item versioning (retaining 10 major versions as well as minor versions for the last three major ones). The figure also shows only users who can approve items or the author of the item can see the draft. This setting is the default once content approval has been selected.

276

Chapter 6

FIGURE 6.6



Configuring Lists and Managing Documents

Versioning settings

Advanced Settings choose from:

The Advanced Settings page yields a variety of settings for you to

Content Types A content type specifies an item by giving it unique properties such as columns, workflow, and other custom features. When a list or library contains multiple content types, they are displayed in the New drop -down menu. When a particular content type is selected, an item of that content type can be created along with its unique set of columns. Item-Level Permissions This setting is unique to lists. It specifies which items a user can read or edit. Often in a list you might want the author of the item to be able to have full editing access over that item and at the same time limit them from editing anyone else’s items. Furthermore, you might want to limit even those users who can view an item. Attachments This setting specifies whether users can attach fi les to items in the list. Folders This setting specifies whether the New Folder command appears on the New menu. In WSS 3.0 using content types outshines the need for folders; therefore, most often you will select not to display folders by using this setting. Search This setting is used to specify whether you want the items in the list to be available in search. Search is security trimmed; that is, only users with permissions to view the items will have them available in the search results. Figure 6.7 shows the advanced settings for our vendors list.

Creating and Maintaining Lists

F I GU R E 6.7

277

Advanced Settings page

Modifying Permissions and Management In WSS 3.0, you have the following options available under Permissions and Management, as shown in Figure 6.8: FIGURE 6.8

Permissions and Management Settings

278

Chapter 6



Configuring Lists and Managing Documents

Delete This List When you select the option to delete a list or library, all the fi les are moved to the site Recycle Bin. If the user decides to restore the list or library, they select the Recycle Bin on the Quick Launch bar and select the check box of the item they want to restore. Figure 6.9 shows the recycling in containing a deleted list. FIGURE 6.9

Recycle Bin containing a deleted list

Save List as a Template If you want to create a replica of a list or library to be used at another location, you save it as a template. If desired, you can also save the content with the template. To create the template, you need only to supply a template name, the name and description of the template, and whether you want to include content using the Save as Template page, as shown in Figure 6.10. F I G U R E 6 .1 0

Creating a list template

Creating and Maintaining Lists

279

You save columns, including custom columns, views, and workflows, with the template. If you chose to save content, you should be aware the default value is set to 10MB but you can increase that value. When the template is created, it is stored in the List Templates gallery, as shown in Figure 6.11. F I G U R E 6 .11

Operation Completed Successfully page

The next time you open the Create page to create a new list or library, the newly created list or library will appear on that page. It is just as important that you know those items that are not included in a list template: 





Security settings, including lists or users or groups with permissions to the list or library General list settings, such as displaying the list on the Quick Launch bar or whether to include attachments Lookup field links

Lists created by external vendors can also be uploaded to the List Templates gallery on the top site of your site collection so they are available to all sites in the site collection. Permissions for This List This setting has two options, as shown in Figure 6.12.

F I G U R E 6 .1 2

Managing list permissions

280

Chapter 6



Configuring Lists and Managing Documents

Manage Permissions of Parent Allows you to inherit the permissions from the site for your list or library Edit Permissions Allows you to customize the permissions for the list or library List and library permissions are discussed in detail in Chapter 7, “Configuring Authentication and Security.”

Workflow Settings This setting allows you to add a workflow to the list or library. Workflows assist your users to complete tasks for their deliverables.

Workflows are covered in more detail later in this chapter in the section “Creating and Implementing Workflows.”

Modifying Communications You have the Really Simple Syndication (RSS) settings available under Communications, as shown in Figure 6.13. F I G U R E 6 .1 3

Communications settings

RSS provides a method to make new content in a list or library readily available to users. You must fi rst enable RSS support in Central Administration and also at the site collection level before it can be implemented in a list or library. This setting allows you to enable and customize RSS settings for the list or library by selecting the channel elements for the RSS feed and the columns to display.

Creating and Maintaining Libraries

281

Creating and Maintaining Libraries You use libraries to share fi les. You apply document management features through your document libraries. In your document management plan, you should decide which libraries to use or create to fit the needs of your business processes. A library item is the fi le itself with its included properties. Most often you will use and create Document libraries since they are used to store content on which your teams are collaborating or need to have available for their business needs. However, WSS 3.0 creates other library types and provides default metadata to describe the information you contain in them. Just as described in the previous section of this chapter on lists, you can add columns, create or modify views, and add content types to your libraries.

Understanding the Included Libraries WSS 3.0 includes the following libraries, as shown in Figure 6.14:

F I G U R E 6 .1 4

Included libraries

Document Library Use a document library for general-purpose document storage, document collaboration, and easy sharing of content. Form Library Use a form library to contain XML forms needed for line- of-business operations. The forms require a WSS - compatible XML editor such as Microsoft Office InfoPath.

282

Chapter 6



Configuring Lists and Managing Documents

Wiki Page Library Use a wiki page library to create an interconnection of wiki pages that are used in sharing information. An informal and easy-to -use interface, wiki pages include such features as links, pictures, and tables. Picture Library Use a picture library to share, manage, and reuse digital pictures. This library contains special features for managing and displaying pictures.

Creating and Customizing Libraries You can use any of the given library templates on your site to create a new library. Since a library contains an actual content item, most often you will want to select a template to serve as the default template for that library. This means that when you click the New button, the application defi ning that template automatically opens.

Implementing a Document Library Without Using a Default Template As mentioned earlier in this book, I have worked with several organizations that are using WSS 3.0 to replace their existing internal websites. Most often this also implies that they have several hundred (or more!) documents to move into their document libraries. For a library containing form and PDF file formats, it does not make sense to include a template for the library since content owners will not be creating new documents on the WSS site. All documents are created locally and uploaded into the library. To handle this situation, when we created our libraries we did not designate a template. Creating the library in this manner also provides an additional source of security since no documents can be created in the library and you can implement an approval process for accepting documents into the library.

In WSS 3.0, you can defi ne multiple types of documents in a document library. Each type of document, called a content type, can be named to the New button’s drop -down list, enabling users to create new documents of any type and associate them with the library. When a user selects a content type from the New drop -down list, the template and associated metadata and workflows designated with that content type become available. Further information on content types appear later in this chapter in the section “Introducing and Creating Content Types.”

In Exercise 6.2 you will create a library to maintain HR forms for your organization. You will use a document content type for the form.

Creating and Maintaining Libraries

283

EXERCISE 6.2

Creating the HR Library 1.

Access the Create screen from the Site Actions drop - down menu.

2.

Select Document Library.

3.

On the New page, type the name and description of the library in the appropriate text boxes. Keep the default to display the list on the Quick Launch bar.

4.

Keep the default set to not to create a version history. You can change this setting at a later time if desired.

5.

Select a document template from one of the choices. Notice that None is also a choice. For our exercise, select Microsoft Office Word Document.

6.

Click Create.

Notice that the New drop -down list contains the New Document template (which you used for the library) as well as New Folder. In Exercise 6.3 later in this chapter, you will modify the library settings.

284

Chapter 6



Configuring Lists and Managing Documents

Maintaining Libraries by Implementing Settings Libraries can be customized in the same manner as lists. On the page containing the items of the library, select Settings, and then click Library Settings. Since the fi le is a part of the metadata, libraries have a few more settings for customization. When you open the Settings page for the Shared Documents library, you see the settings displayed in Figure 6.15. F I G U R E 6 .1 5

Shared Documents Settings page for the Shared Documents library

Most of the settings are identical to those found in list settings, but we will look at all of them next.

Modifying General Settings Under General Settings you will see these options: Title, Description and Navigation

Click this link and you see these options:

Name After the list has been created, its name can be changed to provide a more descriptive name for your users. Description Type a brief description to assist users in knowing what is contained within the list or library. Navigation Specify whether or not a link to this list or library appears on the Quick Launch bar. Versioning Settings Versioning Settings allow you to manage the features of content approval, version history, and draft item security. Click this link to see these options: Content Approval This setting specifies whether new or changed items should remain in a draft or pending state until they have been approved. By default, only users with permission to approve content will be able to see the item while it has not been approved. If Require Content Approval is selected and the item is new to the list or library, it will

Creating and Maintaining Libraries

285

not be available at all to general users until approved. If Require Content Approval is selected and the item is already contained in the list or library and has been modified, general users will not see the modifications until the item is approved. Item Version History Version history specifies whether a version is created each time you edit an item in the list or library. To preserve space on your servers, you can optionally specify how many draft items to retain. If you optionally track major and minor versions, you can choose how many major versions to retain and how many major versions to keep the minor versions for. The default number of drafts a major version can have is 511. You have three versioning options in WSS 3.0: 





None: This option specifies that no previous versions of files are saved. This means that no previous versions of your files are retrievable. It also means that no historical data is kept on the file. This option is useful if you have a library that contains files that never change or that have unimportant content. Major Versions Only: This option specifies that you retain the whole number versions of your files. The whole numbers reference major versions. You use this option when you do not need to have draft or unapproved versions retained since using major versions only implies that the saved version of the file on the site is visible to all users with permissions in the library. You can control the number of versions by specifying how many previous versions to retain. Major and Minor Versions: This option specifies that you retain numbered versions of files by using a major and minor versioning scheme such as 1.0, 1.1, 1.2, until you have a major version such as 2.0. As noted, the major versions end in a zero whereas the minor or draft versions, only visible to the specified editors, are the non-zero decimal versions. When you track major and minor versions, to save storage space you can choose how many major versions to retain and how many major versions to keep the minor versions for. The default number of drafts a major version can have is 511.

Draft Item Security Drafts are minor versions of items that are awaiting approval. This setting allows you to specify who can view the drafts of an item in the list or library. By default only users who can approve items and the author of the item are permitted to see the draft. This setting enables you to change those who should see the draft items to either any user who can read items or only users who can edit items. Require Check Out This setting, found only in libraries, specifies whether users must check out documents before making changes. This setting is shown in Figure 6.16. F I G U R E 6 .1 6

Require Check Out setting

Chapter 6

286



Configuring Lists and Managing Documents

You can require that users check documents in and out of a library before editing them. We highly recommend you enable this setting. Some of the benefits of requiring this option are: 



Greater control of versioning: If an author is modifying a file while it is checked out, they are able to save it without checking it in. In so doing, other users will not be advised of the changes to the file and a new version is not created. This process gives the author more control and flexibility while modifying the file. Once the author has completed the revisions and is ready to have the file viewed by others, he can check it in and create a new version. Greater capturing of metadata: When a file is checked in, the author can add a comment to explain the changes made to the file, which promotes a historical record of the file.

Advanced Settings

Advanced Settings include the following:

Content Types A content type specifies an item by giving it unique properties, such as columns, workflow, and other custom features. When a list or library contains multiple content types, they are displayed on the drop -down menu of the New button. When a particular content type is selected, an item of that content type can be created along with its unique set of columns. Document Template In this section you type the address of a template to use as the basis for all new fi les you create in this library. When you enable multiple content types, this setting manages the template for each type. You can find out more about setting up a template for a library by clicking the link “Learn how to set up a template for a library,” in this section of the Advanced Settings page for a document library.

Browser-Enabled Documents This setting determines how your users will open the files in your library. Library fi les are enabled for opening both in a browser and in their native client application. If the client application is not available, the fi le will always be displayed as a web page. You should select the Display as a Web Page radio button if you do not want the client application to be used to open the library’s fi les. The choices are to: 

Open in the client application



Display as a web page

Creating and Maintaining Libraries

287

Figure 6.17 displays the settings we’ve just discussed: F I G U R E 6 .17

Advanced Settings page for the Shared Documents library

Custom Send to Destination This option is only available in libraries. You can create a default send-to destination for your fi les to make it easier for your users when they need to create another copy of the fi le in another location. You type a name and URL for the send-to destination choice that appears on the context menu for this list. For the destination name, select a short and meaningful name. Folders This setting specifies whether the New Folder command appears on the New drop -down menu. In WSS 3.0, using content types overrides the need for folders; therefore, most often you will select not to display folders by using this setting. Search This setting is used to specify whether you want the items in the library to be available in search. Search is security trimmed; that is, only users with permissions to view the items will have them available in the search results. Figure 6.18 displays the last three settings discussed.

288

Chapter 6

F I G U R E 6 .1 8



Configuring Lists and Managing Documents

More advanced settings for the Shared Documents library

Modifying Permissions and Management In WSS 3.0, the following options are available under Permissions and Management: Delete This Library When you select the option to delete a list or library, all the fi les are moved to the site Recycle Bin. If the user decides to restore the list or library, they select the Recycle Bin on the Quick Launch bar and select the check box of the item they want to restore. Save Library as Template Just as with a list, if you want to create a replica of a library to be used at another location, you can save it as a template. If desired, you can also save the content with the template. The process of saving the library as a template is identical to that of a list. To create the template, you need only to supply a template name, the name and description of the template, and whether you want to include content. You save columns, including custom columns, views, and workflows with the template. If you selected to save content, you should be aware the default value is set to 10MB but you can increase that value. When the template is created, it is stored in the List Templates gallery. The next time you open the Create page to create a new library, the newly created library will appear on that page.

Creating and Maintaining Libraries

289

It is just as important that you know the items that are not included in a library template: 





Security settings, including lists or users or groups with permissions to the list or library General library settings, such as whether to display the list on the Quick Launch bar Lookup field links

Permissions for This Library

This setting has two options:

Manage Permissions of Parent Allows you to inherit the permissions from the site for your list or library Edit Permissions Allows you to customize the permissions for the list or library

List and library permissions are discussed in detail in Chapter 7.

Manage Checked Out Files You use this option to take ownership of fi les that are checked out. For example, if an author is no longer with the company or is on vacation and has the fi le checked out while others need the revisions, you as the administrator can take control of the fi le and decide how to handle its future. Workflow Settings This setting allows you to add a workflow to the list or library. Workflows assist your users to complete tasks for their deliverables.

Workflows are covered in more detail later in this chapter in the section “Creating and Implementing Workflows.”

Modifying Communications As with lists, Really Simple Syndication (RSS) settings are available under Communications. RSS provides a method to make new content in a list or library readily available to users. You must fi rst enable RSS support in Central Administration and also at the site collection level before it can be implemented in a list or library. This setting allows you to enable and customize RSS settings for the list or library by selecting the channel elements for the RSS feed and the columns to display.

290

Chapter 6



Configuring Lists and Managing Documents

Enabling Information Rights Management on a Library You use Information Rights Management (IRM) to control and protect your documents. As mentioned in our high-level discussion of IRM in Chapter 4, the contents of rightsmanaged files are encrypted and supplied with an issuance license that imposes restrictions on users of the files. Some typical restrictions are keeping the file as readonly, disabling printing, and not allowing users to save a copy of the file. The purpose of IRM is to control sensitive content on your libraries. To use Information Rights Management in WSS 3.0, you must have Microsoft Windows Rights Management Services (RMS) for Windows Server 2003, Service Pack 1.0 or later, available on your network. Furthermore, you must install Microsoft Windows Rights Management Services Client, Version 1, on each front-end web server in your server farm. If you have implemented and set up IRM, you can control files through their extension type. This control is enforced through the IRM setting for the library. IRM controls the encryption and decryption of the specified file type in the library, and allows you to control user actions for the specified file type. When the file is stored in the library, it is in its decrypted format. The IRM permissions applied to a file when it is uploaded are dependent on the user’s WSS 3.0 security permissions. The following table describes how WSS 3.0 permissions are converted to IRM permissions. Those listed are the only mappings available. If the WSS Permission Is:

The Converted IRM Permission Is:

Manage Permissions; Manage Web

Full Control: This IRM permission usually enables users to read, edit, copy, save, and modify the permissions of the content that is right managed.

Edit List Items; Manage List; Add and Customize Pages

Edit, Copy, and Save: Optionally, you can add the permission to print a file.

View List Item

Read: This permission implies just what it states—read; the user is not able to copy the file or update its contents. Optionally, you can add the permission to print a file.

Exercise 6.3 modifies the library settings to require check out, to allow management of content types, and to remove the New Folder command from the New drop -down menu.

Creating and Maintaining Libraries

291

EXERCISE 6.3

Modifying Settings for the HR Library 1.

On the Sytrain HR Library page, select Document Library Settings from the Settings drop - down list.

2.

On the Customize Sytrain HR Library page, select Versioning Settings in the General Settings section.

3.

Select the Yes radio button in the Require Check Out section. Click OK.

4.

On the Customize Sytrain HR Library page, select Advanced Settings in the General Settings section.

5.

On the Document Library Advanced Settings: Sytrain HR Library page, select the Yes radio button in the Content Types section to allow management of content types.

6.

On the same page, in the Folders section select the No radio button so that the New Folder command is not displayed on the New drop - down menu.

292

Chapter 6



Configuring Lists and Managing Documents

E XE RC I SE 6.3 (continued)

7.

Click OK.

Submitting Content to Lists and Libraries You can add content to a list or library by clicking the New button, which enables you to create new items directly in WSS 3.0. Depending on the content type associated with the list or library, a template will display with content and metadata to complete. If you are not familiar with creating content, take a moment to do so. For example, click New on the Announcements list and create a new announcement using the displayed template. In libraries, you can also place content that is already created and stored elsewhere by clicking the Upload button. If you decided not to include a template (you selected None) when you created your library, the only means of placing content in the library is to upload it. When you click the Upload button, you can choose to upload one or multiple documents from a different location, as shown in Figure 6.19.

F I G U R E 6 .1 9

Uploading documents to a library

Introducing and Creating Content Types

293

If you select multiple documents, they must all be in the same directory on your computer or network. If you have a great deal of documents to upload and they are stored in various locations on your network, it pays to consolidate them into one directory for ease of uploading.

Introducing and Creating Content Types You create and use a content type with a list or library to defi ne the attributes of a list item or fi le. A content type can specify the following: 

Associated properties



Workflows



Templates and conversions for document content types



Custom features

You can also associate properties, workflows, and templates directly with a list or library. However, if you do so, you are limiting these associations and they are not reusable across your solution.

In WSS 3.0 you can contain multiple content types in your lists or libraries. Once you defi ne the content types, they appear in the New drop -down menu. The default view displays all the columns from all available content types; however, you can create views to fi lter or sort your content by content type, thus making the content more readily available for your users. You defi ne content types using the Site Content Type gallery. Once you have defi ned a content type in the gallery, it becomes available throughout the site and its subsites. Therefore, the most prudent location to create a content type is in the Site Content Type gallery of the top site of the site collection. In WSS 3.0, each default list or library item has its own content type. For example, an Announcements list has its own content type of Announcement. A document library uses a document content type for its template. A portion of the Site Content Type gallery is shown in Figure 6.20.

294

Chapter 6

FIGURE 6.20



Configuring Lists and Managing Documents

Site Content Type gallery

New content types are built on the base content types provided in WSS 3.0. You can organize content types into a hierarchical structure, allowing a child content type to inherit its characteristics from its parent content type. For example, if your organization uses a specific vacation form, you can create a content type for it in the Site Content Type gallery. The content type will defi ne the metadata for that form, defi ne the vacation form’s template, and create workflows required to review and complete the form. If you create the content type at the top -level site, it will be available throughout the site collection for all departments that use the vacation form. In Exercise 6.4, you will create the vacation form content type in the Site Content Type gallery. EXERCISE 6.4

Creating the Vacation Form Content Type 1.

From the top site in your site collection, select Site Settings from the Site Actions menu.

2.

On the Site Settings page, select Site Content Types in the Galleries column.

3.

On the Site Content Type Gallery page, click Create at the top left of the page.

Introducing and Creating Content Types

295

4.

On the New Site Content Type page, in the Name and Description section, give the content type a name, such as Vacation Form, and a meaningful description.

5.

Select Document Content Types from the Select Parent Content Type from drop - down menu and Document from the Parent Content Type drop - down menu.

6.

In the next section of the page, you specify the group you want to use for the form. A best practice is to place all your organization - specific content types in one group. Therefore, place it in a new group named Sytrain Content Types.

7.

Click OK.

296

Chapter 6



Configuring Lists and Managing Documents

The content type is created with only Name as the required field. At this point you can add metadata, a template, and required workflows to make the content type a valuable asset to your business process. The corresponding template for the Vacation Form can be uploaded by selecting Advanced Settings from the Settings section on the Site Content Type: Vacation Form page. On the Site Content Type Advanced Settings: Vacation Form page, you can upload a new or existing template. It is a good practice to specify the content type as read only once you have set it up completely so other administrators cannot override your changes. You should also select the Yes radio button under the Update All Content Types Inheriting from This Type? option. These configurations are shown in Figure 6.21.

F I G U R E 6 . 21

Advanced settings for Content Type Vacation form

Modifying the Content Type You may want to add optional or required columns, views, or workflows to the content type. In Exercise 6.5, you will modify the content type by adding a status column. In most cases you would want to create your own status column for the content so that you could select the options that fit the purpose of the column; however, in this exercise you will use the status column created with the site defi nition.

Introducing and Creating Content Types

297

EXERCISE 6.5

Modifying the Vacation Form Content Type by Adding a Status Column 1.

From the Site Content Type gallery, select the Vacation Form content type if it is not already selected.

2.

In the Columns section of the Site Content Type: Vacation Form page, add a new column by clicking the Add from Existing Columns link. If no columns fit your needs, you can create one here or, more appropriately, in the Site Columns gallery.

3.

On the Add Columns to Site Content Type: Vacation Form page, select Status in Available Columns list and click the Add button. Under Update All Content Types Inheriting from This Type?, make sure the Yes radio button is selected.

4.

Click OK.

C

Another setting that you may want to implement with the content type is the workflow for the submission and approval of the Vacation Form.

Adding the Content Type to the Library Finally, the content type can be added to the Sytrain HR Library on the Customize Sytrain HR Library page. On the Add Content Types page, select the Vacation Form content type from the Available Site Content Types. Click Add. The Vacation Form appears in the Content Types to Add textbox. Click OK. The completion of these steps is shown in Figure 6.22.

298

Chapter 6

FIGURE 6.22



Configuring Lists and Managing Documents

Adding the Vacation Form content type to the Sytrain HR Library

The library with the Vacation Form content type added is shown in Figure 6.23. FIGURE 6.23

Sytrain HR Library content types

Once added, this content type will appear in the New button’s drop -down list, as shown in Figure 6.24. When selected, the template that was associated with the content type opens and the user can complete it. FIGURE 6.24

Sytrain HR Library’s New drop-down list

Creating and Implementing Workflows

299

Creating and Implementing Workflows Much of the work that your organization accomplishes is dependent on a workflow. The workflow may consist of a signature approval process for the Vacation Form we just created or an administrative task that you want to be reminded of. In any case, a workflow process aids business personnel in completing their tasks.

What Are Workflows? Here are some examples of how workflows can assist your business processes by interacting with your users: Contract Approval Expense Report expenses.

You can use a workflow to guide the approval process for a contract.

You can use a workflow to automate the routing process for approving

Help Desk You can use a workflow to guide the process of help desk questions and responses. Onboarding Processes You can use a workflow to manage the completion of documents and computer services for a new employee. Content Publishing You can use a workflow to manage the approval process for published content. One of the benefits of using workflows in WSS 3.0 is that they integrate with the tools your users are using to do their work. You can associate workflows with lists libraries or content types. A historical record of each workflow is kept for auditing purposes in the workflow history list. Workflows in WSS 3.0 are built on the Windows Workflow Foundation (WF) component of Microsoft Windows. You can build and customize workflows using three venues: 

The browser interface



Microsoft Office SharePoint Designer 2007



Visual Studio

The browser interface in WSS 3.0 provides you only with one workflow type: the ThreeState workflow. This workflow is built on a choice column or field. As the workflow item moves through the workflow process, that Status field updates and implements those events that have been defi ned for that state. The Three-State workflow can be associated with lists, libraries, and content types. Microsoft Office SharePoint Designer 2007 is able to build workflows using conditional statements without code; however, these workflows are restricted in use because they are associated with only one list or library. All other workflows can be associated with multiple lists or libraries as well as content types.

300

Chapter 6



Configuring Lists and Managing Documents

The most versatile workflows are created using Visual Studio. These workflows can have many steps and conditions. They can also be deployed at the site collection level so they are available to other sites. Although the Visual Studio implementation of workflow uses a design interface, you must provide code-behind to control the processes defi ned for each step of the workflow; therefore, this type of workflow requires a developer to create and maintain.

Combining Workflow and WSS 3.0 Both Workflow (WF) and WSS 3.0 work together to accomplish the workflow process. WF provides the runtime engine, and WSS 3.0 provides the host for this engine. You can install one or more workflow templates on a server. Then you associate the workflow with the appropriate SharePoint object, depending on the process used to create the workflow. When the workflow is activated, an instance of the workflow is running. Several instances of the same workflow may be running simultaneously. The best way to understand what’s really going on, however, is to look at a typical scenario using this technology. In Exercise 6.6 you will create a workflow for approving the Vacation Form we just created. EXERCISE 6.6

Creating a Workflow for Vacation Form Approval 1.

Open the Site Content Type gallery.

2.

Select the Vacation Form content type that is listed under the Sytrain Content Type group.

3.

Click the Workflow Settings link on the Site Content Type: Vacation Form page.

4.

No workflows are currently associated with the form content type. Select Add a Workflow. Notice that the only workflow available to use in WSS 3.0 is the Three -State workflow. This workflow uses a column with three “states” to move through the workflow. As the workflow progresses, each state is automatically updated.

5.

In the Name text box, type a name for the workflow, such as Vacation Form Approval.

6.

Keep the defaults for Task List and History List.

7.

Decide if you want to start the workflow automatically when a new item is created or allow the user to start it manually.

Summary

301

8. If you want existing content types derived from this content type to also be updated with the workflow, keep the default of Yes.

9. Click Next. 10. To select a workflow state field, such as Started, In Progress, or Completed, you need to have a choice column in your content type. For the Vacation Form content type, you can use the Status column added in Exercise 6.5.

11. Next you need to specify what you want the workflow to do when it is initiated. For example, you could send an email to the person responsible for completing the vacation form. You can advise them that the form is ready for their approval either by putting it on a task list or by sending the approver an email. You can also assign a due date so the user does not have to wait a long time to learn the results of the vacation request.

12. Once this page is completed, click OK.

The workflow is now attached to the content type. No matter where you use that content type in your organization, you can also use the workflow that accompanies it.

Summary In this chapter, you learned how to manage content on your WSS 3.0 sites. We discussed document management and governance. You learned how to defi ne metadata, and how to create and maintain lists and libraries. We also showed you how to submit content to lists and libraries. Finally, you learned how to create content types as well as create and implement workflows.

302

Chapter 6



Configuring Lists and Managing Documents

Exam Essentials Know how to create and use content types in a list or library. You should know how to add an existing content type to a list or library, the steps to add multiple content types to a list or library, and how to create a site content type. Know how to use metadata effectively. Understand how to create and maintain metadata in both lists and libraries. Know how to use metadata effectively. Understand Information Rights Management. You should understand how to implement IRM on the server and client. Be able to identify what IRM does for your sensitive documents.

Review Questions

303

Review Questions 1.

You are the WSS 3.0 administrator at cityu.edu. You have created a custom Assignments list for the History department. Five other departments want to use this same list on their own sites in the site collection. You want to make the list available using the least amount of effort. What should you do? A. Create and customize the list on each of the department sites.

2.

B.

Create a template from the customized Assignments list and use this to create the list on each of the other sites.

C.

Have all the users in the other departments use the History department’s Assignments list.

D.

Export the History department’s Assignments list using Microsoft Office SharePoint Designer 2007 and import it into each of the other department sites.

You are the WSS 3.0 administrator for your organization. You want to use the browser to create a workflow to delete expired announcements on your department Announcements list. What should you do? A. Open the settings for the list and create a Three- State workflow using the Workflow Settings link.

3.

B.

Open the settings for the list and create a Microsoft Office SharePoint Designer 2007 workflow using the Workflow Settings link.

C.

Open the settings for the list and create a Visual Studio workflow using the Workflow Settings link.

D.

Open the settings for the list and create a Three- State workflow using the Advanced Settings link.

You are the WSS 3.0 administrator for your organization. You have created an issuetracking workflow in the browser interface using the Three - State workflow. How should you implement the workflow? (Select all that apply.) A. Attach the workflow to a site. B.

4.

Attach the workflow to a list.

C.

Attach the workflow to a content type.

D.

Attach the workflow to a library.

You are the WSS 3.0 administrator for your organization. You want to secure a document library so that users who have permissions to only view the documents cannot download them or print them. What should you do? A. Modify the security settings for the users to use restricted read. B.

Edit the permissions of the library to allow no users to print documents.

C.

Implement Information Rights Management on the library.

D.

Implement an Information Management policy on the library.

Chapter 6

304

5.



Configuring Lists and Managing Documents

You are the WSS 3.0 administrator for your organization. You are planning to implement WSS 3.0 for your organization. Your organization has several divisions, which you have decided to implement as sites. Quite often users will be using multiple sites for their business processes. What should you do to ensure the users are able to easily find their work no matter which site they are on? A. Create a governance plan to address the naming and navigation requirements of the sites.

6.

B.

Create a workflow to address the naming and navigation requirements of the sites.

C.

Create a maintenance plan to address the naming and navigation requirements of the sites.

D.

Create an audit plan to address the naming and navigation requirements of the sites.

You are the WSS 3.0 administrator for your organization. You are creating a governance plan. Which areas should you consider addressing with the plan? (Select all that apply.) A. List management

7.

B.

Libraries management

C.

Navigation management

D.

Content management

You are the WSS 3.0 administrator for your organization. You want to provide descriptive information about the items in a document library you have just created. What should you do? A. Create a quota for the library.

8.

B.

Create metadata for the items in the library.

C.

Create a new view for the library.

D.

Create content types for the library.

E.

Create folders for the library.

You are the WSS 3.0 administrator for your organization. You have created a library to contain content regarding new products for your organization. You decide that none of the default columns can be used to describe the metadata you want to retain for each item. Much of the metadata you want to create will be useful for other libraries in other sites in the site collection. You need to create the metadata so that it can be used elsewhere with the least amount of effort. What should you do? A. Nothing. You must use the columns WSS 3.0 provides. B.

Create new metadata columns for this library on the Customize page of the library. When you are ready to use the columns in another library on another site, create them again.

C.

On the Customize page of the library, add the columns from the existing default columns on the site. You can then edit the columns to make them appropriate for your library.

D.

Create new metadata columns for this library in the Site Columns gallery at the top site of the site collection.

Review Questions

305

9. You are the WSS 3.0 administrator for your organization. You have decided you need a help desk issues list to log, track, and retain resolutions to bug reports. You want to create this list using the minimum of effort. What should you do? A. Create a contacts list and change the metadata. B.

Create a calendar list and change the metadata.

C.

Create a custom list and change the metadata.

D.

Modify the existing task list by changing the name and metadata.

10. You are the WSS 3.0 administrator for City University. You need to create a document library to hold course content for the university. What should you do? (Select all that apply.) A. Click the Site Actions button and select Create. B.

Click the Site Actions button and select Site Settings.

C.

Click the View All Site Content link on the Quick Launch menu and select Create.

D.

Click the Documents link on the Quick Launch menu and select Create.

11. You are the WSS 3.0 administrator for City University. You have created a document library for course content. You have over 200 courses and want to organize them by department to make it easier for the users to see the offerings. You need to do so with the minimum amount of effort and administrative overhead. What should you do? A. Create separate libraries for each department ’s courses. B.

Create a view that sorts and groups the courses by department.

C.

Create a view that alphabetizes the courses.

D.

Create a folder for each department and place the courses in the appropriate folder.

12. You are the WSS 3.0 administrator for your organization. You have created a document library to contain contracts. You want to ensure a contract is checked out while it is being edited. What should you do? A. On the Customize page under General Settings, select Advanced Settings. B.

On the Customize page under Permissions and Management, select Manage Checked Out Files.

C.

On the Customize page under General Settings, select Versioning Settings.

D.

On the Customize page under Permissions and Management, select Advanced Settings.

13. You are the WSS 3.0 administrator for your organization. You have created a new list from a template you created from your customized list. Which items are not included in the list template? (Select all that apply.) A. Metadata B.

Security settings

C.

Views

D.

Ability to display the list on the Quick Launch bar

Chapter 6

306



Configuring Lists and Managing Documents

14. You are the WSS 3.0 administrator for your organization. You want to make the new content of your library available to users. You want to do this with the least amount of administration. What should you do? A. Enable RSS on the library. B.

Enable versioning on the library.

C.

Create a workflow to send new content to the users.

D.

Enable an Information Management Policy.

15. You are the WSS 3.0 administrator for your organization. You must create a library that will contain only uploaded PDF documents that users will view. What should you do? A. Create the library using a Microsoft Office Word 97–2003 document template. B.

Create the library using a Basic page document template.

C.

Create the library using a Microsoft Office PowerPoint presentation document template.

D.

Create the library using no document template.

16. You are the WSS 3.0 administrator for your organization. You have created a library for new product specifications that uses a Microsoft Office Word template. You must also store diagrams for the specifications in the same library. The diagrams use a form template. What should you do? A. Enable versioning for the library. B.

Enable content types for the library.

C.

Enable content approval for the library.

D.

Enable an Information Management Policy for the library.

17. You are the WSS 3.0 administrator for your organization. You are required to enable major and draft versions on the Courses document library. What should you do? A. On the Customize page for the library, enable versioning by selecting the Advanced Settings link. B.

On the Customize page for the library, enable versioning by selecting the Workflow Settings link.

C.

On the Customize page for the library, enable versioning by selecting the Versioning Settings link.

D.

On the Customize page for the library, enable versioning by selecting the Content Types Settings link.

18. You are the WSS 3.0 administrator for your organization. You have enabled content approval on the Courses document library. You upload the new courses for SharePoint certification. Users complain that they do not see the new courses. What should you do? A. Check in the uploaded documents. B.

Approve the uploaded documents.

C.

Create a new version for each of the uploaded documents.

D.

Disable content approval.

Review Questions

307

19. You are the WSS 3.0 administrator for your organization. You have created a document library that is used extensively for editing documents. You must ensure that only one author is modifying a document at a time. What should you do? A. Require check- out. B.

Require draft item security.

C.

Require major and minor versions of the documents.

D.

Implement Information Rights Management (IRM).

20. You are the WSS 3.0 administrator for your organization. Your Research library contains many files for which your organization no longer has the application available. Users need to open these files. What should you do? A. Create a content type for these files. B.

Create a folder to contain these files.

C.

Nothing.

D.

Create a workflow to handle these files.

308

Chapter 6



Configuring Lists and Managing Documents

Answers to Review Questions 1. B. You should create a template from the customized Assignments list and use it to create the list on each of the other sites. This answer is the most efficient and the least amount of work to make the customized list available to other sites. 2. A. You should open the settings for the list and create a Three-State workflow using the Workflow Settings link. Microsoft Office SharePoint Designer 2007 and Visual Studio workflows must be created by opening their respective applications to be available for the list. 3. B, C, D. You can attach browser-based workflows to lists, libraries, and content types. 4. C. You should implement Information Rights Management on the library. IRM allows you to create a more secure environment for your library. With IRM, users with the View permission in WSS 3.0 can be restricted from copying or printing documents in the library. 5. A. You should create a governance plan to address the naming and navigation requirements of the sites. A governance plan enables you to support the use and the maintenance of your content. 6. A, B, C, D. Managing lists, libraries, navigation, and content should all be considerations in your governance plan. 7. B. You should create metadata for the items in the library. You use metadata to provide descriptive information that accompanies each item in your library. 8. D. You should create new metadata columns for this library in the Site Columns gallery at the top site of the site collection. This process makes the columns available anywhere in the site collection. 9. C. To create the list using the minimum of effort, you should create a custom list and add the necessary metadata columns to accommodate your business process. 10. A, C, D. You can access the Create page in WSS 3.0 by clicking the Site Actions button or clicking the View All Site Content or Documents link on the Quick Launch menu and selecting Create. 11. B. You should create a view that sorts and groups the courses by department. You need to require a department metadata column for each course. You then create the view using this column to group the courses. 12. C. You should select Versioning Settings on the Customize page in the General Settings heading to select Require Check Out setting. 13. B, D. The list template does not include security settings for the list nor does it provide the general list settings, such as displaying the list on the Quick Launch bar. 14. A. You should enable Really Simple Syndication (RSS) on the library.

Answers to Review Questions

309

15. D. Since you are creating no fi les in the document library and are only uploading PDF fi les, you should select no template. 16. B. You should enable content types for the library. When you use multiple templates in a library, you should enable content types to handle the properties associated with each of the templates. 17. C. To enable major and draft versions you should select the Versioning Settings link on the Customize page of the library. 18. B. You should approve the uploaded documents. When you enable content approval on a library, new documents are not visible to users until they are approved. 19. A. You should require check-out. This setting allows only one author to modify a document at a time. Also, the document can be saved by the author and not checked in if changes to the document have not been completed. 20. C. You need do nothing. If the library setting to open fi les in the client application is enabled and the application is not available, the fi le will always be displayed as a web page in the browser.

Chapter

7

Configuring Authentication and Security MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:  Configure Security for Windows SharePoint Services 

Configure roles and site permissions



Implement access policies

 Administer Windows SharePoint Services 

Configure site settings

In previous chapters you’ve learned how to install Windows SharePoint Services (WSS) 3.0, and how to build a basic structure of web applications, site collections, sites, and even lists and libraries. You know how to create all the basic building blocks in a WSS infrastructure — but you haven’t learned how to restrict or grant access to that infrastructure. It’s time to turn our attention to the issue of security. In this chapter, you will learn how to implement a comprehensive security environment to control access to your WSS infrastructure. Most SharePoint security is managed at the site collection level or below by the site collection administrators. But there are also a few spots where farm administrators can override site collection security in the Central Administration website. Within the site collection you will learn how to create custom permission sets called permission levels and how to assign them to users or groups. You’ll also learn about how SharePoint interacts with Active Directory and how users and groups are added to SharePoint. Most importantly, you’ll learn what kinds of things in SharePoint can be secured at the web application level. You’ll see how farm administrators can override site collection security by implementing web application policies or masking user permissions. Along the way you’ll also learn how to grant anonymous access to a whole WSS site or just to an individual list or library.

SharePoint Security Overview Security in SharePoint is implemented through two processes that work together, authentication and authorization. To gain access to a WSS site a user must fi rst be authenticated to Active Directory (AD) or some other authentication provider that SharePoint has been configured to use. This authentication process establishes the identity of the user and the groups to which the user belongs. Once authenticated the user is authorized, based on their identity or group membership, to access specific resources in SharePoint.

SharePoint Security Overview

313

Authentication WSS does not have its own authentication system. Instead it relies on authentication mechanisms provided by Internet Information Services (IIS) or ASP.NET. The default authentication mechanism in SharePoint is Windows Integrated authentication in IIS. This establishes a user’s identity using AD. WSS can also extend its authentication to support identity management systems that are not based on the Microsoft Windows operating system. By using ASP.NET’s pluggable authentication or web single sign- on, WSS can support authentication based on cookies.

Authorization Authorization in WSS is accomplished through the intersection of three things: a permission level, a SharePoint user or group, and a securable object. Permission levels in turn are a collection of individual SharePoint permissions. In the next several sections we will examine each of these pieces, which when combined are used to define security in SharePoint. We’ll start with the individual permissions available for controlling security in SharePoint.

Permissions SharePoint makes use of 33 unique permissions to control security. But these individual permissions can’t be assigned to a SharePoint user or group directly. Instead they are collected together into named groups called a permission level. Permission levels will be discussed in the next section of this chapter. Individual permissions are the lowest-level building blocks available and control your ability to do something in SharePoint. For example, if you have the Edit Items permission you can make changes to a list item. Many individual permissions also require that you have other permissions to be effective. For example, you can’t have Edit Items permission without also having the View Items permission. After all, you must be able to see an item in order to edit it. When individual permissions are added to a permission level in the user interface, any required dependent permissions are also automatically added. For the sake of manageability, the permissions are organized into three separate groups: List, Site, and Personal. These groupings provide a logical grouping for permissions, but any permission can be assigned to any permission level. Figure 7.1 shows the List Permissions section of the Add a Permission Level page. Site Permissions and Personal Permissions are grouped into similar panels on the Add a Permission Level page.

314

Chapter 7

F I G U R E 7.1



Configuring Authentication and Security

The List Permissions section

You won’t need to know the specific permissions and their prerequisites for the 70 – 631 exam. But you should be familiar with the extent of the permissions available.

List Permissions There are 12 list permissions. These permissions focus on management of lists, libraries, and the items they contain. Table 7.1 provides a description of each list permission, which default permission levels contain it, and any permissions that it is dependent on.

SharePoint Security Overview

TA B L E 7.1

List Permissions

Permission Levels

Required List Permissions

Required Site Permissions

Required Personal Permissions

View Items

View Pages

Manage Personal Views

Name

Description

Manage Lists

Create and delete lists, add or remove columns in a list, and add or remove public views of a list.

Full Control

Override Check Out

Discard or check in a document that is checked out to another user.

Full Control

Add Items

Add items to lists, add documents to document libraries, and add web discussion comments.

Full Control

Edit items in lists, edit documents in document libraries, edit web discussion comments in documents, and customize web part pages in document libraries.

Full Control

Delete items from a list, documents from a document library, and web discussion comments in documents.

Full Control

Edit Items

Delete Items

315

Design

Open

View Items

Design

View Pages Open

View Items

View Pages Open

Design Contribute

View Items

View Pages Open

Design Contribute

Design Contribute

View Items

View Pages Open

TA B L E 7.1

List Permissions (continued)

Permission Levels

Required List Permissions

Required Site Permissions

Name

Description

View Items

View items in lists, documents in document libraries, and view web discussion comments.

Full Control

View Pages

Design

Open

Approve Items

Approve a minor version of a list item or document.

Full Control

Edit Item

View Pages

Design

View Items

Open

Open Items

View the source of documents with server-side file handlers.

Full Control

View Items

View Pages

Required Personal Permissions

Contribute Read

Open

Design Contribute Read

View Versions

View past versions of a list item or document.

Full Control

Open Items

View Pages

Design

View Items

Open

Contribute Read

Delete Versions

Create Alerts

Delete past versions of a list item or document.

Full Control

Open Items

View Pages

Design

View Items

Open

Create email alerts.

Full Control

View Items

View Pages

Contribute

Design

Open

Contribute Read View Application Pages

View forms, views, and application pages. Enumerate lists.

All

Open

Site Permissions There are 18 site permissions. These permissions focus on management of sites, site collections, and the items they contain that are not stored in lists or libraries. Table 7.2 provides a description of each site permission, which default permission levels contain it, and any permissions that it is dependent on.

TA B L E 7. 2

Site Permissions

Name

Description

Manage Permissions

Create and change permission levels on the website and assign permissions to users and groups.

Permission Levels Full Control

Required List Permissions View Items Open Items View Versions

Required Site Permissions Browse Directories View Pages Enumerate Permissions Browse User Information Open

View Usage Data

View reports on website usage.

Full Control

View Pages

Create Subsites

Create subsites such as team sites, meeting workspace sites, and document workspace sites.

Full Control

View Pages

Grants the ability to perform all administration tasks for the website as well as manage content.

Full Control

Manage Website

Open

Browse User Information Open

View Items

Add and Customize Pages Browse Directories View Pages Enumerate Permissions Browse User Information Open

Add and Customize Pages

Apply Themes and Borders

Add, change, or delete HTML pages or web part pages, and edit the website using a WSScompatible editor.

Design

Apply a theme or borders to the entire website.

Design

View Pages

Full Control

Open

Full Control

View Items

Browse Directories View Pages Open

Required Personal Permissions

318

Chapter 7

TA B L E 7. 2



Configuring Authentication and Security

Site Permissions (continued)

Permission Levels

Required List Permissions

Required Site Permissions

Name

Description

Apply Style Sheets

Apply a style sheet (CSS file) to the website.

Design

View Pages

Full Control

Open

Create Groups

Create a group of users who can be used anywhere within the site collection.

Full Control

View Pages

Enumerate files and folders in a website using SharePoint Designer and Web DAV interfaces.

Contribute

View Pages

Design

Open

Create a website using SelfService Site Creation.

Read

View Pages

Contribute Design

Browse User Information

Full Control

Open

Read

Open

Browse Directories

Use SelfService Site Creation

View Pages

View pages in a website.

Browse User Information Open

Full Control

Contribute Design Full Control

Enumerate Permissions

Enumerate permissions on the website, list, folder, document, or list item.

Full Control

View Items Open Items View Versions

Browse Directories ViewPages Enumerate Permissions Browse User Information Open

Required Personal Permissions

SharePoint Security Overview

Permission Levels

Required List Permissions

Required Site Permissions

Name

Description

Browse user Information

View information about users of the website.

All

Manage Alerts

Manage alerts for all users of the website.

Full Control

User Remote Interfaces

Use SOAP, Web DAV, or SharePoint Designer interfaces to access the website.

All

Open

Use Client Integration Features

Use features that launch client applications. Without this permission, users will have to work on documents locally and upload their changes.

All

Use Remote Interfaces

Open

Allows users to open a website, list, or folder in order to access items inside that container.

All

Edit Personal User Information

Allows a user to change his or her own user information, such as adding a picture.

Contribute

Open

View Items

View Pages

Create Alerts

Open

Open

Design

Browse User Information

Full Control

Open

319

Required Personal Permissions

320

Chapter 7



Configuring Authentication and Security

Personal Permissions There are three personal permissions. These permissions deal with a user’s ability to personalize list views, library views, and web parts. Table 7.3 provides a description of each personal permission, which default permission levels contain it, and any permissions that it is dependent on.

TA B L E 7. 3

Personal Permissions

Permission Levels

Required List Permissions

Required Site Permissions

View Items

View Pages

Name

Description

Manage Personal Views

Create, change, and delete personal views of lists.

Contribute

Add or remove personal web parts on a web part page.

Contribute

Add/Remove Personal Web Parts

Update PerUpdate sonal Web Parts web parts to display personalized information.

Required Personal Permissions

Open

Design Full Control

View Items

View Pages Open

Design Full Control

Contribute Design

View Items

Update Personal Web Parts

View Pages Open

Full Control

Permission Levels Now that you’ve reviewed the individual permissions available in SharePoint, it’s time to consider the fi rst of the three things used to control authorization in SharePoint. Since individual permissions can’t be assigned to users and groups, they are grouped together into permission levels. These permission levels are then assigned to a specific SharePoint user or group for a site, list, library, folder, document, or list item.

You’ll learn how to assign permission levels to users or groups later in this chapter. For now, concentrate on knowing the general capabilities of the five default permission levels. This is critical for the exam.

In WSS there are five default permission levels (see Figure 7.2); for many SharePoint environments, these default permission levels will be all that you will need. (However, you can also create additional custom permission levels. To do so, start with a blank permission

SharePoint Security Overview

321

level or copy an existing permission level and make changes to it.) The five default permission levels are: F I G U R E 7. 2

The Defaults Permission Levels

Full Control This permission level contains all 33 individual permissions available in SharePoint and cannot be changed or deleted. It is automatically assigned to the default site owner’s SharePoint group.

Site collection administrators are given a specific set of rights outside of the normal permissioning process. They are not the same as the default site owners group, which has the Full Control permission level of the top -level site of a site collection. Site collection administrators and other default SharePoint access groups are discussed later in this chapter.

Chapter 7

322



Configuring Authentication and Security

Design This permission level provides a user or group with the ability to create lists or libraries, edit pages, apply themes or borders, and load custom Cascading Style Sheets. This permission level is not assigned to a group by default in WSS. Contribute This permission level allows users or groups to add, edit, or delete items or documents in existing lists or libraries, but cannot be used to create new lists or libraries. It is assigned to the site members SharePoint group by default. Read Users or groups with this permission level can view items or documents and their properties. This permission level is assigned to the site visitors SharePoint group by default. Limited Access This permission level provides no real access unless used in combination with another permission level below it. It is assigned by the system when a user or group is given permission to a subsite, list/library, folder, or item/document somewhere lower in the hierarchy. This allows the user or group to open the parent website and read shared data like navigation bars. This permission level cannot be changed or deleted. It is also the basis for anonymous access. As we mentioned earlier, when the five default permission levels aren’t sufficient you can create your own permission levels. Permission levels in SharePoint can only be used to grant permissions. Unlike fi le security on a workstation or server, there is no Deny check box when creating permission levels. Whatever permission levels are given to a user are always added together to determine what permissions that user has to a specific site, list, library, folder, item, or document. One of the ways to create a permission level is to start with a new blank permission level and add the permissions that you want to it. Exercise 7.1 starts with a blank permission level. E X E R C I S E 7.1

Creating a New Permission Level 1.

On the top -level site in your site collection, click Site Actions in the top -left corner of the page, and select Site Settings from the menu.

2.

On the Site Settings page in the Users and Permissions column, click the Advanced Permissions link.

3.

On the Permissions: Site Name page, click the Settings menu drop - down and select Permission Levels.

4.

On the Permission Levels page, click Add a Permission Level in the toolbar.

5.

On the Add a Permission Level page, fill in the following information: 

In the Name text field, enter Approve for the name of the new group.

SharePoint Security Overview





6.

323

In the Description text field, enter a longer description for the permission level. A list of the permissions granted is a good idea. In the Permissions section, select the Approve Items from the List Permissions group of permissions. You will see that it also selects the View and Edit Items permissions since these are required in order to approve an item.

Click the Create button at the bottom of the page and wait for the Permission Levels page to reappear.

Your Permission Levels page should now look something like the following graphic. Notice the addition of the Approve permission level below Limited Access.

Chapter 7

324



Configuring Authentication and Security

Sometimes the permission level that you need is similar to an existing permission level, with either additional or fewer permissions. It is normally not a good idea to change one of the existing permission levels, but you can make a copy and change the copy. In Exercise 7.2 you will start with the Contribute permission level, copy it, and then make changes to the copy. E X E R C I S E 7. 2

Copying an Existing Permission Level 1.

On the top -level site in your site collection, click Site Actions in the top -left corner of the page, and then click Site Settings.

2.

On the Site Settings page in the Users and Permissions column, click the Advanced permissions link.

3.

On the Permissions: Site Name page, click the Settings menu drop - down and select Permission Levels

4.

On the Permission Levels page, in the Permission Level column click the Contribute permission level.

5.

Scroll to the bottom of the Edit Permission Level page, and then click the Copy button to copy the permission level.

6.

On the Copy Permission Level “Contribute” page, fill in the following information: 





7.

In the Name text field, enter Contribute and Create for the name of the new group. In the Description text field, enter a longer description for the permission level. A list of the permissions granted is a good idea. In the Permissions section, select the Manage Lists check box in the List Permissions group of permissions.

Click the Create button at the bottom of the page and wait for the Permission Levels page to reappear.

Your Permission Levels page should now look something like the following graphic. Notice the addition of the Contribute and Create permission level at the bottom of the list.

SharePoint Security Overview

325

Site Access Groups and Users The second component used for SharePoint authorization is site access groups. Although permission levels can be assigned to individual users, it is usually better for management and scalability to manage security by assigning permission levels to a group.

You cannot assign permission levels directly to AD groups in SharePoint. AD groups must be added to SharePoint as either a SharePoint user or a member of a site access group. Later in this chapter we’ll discuss the role that AD groups can play in your SharePoint security policy.

When a site collection is created, a set of three default groups are also created. These groups are assigned permission levels for the top -level site that represent the three most common access levels needed in most environments. The names of the groups also incorporate the name of the top-level site where they are created. For example, if the top -level site were named Corporate Portal, then the three groups would be called

326

Chapter 7



Configuring Authentication and Security

the Corporate Portal Owners, Corporate Portal Members, and Corporate Portal Visitors. Figure 7.3 shows the three default groups created with a site collection. Here’s an explanation of each of these groups: F I G U R E 7. 3

The Default Sitename Groups

Sitename Owners Site Owners is a group assigned the Full Control permission level to the top-level site. Unless inheritance is broken on a subsite, list/library, folder, or document/list item, they will have Full Control of every site in the site collection. As was noted previously, this is not the same as the Site Collection Administrators group. Sitename Members The Site Members group receives the Contribute permission by default. In a collaborative SharePoint site, most users will be a member of this group. Sitename Visitors The Site Visitors group receives the Read Only permission level by default. This group is appropriate for users who need access to information stored on the site, but who won’t be contributing information themselves. In addition to the three default groups, custom SharePoint groups can be created either in the top -level site or on any site where the inheritance of security settings has

SharePoint Security Overview

327

been broken. You can only create groups in websites that establish their own security; you cannot create new groups at the level of a list, library, folder, item, or document. In Exercise 7.3 you will create a new group in the top -level site of a site collection. You will learn how to break inheritance on a subsite later in this chapter. Once inheritance is broken, the process for creating a new group is the same as it is on the top -level site.

E X E R C I S E 7. 3

Creating a SharePoint Group 1.

On the top -level site in your site collection, click Site Actions in the top -left corner of the page, and then click Site Settings.

2.

On the Site Settings page in the Users and Permissions column, click the People and Groups link.

3.

On the People and Groups page, select New Group from the New drop - down list.

4.

On the New Group page, fill in the following information: 

In the Name text field, enter Web Designers for the name of the new group.



In the About Me text field, enter a longer description for your group.









5.

In the Group owner text field, enter the user who will be the owner of the new group. In the Group Settings section, specify who can view or edit the membership of this group. In the Membership Requests section, specify whether users can request to join or leave the group and whether such changes occur automatically or need approval. In the Give Group Permission to This Site section, select the check box for the Design permission level.

Click Create and wait for the People and Groups: Web Designers page to reappear.

You will notice that as the creator of the group you have been automatically added to the group, but the owner of the group is not automatically added to the group.

Securable Objects The fi nal part of SharePoint authorization is a securable object. SharePoint websites, lists, libraries, folders in a list or library, list items, and documents are all securable objects. By default, security is set in the top-level site of the site collection and inherits to every securable object in the site collection. At lower levels, inheritance of security can be disabled and specific security established for that object and other securable objects below

328

Chapter 7



Configuring Authentication and Security

it. Any user with the Manage Permissions permission can change the security assigned to a specific securable object. By default, both the site owners and site collection administrators groups have this permission. Figure 7.4 shows the relationship of sites, lists, libraries, documents, and items. The different types of securable objects are:

F I G U R E 7. 4

SharePoint securable objects

Top Level Site

Library

Document List List Item

Sub Site

Sites A SharePoint website consists of a set of web pages that display information and the lists and libraries used to store the information. Websites that are arranged together into a navigation hierarchy are called a site collection. Each site collection has its own unique set of permission levels, users, and groups. The security settings you have in one site collection have no effect on any other site collection. Lists and Libraries Lists and libraries in WSS are used to store content for a website. The content stored may be in the form of list items, which are like database records or fi les. List item content can be viewed directly in SharePoint using a web part. Information (metadata) about fi les stored in libraries can also be viewed using web parts, but viewing the contents of the fi le itself requires an external application such as InfoPath or Word. Security settings at the list or library level apply to all fi les or items in the list or library. Folders, List Items, and Documents The contents of a list or library consist of either items or fi les, which can be organized into folders. Individual security settings can be applied down to the level of an individual item or fi le within a list or library. Security can also

Planning Security

329

be applied at the folder level. Although folders only organize (rather than contain) list or library items and fi les, folder security will normally be applied to all the items or files in them.

Field -level security is not available in WSS by default, but some attempts have been made to provide field - or column -level security through the use of custom field controls. An explanation containing one example of this type of field control can be found at http://www.infoq.com/articles/ Dressel-Gogolowicz-wss-security. Since field -level security is a custom solution, you won’t need to know this for the 70 – 631 exam.

Planning Security Now that you know the basic components used in WSS to support authentication and authorization, we can consider how to plan an overall security policy for a WSS installation. First you will need to decide what form of authentication your website will use. Once you’ve decided on one or more authentication methods, you’ll decide where to break inheritance of security and establish specific security settings for a website, list, library, item, or document.

Authentication Providers Choosing an authentication provider is an important part of planning any WSS security policy. Each authentication provider has specific characteristics that will affect the capabilities available to users once they are authenticated. For example, by default websites using ASP.NET pluggable authentication don’t support WSS’s client integration features. This means that you won’t be able to do things such as create a new document using the New button of a document library in a library based on this authentication method. Table 7.4 summarizes the three types of authentication methods available in WSS.

You learned about configuring authentication providers in Chapter 4, “Configuring the Windows SharePoint Services 3.0 Environment,” so we won’t cover the details again here. Be sure to review this topic since it is an important concept for the 70 - 631 exam.

330

Chapter 7

TA B L E 7. 4



Configuring Authentication and Security

Authentication Methods Supported by WSS

Authentication Method Windows

Description

Specific Types

Built-in IIS Windows Authentication mechanisms

Integrated Windows (Kerberos or NTLM) Basic Digest Certificate

Forms

Web Single Sign-On (SSO)

ASP.NET pluggable authentication is based on a system of cookies. The cookies are provided by a MembershipProvider for authenticating users or an optional RoleProvider for group membership.

SQL or other database

Web SSO enables the use of federated authentication available from a variety of web SSO vendors. AD forests can also be federated using Active Directory Federation Services (ADFS).

Active Directory Federation Services (ADFS)

Lightweight Directory Access Protocol (LDAP) Custom Code MembershipProvider

Third-party identity management systems

You can learn more about Active Directory Federation Services by downloading and reading the whitepaper found at http://www

.microsoft.com/WindowsServer2003/R2/Identity_Management/ ADFSwhitepaper.mspx.

Active Directory Groups When planning a security policy for a WSS site, you’ll usually fi nd it best to use AD groups if scalability is one of your goals. The discretionary access control list (DACL) for a SharePoint web can hold only about 2,000 entries. Each SharePoint user or member of a SharePoint group will count as one entry. You can overcome this limit by adding users to AD groups and then adding those groups to WSS. Each AD group would only count as one entry in the SharePoint website’s DACL. There are several kinds of groups in AD that are identified by type and scope. There are two types — distribution and security — and three scopes — local, global, or universal. The standard model for managing security on a fi le system using AD is to add users to a Global group, assign security rights to a local group, and then make the global group a member of the local group. When using AD to manage security, SharePoint reproduces

Planning Security

331

this model by substituting SharePoint groups for local groups. When used in SharePoint, the scope and type of an AD group will affect how it is processed. Understanding the characteristics of different AD groups will help you decide what type of group to use in a specific situation.

Should You Manage Security in SharePoint or Active Directory? Steve works for a company that is implementing a WSS environment to support their small group project teams. Team membership is expected to be very fluid, with users joining and leaving some teams on a weekly basis. Managing group membership using AD would require frequent changes to AD. Since these changes can only be done by a domain administrator, Steve has decided to use a more decentralized administrative structure. Each project will be given a site collection. The team lead for each project will be made a member of site owners group and will be responsible for adding team members to appropriate groups in the site collection. Kathy works for a company that is planning to use WSS as an application platform to create a human resources system. Access to specific areas of the HR intranet will closely match the job roles of employees. Since these job roles are already reflected by existing groups in AD, Kathy has decided to work with AD domain administrators to implement and manage security in SharePoint. The AD domain administrators will create custom groups as Kathy needs them, but usually she will simply add existing AD groups to basic SharePoint groups. By assigning permission levels to these SharePoint groups, she ensures that both existing and future group members will be given appropriate rights to SharePoint content. These two scenarios show that there is no single right way to implement security in WSS. Specific characteristics like the fluidity of permissions and availability of AD authority will help you choose whether to focus on managing users in AD or in SharePoint.

Distribution Groups Active Directory uses distribution groups for email distribution. They are not provided with a security identifier (SID) and cannot be used in DACLs. Since they don’t have a SID, they also cannot be stored by a SharePoint group. If added to a SharePoint group, they will be expanded to a list of users and each user will be added to the SharePoint group in place of the distribution group. Because the users are added instead of a reference to the distribution group, future changes to the membership of the distribution group will not be reflected in the membership of the SharePoint group.

332

Chapter 7



Configuring Authentication and Security

Server Local and Domain Local Groups Local groups have a SID and can be added as a SharePoint user or member of a SharePoint group in many cases. But local groups in AD are normally used to assign permissions instead of grouping users together. Given this use in Active Directory, it is normally not a good idea to use local groups in SharePoint.

Global and Universal Groups Global groups are the preferred group type for aggregating users to add them to SharePoint. In large installations, universal groups may also be used. When using either global or universal groups in SharePoint, it is a good idea to make sure that the group has a distribution list email address associated with it so that all users in the group can receive emails.

Users who are given access to a SharePoint website based on their membership in an AD group will not show up as users in the site until they contribute something to either a list or a library. However, although they don’t show up as users they can still access all the secured resources of the website.

WSS Active Directory Groups When WSS is installed on a server, three Local security groups are automatically created on the server. These groups control access to the fi le system –based resources that SharePoint uses. For example, access to the _Layouts virtual directory, which is mapped to the Layouts directory of the 12 hive, is controlled using these groups. If you manually deploy fi les to the fi le system of the SharePoint web front ends, you may adjust the security settings of the resource for SharePoint to use it properly. WSS also makes use of the Local Administrators group on each server in the SharePoint farm. WSS_RESTRICTED_WPG Membership in this group is required for the WSS Administration Service to function. By default, the application pool identity account for the Central Administration website is added to this group. WSS_ADMIN_WPG Members of this group have write access to fi le system –based resources used by WSS. Users in the SharePoint Farm Administrators group will be automatically added to this AD group. WSS_WPG Members of this group have read and execute access to fi le system –based resources used by WSS. The application pool identity accounts for all web applications other than the Central Administration website are added to this group. Local Server Administrators Many of the service accounts used by SharePoint, such as the application pool identity account for each web application, are required to be members of the local administrators groups on each server. The local server administrators group on

Planning Security

333

each server is also automatically a member of the farm administrators group. This gives the member accounts the ability to perform farm-level actions in SharePoint.

SharePoint Administrative Groups Earlier in the chapter we discussed the three groups that are created when a new site collection is provisioned. SharePoint has two other types of other built-in groups that are managed at the farm level. Members of these groups have the ability to administer the farm or individual site collections. The two groups are: Farm Administrators Members of this group can perform any administrative task in Central Administration for all the servers in the farm. Members of this group can also perform command-line operations. Farm administrators have no access to site collections or sites by default, but farm administrators can take ownership of any site. Farm administrators are members of the WSS_RESTRICTED_WPG group on the computers where Central Administration is hosted and have the Full Control permission on all servers in the environment. By default, anyone who is a member of the local server administrators group is a farm administrator. Members of this group have broad permissions to administer the Central Administration site, but are restricted from performing certain other actions. For example, farm administrators cannot make changes directly to Internet Information Services (IIS) websites, create or delete SharePoint web applications, update user account passwords, or modify Windows services. The farm administrators group is used in the Central Administration website only and cannot be used in any other site collection. Exercise 7.4 demonstrates how to add a user to the farm administrators group. E X E R C I S E 7. 4

Adding a User to the Farm Administrators Group 1.

From the Administrative Tools menu, select SharePoint 3.0 Central Administration and wait for the Home page of the Central Administration website to appear.

2.

On the Operations tab in the Security Configuration section, select the Update Farm Administrators Group link. Wait for the People and Groups: Farm Administrators page to appear.

3.

On the People and Groups: Farm Administrators page, select Add Users from the New drop - down list.

4.

On the Add Users: Central Administration page, fill in the following information: 

In the Add Users section, use the Browse button to search for AD users you wish to add. The Browse button looks like an open book just below the Users/Groups text box. You can also type in the usernames or email addresses, separated by semicolons.

Chapter 7

334



Configuring Authentication and Security

E X E R C I S E 7. 4 ( c o n t i n u e d )





5.

In the Give Permission section, accept the default selection of the Farm Administrators [Full Control] Group. In the Send E- Mail section in the Personal Message text box, add a comment that will be sent to the user you just added to the farm administrators group.

Click OK and wait for the People and Groups: Farm Administrators page to reappear.

You will notice that the user you selected is now a member of the farm administrators group.

Site Collection Administrators As you saw in Chapter 4, whenever a site collection is created two site collection administrators may be named. These two site collection administrators may be changed later using the Central Administration website. You may also use the Site Settings page of the top -level site in a site collection to add users to the group. Site collection administrators must be entered as individual users. You may not add an AD security group to the SharePoint site collection administrators group. Site collection administrators have Full Control permission level to all the sites in the site collection, without being a member of the sitename owners group. This Full Control permission level cannot be changed without removing the user from being a member of the site collection administrators group. Site collection administrators should be user accounts that have email addresses that will be monitored since alerts about the status of the site collection are sent to them. Exercises 7.5 and 7.6 demonstrate the two ways to add a user to the site collection administrators group of a site collection. E X E R C I S E 7. 5

Changing a Site Collection Administrator in Central Administration 1.

From the Administrative Tools menu, select SharePoint 3.0 Central Administration and wait for the Home page of the Central Administration website to appear.

2.

On the Application Management tab in the SharePoint Site Management section, select the Site Collection Administrators link. Wait for the Site Collection Administrators page to appear.

3.

On the Site Collection Administrators page, fill in the following information: 

In the Site Collection drop - down, make sure that the site collection you wish to change is selected. If it is not, click the drop - down arrow and select Change Site Collection. Wait for the Select Site Collection page to appear and select the correct site collection. You may also need to use the Web Application drop - down on the Select Site Collection page to choose the correct web application.

Planning Security



335

In the Secondary Site Collection Administrator text box on the Site Collection Administrators page, use the Browse button to search for an AD user you wish to add. The Browse button looks like an open book just below the Users/Groups text box. You can also type in the domain\username or email addresses separated by semicolons. Note that you cannot add an AD group.

4.

Click OK and wait for the Application Management tab of the Central Administration website to reappear.

5.

Test your work by logging into the top -level website of the site collection as the user you added.

6.

On the top -level site in your site collection, click Site Actions in the top -left corner of the page, and then click Site Settings. Wait for the Site Settings page to appear.

Your Site Settings page should look similar to the following graphic. Notice that as a site collection administrator you see the Site Collection Administration column on the right side of the page. Only site collection administrators will see this column of links.

336

Chapter 7



Configuring Authentication and Security

E X E R C I S E 7. 6

Adding More than Two Site Collection Administrators 1.

On the top -level site in your site collection, click Site Actions in the top -left corner of the page, and then click Site Settings. Wait for the Site Settings page to appear.

2.

On the Site Settings page in the Users and Permissions column, click the Site Collection Administrators link. Wait for the Site Collection Administrators page to appear.

3.

On the Site Collection Administrators page, in the Site Collection Administrator text box, use the Browse button to search for an AD user you wish to add. The Browse button looks like an open book just below the Users/Groups text box. You can also type in the domain\username or email addresses separated by semicolons. Note that you cannot add an AD group.

4.

Click OK and wait for the Site Settings page to reappear.

5.

Test your work by logging into the top -level website of the site collection as the user you added.

6.

On the top -level site in your site collection, click Site Actions in the top -left corner of the page, and then click Site Settings. Wait for the Site Settings page to appear.

Your Site Settings page should look similar to the graphic at the end of Exercise 7.5.

Managing Content Security When a site collection is fi rst created, the security settings of the top-level site of the site collection are inherited by each site, list, library, folder, item, and document stored in the site collection. However, you can break this security inheritance for any securable object in the hierarchy. Figure 7.5 shows the permissions page from a site where security is inherited. Before security inheritance is broken, there is no Settings menu and the permissions inherited from the parent site do not have selection check boxes next to them.

Managing Content Security

F I G U R E 7. 5

337

The Permissions page showing inherited permissions

After breaking security inheritance, you can add new combinations of users, groups, and permission levels to a securable object. But remember, the actual users, groups, and permission levels were originally created higher in the hierarchy. Deleting users from groups or changing permission levels will have effects elsewhere in the hierarchy. When breaking inheritance, you should concentrate on adding or removing permission levels from users or groups, rather than changing the actual group membership or permission level.

Chapter 7

338



Configuring Authentication and Security

Breaking Security Inheritance on a Subsite To break inheritance of security at a specific point in the hierarchy, you need to edit the permissions of that securable object. The securable object will copy the previously inherited security settings, which can then be changed. The changed security will then be inherited by every object lower in the hierarchy. If you need to, you can reestablish security inheritance, which will revert the object back to inheriting permissions from the securable object above it in the hierarchy. In Exercise 7.7 we’ll examine how to break security inheritance on a subsite. Exercise 7.8 in the next section will demonstrate how to break security inheritance for a list, library, list item, folder, or document. E X E R C I S E 7. 7

Assigning Unique Security to a Subsite 1.

Navigate to a subsite in your site collection. Wait for the default page of the subsite to appear.

2.

On the default page of the subsite, click Site Actions in the top -left corner of the page, and select Site Settings from the menu. Wait for the Site Settings page to appear.

3.

On the Site Settings page in the Users and Permissions column, click the Advanced Permissions link. Wait for the Permissions: Subsite Name page to appear.

4.

On the Permissions: Subsite Name page, select Edit Permissions from the Actions drop - down list.

5.

Click OK when you see the warning that you are about to create unique permissions for the subsite. Wait for the Permissions: Subsite Name page to reappear.

6.

On the Permissions: Subsite Name page, do the following 



7.

Select the check box next to the Top- Level Site Name Visitors group. Select Remove User Permissions from the Actions drop - down list. Note that you could also change the permissions associated with this group for this site by selecting Edit User Permissions.

Click OK when you see the warning that you are about to remove all permissions for the group in this subsite. Wait for the Permissions: Subsite Name page to reappear.

Managing Content Security

339

Your Permissions: Subsite Name page should look similar to the following graphic. Notice that the Top- Level Site Name Visitors group no longer has access to this subsite.

Setting Up Site Groups for a Subsite In Exercise 7.7, you learned how to break inheritance on a subsite. Once you break inheritance on a subsite, you can add new users, create new custom groups, or adjust the permission level assigned to existing groups inherited from above. But the membership of

340

Chapter 7



Configuring Authentication and Security

existing groups cannot be changed without changing the group everywhere it is used in the site collection. If you want to use the built-in owners, members, and visitors groups, then you will need to create a unique set of groups for this subsite. Exercise 7.8 demonstrates how to create a set of owner, member, and visitor groups for this subsite that will be inherited by all sites below this one in the hierarchy. E X E R C I S E 7. 8

Creating Unique Groups for a Subsite 1.

Navigate to a subsite in your site collection where you have broken security inheritance. Wait for the default page of the subsite to appear.

2.

On the default page of the subsite, click Site Actions in the top -left corner of the page, and then select Site Settings from the menu. Wait for the Site Settings page to appear.

3.

On the Site Settings page in the Users and Permissions column, click the People and Groups link. Wait for the People and Groups: Top Level Site Name page to appear. Please note that you are looking at the group definition for the top -level site of the site collection.

4.

On the People and Groups: Top Level Site Name page in the Quick Launch on the left side of the page, click Groups.

5.

On the People and Groups: All Groups page, select Set Up Groups from the Settings drop - down menu. Wait for the Set Up Groups for This Site page to appear.

6.

On the Set Up Groups for This Site page, select the Create a New Group radio button in the Owners of This Site section of the page to create a new SharePoint group.

7.

Accept the automatically created name of Sub Site Name Owners for the new SharePoint group. Add any other AD users that you would like to make owners of the subsite and sites below it. These users will be given Full Control permission level to the subsite.

8.

Click OK and wait for the People and Groups: All Groups page to reappear.

9.

On the People and Groups: All Groups page in the Quick Launch on the left side of the page, click Site Permissions. Wait for the Permissions: Sub Site Name page to appear.

Your Permissions: Sub Site Name page should look similar to the following graphic. Notice that a Sub Site Name Owners group has now been added with Full Control access to this subsite.

Managing Content Security

341

Breaking Security Inheritance on a List or Library Breaking security inheritance on a list or library is very similar to breaking security inheritance on a subsite. There is one critical difference: new groups and permission levels can only be created at the level of a website. So if you wish to assign a unique permission level or use a unique group of users, you will need to create it on the top-level site or subsite hosting the list or library. Exercise 7.9 demonstrates how to break security inheritance for a specific list or library.

Chapter 7

342



Configuring Authentication and Security

E X E R C I S E 7. 9

Assigning Unique Security to a List or Library 1.

Navigate to a site in your site collection. Wait for the default page of the site to appear.

2.

On the default page of the subsite, in the Quick Launch on the left side of the page, click Shared Documents (or one of your other lists or libraries). Wait for the list or library AllItems.aspx page to appear.

3.

On the AllItems.aspx page, click the arrow next to the Settings and select Document Library Settings or List Settings from the menu. Wait for the Customize: List or Library Name page to appear.

4.

On the Customize: List or Library Name page, click the Permissions for This Document Library (or List) link. Wait for the Permissions: List or Library Name page to appear.

5.

On the Permissions: List or Library Name page, select Edit Permissions from the Actions drop - down menu.

6.

Click OK when you see the warning that you are about to create unique permissions for the list or library. Wait for the Permissions: List or Library Name page to reappear.

7.

On the Permissions: List or Library Name page, do the following :

8.



Select the check box next to the Top Level Site Name Members group.



Select Edit User Permissions from the Actions drop - down menu.



Wait for the Edit Permissions: List or Library Name page to appear.

On the Edit Permissions: List or Library Name page, do the following : 

Select the check box next to the Design permission level.



Deselect the check box next to the Contribute permission level.



Click OK and wait for the Permissions: List or Library Name page to reappear.

Your Permissions: List or Library Name page should look similar to the following graphic. Notice that the Top Level Site Name Members group now has Design permission level to the list or library.

Managing Content Security

343

Breaking Security Inheritance on a Folder, Item, or Document Security inheritance can also be broken at the level of an individual item or document in a list or library. Breaking security inheritance at this level should be done with careful planning. Since SharePoint doesn’t include tools out of the box to display where security inheritance has been broken, managing permissions on a large number of individual documents can become a challenge. Many SharePoint installations only manage permissions at this level through the use of workflows and event handlers, which can be done automatically. In Exercise 7.10 you’ll see how to establish unique permissions at the level of a list or library.

Chapter 7

344



Configuring Authentication and Security

E X E R C I S E 7.1 0

Assigning Unique Security to a Subsite 1.

Navigate to a site in your site collection. Wait for the default page of the site to appear.

2.

On the default page of the subsite, in the Quick Launch on the left side of the page, click Shared Documents and wait for the AllItems.aspx page to appear.

3.

On the AllItems.aspx page, hover over the name of a document and click the drop down arrow that appears in order to access the Edit Control Block (ECB) menu. Select Manage Permissions from the ECB menu. Wait for the Permissions: Document Name page to appear.

4.

On the Permissions: Document Name page, select Edit Permissions from the Actions drop - down menu.

5.

Click OK when you see the warning that you are about to create unique permissions for the document. Wait for the Permissions: Document Name page to reappear.

6.

On the Permissions: Document Name page, do the following : 



7.

Select the check box next to the Top Level Site Name Visitors group. Select Remove User Permissions from the Actions drop - down menu. Note that you could also change the permissions associated with this group for this site by selecting Edit User Permissions.

Click OK when you see the warning that you are about to remove all permissions for the group in this document. Wait for the Permissions: Document Name page to reappear.

Your Permissions: Document Name page should look similar to the following graphic. Notice that the Top Level Site Name Visitors group no longer has access to the document.

Managing Content Security

345

In large installations, managing item- or document-level permissions directly has a tendency to increase the overall number of access control list entries (ACEs) related to users in the site. Since the number of unique security identifiers (SIDs) used in these ACE entries is limited to approximately 2,000 per website, this could become a problem. There are also ways to configure lists and libraries that minimize the need for item- or document-level permissions. The versioning settings of a document library or list can be configured to limit the visibility of draft items for users who don’t have edit or approve permission. Figure 7.6 shows the versioning settings page of a document library.

346

Chapter 7

F I G U R E 7. 6



Configuring Authentication and Security

Controlling access to draft versions of a document

For lists, you can also use the advanced settings to limit whether users can read or edit anything other than their own records. This setting is not available in document libraries since editing is done by external applications. Figure 7.7 displays the advanced settings page of a list.

Managing Content Security

F I G U R E 7. 7

347

Controlling access to list items based on ownership

Securing Documents with Information Rights Management Security for fi les stored in document libraries is only maintained while the fi le is in the library. After a fi le is downloaded, there are no restrictions placed on its use and distribution by SharePoint. However, SharePoint can leverage the capabilities of Microsoft Information Rights Management (IRM) to create a set of access control policies that are downloaded with the document. These IRM policies can be used to control access to fi les even after they have been downloaded. You learned about configuring Information Rights Management in Chapter 4, so we won’t cover the details again here.

Chapter 7

348



Configuring Authentication and Security

Implementing User Security Until now we have focused on managing security using SharePoint and AD groups. Although maximizing your use of groups will lead to a manageable and scalable environment, you will occasionally have to assign permission levels to individual users because they need unique set of permissions. In this section we’ll look at how to assign a permission level to an individual user, how to let individual users request access, and how to provide access to anonymous users.

Adding and Removing Users You can add either Windows user accounts or domain groups directly to your website as a SharePoint user. Users added directly can be granted an individual permission level for a securable object in your site collection. This should be used only when necessary since assigning a permission level to each user can become difficult and time- consuming to manage. Exercise 7.11 demonstrates how to add a user directly to a top -level site. E X E R C I S E 7.11

Adding Users to the Top - Level Site 1.

On the top -level site in your site collection, click Site Actions in the top -left corner of the page, and then select Site Settings from the menu.

2.

On the Site Settings page in the Users and Permissions column, click the People and Groups link.

3.

On the People and Groups page, click the drop-down arrow on the New button in the toolbar and select Add Users.

4.

On the Add Users page, fill in the following information: 





5.

In the Add Users section, use the Browse button to search for AD users you wish to add. The Browse button looks like an open book just below the Users/Groups text box. You can also type in the usernames or e -mail addresses, separated by semicolons. In the Give Permission section, select the Give Users Permission Directly radio button and select the check box next to the Design permission level. In the Send E- Mail section in the Personal Message text box, clear the check box to send an e -mail unless you have already configured a working outbound e -mail connection.

Click OK and wait for the Permissions: Top Level Site Name page to reappear.

Implementing User Security

349

Your Permission Levels page should now look something like the following graphic. Notice the addition of user Jo with a permission level of Design.

Managing Access Requests Site collection administrators and site owners won’t always know what permissions every user will need in order to do their work. There will be times when users try to do something in WSS and fi nd that they don’t have the right permission level to accomplish the task. WSS solves this problem by providing an easy way to contact the site administrator by e-mail to request more permissions. Outgoing e -mail must be enabled in SharePoint Central Administration by a farm administrator before you can enable Access Requests.

350

Chapter 7



Configuring Authentication and Security

There are two basic scenarios where this kind of access request becomes necessary: 

Users who have insufficient permissions to perform a particular task



Users who have no access to a particular site, list, or library

WSS responds to these by providing access request links in two different locations. First, on any site where this feature has been enabled, a Request Access link will be added to the Welcome menu in the upper-left corner of the page. Clicking this link will take the user to a page, shown in Figure 7.8, where they can enter an email message for the site administrator explaining what they tried to do and why they need additional permissions. F I G U R E 7. 8

Request Access page

In the second scenario, the user will have no access and will be taken to an Access Denied page. This page doesn’t provide the user with a Welcome menu, so the Request Access link isn’t normally available. Instead, the Request Access link will be added directly to the Access Denied page, as shown in Figure 7.9.

Implementing User Security

F I G U R E 7. 9

351

Access Denied page with Request Access link

The Request Access feature can be enabled or disabled from the Settings menu on the Permissions page for any site, list, or library where security inheritance has been broken. When enabling the Request Access feature for a website, you must also supply the email address where requests will be delivered. This email address can only be set at the site level and not for a specific list or library. This makes it possible to choose whether these requests will go to the site collection administrator or a site owner. Figure 7.10 shows the dialog box used to enable access requests for a website.

352

Chapter 7

F I G U R E 7.1 0



Configuring Authentication and Security

Enabling request access for a site

Requesting access to a site from either the Welcome menu or the Access Denied page takes time. An email must be sent to the site administrator. Then the administrator needs to add the user or change their permissions. Finally an email must be returned to the user. This takes time and requires the involvement of the site administrator. If approving access requests is not a business requirement, you can set up an automated process to allow users to request a higher level of permission. As you can see in Figure 7.11, the settings of a SharePoint group allow users to request membership in the group. You can also configure the group to grant these requests automatically without an approval process. If the user has some access to a site, they can then request a higher level of access by requesting membership in another group. For example, if all users are made members of the Sitename Visitors group, they can select the People and Groups entry in the Quick Launch of the main page in the site. Then they can select the group they want to join from the Quick Launch of the People and Groups page and select Join Group from the Actions menu to join the group.

Implementing User Security

F I G U R E 7.11

353

Configuring request access for a group

Anonymous Access You can also give users access to a site or list within a site without actually adding them to a SharePoint group or as a SharePoint user. Anonymous access cannot be specifically configured for an individual list item or document, only for the site, list, or library containing it. By configuring anonymous access in SharePoint, you can give nonauthenticated users access to content on your site. If the user wishes to authenticate to gain access to additional content or sites that are still secured, they can click the Sign In link in the upper-right corner of the page. Clicking this link will invoke the default authentication method for the current zone and prompt the user to log in. Once logged in, the user will have access to both anonymous access and secured content. Figure 7.12 shows a site home page with anonymous access enabled.

354

Chapter 7

F I G U R E 7.1 2



Configuring Authentication and Security

Anonymous access home page

Configuring a website, list, or library to allow anonymous access is a multistep process. First you must turn on anonymous access in IIS for the web application. Once that is done, you will be able to configure anonymous access in SharePoint for the website, list, or library. Although you can turn on anonymous access using Internet Information Services Manager, you should use the Central Administration website so that SharePoint is immediately aware of the change. Exercise 7.12 walks you through turning on anonymous access for a SharePoint web application zone.

Implementing User Security

355

E X E R C I S E 7.1 2

Enabling Anonymous Access for a Web Application Zone 1.

From the Administrative Tools menu, select the SharePoint 3.0 Central Administration and wait for the Home page of the Central Administration website to appear.

2.

On the Application Management tab in the Application Security section, select the Authentication Providers link. Wait for the Authentication Providers page to appear.

3.

On the Authentication Providers page, fill in the following information: 



In the Web Application drop - down, make sure that the web application you wish to change is selected. If it is not, click the drop - down arrow and select Change Web Application. Wait for the Select Web Application page to appear and select the correct web application. Select the zone of the web application where you want to enable anonymous access. Wait for the Edit Authentication page to appear.

4.

On the Edit Authentication page in the Anonymous Access section, select the Enable Anonymous Access check box.

5.

Click Save

Once anonymous access has been enabled for the zone of a web application, you can configure how it will be used in SharePoint. SharePoint allows the use of anonymous access to retrieve either all the contents of a site or content in a specific list or library on a site. In Exercise 7.13 you will build on Exercise 7.12 by configuring the top site of your SharePoint site collection to allow anonymous access users. You must have completed Exercise 7.12 before starting Exercise 7.13. E X E R C I S E 7.1 3

Setting Up Anonymous Access to a Site 1.

On the top -level site in your site collection, click Site Actions in the top -left corner of the page, and then select Site Settings from the menu.

2.

On the Site Settings page in the Users and Permissions column, click the Advanced Permissions link.

3.

On the Permissions: Site Name page, select Anonymous Access from Settings drop - down menu. Wait for the Change Anonymous Access Settings: Site Name page to appear.

4.

On the Change Anonymous Access Settings: Site Name page, select the Entire Website radio button.

356

Chapter 7



Configuring Authentication and Security

E X E R C I S E 7.1 3 ( c o n t i n u e d )

5.

Click OK.

6.

Close your browser and after reopening it, navigate to the top -level site of your site collection.

You should not be prompted for authentication and should see a site similar to the one in Figure 7.11 earlier in this chapter.

Setting up anonymous access for a list or library is similar to enabling it for a website. But in this case it must be configured both at the site level and the individual list or library level. Once anonymous access is configured for a specific list or library, users will be able to navigate directly to the list or library. However, they will not be able to browse the default page of the website containing the list or library. To reach the list or library, they will need the URL address of the list or library itself. In Exercise 7.14 you will configure anonymous access to a list or library. (This exercise requires that you complete Exercise 7.12 successfully before you can configure anonymous access for the list or library.) E X E R C I S E 7.1 4

Setting Up Anonymous Access to a List 1.

On the top -level site in your site collection, click Site Actions in the top -left corner of the page, and then select Site Settings from the menu.

2.

On the Site Settings page in the Users and Permissions column, click the Advanced Permissions link.

3.

On the Permissions: Site Name page, select Anonymous Access from Settings drop down menu. Wait for the Change Anonymous Access Settings: Site Name page to appear.

4.

On the Change Anonymous Access Settings: Site Name page, select the radio button next to Lists and Libraries.

5.

Click OK.

6.

Navigate to the list or library that you want to give anonymous users access to. Wait for the AllItems.aspx page to appear.

7.

On the AllItems.aspx page, select Document Library Settings or List Settings from the Settings drop - down menu. Wait for the Customize: List or Library Name page to appear.

8.

On the Customize: List or Library Name page, click the Permissions for This Document Library (or List) link. Wait for the Permissions: List or Library Name page to appear.

Implementing User Security

357

9. On the Permissions: List or Library Name page, select Edit Permissions from the Actions drop - down menu.

10. Click OK when you see the warning that you are about to create unique permissions for the list or library. Wait for the Permissions: List or Library Name page to reappear.

11. On the Permissions: List or Library Name me page, select Anonymous Access from the Settings drop - down menu.

12. Select the check boxes that identify what permissions you want anonymous users to have to the list. Note that anonymous access users cannot edit or upload documents to a document library. They can only download and view existing documents. Full read/ write access can be configured on most lists.

13. Click OK. 14. Close your browser, and after reopening it, navigate directly to the list or library that you configured for anonymous access. If you navigate to the site containing the list but not the list itself, you will be required to authenticate since you only allowed anonymous access to the list.

358

Chapter 7



Configuring Authentication and Security

Implementing Web Application Security As we have already seen, most security settings in WSS are handled within the bounds of the site collection by the site collection administrators or site owners. But there are also some settings in the Central Administration website that modify or extend the security specified in the site collection. These web application overrides include the following settings: 

Security for Web Part Pages



Self-Service Site Management



User Permissions for Web Application



Policy for Web Application



Authentication Providers

Web Application Security Overrides You already covered these settings when reviewing the Central Administration website in Chapter 4. But understanding how web application security settings interact with site collection security is important for the exam, so make sure you review them while studying this chapter. You will need to know when to set security at the site collection level and when to do it at the web application level. You learned about configuring these Central Administration security settings in Chapter 4, so we won’t cover the details again here.

Understanding Code Access Security The focus of this chapter has been designing and implementing a security policy that will control the access users have to content stored in WSS. But this chapter wouldn’t be complete without a discussion of how to secure the custom code that may be used to extend the SharePoint environment. WSS runs under the .NET Framework, which provides us with the Code Access Security (CAS) feature so that we can apply permissions to code as well as users. CAS is implemented through the use of security policy fi les that are referenced through a Trust Level setting in the web.config fi le of the web application. As an administrator it will be your job to install custom security policy fi les and manage the web.config fi le that references them. Some developers will try to avoid problems raised by CAS by requesting that administrators set the Trust Level option of the web application to Full. However,

Understanding Code Access Security

359

production SharePoint web applications should normally not be run with a Trust Level of Full since this essentially bypasses the protection offered by CAS. A second option is to deploy all managed code assemblies to the Global Assembly Cache (GAC). Custom code installed in the GAC will automatically run with Full Trust but all other code will continue to run under the more restrictive settings imposed by the Trust Level setting. Although running code from the GAC is not as bad as setting Trust Level to Full, this still runs the web part with more rights than it requires. The best practice is to use a custom security policy fi le and Trust Level to provide the custom code with appropriate permissions.

Developing CAS settings is normally a developer ’s responsibility. But once the CAS settings have been designed, it is often an administrator ’s responsibility to deploy the settings. You will not need to know how to create CAS settings or web solution packages (discussed later in this section) for the 70 - 631 exam, but you will need to understand how they are used.

Trust Levels There are three possible Trust Level settings available by default in SharePoint: WSS_Minimal The default setting. This setting is defi ned in a tag in the web.config fi le and points to C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\config\wss_minimaltrust.config.

WSS_Medium This setting is also defi ned in a tag in the web.config fi le and points to C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\config\wss_mediumtrust.config.

Full This is one of five trust level settings built into IIS 6.0. The Full setting turns off CAS in IIS and allows any code to run. This is the only built-in IIS Trust Level setting that can be used for SharePoint. The other four built-in settings are too restrictive. Full is not recommended for a production environment.

Code Access Security You can also create a custom security policy fi le patterned after either the wss_minimaltrust.config or wss_mediumtrust.config fi le. Adding a tag to the web.config fi le that references the custom policy fi le will make it available as a trust setting. These security policy fi les are XML fi les that consist of the following three main sections: SecurityClasses This section defi nes and loads class libraries that contain the classes used to build a CAS policy.

360

Chapter 7



Configuring Authentication and Security

NamedPermissionSets This section identifies groupings of security rights called IPermissions that can be applied using CAS to allow managed code assemblies access to certain system resources. For example, the FileIOPermission IPermission can be used to specify what server hard drive locations are accessible for reading or writing by the web part. CodeGroups This section identifies which NamedPermissionSet will be applied to each managed code assembly based on their membership in a particular SecurityClass. You can fi nd more information on CAS at http://msdn2.microsoft.com/en-us/ library/ms916855.aspx.

Web Solution Packages Managed code assemblies can be deployed to a SharePoint server using a new capability called Solution Deployment. Using this capability you can schedule the deployment of the managed code DLL fi le and add CAS settings to the system as a custom security policy fi le. Solution Deployment can also be used to deploy other things in a farm, such as features, master pages, Cascading Style Sheets, and event handlers. A web solution package is a .cab fi le with a .wsp extension that includes the following fi les: 

A manifest.xml that contains the deployment instructions for the assembly, including custom CAS policy settings



A .dll file that is the compiled managed code assembly



Other resources to be deployed to the SharePoint server, like web parts, Features, or Cascading Style Sheets

To deploy a solution, you must fi rst add it to the farm. You do this by running the following stsadm command line on any web front- end server in the farm: stsadm.exe -o addsolution -filename [-lcid ]

The solution fi lename parameter should include the full path to the .wsp fi le. The optional language parameter can be used to install several language-specific copies of the same solution. After the solution has been added, you can use either the Central Administration website or stsadm to schedule its deployment. Both methods allow a specific time and date to be set for the deployment. You can also limit many solutions so they are deployed to specific web applications. The Central Admin Solution Deployment link is in the Global Configuration section of the Operations tab. When you click this link, you will see a list of .wsp solution fi les that have been added to the farm. Clicking on a specific .wsp fi le shows you information about the solution. Clicking Deploy Solution in the toolbar takes you to the interface shown in Figure 7.13, where you can schedule deployment of the solution.

Summary

F I G U R E 7.1 3

361

Scheduling deployment of a web solution package

Summary In this chapter you learned how to plan and implement secure access to the content stored in your WSS sites. You also learned how to create permission sets and assign them to users and groups. Finally you learned how AD can be leveraged in SharePoint security. We discussed the following topics: 

Planning a site collection security inheritance hierarchy



Creating, copying, and modifying permission levels



Web application security settings



Managing groups and users in SharePoint



Configuring anonymous access for SharePoint



Deploying CAS

362

Chapter 7



Configuring Authentication and Security

Exam Essentials Be familiar with the components used in WSS security. Be familiar with the three groupings of permissions. Understand the capabilities of the default permission levels. Be familiar with the role of users and groups. Know the different types of securable objects in SharePoint. Know how to manage site collection security. Know the three default groups created in a site collection. Understand when to add permission levels to users directly. Understand when to use AD and SharePoint groups. Know how to break security inheritance, create groups, add users, and assign permission levels. Understand how to configure anonymous access in WSS. Know how to enable anonymous access on a web application or zone. Understand how to configure anonymous access for a website. Be able to configure anonymous access to a list or library. Understand the concepts of authentication and authorization. Know the advantages and disadvantages of the three types of authentication methods available in SharePoint.

Review Questions

363

Review Questions 1.

You install a three-server WSS 3.0 farm. Your company has an existing Public Key Infrastructure (PKI) with a Microsoft Information Rights Management (IRM) server. You want to configure WSS 3.0 document protection to keep users from printing or saving documents. What should you do first? A. Obtain and install a web server certificate from a public certification authority.

2.

B.

Install the Windows Rights Management client on each SharePoint web front- end server.

C.

Install the root CA certificate to the Trusted Root Certification Authorities on each server in the farm.

D.

Create a /IRM managed path and build all sites that require document protection under that managed path.

You have installed WSS 3.0. You create a new site collection to distribute documents to company employees. You need to ensure that users can automatically submit a request to obtain access to the site. You also need to ensure that only approved users are granted permission. What should you do? A. Use the Site Settings page to create a custom group. Configure the group to auto accept requests for membership.

3.

B.

On the Permissions page for the site, use the Settings menu to enable the Access Requests option.

C.

Add a custom mailto: link to the document library AllItems.aspx page set to the email address of the group owner. Configure the link to send an email requesting access.

D.

Add a custom link to the document library list page that opens an ASPX form where users can submit an access request.

Your company has deployed WSS 3.0. You configure the WSS web application to use forms-based authentication so that external users who do not belong to your AD domain can access the site. Usernames and passwords are stored in a Microsoft SQL Server 2005 database named ExternalUsers. Users report that they are not able to authenticate. You need to ensure that the external users can authenticate before they are granted access to the website. What should you do? A. Create a custom web part called Authentication that contains a Microsoft Office InfoPath form. B.

Configure the web application to use Web Single Sign- On authentication.

C.

Provide the users with a web authentication login form that is stored in an SSL protected virtual directory.

D.

Specify the membership provider in the web application web.config file.

Chapter 7

364

4.



Configuring Authentication and Security

You want to allow users to make content available on a SharePoint website facing the Internet. You need to ensure that all Internet users have access to the WSS website. Which two actions should you perform? (Choose two. Each correct answer presents part of the solution.) A. Enable Digest authentication for the WSS Web site.

5.

B.

Enable anonymous access for the WSS website.

C.

Enable Integrated authentication for the web application.

D.

Enable anonymous access for the web application.

You are the site collection administrator for a WSS 3.0 installation. You create a new task list for the managers in your company. You need to ensure that managers can only view and add tasks to the list. Which permission level should you assign when you add the group of managers to the site? A. Contribute

6.

B.

Members

C.

Full Control

D.

Edit

You are the site collection administrator for a WSS 3.0 deployment. You create a new announcement list for the employees in your company and give all employees the ability to add announcements to the list. You turn on the require approval feature of the list. You want to give a group of managers an additional permission that will allow them to approve announcements. Which two actions should you perform? (Choose two. Each correct answer presents part of the solution.) A. Create a new permission level that includes the Approve Items permission.

7.

B.

Assign the new permission level to the sitename members group.

C.

Edit the existing Contribute permission level and add the Approve Items permission.

D.

Create a new group called Managers, add the managers to the group as members, and assign the new permission level to the group.

You are the site collection administrator for a WSS 3.0 deployment. You create a new Announcements list for the employees in your company and give all employees the ability to add announcements to the list. You want to prevent users from deleting announcements from the list once they have been added. Which two actions should you perform? (Choose two. Each correct answer presents part of the solution.) A. Create a new permission level that does not include the Delete Items permission. B.

Assign the new permission level to the sitename members group in place of the Contribute permission level.

C.

Copy the existing Contribute permission level and remove the Approve Items permission.

D.

Create a new group called Employees, add the employees to the group as members, and assign the new permission level to the group.

Review Questions

8.

365

Your company has deployed WSS 3.0. Your CEO wants to create an external site where users from another company can log in to collaborate on some joint projects. The AD administrators in your company have installed Active Directory Federation Services between your AD forest and the AD forest in the other company. You need to configure the WSS web application to use an authentication method that will make it possible for users from the other company to authenticate using their own AD account and password. What authentication method should you implement? A. Basic authentication with SSL encryption

9.

B.

Forms-based authentication

C.

Digest authentication

D.

Web Single Sign- On

You are the site collection administrator for a WSS 3.0 deployment. Your manager wants to create a custom list for the employee reviews in your company and give all other managers the ability to add items to the list. Managers should be only able to edit their own items, but should be able to see all items. Which actions should you perform? (Choose two. Each correct answer presents part of the solution.) A. Break security inheritance on the list and remove permissions from all groups except the Managers group. They should be given the Contribute permission level. B.

Edit the Advanced settings of the custom list so that users have read access to all items and edit access to only their own.

C.

Break security inheritance on the list and create a custom group for the managers. Assign the group the Contribute permission level.

D.

Edit the Advanced settings of the custom list so that users have read access to only their own and edit access to only their own.

10. You have deployed WSS 3.0. Developers create a custom web part for your site. You install the web part assembly to the bin directory of your web application using a web solution package (WSP) created by the developers. When users try to load the web part on the page, they receive an unhandled exception error and the page is not rendered correctly. You need to ensure that the web part displays properly on your site page. What should you do? (Choose two. Each answer is a complete solution.) A. Set the security level of the Trusted Sites zone to Medium. B.

Install the web part assemblies in the wpresources directory on the WSS server.

C.

Instruct the developers to change the WSP to deploy the web part to the GAC.

D.

Instruct the developers to include CAS policies in the WSP.

Chapter 7

366



Configuring Authentication and Security

11. You have deployed WSS 3.0.You want to use a custom membership provider to authenticate remote users who do not belong to your AD domain. You configure a web application to use forms. External users report that they can’t authenticate to the WSS website .You need to ensure that external users are able to authenticate to the WSS website. What should you do? A. Restart the Netlogon service on the WSS server. B.

Use Internet Information Services Manager to configure the Basic authentication on the website.

C.

Set the Active Directory object for the WSS server to Trusted for delegation.

D.

Edit the web application web.config file to specify the connection string and membership provider entries for the custom authentication provider.

12. You are the site collection administrator for a WSS 3.0 deployment. You want to make sure that all members of the domain can read information on your site, but only certain users should be able to edit content. Which actions should you perform? (Choose two. Each correct answer presents part of the solution.) A. Create a web application policy that assigns the Deny Write permission policy level to the Domain Users AD group. B.

Add the Domain Users AD group to the sitename Visitors group.

C.

Add the users who should be able to edit content to the sitename Members group.

D.

Add the users who should be able to edit content to a custom group and assign it the Design permission level.

13. Which of the following is not one of the default permission levels available in WSS? A. Design B.

Edit

C.

Full Control

D.

Limited Access

14. You have installed WSS 3.0. You create a new site collection to distribute documents to company employees. All employees have been added to the sitename Visitors group. You need to ensure that users can automatically submit a request and automatically gain access to the site. What should you do? A. Use the Site Settings page to create a custom group. Configure the group to automatically accept requests for membership. Assign the group the Contribute permission level. B.

On the Permissions page for the site, use the Settings menu to enable the Access Requests option.

C.

Add a custom mailto: link to the document library AllItems.aspx page set to the email address of the group owner. Configure the link to send an email requesting access.

D.

Add a custom link to the document library list page that opens an ASPX form where users can submit an access request.

Review Questions

367

15. You are the site collection administrator for a WSS 3.0 deployment. You are creating a number of small project sites and want the easiest way to add individual users to each site. Your domain administrators have already created distribution groups for each of the projects involved, but there are no security groups created with appropriate membership for each project. You’ve already broken security inheritance on each site. Membership will be maintained going forward by the site owner of each site. What should you do? A. Ask the domain administrators to re- create each distribution list as a security group. Add the security group as a SharePoint user to each site. B.

Add the appropriate distribution list to each site.

C.

Print out the membership of each distribution list and add the users individually to the appropriate sites.

D.

Add the project leads to the site collection administrator’s group.

16. You are the site collection administrator for a WSS 3.0 deployment. You are creating a subsite that will be used by a planning committee in your company. You want to delegate administration of security to the chairperson of the committee. You’ve already broken security inheritance on each site. What other actions should you perform? (Choose two. Each correct answer presents part of the solution.) A. On the subsite’s People and Groups page, select Setup Groups from the Settings menu. Accept the default groups suggested. B.

On the subsite’s Advanced Permissions page, select Setup Groups from the Settings menu. Accept the default groups suggested.

C.

Add the chairperson to the site and assign them the Design permission level.

D.

Add the chairperson of the committee to the subsite name Owners group.

17. Which of the following is not one of the major elements in a CAS policy config file? A. NamedPermissionSets B.

CodeGroups

C.

TrustLevel

D.

SecurityClasses

18. Which of the following is not a list permission in SharePoint? A. Apply Themes and Borders B.

Override Check- Out

C.

Delete Versions

D.

Manage Lists

Chapter 7

368



Configuring Authentication and Security

19. Which of the following is not an IIS Windows authentication method? A. Basic B.

Digest

C.

Certificate

D.

Active Directory Federation Services

20. Which of the following is not one of the default groups created when a new site collection is provisioned (where sitename is the name of the top -level site of the new site collection)? A. Local Server Administrators B.

sitename Members

C.

sitename Owners

D.

sitename Visitors

Answers to Review Questions

369

Answers to Review Questions 1.

B. For a WSS server to participate in IRM policies, it must fi rst have the Windows Rights Management client.

2.

B . Enabling the Access Requests option will allow users to either request more permissions or request access to the site if they are denied access by sending an email to the site administrator. If the site administrator approves the request, access will be granted. Configuring a custom group with automatic acceptance would not allow for an approval process. Adding custom links to the library page would allow users to request more access, but wouldn’t help users with no access.

3.

D. To use forms-based authentication, you must configure the membership provider in the web.config fi le of the web application.

4.

B, D. Not all Internet users will have accounts in your Active Directory, so you must

enable anonymous access for both the website and the web application. 5.

A . You should give the managers group the Contribute permission level. The Full Control permission level would give them more than View and Add permissions. Members and Edit are not permission levels.

6.

A, D. Since the managers already have the ability to add items to the list, you should create a new permission level that only contains the Approve Items permission and then assign it to a new group that only the managers are members of. Assigning the permission level to the sitename members group or editing the Contribute permission level will give Approve Items permission to more than just the managers.

7.

B, C . You should copy the existing Contribute permission level and remove the Delete Items permission from the copy. Then you should replace the Contribute permission level with the new permission level for the sitename members group. Copying the existing permission level is a better solution because creating a new permission level might not include the permissions already in the Contribute permission level. Adding the new permission level to a new group won’t change the employees’ permissions if they also get Contribute from another group membership.

8.

D. Since Active Directory Federation Services (ADFS) is already implemented, your best choice would be Web Single Sign- On, which can be configured to use ADFS. Basic and Digest authentication would not work with user accounts that aren’t in your AD forest. Forms-based authentication isn’t the best choice because it would require that you have administrative rights to the other company’s AD forest.

9.

A, B . You need to break security inheritance on the list and give the existing Managers group the Contribute permission level. Option C is incorrect because groups can only be created at the site level, not the list level. You also need to change the advanced settings of the list to give users read access to all items and edit access to only their own.

370

Chapter 7



Configuring Authentication and Security

10. C, D. Deploying the web part to the Global Assembly Cache (GAC) will allow the web part to run in a Full Trust environment without changing the CAS policies. You could also instruct the developers to add CAS policies to the WSP and redeploy. Medium is a Trust Level setting in IIS 6.0, but SharePoint can’t run under that setting. Web parts can run only from either the bin directory or the GAC and not from the wpresources directory. 11. D. The configuration details for the custom authentication provider need to be added to the web application web.config fi le. The other choices all deal with forms of AD authentication, not a custom authentication provider. 12. B, C . Adding the Domain Users group to the sitename Visitors group will give the Read permission level to everyone and adding the specific users to the sitename Members group will give them the Contribute permission level. Adding a Deny Write Web Application policy would keep everyone from being able to edit content, and giving the specific users the Design permission level would give them more access than they need. 13. B . Edit is not one of the default permission levels available in WSS. 14. A . Configuring a custom group with automatic acceptance of access requests allows users to request membership in a group with more permissions and get it immediately. Enabling the Access Requests option will allow users to request access by email, but they won’t receive automatic access. Adding custom links to the library page would allow users to request more access, but also wouldn’t grant the access request immediately. 15. B . You should add the appropriate distribution list to each site. This will in turn add the users in the list as SharePoint users. Converting the distribution lists to security groups is a lot of work and unnecessary in this case. Adding the users individually will work, but it’s not the easiest method. Adding the project leads to the site collection administrator’s group will allow them to add members to any site, not just their own. This kind of delegation may be easy, but it’s not a secure practice. 16. A, D. You should set up unique Owner, Member, and Visitor groups for the subsite using the People and Groups page. Then add the chairperson of the committee to the new Owners group. You cannot set up groups using the permissions page for the site. Giving the chairperson Design permission level will not let that person manage permissions in the site. 17. C . The TrustLevel setting is in the web.config fi le and is used to load a specific CAS policy config fi le. It is not one of the elements in the config fi le. 18. A. Apply Themes and Borders is a site permission, not a list permission. 19. D. Active Directory Federation Services interfaces with the Web Single Sign-On authentication provider, not the Windows authentication provider. 20. A . Local Server Administrators is a preexisting Active Directory group.

Chapter

8

Administering the Implementation MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:  Administer Windows SharePoint Services 

Configure site settings.



Manage Central Administration.



Administer Windows SharePoint Services by using STSADM.



Configure backup and restore (disaster/recovery).

In Chapter 3 you installed and deployed Windows SharePoint Services (WSS) 3.0. Most of the postconfiguration setup happened there. As an administrator it is important to maintain your WSS 3.0 environment by using Central Administration and sometimes Stsadm command-line operations. In this chapter we’ll take a look at the Central Administration website which includes three administrative tabs: Home, Operations and Application Management. It ’s important to understand the functions of Central Administration to perform administrative tasks within your WSS 3.0 environment. In this chapter we’ll cover how to administer site collections and sites using Central Administration pages as well as the Stsadm command-line operations that can be used with your WSS 3.0 environment. Understanding what Central Administration is and does and learning how to use Stsadm with WSS 3.0 are key to helping you pass the test.

Understanding Central Administration In this section we’ll take a look at the WSS 3.0 Central Administration website, which includes three administrative tabs: Home, Operations, and Application Management. Each of these tabs is used to perform unique functions in WSS 3.0. The Central Administration pages include the following, as you can see in Figure 8.1: 

Central Administration Home page



Central Administration Operations page



Central Administration Application Management page

Understanding Central Administration

F I G U R E 8 .1

373

Central Administration tabs

The 70 - 631 exam does not require you to know every function of Central Administration. If you’re interested, you can find a complete list at http:// technet.microsoft.com/en-us/library/cc263312.aspx.

Home Page The Central Administration Home page (see Figure 8.2) is a quick view into administrative tasks, the farm topology, and resources. To access these options, click the Home tab at the top left of the Central Administration page. Here is a list of the options available to you as an administrator on the Home tab: Administrator Tasks This section lists tasks that you should complete. Each task has a link to a page where you can read about the task and then perform or delete the task. Farm Topology This section lists each server in the farm and the services running on each server. You can click a server to manage the services running on it. Resources This section is a list of links like the Favorites menu in Microsoft Internet Explorer. When you add a new link, you can also add a description and notes.

374

Chapter 8

FIGURE 8.2



Administering the Implementation

Central Administration Home page

Operations Page You use the Central Administration Operations page (see Figure 8.3) to administer core WSS 3.0 services. To access these options, click the Operations tab at the top left of the Central Administration page. Here is a list of the options available to you as an administrator on the Operations tab: Topology and Services This section contains links to pages where you can administer services, the farm topology, and email settings. Security Configuration This section contains links to pages where you can administer security settings, such as antivirus programs and blocked fi le types, and update WSS 3.0’s administrative group. Logging and Reporting This section provides links to pages where you can configure server diagnostic logging and user analysis processing reporting. Global Configuration This section features links to pages where you can administer and review timer jobs, configure alternative access mapping, manage features, and manage solutions installed on WSS 3.0 sites. Backup and Restore This section contains links to pages where you can configure backup jobs and restore web applications and data in your WSS 3.0 environment. Data Configuration This section contains linked to pages where you can set the default database server for WSS 3.0 and also configure the data retrieval services.

Understanding Central Administration

FIGURE 8.3

375

Central Administration Operations page

Application Management Page The Central Administration Application Management page (see Figure 8.4) is used to administer site collection – and site-specific WSS 3.0 services. To access these options, click the Application Management tab at the top left of the Central Administration page. The following is a list of the options available to you as an administrator on the Application Management tab: SharePoint Web Application Management This section contains links to pages where you can administer web applications, set email settings at the web application level, set web application–level features, and manage content databases. SharePoint Site Management This section features links to pages where you can administer site collections and sites. Here you can create and delete a site collection, set site retention quotas, view site collection lists, and adjust site collection administrators. Application Security This section contains links to pages where you can administer web application level security for web part pages, enable or disable self-service site management/ creation, adjust site collection permissions, enable anonymous access, and set authentication providers (Windows authentication, forms-based authentication, and Web Single Sign-On). Workflow Management This section provides links to pages where you can administer workflow settings; this includes enabling user-defi ned workflows and enabling task notifications.

376

Chapter 8

FIGURE 8.4



Administering the Implementation

Central Administration Application Management page

Exercise 8.1 shows you how to navigate to the Central Administration page. E X E R C I S E 8 .1

Navigating to the Central Administration Page 1.

Click the Start button.

2.

Select Administrative Tools  SharePoint 3.0 Central Administration.

3.

In the web browser, choose the section of Central Administration you’d like to view by clicking the corresponding tab.

Site Collection Administration In Chapter 5, “Building and Configuring the Windows SharePoint Services 3.0 Topology,” you created a site collection, changed its look and feel, reviewed web parts, and saved a team site template. Now that you have the WSS 3.0 SharePoint site created, you’ll need to know how to manage these items using the site settings: 

The WSS 3.0 Recycle Bin



Portal site connections in WSS 3.0

Site Collection Administration

377

Managing the WSS 3.0 Recycle Bin The Recycle Bin included in WSS 3.0 is considered a two -stage Recycle Bin for documents and lists. When a user deletes a document or list, the item is stored in the site’s Recycle Bin for up to 45 days. The user has the ability to restore that item for 30 days; this is considered the fi rst stage. The administrator has the ability to restore that same item for an additional 15 days; this is considered the second stage. The Recycle Bin should be the fi rst method used to restore deleted fi les by end users. This is one of the great features in SharePoint that help reduce the need for an IT support person to assist an end user in recovering deleted fi les.

Recycle Bin Management Settings A farm administrator in Central Administration can modify the Recycle Bin settings by going to Central Administration  Application Management  Web Application General Settings and then scrolling to the bottom of the page to access these settings: Recycle Bin Status This option turns the Recycle Bin on or off. If the Recycle Bin is turned off, users and administrators can’t restore documents or fi les using this feature. First Stage – Delete Items in the Recycle Bin After The fi rst-stage Recycle Bin stores items that the end user can see. You can modify the number of days SharePoint saves fi les here. Second Stage – Delete Items in the Recycle Bin After The second-stage Recycle Bin stores items that end users have deleted from their Recycle Bin. Here farm administrators can restore items that the end user cannot. This option can also be turned off to save on storage.

Turning off the Recycle Bin option in Web Application General Settings will delete all files currently in the Recycle Bin for that web application. When turning this setting off, make sure you’ve checked with your users to verify their documents have been restored.

Recovering Recycle Bin Items End users and administrators can recover fi les in the Recycle Bin by clicking the Recycle Bin icon, shown in Figure 8.5.

378

Chapter 8

FIGURE 8.5



Administering the Implementation

Click the Recycle Bin icon

In Exercise 8.2 you’ll restore a deleted item from the Recycle Bin. First you’ll need to upload a document to a document library so you can move it into the Recycle Bin. Upload any Microsoft Word document and then you’ll be ready to delete the fi le. EXERCISE 8.2

Restoring a Deleted File from the Recycle Bin 1.

On the SharePoint site, click the Recycle Bin icon.

2.

Select the file you would like to restore by checking the box next to its name.

3.

Click the Restore Selection button.

4.

Return to the document library and note that the file has been restored.

Site Collection Administration

379

Managing Portal Site Connections in WSS 3.0 WSS 3.0 has a native feature that allows you to connect other SharePoint portals to your current SharePoint site. As shown in Figure 8.6, when you enable the portal connection setting, a new link to the other portal will appear in the top left of your site. You would use this feature, for example, if you have a corporate site and a team site for your department.

FIGURE 8.6

Portal site connection

From any SharePoint site, a site administrator can add a portal site connection by choosing Site Settings  Site Collection Administration  Portal Site Connection and adding a connection, as shown in Figure 8.7.

F I GU R E 8 .7

Configuring a portal site connection

Exercise 8.3 takes you through the steps to add another SharePoint portal connection to your SharePoint portal or team site.

380

Chapter 8



Administering the Implementation

EXERCISE 8.3

Connecting to Another SharePoint Portal 1.

In your team site, click Site Settings in the upper-right corner of the site.

2.

Choose Portal Site Connection in the Site Collection Administration section.

3.

Choose the option Connect to Portal Site.

4.

Enter the web address for the other portal.

5.

Enter a portal name and click OK; this name is what will appear in the navigation bar.

Backup and Restore Using the Operations Page In this section you’ll learn how to use backup and restore operations on SharePoint farms and web applications using built-in WSS 3.0 functionality. The backup and restore functions are located on the Operations tab of Central Administration, as shown in Figure 8.8. FIGURE 8.8

The Backup and Restore section on the Operations tab

Backup and Restore Using the Operations Page

381

The built-in backup and restore operations allow an administrator to make farm- and application-level backups and restores. Using the native WSS 3.0 restore operation, you can restore site collections, farms, databases, and web applications. Without third-party backup and restore tools, you cannot backup or restore object-level data. Restoring the entire site collection will overwrite any and all changes made by any other users of SharePoint since the last WSS 3.0 backup. To view backup and recovery tools recommended by Microsoft, visit http://technet.microsoft.com/en-us/library/cc287880.aspx.

Directory Permissions For the WSS 3.0 backup and restore operations to complete and run properly, you must grant the user ID running the backup both read and write access to the local directory or network folder where backups will be stored. If you receive an Access Denied message while trying to perform a backup, verify that the WSS farm user ID has read and write access to the directory you’re trying to back up to. Exercise 8.4 will show you how to back up a SharePoint site. EXERCISE 8.4

Backing Up Using Backup and Restore 1. Click Start  Administrative Tools  SharePoint 3.0 Central Administration. 2. Select the Operations tab in Central Administration. 3. Click Perform a Backup in the Backup and Restore section of the Operations tab. 4. Select the Farm check box; doing this selects all sites, databases, and web applications automatically.

382

Chapter 8



Administering the Implementation

E XE RC I SE 8 . 4 (continued)

5. Click Continue to Backup Options. 6. Choose Full. 7. Enter a backup location. 8. Click OK to start the backup. 9. On the next page, Backup and Restore Status, review the status, warnings, or errors. 10. When the backup job is complete, you’ll see the screen shown here:

Exercise 8.5 shows you how to restore a SharePoint site using the Central Administration Operations Backup and Restore GUI. EXERCISE 8.5

Using the Central Administration Operations Backup and Restore GUI 1.

Click Start.

2.

Select Administrative Tools  SharePoint 3.0 Central Administration.

3.

Click the Operations tab in Central Administration.

4.

Click Restore from Backup in the Backup and Restore section of the Operations tab, as shown here:

Administering WSS 3.0 Using Stsadm

383

5. Enter the location of your backup directory and click OK. 6. Check the box beside Farm; doing so selects all sites, databases, and web applications automatically.

7. Click OK to overwrite all components. 8. Click Continue in the restore options. 9. The next page, Backup and Restore Job Status, reports the status, warnings, or errors. 10. When the restore job is complete, you’ll see the phase status change to Completed.

Administering WSS 3.0 Using Stsadm WSS 3.0 includes the Stsadm command-line tool for administering WSS 3.0 servers and sites. Using Stsadm, you can perform all the same functions that you can by using Central Administration. The Stsadm tool provides additional operations that the GUI doesn’t and allows you to use command-line parameters. Table 8.1 contains a list of Stsadm operations you’ll be tested on in Exam 70 - 631, but we recommend that you familiarize yourself with as many of the commands as possible. If you practice using Stsadm, be sure to use a development environment so you do not damage your production environment. For a complete listing of Stsadm commands, visit http://technet.microsoft.com/en-us/library/cc288981.aspx.

384

Chapter 8

TA B L E 8 .1



Administering the Implementation

Stsadm Operations and Descriptions

Command

Description

STSADM –o backup

Used to back up from a site collection, an individual database web application, or the entire WSS 3.0 farm

STSADM –o restore

Used to restore a backup file in WSS 3.0

STSADM –o addsolution

Used to add a WSP (CAB) solution file in WSS 3.0

STSADM –o migrateuser

Used to change an existing user account in WSS 3.0 to another login name

Stsadm Location In the 32-bit version of Windows Server 2003 and 2008, Stsadm is located in the following directory: %drive% \%PROGRAMFILES%\common files\microsoft shared\web server extensions\12\bin. For x64 -based versions of Windows Server 2003 and 2008, you’ll fi nd Stsadm here: %drive% \program files (x86)\common files\microsoft shared\web server extensions\12\bin.

Stsadm Considerations To run the Stsadm tool, you must keep a few security considerations in mind. You’ll save hours of time and frustration when using Stsadm. These factors include: Local Administration Group To successfully run the tool, the user ID you used to log into Windows must be in the local administrators group. If you try to run an operation without a user ID in the local administration group, the operation will fail. User Account Access Control This is a Windows security feature introduced in Windows Vista and Windows Server 2008. It ’s designed to alert the user when a program is trying to execute something that could be damaging to the system. To successfully run the Stsadm tool, you must disable this security feature in Windows.

Stsadm Operations and Parameters To use Stsadm, you must use –o to identify the operations you want to run and add a parameter to identify the operation you need to run. Here’s an example: STSADM -o backup

Administering WSS 3.0 Using Stsadm

385

Here you’ve instructed Stsadm to use the backup operation. The same is true for all Stsadm commands; you need both an operation and parameters to complete the task.

The backup Command The backup command is used to back up an object or site in WSS 3.0. You can use the fi le created from running the operation to restore or even move a site collection to another server. Exercise 8.6 shows you how to back up a site using the following syntax: stsadm -o backup -url -filename [-overwrite] EXERCISE 8.6

Using the Stsadm backup Command 1.

Open a DOS command prompt.

2.

Switch to the Stsadm file location by typing %drive% \%PROGRAMFILES%\common files\ microsoft shared\web server extensions\12\bin or %drive% \program files (x86)\common files\microsoft shared\web server extensions\12\bin.

3.

Type STSADM –o backup –url http://wss02/ -filename backup.bak and press Enter.

The backup is complete when you see Operation Complete.

When you type –filename backup.bak, this backups into the same folder that the Stsadm file resides in. If you add a path like c:\backup.back, then the backup will go to the root of the C drive.

The restore Command The restore command is used to restore an object or site in WSS 3.0. You can use this fi le to restore or move a site collection to another server. In Exercise 8.7 you’ll use the following syntax to restore a site: stsadm -o restore -url -filename

386

Chapter 8



Administering the Implementation

EXERCISE 8.7

Using the Stsadm restore Command 1.

Open a DOS command prompt.

2.

Switch to the Stsadm file location by typing %drive% \%PROGRAMFILES%\common files\ microsoft shared\web server extensions\12\bin or %drive% \program files

(x86)\common files\microsoft shared\web server extensions\12\bin. 3.

Type STSADM –o restore –url http://wss02/ -filename backup.bak -overwrite and press Enter.

The restore is complete when you see Operation Complete.

The migrateuser Command The migrateuser command is used to change a user’s login name in WSS 3.0. You would use this command, for instance, if a user changes his or her last name. In Exercise 8.8 you’ll use the following syntax to change a user’s login name: stsadm -o migrateuser -oldlogin -newlogin EXERCISE 8.8

Using the Stsadm migrateuser Command 1.

Open a DOS command prompt.

2.

Switch to the Stsadm file location by typing %drive% \%PROGRAMFILES%\common files\ microsoft shared\web server extensions\12\bin or %drive% \program files (x86)\common files\microsoft shared\web server extensions\12\bin.

3.

Type STSADM –o migrateuser –oldlogin domain\krisw -newlogin domain\kwagner and press Enter.

This command line is not available using the Central Administration GUI.

The setadminport Command The setadminport command is used to change the URL and application port number you assigned to the Central Administration website when you built your WSS 3.0 application. In Exercise 8.9 you’ll use change the port number of Central Administration in WSS 3.0 using the following syntax: stsadm.exe -o setadminport -port

Administering WSS 3.0 Using Stsadm

387

EXERCISE 8.9

Using the Stsadm setadminport Command 1.

Open a DOS command prompt.

2.

Switch to the Stsadm file location by typing %drive% \%PROGRAMFILES%\common files\ microsoft shared\web server extensions\12\bin or %drive% \program files (x86)\common files\microsoft shared\web server extensions\12\bin.

3.

Type STSADM –o setadminport –port 4500 and press Enter.

4.

Type IISRESET.

5.

Type Exit.

6.

Click Start  Administrative Tools  SharePoint 3.0 Central Administration. Note the port number has changed.

This command line is not available using the Central Administration GUI.

How STSADM Could Save You Too In a large-scale SharePoint installation, most companies use three SharePoint environments: production, staging, and development. The production environment is where deployed production sites are installed; staging is an environment where developed solutions are deployed to be tested; and the development environment is where development and creation takes place prior to being promoted into staging and then production. Developers love to get their hands on the production environment to test new solutions. Always remember it’s your job as the SharePoint administrator to protect and maintain the production environment. If a developer inadvertently takes down the production environment, it’s your job to get it back up and running, so make sure you have a good handle on security at all times. I recently spent several weeks in planning, designing, and installing a production SharePoint environment. The client had all three parts to the puzzle, but we were installing production, staging, and development backward because of hardware installation backlogs. Once I was finished with the production environment, I moved on to the staging environment. While I was in the process of auditing the staging environment, I found two things: a developer had installed a third-party solution (WSP) to the staging environment, and an entire department had spent close to a month developing a very

388

Chapter 8



Administering the Implementation

How STSADM Could Save You Too (Continued) useful solution for their needs. The problem I faced? I needed to get this solution and site off the staging server so I could rebuild the servers. In a perfect world, this would have happened in the development environment. However, since we didn’t have the hardware yet, I had to back up and restore the solution somewhere else. In this case, I was able to bring a new virtual server online and build a separate SharePoint server within hours. Once the new server was online and I’d created a site collection, here’s what I did to move the site:

1.

I ran the following to back up the site: STSADM –backup –url http://server/

site -filename backup.bak. 2.

I moved that backup.bak to the new server, in the same directory as the Stsadm command-line tool.

3.

I installed the third-party solution file by using STSADM -o addsolution –filename file.wsp.

4.

I restored the backup file to the new server with STSADM –o restore -url http:// newserversite –filename backup.bak –overwrite.

Once this was done I gave the client’s development team access to the site and asked them to test the solution. Once they agreed everything was in working order, I was able to start the rebuild of the staging environment. The Stsadm tool is invaluable in SharePoint administration. I’ve grown up in the SharePoint world doing move operations via command line; it does take some getting used to. Practice with the Stsadm tool, and you’ll get better the more you use it.

Summary In this chapter you learned how to administer your WSS 3.0 implementation by using Central Administration and various command-line operations. You also learned how to manage connections to other portals and how to restore fi les within a site. We also showed you how to back up and restore using Central Administration’s Operations page, and how to administer WSS 3.0 using Stsadm.

Exam Essentials

389

Exam Essentials Know how to administer WSS 3.0. Understand the purpose of and be able to use the Central Administration Home, Operations, and Application Management pages. Understand how to use the Recycle Bin. Know the ways to use the Recycle Bin as an administrator and as a user. Know how to turn the Recycle Bin off and on and be familiar with the impacts of doing so on the site collection. Be familiar with Stsadm. Understand the basic functionality of Stsadm. Be able to run a backup and restore operation using the STSADM command and know where the program is located.

Chapter 8

390



Administering the Implementation

Review Questions 1.

You’re the WSS 3.0 administrator for your company, and a manager submits a name change request for Stacy Waldrop. The user’s name has changed to Stacy Wagner. The user’s account has been updated in the Windows Active Directory, but you need to update WSS 3.0 to reflect the new domain username: swagner. It’s critical that no work done in SharePoint to date be lost. What should you do? A. Nothing, Windows Active Directory Services will automatically update Stacy’s username in WSS 3.0.

2.

B.

Use the Windows Rights Management client to update the user’s name in WSS 3.0.

C.

Change the username by using the Stsadm syntax -o updateuser.

D.

Change the username using the Stsadm syntax –o migrateuser.

When using Stsadm command-line operations, what are two security considerations? (Choose all that apply.) A. SSL encryption should be disabled.

3.

B.

Forms-based authentication should be enabled.

C.

The current user signed into Windows should be in the local administrators group.

D.

UAC should be disabled.

Which of the following Stsadm command-line operations cannot be used in Central Administration? A. -o backup

4.

B.

-o setadminport

C.

-o restore

D.

-o addsolution

E.

All of the above

Your company has two independent WSS 3.0 installations. You’re the WSS 3.0 administrator and are asked to make a connection from portal 1 to portal 2. What should you do? A. Choose Site Settings  Site Collection Administration  Portal Site Connection, add the URL to portal 1 in Portal Site Connection, and click OK. B.

Select Central Administration  Operations, enable Alternate Access Management to accept an extranet connection to portal 2, and click OK.

C.

Select Site Settings  Site Collection Administration, add the URL to portal 1 in Portal site connection and press OK.

D.

Select Site Settings  Site Collection Connections, add the URL to portal 1 in Portal Site Connection, and click OK.

Review Questions

5.

391

Your WSS 3.0 installation’s Recycle Bin Status is currently disabled. The CEO deleted a file from a document library last night. The same document library is used by others on a regular basis and has several changed documents since the last backup two days ago using STSADM -backup. You need to restore the CEO’s document without overwriting work done by others in that document library. What’s the best solution? A. Choose Central Administration  Operations  Backup and restore to recover the full site.

6.

B.

Use STSADM–getfiletype *.doc and recover the file to the bin folder.

C.

Tell the CEO he’s out of luck and should have saved the file locally.

D.

Use STSADM –restore and restore the backup to a new server or site, log into the new location, and download the lost file.

The Central Administration website includes three administrative tabs: Home, Operations, and Application Management. What functions can be performed using the Applications Management tab? (Choose all that apply.) A. Changing a site collection’s primary URL .

7.

B.

Modifying an application’s security settings.

C.

Adding and removing site collection databases.

D.

Disabling or enabling self-service site management.

Your company has a new WSS 3.0 installation; you have a site collection in production. You need to back up all WSS 3.0 sites using the Central Administration’s Backup and Restore feature. After selecting a full backup, sites to backup, and a network path for the backup file, you click OK and receive an Access Denied message. What should you do? (Choose all that apply.) A. Verify the user running the WSS 3.0 has read and write access to the network path.

8.

B.

Review the Windows Event Viewer to look for reasons why you received an error.

C.

Change the backup type to Differential.

D.

Enable Windows Authentication in the application settings.

You’re a WSS 3.0 site administrator and you need to use the Stsadm command-line tool to back up your Team site. Your Team site url is http://server1/team/. What command could you use to backup the site? A. STSADM –o backup -url http://server1/team B.

STSADM -o restore –url http://server1/team

C.

STSADM –o getsite –url http://server1/team

D.

STSADM –o backup –url http://localhost/team

Chapter 8

392

9.



Administering the Implementation

You’re a WSS 3.0 site administrator and need to use the Stsadm command-line tool. Where is the tool typically located in a 64 -bit Windows operating system? (Choose all that apply.) A. %drive%\%PROGRAMFILES%\common files\microsoft shared\web server extensions\12\bin or %drive%\program files\common files\microsoft shared\web server extensions\12\bin B.

%drive%\%PROGRAMFILES%\common files\microsoft shared\web server extensions\12\bin or %drive%\program files (x86)\common files\microsoft shared\web server extensions\12\bin

C.

%drive%\%PROGRAMFILES%\web server extensions\12\bin or %drive%\program files (x86)\common files\microsoft shared\web server extensions\12\bin

D.

The “hive”

10. You’re a WSS 3.0 site administrator and you have to change the Central Administrator port number. What command should you run after you change the port number? (Choose all that apply.) A. IPCONFIG /FLUSHDNS B.

IISRESET

C.

IISRESET/NOFORCE

D.

IISRESET /NOFORCE

11. You’re a WSS 3.0 site administrator, and you need to look for tasks that might still need to be performed on a new WSS 3.0 installation. Where should you look? A. Central Administration’s Home page B.

Central Administration’s Topology page

C.

Central Administration’s Workflow page

D.

Central Administration’s Site Settings page

12. The first-stage Recycle Bin offers how many days of document retrieval for nonadministrator users? A. 45 B.

30

C.

15

D.

31

13. The second-stage Recycle Bin offers how many days of document retrieval for nonadministrator users? A. 15 B.

30

C.

45

D.

None of the above

Review Questions

393

14. You’re a WSS 3.0 site administrator and you need to perform a Stsadm command-line recovery using the –o recover command. The backup file is located outside of the directory where Stsadm resides. What should you do? (Choose all that apply.) A. Copy the Stsadm command-line tool to the same directory where the backup file is located. B.

Use the Central Administration Backup and Recovery GUI tool.

C.

Use the command STSADM –o restore –filename path\backup.bak.

D.

None of the above.

15. You’re a WSS 3.0 site administrator, and you need to delete all items in site collection’s Recycle Bin. How would you do this? A. Disable the Recycle Bin setting in the web application settings. B.

Use Site Settings, select Recycle Bin, select all files, and click Delete.

C.

Go to the administrative Recycle Bin, select all files, and click Delete.

D.

All of the above.

16. You’re a WSS 3.0 site administrator, and a developer delivers a WSP file that should be added to WSS 3.0. You need to install the solution by command line. What command should you use? A. STSADM –o addsolution –filename file.wps B.

STSADM –o addwsp –filename file.wps

C.

STSADM –o installfeature –filename file.wps

D.

STSADM –o addfeature –filename file.wps

17. The native SharePoint Backup and Restore feature is not able to perform which of the following operations? A. Granular-level backup and restore B.

Site collection backups

C.

Site backups

D.

Site collection and site restores

18. In Central Administration, you can perform which of the following tasks? (Choose all that apply.) A. Global configuration tasks B.

Database configuration tasks

C.

Site logo and theme tasks

D.

None of the above

Chapter 8

394



Administering the Implementation

19. You’re a WSS 3.0 site administrator, and you receive a request to delete a site collection. You can do this in Central Administration in what section? A. SharePoint Site Management B.

SharePoint Site Collection Management

C.

SharePoint Site Application Security

D.

SharePoint Workflow Management

20. You’re a WSS 3.0 site administrator, and you need to adjust user analysis processing reporting. You can do this in Central Administration in what section? (Choose all that apply.) A. Topology and Services B.

Global Configuration

C.

Data Configuration

D.

Logging and Reporting

Answers to Review Questions

395

Answers to Review Questions 1. D. You should use the -o migrateuser command-line operation. 2. C, D. Only local administrators can run Stsadm; a user without these rights would not be able to complete a command. UAC prevents Windows from running Stsadm, so you should disable it. 3. E. Central Administration is a Windows GUI and cannot perform DOS command-line operations using Stsadm. 4. A. Without using development programs, the steps in option A are the only way to connect one SharePoint portal to another. 5. D. Since the site collection’s Recycle Bin is disabled, the site’s Recycle Bin would be empty. In this case you should use the backup fi le created with Stsadm and restore the site to a new server or site without overwriting other changes. From here, you can pull the last saved copy out of the site and deliver it to the CEO. 6. B, C, D. Application Management controls site- and site collection–specific operations. To change the primary URL, you’d need to use the options on the Operations page and enable the URL Alternate Access Management. 7. A, B. If your receive an Access Denied message, this means you need to verify the user running the job has the appropriate access to the folder where you’re trying to back up to. You can also review the Windows event logs for security failures. 8. A. You should use STSADM –o backup -url and the name of your Team sites url to backup the Team site. 9. A, D. The Stsadm command-line tool is located in %drive%\%PROGRAMFILES%\common files\microsoft shared\web server extensions\12\bin or %drive%\ program files\common files\microsoft shared\web server extensions\12\bin for a 64-bit installation. The 12 folder is also known as the “hive.” 10. B, C, D. IPCONFIG /FLUSHDNS should not be run; all of the other commands will reset IIS and update Central Administration with the correct port number. 11. A. Tasks that might still need to be performed on your WSS 3.0 installation are located on the default Central Administration Home page. 12. B. Items deleted and stored in the Recycle Bin are available to users for up to 30 days. 13. D. The second-stage Recycle Bin is only available to administrative users. 14. A, C. Using the path to the backup fi le is the correct choice; you may also copy the Stsadm command-line tool into the same directory that contains the backup fi le you wish to recover. 15. D. All of the above will accomplish the same goal; however, disabling this feature will turn off the Recycle Bin until it’s reenabled in the web application settings.

396

Chapter 8



Administering the Implementation

16. A. Use the addsolution command to install a WSP fi le. 17. A. SharePoint doesn’t natively support granular-level backup and restore operations. 18. A, B. Site logo and theme changes are made by using by SharePoint Designer 2007 or by using Site Settings within a site. 19. A. harePoint Site Management contains links that allow you to delete entire site collections. 20. A, D. Analysis usage is located in Logging and Reporting within the Topology and Service section of the Operations page in Central Administration.

Chapter

9

Managing Customization MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:  Manage Customization 

Configure master page



Customize pages by using SharePoint Designer



Customize pages using browser



Configure code access security

Not only is customization a vital issue with organizations, but it is a major objective on the 70 - 631 exam as well. Organizations want to make SharePoint have the look and feel of their own branding. As we often say, organizations want SharePoint to look less SharePointy! For the exam, you must understand how to configure and customize pages in all three venues: using the browser, using Microsoft Office SharePoint Designer 2007, and using Visual Studio. Furthermore, you should know how to secure the code you introduce into your environment by understanding code access security (CAS). This chapter discusses the procedures used to customize your pages.

Introducing Customization and Branding The browser, SharePoint Designer 2007, and Visual Studio are tools that represent a continuum of customization. The means by which you approach customization often depend on your skill set. Customization ranges from simply using the browser and using no programming skills to comprehensively changing the site defi nition programmatically using Visual Studio. For those of you who are not programmers, SharePoint Designer 2007 provides a middle- of-the-road approach. Most customizations to pages, for instance, can be accomplished using the Designer View, which enables you to edit the page using a WYSIWYG (What You See Is What You Get) editing environment. To customize your site, you need to determine the design elements and contents that defi ne the look and feel you want to expose to users. You can accomplish this in many ways: you can use logos, images, and pictures related to your organization; font styles and colors to match those used in your organization; and lists and libraries that fit the needs of your content. The degree to which you customize your data components or brand your pages depends on the tools you use.

Understanding Where Content Is Stored As you know, the fi les that create your Windows SharePoint Services (WSS) 3.0 site defi nitions are stored in the 12 directory, or 12 hive, of your web front- end servers. The content is stored in the content databases on your back- end SQL Servers. Where WSS stores its fi les makes it differ from your traditional websites.

Introducing Customization and Branding

399

With WSS 3.0 you can choose from a number of site templates to create your sites. These site templates include pages, document management, web parts, and workflows. When you create a site from a built-in site template, the fi les you are referencing are contained in the TEMPLATE folder of the 12 hive on the web front- end server, as shown in Figure 9.1.

F I G U R E 9 .1

Location of the 12 hive TEMPLATE folder

You are not creating any fi les of your own when you create a new site; you are pointing to those 12 hive fi les. SQL Server stores the pointers to those fi les. Therefore, WSS uses a relatively small number of fi les to create and support a large number of sites. The template fi les you use to create your sites are site defi nitions. The default look and feel and content management features that you see when you initially create a site might be sufficient for a while. You might fi nd that the out- of-the-box installation fits neither your business needs nor your design. At this point you will need to modify your site. When you make these changes, they are kept in the content database in SQL Server. When you use SharePoint Designer to modify a page that points to one of fi les in the site defi nition, the page is copied and stored in the SQL Server content database. The page no longer points to the fi le in the 12 hive; you have broken the link. This fi le is known as a customized page. Pages that point to fi les in the TEMPLATE folder of the 12 hive are called uncustomized pages. When you use a web browser to modify a page in your site defi nition, the location of this page does not change. If the page is uncustomized, it points to the fi le in the TEMPLATE folder and continues to point to that fi le even if the browser customizes it. When you modify the page using the browser, the page is customized and the changes are kept in the SQL Server content database, as shown in Figure 9.2; the link to the originating fi le in the 12 hive, however, is not broken.

400

Chapter 9

FIGURE 9.2



Managing Customization

Rendered WSS 3.0 page

Browser

Rendered Page

Content Database

12 Hive

Instance Content Page

Content Page Template

Instance Master Page in Gallery

Master Page

It is important to remember that once a page has been customized using SharePoint Designer, it will always remain unlinked to its original in the site defi nition no matter how many times you modify it in the browser, as shown in Figure 9.3.

FIGURE 9.3

WSS 3.0 page customized with SharePoint Designer

Browser

Rendered Page

Content Database

12 Hive

Instance Content Page

Content Page Template

Instance Master Page in Gallery

Master Page

Understanding Master Pages

401

Understanding Page Requests The page you request from WSS 3.0 is really a combination of two pages: a master page and a content page. A master page provides the look and feel to your WSS pages. We like to think of it as the frame around your content. The master page provides consistent navigation and appearance to your site. You cannot view a master page in the browser. To do so you need SharePoint Designer 2007. Here are the steps when a user requests a WSS 3.0 page from a team site, such as the home page of the site: 

The master page and the default.aspx page are retrieved from the 12 hive’s TEMPLATE directory. If they have not already been cached, they are placed into your server’s memory.



The properties of the team site are retrieved from the content database. These properties include the site title and logo, permissions for the site, the lists and libraries for the site, and the local site navigation.



The properties of the default.aspx page itself are retrieved from the content database. Included in these properties are the page title and the web part zones and web parts on the page.



The properties and associated data of the web parts are retrieved next.



Finally, the retrieved items are merged to form the page that is sent to the user.

Understanding Master Pages The master page provides the look and feel you want for your environment. It ties your pages together by giving an overall cohesiveness for your users. The master page contains all of the user interface layout code for your site. Here are some examples of what you can include in your master page: 

Company logo and images



Global and local navigation



Footer code including copyright statements and links



Cascading Style Sheet (CSS) styles



Body background colors, images, or styles



Common JavaScript functions

402

Chapter 9



Managing Customization

Much of the functionality of the master page is provided by ASP.NET or SharePoint controls. For example, the SPWebPartManager is a control that enables you to add web parts to master pages and both web part and web part zones to content pages.

Understanding Master Page Controls Master page controls can be divided into three types: Content Placeholders These are areas on the page that match to content page locations, enabling you to enter information. This control is a key component of the master page because you place it on the page where content will eventually appear. When you add content to a content placeholder, you are specifying content on the master page that will be visible to all pages associated with that master page. Furthermore, you can customize that content on a page-by-page basis and explicitly control the type of content the placeholder contains. PlaceHolderMain is an example of such a control. A content region is the region of a master page defined by a single content placeholder. In SharePoint Designer 2007, content region and content placeholder are used synonymously.

Delegate Controls These controls defi ne regions on the page where content can be replaced with another control driven by feature activation. Controls Controls can also defi ne links, icons, menus, and navigation components. For example, the SiteMapPath control populates the global navigation breadcrumbs. You are provided with the following master pages in the 12 hive of your initial installation of WSS 3.0: Global Default Master Page (default.master) None of the team sites have a master page defi ned; therefore, they use the global default master page. Global Meeting Workspace Master Page (mwdefault.master) All meeting workspaces use this master page. Administrative Master Pages (application.master) All administrative pages on SharePoint sites use the application.master page. The administrative pages contain the _layouts in their URL. There are also administrative master pages for the Central Administration site. As time goes by, your organization will most likely want to modify the look and feel of your sites. The most efficient method of accomplishing this is to customize the master page. However, do not use the global default.master page as the basis for your new master page. The default.master provided with WSS 3.0 is quite complicated; it uses controls such as the delegate control mentioned earlier that provides content to the page at the time of rendering.

Understanding Master Pages

403

Here is the URL of the master page template that Microsoft provides for you to use as a basis when creating your own master pages in WSS 3.0: http://www.microsoft.com/downloads/details.aspx?FamilyID=7c05ca44-869a-463b84d7-57b053711a96&displaylang=en

If you need to do extensive customization to the layout of your master page, you must take time to learn the components that are used on the page and their purpose. SharePoint Designer 2007 is probably the easiest tool to use for master page customization. It provides two options for managing content placeholders and regions: 

The Master Page toolbar



The Manage Content Regions dialog box

SharePoint Designer 2007 displays a program window that lets you modify one site at a time. If you use it to modify your master pages, be aware that you must do so at the site level. Exercise 9.1 shows you how to view a master page in SharePoint Designer 2007. E X E R C I S E 9 .1

Viewing a Master Page in SharePoint Designer 2007 1.

Open SharePoint Designer to the desired site by clicking File  Open Site.

2.

In the Folder List task pane, expand the _catalog folder. This folder contains libraries for your master pages as well as web parts and site and list templates.

3.

Expand the masterpages (Master Page Gallery) document library, which contains the default.master page.

4.

Double - click default.master to open the page in the document window.

5.

Look in the status bar of the program window of SharePoint Designer to ensure that the Visual Aids option is On. If it ’s isn’t, choose View  Visual Aids  Show.

404

6.

Chapter 9



Managing Customization

The controls on the page are displayed on the page surrounded by a purple line, with the name in a purple box. If the names are not visible, ensure that Template Region Labels is selected.

Understanding Master Pages

405

7.

To view the nonvisual controls on the page (such as the SPWebPartManager), select View  Visual Aids  ASP.NET Non -Visual Controls.

8.

To more readily locate specific controls on the master page, you need to display the Master Page toolbar. To do so, select View  Toolbars  Master Page.

9.

The Master Page toolbar appears as a floating toolbar. You can dock it on the page if desired. From the drop - down menu you can select the placeholder on the master page you want to view or modify.

406

Chapter 9



Managing Customization

Indentifying Strategies for Customization As mentioned in the beginning of this chapter, there are three venues for customizing WSS 3.0 pages: 

Browser



SharePoint Designer 2007



Visual Studio

Your choice depends on the amount of customization you want to achieve for your page and your site as well as the need to replicate this customization. In Chapter 5, “Building and Configuring the Windows SharePoint Services 3.0 Topology,” you learned how to use the browser to change a site’s look and feel. For some organizations, using the browser produces the sufficient amount of customization. In the previous section, you used SharePoint Designer 2007 to view the master page for a site. This is the only venue where you are able to get a WYSIWYG view of the master page. However, you must remember that SharePoint Designer customization breaks the

Indentifying Strategies for Customization

407

link to the original site defi nition of that page. If it is your purpose to customize individual pages, albeit master pages, content pages, or web part pages, SharePoint Designer is your answer. If, on the other hand, you are looking to create new site defi nitions that can be exposed to several web applications and site collections, your tool of choice is Visual Studio. Your SharePoint developers and administrators need to work together to use secure methods of deploying the fi les to the 12 hive of each of your front- end web servers.

Customizing with SharePoint Designer The 70 - 631 exam asks for some detail in customization with SharePoint Designer 2007. In this section we discuss customizations of the master page and web part page using SharePoint Designer.

Customizing a Master Page If you are ready to customize your master page using SharePoint Designer, we have a few precautionary messages to send your way: 

First, before you do any customization using an existing page, always make a copy first of that page and use the copy for your customization.



Second, for master pages, either use a basic master page template as noted earlier in this chapter or, if you are insistent, use the default.master on the site. But in either case, do not delete any unused controls that are on the page. Doing so could render your site useless — which won’t ingratiate you to your bosses.



Third, remember that customizing any page with SharePoint Designer breaks the link of the page from its site definition. Therefore, make certain that this is the path you want to take for customization.

You are not expected to know all the steps to fully customize a master page for the test, so Exercise 9.2 is more like a journey to make certain you understand the salient points. EXERCISE 9.2

Customizing a Master Page Using SharePoint Designer 2007 1.

If not already open, open SharePoint Designer to your site. Expand the _catalogs and the masterpage folders.

2.

Right- click on the default.master or the master page file you want to customize, and select Copy. Paste it into the same masterpage library. Rename the copy something like

custom.master.

408

Chapter 9



Managing Customization

3.

Double - click on the custom.master to open it in the document window.

4.

You should take note that the masterpage gallery does not require you to check out the page for customization. These properties are set at the library level. You can change these properties to meet your needs.

Indentifying Strategies for Customization

409

5.

To help with customization, make certain you have Visual Aids On and Template Region Labels selected. Also select to display the Master Page toolbar as you learned in Exercise 9.1.

6.

You can add content to any of the unused content placeholders or controls. To show the ASP.NET controls on the page, click the Find and type < asp: in the text box. Use the split view to see the code. You can also use the Master Page toolbar and click the section to the right of the drop - down arrow to show Content Regions. For example, the Placeholder AdditionalPageHead is often filled by developers and designers with additional calls to external files, such as external style sheets.

7.

You can modify the Quick Launch navigation by selecting a new data source for the Quick Launch bar by selecting SPNavigationManager and choosing a new data source.

410

8.

Chapter 9



Managing Customization

You should notice that the styles used on the page are initially presented using the

core.css, which contains all the styles used on pages in WSS 3.0.

9.

core.css lives in the 12 hive and should not be customized — especially not by SharePoint Designer. Instead, you should override the styles in the core.css if necessary by providing alternate style sheets either with your site definition in the 12 hive or stored within the site collection in the content database.

All the areas of the master page we have looked at can be used for customization. Most significant are the styles that can be copied from core.css and modified in an alternate style sheet. For example, Figure 9.4 shows the style class defi ned for the Quick Launch in core.css. Remember not to modify the core.css; however, you can copy the style you wish to customize into another style sheet and access the alternate style sheet from the page. Your alternate style sheet will load after core.css, thus overriding the page with your changes.

Indentifying Strategies for Customization

FIGURE 9.4

411

Quick Launch style in core.css

Customizing a Web Part Page Customizing web part pages is one of the major uses for SharePoint Designer. SharePoint Designer provides several task panes to supply the tools necessary for customization. One of those task panes is the Web Parts task pane. Using it, you can create new web part zones, add web parts, and customize a page. You can start with an existing page, such as the home page (default.aspx) or you can create new pages using the File  New menu. For the exam, you need to understand how the web part page can be customized. In Exercise 9.3 we will use the home page of your site to do our customization. EXERCISE 9.3

Customizing a Web Part Page Using SharePoint Designer 2007 1.

With SharePoint Designer open to your site, right- click on the default.aspx page in the root of your site. Make a copy and paste it again into the root of the site. Rename the page to new.aspx.

2.

Double - click to open new.aspx using Design View. The page opens showing both the master page content and the content within the page itself, contained within PlaceHolderMain. When you are customizing a web page that is a content page, you modify content within PlaceHolderMain.

412

Chapter 9



Managing Customization

E XE RC I SE 9.3 (continued)

You can create a new WSS 3.0 page by first creating an .aspx page and then attaching a master page to it.

3.

On the Task Panes menu, click Web Parts to display the Web Parts task pane. This pane displays all the available web parts that can be added to the page and enables you to add new web part zones to the page.

Indentifying Strategies for Customization

4.

413

On this page there are two web part zones: Left and Right. However, using SharePoint Designer you can create additional web part zones. For a web part to be able to be modified using the browser, you must create your web parts in a web part zone. SharePoint Designer allows you to put web parts on the page without putting them into a web part zone; doing so actually makes the web part act as a control on the page and does not allow browser modification. So, let ’s add a middle web part zone to the page.

5.

Click inside the second column of the page and then click New Web Part Zone. Notice two events: 



6.

The web part zone has been added and is called Zone 1. The page is now dirty; that is, the page has been modified and must be saved for the changes to take effect.

Right- click on the web part zone and select Web Part Zone Properties from the context menu. In this property box you determine how web parts will behave in this new zone as well as change the name of the zone to make it more meaningful to users.

414

Chapter 9



Managing Customization

7.

You can decide to enter web parts into the zone at this time or leave it blank so that web parts can be added in the browser by your content owners.

8.

Click the Save icon on the menu or right- click the page tab and select Save. The Site Definition Page Warning dialog box opens announcing that saving the changes customizes the page from the site definition. Click Yes.

9.

Notice that the new.aspx page has a blue circle next to it, denoting the page has been customized. To view the page in the browser, click F12.

Indentifying Strategies for Customization

415

10. You can reset the page back to the site definition if necessary by right- clicking the page name in the Folder List and selecting Reset to Site Definition. The current customized page will be saved on the site as a copy.

Customization Is Often a Combination of All Three Venues One of the organizations we have been consulting with was upgrading their internal website to WSS 3.0. Since this was an international company, they decided they needed to provide a different look and feel not only for each department on the new site but for each region of the company. The HR department at each regional corporate location was designated to approve all images and logos in that region. We wanted to develop a plan of action for customization and branding that would provide the following: 

Local control of approved regional images to be used on pages in the new site



Local control of content

416

Chapter 9



Managing Customization

Customization Is Often a Combination of All Three Venues (Continued) 

Regional control of web page templates



Overall look and feel to all sites in the organization with regional differentiation

Here was our decision: Site Definitions To bring consistency to the project, site definitions were created for each region. The first step in creating the appropriate master pages for each region was to use SharePoint Designer to make a prototype for each region’s master page using concepts developed during the initial planning. The approved results were then turned over to the developers, who incorporated the design, styles, fonts, and navigation into a site definition for each region using Visual Studio. Since the new implementation was indeed a living entity, programmatically customizing the sites made sense. Modifications could be handled cohesively by building and activating new features. Web Page Template Design Since the web page design among regions was so disparate, it was decided to use SharePoint Designer with regional design teams to create the template designs. Using this method, as changes were needed, the turnaround time would greatly be reduced. It was also felt that the regional design teams had a greater understanding of the needs and were in more direct contact with the users. Images and Content These entities were placed in the domain of the site administrators and content owners. Approved images were uploaded to the Images library on the top site of the site collection so they could be used on other subsites. Web parts and Features applicable to the organization were created and included as part of the site definitions. Content could be added to web part pages or basic pages as needed.

Configuring Code Access Security As an administrator, you have most likely been concerned with security for your users and not with security for code. The .NET Framework provides you with code access security (CAS) so you can apply permissions to code as well as users. WSS 3.0 web parts and other assemblies run with a Trust Level setting, which is set in the web.config fi le for the entire web application. This Trust Level allows not just one of your web parts but all of them to run with that specified trust. The default trust level that your WSS 3.0 web applications run under is WSS_Minimal. WSS 3.0 uses two built-in trust levels: WSS_Minimal (default) and WSS_ Medium. The WSS_Minimal.config and WSS_Medium.config fi les are stored in the CONFIG folder of the 12 hive. You can also set a third configuration, Full, which uses one of the ASP.NET trust levels.

Summary

417

Your developers might request that you configure the Trust Level setting for your web application as Full. They do so because they want their web part to carry out the actions they designed it to perform. You must be aware, however, that this is not a secure solution. Setting Trust Level to Full allows any web parts to run with Full trust. This setting is equivalent to giving users full control or administrator permissions on your network. The default trust level of WSS_Minimal allows most code to run but blocks your code from accessing your back- end SQL Server, the WSS Object Model, as well as any environment variables, such as the machine name and DNS, that have been put into the web part or assembly’s code. So what do you do? To allow the needed permission for the compiled assembly, such as a web part created by your developer or downloaded from a trusted site, you would need to increase the trust level to WSS_Medium or Full, or create a custom policy. However, if you increase the trust level for the web application, all web parts running within that application will be given more permissions. A best practice is to create a custom policy that permits your web part or assembly in the file to run with the permissions it needs. To create a custom policy, create a new fi le and name it something like Custom_WSS .config. Your next step is to make WSS aware of the fi le by having the web.config for the web application point to it. You can also merge the settings in WSS_Minimal.config and WSS_Medium.config into your new custom fi le and thus create your own permission set. You should not change the original fi les because Microsoft may alter these fi les during the application of a service pack. Within the WSS_Minimal.config and WSS_Medium.config fi les is an entry for Microsoft Web Parts, which allows them to run with Full permissions. Therefore, the web part compiled by your developer or created by any third party is restricted by the permission classes, but any web part with the Microsoft strong name receives Full permissions. A strong name gives the assembly its identity. A strong name consists of the assembly’s text name, version number, and culture information (if provided) along with a public key and a digital signature. The strong name is generated from an assembly fi le, which contains the assembly manifest using the private key corresponding to the public key. The manifest contains the names and hashes of all the fi les that make up the assembly. Your developers use Visual Studio or other development tools provided in the Windows Software Development Kit (SDK) to assign a strong name to an assembly. Assemblies for the web application are stored in the global assembly cache (GAC), which gives them Full trust, or in the \bin folder for the web application, where they can be controlled more strictly. To be recognized by the web application, the web part must be added to the SafeControls list in the web.config fi le.

Summary In this chapter we discussed the procedures used to customize a WSS 3.0 environment. We discussed what organizations are looking for when they consider customizing and branding their sites. You saw how WSS 3.0 presents a page to a user, and we explored master pages.

418

Chapter 9



Managing Customization

You learned about the three customization venues: the browser, SharePoint Designer 2007, and Visual Studio. Finally, we looked at code access security.

Exam Essentials Understand how a page is provisioned to the user. Understand the difference between master pages and content pages. Know how the master page is used to provide the look and feel to the site. Understand the appropriate tool to customize WSS 3.0. Understand when to use the browser, SharePoint Designer 2007, or Visual Studio to provide the customization and branding for your site. Know how to customize pages using the browser. using the browser.

Know how to change the look and feel

Be familiar with the process for configuring master pages. Understand the use of placeholders on the master page. Know how to use SharePoint Designer 2007 to customize a master page. Know how to use SharePoint Designer 2007 to customize your WSS 3.0 environment. Understand how master pages, content pages, web part pages, and list views can be customized. Know how to configure code access security. Understand the process of securing code. Know how to apply code access security.

Review Questions

419

Review Questions 1.

You are the WSS 3.0 administrator for City University. You want to add a web part to a web part page on the History department website. You want to enable users to modify the web part by using the browser. What should you do? A. Insert the web part outside the web part zone on the existing web part page.

2.

B.

Insert the web part on the master page.

C.

Add a web part zone on the master page and insert the web part into it.

D.

Insert the web part in the web part zone on the existing web part page.

You are the WSS 3.0 administrator for your organization with a small farm deployment. You want to create a new master page that is customized with company colors, images, and background. What should you do? A. Create a new web part page in the browser and use this for the master page. B.

3.

Copy and customize the original default.master page using SharePoint Designer 2007.

C.

Copy and customize the original default.master page using Visual Studio.

D.

Copy and customize the original default.aspx page using SharePoint Designer 2007.

You are the WSS 3.0 administrator for your organization with a small farm deployment. You need to deploy a custom web part assembly to your web application. You are concerned with code access security so you have installed the assembly in a secure location. However, you cannot add the web part to a web part page. What should you do? A. Add the web part to the default.aspx page.

4.

B.

Assign the web part assembly Full permission.

C.

Modify the web.config file for the web application.

D.

Copy the web part assembly to a library on your website.

You are the WSS 3.0 administrator for your organization with a small department intranet deployment. You want your users to add or change web parts with the minimal effort. What should you do? A. Have the users modify the web part pages using Visual Studio. B.

Have the users modify the web part pages using e SharePoint Designer 2007.

C.

Have the users modify the web part pages using the browser.

D.

Have the users modify the web part pages using Central Administration.

Chapter 9

420

5.



Managing Customization

You are the WSS 3.0 administrator for your organization. You have deployed WSS using a single front- end web server. Your content owners want to add new images to the web part pages on their sites. You want to control the images that can be uploaded to a page. What should you do? (Select two.) A. Have an administrator upload the approved images to the web application.

6.

B.

Change the contributor settings in SharePoint Designer 2007.

C.

Add the images to the pages using the browser.

D.

Add the images to the pages using SharePoint Designer 2007.

You are the WSS 3.0 administrator for your organization. Content owners want to modify the Task listview web part on the home page of the site so each user sees his own tasks. What should you have the content owners do? A. Use SharePoint Designer 2007 to modify the web part.

7.

B.

Select Edit Page from the Site Actions menu and select the web part to modify.

C.

Use Visual Studio to modify the web part.

D.

Select Site Settings from the Site Actions menu and select the web part to modify.

You are the WSS 3.0 administrator for your organization. You want content owners to modify the view for a listview web part on an existing page on your site. You want to accomplish this with the least amount of administrative effort. What should you do? A. Using the browser, select Edit Page from the Site Actions menu and modify the web part.

8.

B.

Using SharePoint Designer 2007, select Edit Page from the Edit menu and modify the web part in code view.

C.

Using SharePoint Designer 2007, select Edit Page from the Edit menu and modify the web part in design view.

D.

Using Visual Studio, select Edit from the Edit menu and modify the code behind the web part.

You are the WSS 3.0 administrator for your organization. You want to create new pages on your sites that include custom web part zones. What should you do? A. Create the custom web part pages using the Create page in the browser. B.

Create the custom web part pages using a custom policy setting in SharePoint Designer 2007.

C.

Create the custom web part pages using the Site Settings page in the browser.

D.

Create the custom web part pages using the Web Part task pane in SharePoint Designer 2007.

Review Questions

421

9. You are the WSS 3.0 administrator for your organization. You want to apply a custom look and feel to all the pages on your site. What should you do? A. Using SharePoint Designer 2007, copy and edit the default.master. Apply the edited page as the new default master page. B.

Using the browser, copy and edit the default.master. Apply the edited page as the new default master page.

C.

Using SharePoint Designer 2007, copy and edit the default.aspx. Apply the edited page as the new default master page.

D.

Using the browser, copy and edit the default.aspx. Apply the edited page as the new default master page.

10. You are the WSS 3.0 administrator for your organization. You have been told to add a banner at the top of all pages on your site. What should you do? A. Edit the layout of each page using SharePoint Designer 2007. B.

Edit the default.master page of the site using SharePoint Designer 2007.

C.

Edit the web.config using SharePoint Designer 2007.

D.

Edit the default.master page using the browser.

11. You are the WSS 3.0 administrator for your organization. You want to modify the navigation elements of the site. What should you do? A. Edit the layout of each page using SharePoint Designer 2007. B.

Edit the web.config using SharePoint Designer 2007.

C.

Edit the layout of each page using the browser.

D.

Edit the default.master page of the site using SharePoint Designer 2007.

12. You are the WSS 3.0 administrator for your organization. You want to use the existing code access security files in WSS 3.0 to implement the greatest amount of security for your site. What should you do? A. Set the trust level in the web.config to use the WSS_Minimal.config file. B.

Set the trust level in the web.config to use the WSS_Medium.config file.

C.

Set the trust level in the web.config to Full.

D.

Set the SafeControls in the web.config to WSS_Medium.

13. You are the WSS 3.0 administrator for your organization. You are using SharePoint Designer 2007 to customize a master page. You need to access the default.master page from the Folder List. What should you do? A. Expand Lists and expand masterpages. B.

Expand masterpages and expand _galleries.

C.

Expand _catalogs and expand masterpages.

D.

Expand _catalogs and expand galleries.

Chapter 9

422



Managing Customization

14. You are the WSS 3.0 administrator for your organization. A developer has created a web part assembly and has asked you to set the trust level to Full. What should you do? A. Open the config_minimal file and set all trust level parameters to Full. B.

Tell the developer to create a custom configuration file for the required trust level for the particular web part assembly that you can point to from the web.config.

C.

Tell the developer to create a custom configuration file specifying Full for all trust level parameters for all assemblies and point to the file from the web.config.

D.

Do nothing. The trust level is automatically set to Full.

15. You are the WSS 3.0 administrator for your organization. You have modified the home page of your site using SharePoint Designer 2007. Where do you go to find the customized page? A. To the content database. B.

To the 12 hive on the front- end web servers.

C.

To the front- end web servers for the base file and to the content database for modifications.

D.

To wwwroot on the front- end web servers.

16. You are the WSS 3.0 administrator for your organization. A web designer thinks he has customized the sales.aspx using SharePoint Designer. You need to determine if indeed the page is customized. What should you do? A. Look at the page in the Folder List of SharePoint Designer and see if there is a small letter c before the page name. B.

Check the date of the file on the 12 hive.

C.

Search the pages table of the content database to see if the file is there.

D.

Look at the page in the Folder List of SharePoint Designer and see if there is a blue circle containing the letter i before the page name.

17. You are the WSS 3.0 administrator for your organization. A web designer has customized the sales.aspx page; however, the page does not fit your needs and must be returned to its original state. What should you do? A. There is nothing to do. The page must remain customized. B.

Find the page in the content database and delete it.

C.

In SharePoint Designer, right- click on the page and select Reset to Site Definition.

D.

Find the page in the 12 hive and delete it.

18. You are the WSS 3.0 administrator for your organization. You have been tasked with creating a customized master page containing customized colors, images, and navigation for your site. You do not know how to develop in WSS 3.0 but need to make the customizations by the beginning of the week. What should you do? A. Use SharePoint Designer. B.

Use the browser.

Review Questions

C.

Use Visual Studio.

D.

Use Notepad.

423

19. You are the WSS 3.0 administrator for your organization. Your developers have provided you with a site definition for your site. You add several more features to the site such as modifying the metadata on particular lists and creating workflows. You want to use these modifications to create new sites. What should you do? A. In the browser, select Create from Site Settings and create a new template. B.

In the browser, select Site Settings. Under Look and Feel, select to save the site as a template and include content.

C.

In SharePoint Designer, select Create from Site Settings and create a new template.

D.

In the browser, create the new site from the Create page. Make all the modifications all over again on the new site.

20. You are the WSS 3.0 administrator for your organization. You have been told that users have modified the core.css while customizing the sales.aspx page in SharePoint Designer. You need to verify the page is using a customized core.css file. You open the page in SharePoint Designer. What should you do next? A. In SharePoint Designer right- click on the page and select Customizations. B.

In SharePoint Designer, click on sales.aspx and select Set as Home Page.

C.

In SharePoint Designer, in the CSS Properties task pane, find and click on core .css. Verify that it is not in the 12 hive.

D.

In SharePoint Designer, click on sales.aspx. In the Properties task pane, select Remove All Content and Verify.

424

Chapter 9



Managing Customization

Answers to Review Questions 1. D. You should insert the web part in the web part zone on the existing web part page. To enable users to modify web parts using the browser, the web parts must be placed in a web part zone. 2. B. You must copy and customize the original default.master page using SharePoint Designer 2007. Since you need to create only a single master page, the best approach is to use SharePoint Designer 2007. 3. C. You should modify the web.config fi le for the web application. You need to defi ne the web part assembly, its namespace, PublicKeyToken, and any other defi ned attributes in the SafeControls section of the web.config. 4. C. You should have the users modify the web part pages using the browser. The user can select to edit the page in the browser and then has the ability to add web parts to the web part zones on the page. 5. A, C. You should have an administrator upload the approved images to the web application. Then the content owners can add the images to the pages using the browser. 6. B. Users should select Edit Page from the Site Actions menu and select the web part to modify. 7. A. You should have the content owners use the browser, select Edit Page from the Site Actions menu, and modify the web part. Content owners should rarely be using SharePoint Designer and they should never use Visual Studio. 8. D. You should create the custom web part pages using the Web Part task pane in SharePoint Designer 2007. The task pane enables you to add web part zones to your page. 9. A. You should use SharePoint Designer 2007, and copy and edit the default.master. Apply the edited page as the new default master page. You should not use the default .aspx page; it is the home page of the site. 10. B. You should edit the default.master page of the site using SharePoint Designer 2007. The default.master page of the site creates the look and feel of the site. 11. D. You should edit the default.master page of the site using SharePoint Designer 2007. Navigation is an element of the master page. 12. A. You should set the trust level in the web.config to use the WSS_Minimal.config fi le. 13. C. You should expand _catalogs and expand masterpages in the Folder List task pane. 14. B. You should tell the developer to create a custom configuration fi le for the required trust level for the particular web part assembly that you can point to from the web.config. 15. A. You go to the content database to fi nd a fi le customized with SharePoint Designer. When you use SharePoint Designer to customize a page, it breaks away from the original page in the site defi nition and is stored entirely in the content database.

Answers to Review Questions

425

16. D. You should look at the page in the Folder List of SharePoint Designer and see if there is a blue circle containing the letter i before the page name. 17. C. You should right click on the page in SharePoint Designer and select Reset to Site Defi nition. 18. A. You should use SharePoint Designer to make the customizations. 19. B. In the browser, you should select Site Settings. Under Look and Feel, select to save the site as a template and include content. 20. C. In SharePoint Designer, you should open the CSS Properties task pane, fi nd and click on the core.css fi lename, and verify that it is not coming from the 12 hive.

Chapter

10

Extending Windows SharePoint Services MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:  Manage Customization


Customize pages using browser

Windows SharePoint Services 3.0 comes with out- of-the-box (OOB) functionality called web parts. Web parts allow you to customize information you want to display in a SharePoint page. Using web parts you can change location of information on your SharePoint page and change the general look and feel using web parts. Features allow developers to deliver information to end users by displaying information in web parts on any WSS 3.0 site or page. In this chapter we’ll look at Features and web parts, how to use Features in a site defi nition, and how to customize pages by using web parts. Understanding how to customize your WSS 3.0 site using a browser will be covered in the test. Customizing your site isn’t hard, but make sure you pay attention to the details in this chapter because this will be covered in the test.

Introducing Features Features in WSS 3.0 are helpful to an administrator; they can be easily installed, activated, and deactivated in a single-site collection or in multiple web front- end servers with little or no effort on your part. WSS 3.0 comes with many Features that are already activated and ready for use in a site. Features present a granular approach for adding functionality to a web application, site collection, farm, and web pages. For example, the Announcement web part is actually a Feature that’s already activated and ready for use in a site or page. Using Features reduce versioning and help identify issues that arise in WSS 3.0 servers by allowing you to quickly identify problems using diagnostic logging.

What Are Features? Features allow you to display content, fi les, functionality, and information in a SharePoint site. A good way to think of Features in WSS 3.0 is as plug-ins that can be added to a SharePoint site. Within that site you can add and remove or activate and deactivate Features within a site or page. Features are created using Visual Studio, XLM fi les, and the Microsoft .NET framework. Developers may use other technologies to create a Feature, but that depends on their experience and the depth of the Feature they’re creating. Features can be activated

Introducing Features

429

in a single site or site collection, and Features can be deployed to a single web server or multiple web servers that make up a SharePoint farm. In the following image, under Site Administration, you can see the Site Features option; this is where you would enable a Feature in a single site. Under Site Collection Administration, there is a Site Collection Features option; bet you can guess what this does. That’s right; this is where you enable site- collection Features. Figure 10.1 shows where site Features are located within the WSS 3.0 Site Settings screen.

F I G U R E 1 0 .1

Feature options in Site Settings

Feature Components Features in WSS 3.0 contain two key components. For a Feature to be a Feature, there must be a folder in the FEATURES directory to hold the feature.xml fi le and other developed objects that Feature calls. Two main components are needed to create and deploy a Feature. The following are the key items required to create and deploy a Feature. Feature Folder The Feature folder is located in the bin\TEMPLATE\FEATURES folder in the WSS 3.0 hive. Feature is a subfolder to FEATURES that contains all the needed elements to deploy a Feature in WSS 3.0. Figure 10.2 shows the Features folder and the Features installed in this WSS 3.0 installation.

430

Chapter 10

F I G U R E 10. 2




Extending Windows SharePoint Services

Windows Features folder

The feature.xml fi le is required in the Feature folder for every Feature being deployed to WSS 3.0. Figure 10.3 shows the feature.xml fi le inside the Feature folder KrisFreature. Feature.XML

F I G U R E 10. 3

Feature.xml in a Feature folder

The Creation and Deployment Process of Features We’ve already said this, but most Features are created by developers; a SharePoint administrator will rarely need to create a Feature because this typically falls out of their job responsibilities. The but may come into play sometime when you create a simple Feature. When that day comes, we highly recommend working in a virtual image dedicated to you

Introducing Features

431

or a development lab. It’s not hard to accidentally take a SharePoint site down using bad information in a Feature or site. To learn more about how to create a Feature, visit Microsoft’s MSDN site at http:// msdn.microsoft.com/en-us/library/ms475286.aspx.

As a SharePoint administrator, you will from time to time be asked to deploy a Feature, so let’s run through the steps involved. First, as mentioned previously, you must create a folder in the 12\TEMPLATE\FEATURES folder for your new Feature. Then you’ll need to drop the feature.xml fi le into this folder you just created. Remember the feature.xml fi le contains mapping information that tells the Feature what do to. Next we’ll use the Stsadm command-line tool to install and activate the Feature. For this example we’ll use the new Feature in the KrisFeature folder. Open your command prompt (if you need a refresher, go back to Chapter 8, where Stsadm is covered) and run the command stsadm -o installfeature with the attributes listed in Figure 10.4.

F I G U R E 10. 4

Install a Feature using Stsadm

Now that the Feature is installed, you’ll need to activate it within a site. In Figure 10.5 you can see we used stsadm –o activatefeature and at the end we added -url http:// server/site/. This command and parameter are how you tell the Stsadm command-line tool to activate the Feature in a given site.

F I G U R E 10. 5

Activate the Feature using Stsadm

Using Features in Site Definitions Site defi nitions allow you to defi ne what types of Features are displayed in the process of creating a new site. So let’s imagine you have a site with 40 Features and you need to

432

Chapter 10




Extending Windows SharePoint Services

roll this out to 20 site collections. It’s easier to defi ne all the Features you need in a site defi nition fi le and then save this fi le to SharePoint to be used over and over when creating all new 20 site collections. Now when the site defi nition is applied to your new pages, all the work is done. Do you see how that makes sense and could save you time? The development of site-defi nition fi les is out of the scope of this book, but you can visit the following site for more information: http://msdn.microsoft.com/en-us/library/ ms432370.aspx.

Understanding Web Parts Web parts are considered to be the “building blocks” of any SharePoint web page and site. Web parts are used to display information and images to users. Web parts display information within web part zones on a page. In Figure 10.6 you can see a Left web part zone and a Right web part zone, and within each is different information. In this example we added a Content Editor web part and a Tasks web part. Every web part has properties that can be modified based on your needs. Developers can develop web parts and publish them to SharePoint to go beyond the OOB functionality. Extending SharePoint by using web parts is a great way to deploy a usable intranet for your company. F I G U R E 10.6

Web part zone

Understanding Web Parts

433

Adding a Web Part to a Page In this section you’ll learn how to add a web part to a SharePoint page. You’ll need to be logged in to SharePoint as an administrator or as a user with designer rights to modify the page’s web part zone. The concept is simple. Once you’re in Edit Page Mode, click Add a Web Part, and choose from a list of available web parts. This list will contain OOB web parts and any custom list, document library, calendar, or other item you create within your site. Figure 10.7 shows what the Edit Page drop -down looks like; if you don’t see this option, switch to a user account that has rights to access the page. First you’ll need to choose Site Settings  Edit Page to open the page in Edit Mode. In Figure 10.8 the fi rst thing you’ll notice is the message “Version: You are editing the Shared Version of this page.” In Exercise 10.1 you’ll add a web part to your SharePoint page using a browser.

F I G U R E 10.7

Edit Page

Once you’re in Edit Mode, you’ll see a page like the one in Figure 10.8. Take note of the circled items. This is the Shared Version of the page, or the page everyone sees. Also notice the Add a Web Part area in the Right web part zone. This is where you’ll add web parts to your page.

434

Chapter 10

F I G U R E 10. 8




Extending Windows SharePoint Services

The Add a Web Part field

When editing a page you may see a note that you’re editing the Shared Version. This means you’re editing the page that everyone who has access to this SharePoint site sees, so be careful with changes you make to the Shared Version.

E X E R C I S E 1 0 .1

Add a Web Part to Your SharePoint Page 1.

Open your WSS 3.0 home page.

2.

Click Site Settings.

3.

Choose Edit Page.

4.

On the Right or Left web part zone, click Add a Web Part.

5.

Check the box for the Calendar web part and click OK.

6.

Click Exit Edit Mode, and the web part is now on your page.

Removing a Web Part from a Page Sometime you’ll need to remove a web part from a page, and the process is simple. As with adding a web part to a page, you’ll need to be signed in with either Administrator rights

Understanding Web Parts

435

or Contributor rights. In Figure 10.9 notice the down arrows; these are drop -down menus for the given web part. Using the drop -down menu you can minimize, close, or modify the shared web part. Closing a web part is the same as removing a web part. Choose Close and the web part is removed from the page. In Exercise 10.2 you’ll remove a web part by closing it using a browser. F I G U R E 10. 9

Remove a web part

Closing a web part doesn’t remove the content from the site. Closing a web part removes only the object that displays information. If you need to add the object again, just use the Add a Web Part function covered in the previous section.

E XE RC I S E 10. 2

Remove a Web Part from Your SharePoint Page 1.

Open your WSS 3.0 home page.

2.

Click the drop - down menu for the web part you want to close.

3.

Choose Close, and the web part is removed from the page.

Moving a Web Part Moving a web part is a great way to change which zone a web part is in. There are various ways to move a web part on a page, but we’ll touch on what you need to know for the test. When you’re logged in as an administrator or designer, choose Site Settings  Edit Page to open the page in Edit Mode.

436

Chapter 10




Extending Windows SharePoint Services

Drag-and-Drop Method The fi rst and easiest way to move a web part is to use the drag-and-drop functionality. Figure 10.10 shows how we clicked and held the Site Image web part and dragged it from the Right web part zone to the Left web part zone. In Figure 10.11 you’ll see that the Site Image web part is now in the Left web part zone. F I G U R E 1 0 .1 0

Dragging and dropping a web part

F I G U R E 1 0 .11

The moved web part

Understanding Web Parts

437

WSS 3.0 functionality works in most Internet Explorer browsers on the Windows OS. For a complete listing of supported browsers and a comparison of the compatibility of Features in other browsers, visit the following link: http://technet.microsoft.com/en-us/library/cc288142.aspx.

Web Part Modification Method The second option for moving a web part is to use the Web Part Manager. In Figure 10.12 you can see that you’ll fi rst need to choose the Edit drop -down menu on the web part you wish to move and then choose Modify Shared Web Part. Once you’re in Edit Mode for that web part, you can choose the Zone and Zone Index options. The Zone option represents the Right or Left web part zone, and the Zone Index option shows the order in which the web part appears in the web part zone. In Figure 10.12 the Site Image web part is currently in the Right zone and is the third web part to be displayed in the zone. When you’ve fi nished choosing where you want the web part to be, click OK to close the web part Edit Mode. In Exercise 10.3 you’ll practice moving web parts into other zones. You should become familiar with this function by moving more than just one web part.

F I G U R E 1 0 .1 2

Modify the web part position in a web part zone

438

Chapter 10




Extending Windows SharePoint Services

E XE RC I S E 10. 3

Move a Web Part to Another Web Part Zone 1.

Open the web part you want to move in Edit Mode by choosing the Edit drop - down menu and then choosing Modify Shared Web Part.

2.

Expand the Layout section of the Web Part Modification tool.

3.

Select the Zone drop - down menu, and select Right or Left depending on what zone the web part is in.

4.

Click OK to complete the action.

Using Web Parts to Customize Pages Let’s step back and take a breath; it’s really not all that hard. We already said that web parts are the building blocks of SharePoint pages, so by adding and removing web parts, you are customizing pages. Web parts are used to display different information in various ways. Let’s say you want to add a web part on your home page to show your calendar. You can display the same information in a different way by simply changing the view of that web part. This doesn’t mean you changed the calendar page; you just changed the web part used to create and display another view of that same information.

How to Customize Your Own Site Let’s face it, a SharePoint site right out of the box with no customization is plain. On every site we work on, we use rollup lists in web parts so there is no need to go into every library or list on a site. When we log into the home page, we can see the group calendar of events, blog posts, and the client’s vendor phone numbers. For every client we work with, we end up performing heavy customization to get the customer’s site to a usable state. What we mean by usable is that it’s displaying useful information to the SharePoint audience. For team sites we often create contact lists and calendars for each team. It’s not often that someone in sales needs to look at the calendar for the copyright department, so why display it to everyone. Another great use for web parts and Features would be company announcements. Using this OOB Feature, you can communicate information to the masses without email or phone calls, and when the users log in they’ll see the announcement someone placed. Get to know Features and use web parts to spice up your SharePoint experience. Without these nice add-ins or plug-ins Microsoft gave us for WSS 3.0, we’d have a pretty boring page.

Exam Essentials

439

Summary In this chapter you learned about Features and web parts. You learned how to customize a page by using web parts and Features in a browser. You learned about each of the following topics: 

What Features are and how they are used



How to deploy a Feature to WSS 3.0



How Features are used in site definitions



What web parts are



How to customize pages using web parts

Exam Essentials Know the location of the FEATURES folder folder in Windows Explorer.

Be able to point out the 12\TEMPLATE\FEATURES

Know how to install a Feature using Stsadm

Know how to install a feature using the

stsadm -o installfeature command.

Understand what a web part is Remember that web parts and Features are similar but not the same. Understand the differences in them. Know how to move web parts Understand how to move web parts between web part zones and a SharePoint page using Internet Explorer.

Chapter 10

440




Extending Windows SharePoint Services

Review Questions 1.

You’re a WSS 3.0 administrator, and a developer delivers a Feature.xml file to you. The developer has moved the file into the hive’s Features folder, and he needs you to install and activate the Feature. What should you do? A. Install the Feature using the Stsadm syntax -o installsolution first and then the syntax -o installfeature.

2.

B.

Install the Feature by uploading it to the WSS 3.0 site settings.

C.

Install the Feature using the Stsadm syntax -o installfeature first and then the syntax -o activatefeature.

D.

Install the Feature using the Stsadm syntax -o activatefeature first and then the syntax -o activatefeature.

You’re a WSS 3.0 administrator, and a manager asks you to add an Announcement web part to the corporate home page. How could you do this using OOB functionality? A. Activate the web part using the Stsadm syntax -o addwebpart.

3.

B.

From the corporate home page choose Site Settings  Edit Page, and then click Add Web Part on the web part zone you wish to add the Announcement web part to.

C.

From the corporate home page choose Site Settings  Edit Page, click Add Web Part on the web part zone you wish to add the Announcement web part to, find the web part you wish to add, and click OK.

D.

None of the above.

When a Feature is ready to be deployed, what two items are critical to have in place before using stsadm -o installfeature to install a Feature? A. A Features folder in 12\BIN\FEATURES\ and a feature.xml file

4.

B.

A Template folder in 12\BIN\TEMPLATE\ and a feature.xml file.

C.

A Features folder in 12\BIN\TEMPLATE\FEATURES and a feature.xml file.

D.

A Features folder in 12\TEMPLATE\FEATURES and a feature.xml file.

You’re a WSS 3.0 administrator, and a developer installs a site definition file with Features in the site definition. What are the benefits of creating a site using Features in site definition files? A. As an administrator you can create new sites with less effort because you will not need to install Features one by one. B.

The site definition file is reusable and can be used many times.

C.

You will not need to install the Features to a new site you created because they are defined in the site definition file.

D.

All of the above are benefits of using Features in site definition files.

Review Questions

5.

441

You’re a WSS 3.0 administrator and you need to move a web part from the Right web part zone to the Left web part zone using an out- of-the-box solution. How could you do this? A. On the web part use the drop - down menu and choose Move Web Part.

6.

B.

While in Edit Mode drag and drop the web part to the new Left web part zone.

C.

Using the web part Configuration Manager, change the web part zone to Left.

D.

Use SharePoint Designer 2007 to move the web part to the Left zone.

You’re a WSS 3.0 administrator with rights to edit a SharePoint page. You’re asked to edit the home page by adding and removing various web parts on that page. When you’re in Edit Mode, how do you know you’re working in the page everyone sees? A. The SharePoint page turns red to alert you you’re editing the Shared Version. B.

7.

As an administrator, you will know what version you’re editing.

C.

A warning will pop up telling you that you’re in the Shared Version.

D.

You’ll see a Shared Version message on the page.

You’re a WSS 3.0 administrator with rights to edit a SharePoint page. Management has asked you to remove a web part from the SharePoint page. What do you need to do to remove a web part? A. Click the drop - down menu on the web part and select Close.

8.

B.

Choose the Remove Web Part option in the drop - down menu.

C.

While in Edit Mode, click the drop - down menu on the web part and select Close.

D.

Click the red X on the web part to remove it.

A user with the correct rights to move a page’s web parts comes to you for help. The person is using Windows and a third-party non-Microsoft version of a web browser. What should you do? A. Have the user install Windows Internet Explorer version 6 or above to be able to use all the rich features like drag and drop in SharePoint.

9.

B.

Have the user change to an Apple computer and move the web part.

C.

Have the user turn off Active X in Site Settings.

D.

Do the work for the user.

Developers creating Features for a WSS 3.0 site can use which tools listed below to create the needed feature.xml file? A. Windows Notepad B.

Visual Studio

C.

Other XML creation software

D.

All of the above

Chapter 10

442




Extending Windows SharePoint Services

10. Which Stsadm parameter is added to the command stsadm -o activefeature - filename NewFeature\feature.xml to activate a feature on a WSS 3.0 site? A. -url B.

-iis

C.

-fqdn

D.

None of the above

11. You’re a WSS 3.0 administrator and need to make changes to web parts on a SharePoint page. What can you use to make changes? A. SharePoint Designer 2007 B.

Internet Explorer 5

C.

Internet Explorer 6

D.

Internet Explorer 7

12. A SharePoint site user with read access to WSS 3.0 contacts you to tell you they can’t move a web part. Why can’t the user move the web part? A. The user doesn’t have access to the hive. B.

The Feature on the site has not been activated.

C.

The user is not using a Level 1 browser.

D.

The user doesn’t have the correct rights on the page.

13. You’re a WSS 3.0 site administrator. A developer has asked you to move a Features folder and feature.xml to the WSS 3.0 hive. What is the developer referring to? A. The hive is the web part that contains all important SharePoint files and folders. B.

The hive refers to WSS 3.0 Central Administration.

C.

The hive is a directory that is located in the 12 directory that contains all the WSS 3.0 core binary files.

D.

None of the above.

14. You’re a WSS 3.0 administrator with rights to edit a SharePoint page. You’re asked to change the zone index position of a web part. How would you do this? A. Use Central Administration to change the index position. B.

Use the web part Configuration Manager to change the zone index position.

C.

You cannot change the index position of a web part.

D.

All of the above.

15. By default which SharePoint web part zones are installed on a WSS 3.0 team site that has not been customized? A. Bottom zone B.

Left zone

C.

Right zone

D.

Left top zone

Review Questions

443

16. You’re a WSS 3.0 administrator; you need to close a web part on a WSS 3.0 page. What are two ways to close or remove a web part using Microsoft Internet Explorer? A. Use Internet Explorer 6. x and click the “x” on the web part to close it. B.

Open the page in Edit Mode, choose the Edit menu on the web part you wish to close or remove, and choose Close or Delete.

C.

Choose remove web part on the Site Settings Menu.

D.

None of the above.

17. What is the correct Stsadm command to force the install of a WSS 3.0 Feature? A. stsadm –o activatefeature –filename feature name –force B.

stsadm –i installfeature –filename featurename /force

C.

stsadm –o installfeature –filename featurename -force

D.

None of the above

18. You’re a WSS 3.0 site administrator; a developer tells you a Feature needs to be installed in WSS 3.0. You run the Stsadm command to install the Feature but receive an error when you try to run the command. What could be stopping the Feature from being installed? A. The feature.xml file is missing. B.

The Features folder is in the wrong place.

C.

The SharePoint web part for Features is missing.

D.

You do not have DOS installed on your PC.

19. You’re a WSS 3.0 site administrator, and you accidently closed a web part on the Shared home page that needs to be displayed. How can you add the web part back to the page using a browser? A. Go to Site Settings  Add Web Part and choose the web part you would like to add. B.

Click Add Web Part on the top -right corner of the page.

C.

Go to Site Settings and open the page in Edit Mode, click Add Web Part, and choose the web part you would like to add.

D.

All of the above will work.

20. You’re a WSS 3.0 site administrator, and your manager requests a complicated Feature be deployed to the corporate home page. You contact a developer in your company and the developer tells you he needs a certain product to develop the Feature. What product might the developer need? A. Microsoft Developer Manager B.

Microsoft Front Page

C.

Notepad

D.

Microsoft Visual Studio

444

Chapter 10




Extending Windows SharePoint Services

Answers to Review Questions 1. C. You should always use the use the syntax -o installfeature to install a feature and then use -o activatefeature to activate that Feature in a site. 2. C. You should choose Site Settings  Edit Page, click Add Web Part on the web part zone you wish to add the Announcement web part to, fi nd the web part you wish to add, and click OK. You do not use Stsadm to add a web part to a page. 3. D. You should have a folder that identifies the new Feature in the 12\TEMPLATE\FEATURES folder and a feature.xml fi le that contains the Feature’s information. 4. D. All of the above are true with Features in site defi nition fi les. 5. B, C. Using the web part Configuration Manager, change the web part zone to Left, or drag and drop the web part to the Left web part zone. There isn’t a menu choice to move a web part in the web part’s drop-down menu, and SharePoint Designer 2007 is not an OOB solution. 6. D. The message “You are editing the Shared Version of this page,” on the top-left side of the page, is the only warning you will see to alert you that you’re editing a page everyone can see. 7. A, C. You can click the drop-down menu on the web part and select Close when in or out of Edit Mode. As an administrator, you have the rights to close parts. There isn’t a red X to close a web part, nor is there a remove option to select on the web part drop-down menu. 8. A. To use all of WSS 3.0’s rich features, the user should be using a Level 1 browser as defi ned by Microsoft’s TechNet site. You could do the work for the user; however, we’re sure you have your own work to do. 9. D. Developers can use Notepad and other programs to create feature.xml fi les; however, the preferred method would be to use Visual Studio. The Stsadm command-line tool is located in %drive%\%PROGRAMFILES%\ common files\microsoft shared\web server extensions\12\bin or %drive%\ program files\common files\microsoft shared\web server extensions\12\bin for a 64-bit installation. The 12 folder is also known as the hive. 10. A. You should use the -url parameter to activate a Feature within a WSS 3.0 site, for example: STSADM -o activatefeature -filename featurefoldername\feature .xml -url http://server/site. 11. A, C, D. SharePoint Designer can be used if you’re an administrator of the SharePoint site. Internet Explorer 6 and 7 support full WSS 3.0 functionality. Internet Explorer 5 is not considered a Level 1 supported browser. 12. D. The user must have the appropriate rights to the SharePoint page to move web parts.

Answers to Review Questions

445

13. C. The hive is the directory where all the core WSS 3.0 binary fi les are located within the Windows OS. The directory is located at %drive%\%PROGRAMFILES%\common files\ microsoft shared\web server extensions\12\. 14. B. After opening the web part using Modify Web Part, you can change the zone index position by changing the number; this moves its position in the web part zone. 15. B, C. The basic OOB WSS 3.0 team site without customization contains the Left and Right web part zones. 16. A, B. If you have the proper rights to close a web part you can click the “x” on the web part to remove it. You can also open the page in Edit Mode and use the web parts menu to close or remove the web part from the page. 17. C. When using the install feature Stdadm command-line operation, always use –force parameter at the end of the command to force the install of a Feature. 18. A, B. Always verify that the needed components are in place prior to installing a Feature. The Features folder should be in the correct hive folder, and the feature.xml fi le must be in that folder. 19. C. To add a web part back into a page, go into Edit Mode on the page, click Add Web Part, and choose the web part you want to add. 20. D. Developers typically use Visual Studio for the creation of features. Within Visual Studio developers can write and test code and create xml fi les.

Chapter

11

Monitoring Windows SharePoint Services MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:  Monitor Windows SharePoint Services 

Maintain storage performance



Configure centralized monitoring for WSS



Configuring performance monitor



Identify WSS problems using the Web Event Viewer



Monitor logs

In the previous two chapters you learned how to customize and extend Windows SharePoint Services (WSS) 3.0. Customizing SharePoint increases the chance that you will adversely affect the performance of your system. To prevent this from occurring, it is imperative that you monitor your system on a daily basis. Although third-party tools are available for monitoring your SharePoint installation, this chapter focuses on the built-in tools available in Windows Server 2003, WSS) 3.0, and Microsoft Operations Manager (MOM) 2005. In this chapter, you will learn how to monitor and troubleshoot problems in your WSS infrastructure. You will also learn how to configure Performance Monitor (Perfmon.exe) with appropriate counters to monitor the performance of your WSS environment. Along the way we’ll describe how to maintain the SQL databases that are used by your SharePoint system. Learning how to monitor your environment will make it easier to troubleshoot problems when they occur. We will examine how to configure and read the WSS diagnostic logs and how to set up alerts for standard operating system events. Finally, we will look at how to monitor your entire environment using an add-in to MOM 2005.

Why Monitoring Is Important WSS is designed to be administered primarily by the end-user community. But monitoring and performing periodic maintenance will still be the responsibility of the IT department. Monitoring your SharePoint installation is one of the keys to ensuring the long-term health of your environment. There are two primary goals when you are monitoring your WSS environment. The fi rst is to guarantee the performance stays at an acceptable level. The second is to troubleshoot any potential errors that occur. Different tools are available in WSS and Windows Server that address each of these goals.

Maintaining Performance WSS is a complex product. Avoiding unexpected bottlenecks on resources requires continuous monitoring of all resources. An appropriate monitoring program will also provide you with information to predict when resources will need to be increased in order to maintain acceptable performance. To predict when you will need new resources, you should maintain a baseline and note the trend over time.

Maintaining SQL Performance

449

Troubleshooting Errors Errors in your SharePoint environment are an almost inevitable consequence of daily use. Troubleshooting these errors normally requires additional information. Monitoring performance and checking log fi les are two of the opportunities for fi nding this additional information. Also, an appropriate monitoring system will often warn you of impending errors before they become critical.

Maintaining SQL Performance One of the most critical components in your WSS environment is the SQL Server that provides storage for all of SharePoint content and configuration. To guarantee optimum performance of your SQL Server, you must do several things. Microsoft recommends keeping content databases under 100GB so that they can be backed up and restored quickly. This can also avoid some contention issues that occasionally occur during peak usage of list and library data. Another key component in maintaining adequate SQL performance is the design of your SQL Server environment. Creating SQL Server clusters will allow you to scale and expand your SQL Server environment for appropriate performance levels. There are also general SQL maintenance tasks that should be planned for in order to maintain your environment at peak performance.

Limiting SQL Database Size The primary method that SharePoint provides for limiting the contents of database size is the use of site collection quotas. Quotas are set on an entire site collection by using site collection quota templates. By creating these templates and applying them when site collections are created, you can limit how large a site collection content database will grow. You can also control in which content database individual site collections are created. Site collection quota templates are created in the Central Administration website by the farm administrators. They can be applied to individual site collections when the site collection is created or after the site collection has been created. Changes in the quota levels of an individual site collection can also be made after a template has been assigned. Exercise 11.1 demonstrates how to create a new site collection quota template. E X E R C I S E 11 .1

Creating a Site Collection Quota Template 1.

Select Administrative Tools  SharePoint 3.0 Central Administration and wait for the Home page of the Central Administration website to appear.

2.

Select the Application Management tab of the Central Administration website.

Chapter 11

450



Monitoring Windows SharePoint Services

E X E R C I S E 11 .1 ( c o n t i n u e d )

3.

On the Application Management tab in the SharePoint Site Management section, click the Quota Templates link. Wait for the Quota Templates page to appear.

4.

On the Quota Templates page, fill in the following information: 







5.

In the Template Name section, select the Create a New Quota Template radio button. In the Template Name section, enter Intranet Site in the New Template Name text box. You can base the new template on an existing template by selecting it in the Template to Start From drop - down list. In the Storage Limit Values section, select the Limit Storage to a Maximum Of checkbox and fill in a maximum size of 1000 (MB). In the Storage Limit Values section, select the Send a Warning E- Mail When Site Storage Reaches check box and fill in a value of 800 (MB).

Click OK and wait for the Application Management page to reappear.

Maintaining SQL Performance

451

The Quota Template page contains an additional section, Invited User Limits, when WSS is running in Active Directory account creation mode. Using the text box entitled Limit Invited Users to a Maximum of, you can limit the number of users added to a site collection. You learned about account creation mode in Chapter 3, “Installing and Deploying Windows SharePoint Services 3.0.”

When web applications are created in SharePoint, a single content database is created for each web application. Each site collection created inside the web application can then be assigned a specific quota template. The sum of the maximum storage limit values for each site collection quota will determine how large the content database will grow. Once a web application is created, you can create additional content databases for each web application. The contents of all the subsites in a site collection must reside in one content database, but we can control the content database in which a specific site collection is created. Controlling where site collections are created makes it possible to control the size of content databases by limiting which site collections are in which content databases. There are two ways to control where a site collection is created. By using the Stsadm command-line tool, you can create a new content database when you create a new site collection. The following command line shows an example of the creation of a new site collection called NewDBWeb in a new content database named WSS_content_1: stsadm -o createsiteinnewdb -url http://wss01/sites/NewDBWeb -owneremail [email protected] -ownerlogin “sytrain\administrator” -quota “Intranet Site”-databasename “WSS_Content_1”

You can also control where a site collection is created by taking all but one content database for a specific web application offline. If only one content database is marked as ready, then new site collections will be created in that content database. Taking a content database offline does not mean that content cannot be created, accessed, or modified in that database. It simply means that no new site collections can be created while the database is offline. If more than one content database is marked as ready, the new site collections will be created in the content database that has the most overhead still available. Overhead is defined as the difference between the maximum number of site collections allowed and the number of existing site collections already in the content database. In Exercise 11.2 you will learn how to create a new site collection in a content database.

Chapter 11

452



Monitoring Windows SharePoint Services

E X E R C I S E 11 . 2

Creating Site Collections in a Content Database 1.

Select Administrative Tools  SharePoint 3.0 Central Administration and wait for the Home page of the Central Administration website to appear.

2.

Select the Application Management tab of the Central Administration website.

3.

On the Application Management tab, in the SharePoint Web Application Management section, select the Content Databases link. Wait for the Manage Content Databases page to appear.

4.

On the Manage Content Databases page, click Add a Content Database in the toolbar. Wait for the Add Content Database page to appear.

5.

On the Add Content Database page, verify that the web application where you want to add the content database is selected in the Web Application field. If it isn’t, click on the field ’s drop - down arrow and select Change Site Collection. Wait for the Select Site Collection page to appear and select the correct site collection. You may also need to use the Web Application drop - down menu on the Select Site Collection page to choose the correct web application.

6.

On the Add Content Database page, fill in the following information: 











In the Database Name and Authentication section, verify that the name of your SQL Server is entered in the Database Server text box. In the Database Name and Authentication section, change the name of the content database in the Database Name text box to WSS_Content_WSS01B. In the Database Name and Authentication section, accept Windows Authentication as the SQL security authentication method. In the Search Server section, select a server running the search service to be used to index the new content database. In the Database Capacity Settings section, set the Number of Sites Before a Warning Event Is Generated text box to 8. In the Database Capacity Settings section, set the Maximum Number of Sites That Can Be Created in This Database text box to 10.

7.

Click OK and wait for the Manage Content Databases page to reappear.

8.

On the Manage Content Databases page, select the content database that was originally created with the web application by clicking the link in the Database Name column. Wait for the Manage Content Database Settings page to appear.

9.

On the Manage Content Database Settings page, use the drop - down menu to change Database Status to Offline.

Maintaining SQL Performance

453

10. Click OK and wait for the Manage Content Databases page to reappear. 11. Repeat steps 8 and 9 for all the content databases except the one where you want to create the new site collection.

12. Select the Application Management tab of the Central Administration website. 13. On the Application Management tab, in the SharePoint Site Management section, select the Create Site Collection link. Wait for the Create Site Collection page to appear.

14. On the Create Site Collection page, create a new site collection and assign it the Intranet Site quota template you created in the previous exercise. (You learned how to create a new site collection in Chapter 4, “Configuring the Windows SharePoint Services 3.0 Environment.” You can review the steps in Exercise 4.9 if you need to refresh your memory.)

15. Select the Application Management tab of the Central Administration website. 16. On the Application Management tab, in the SharePoint Web Application Management section select the Content Databases link. Wait for the Manage Content Databases page to appear.

17. The WSS_Content_WSS01B content database should now show one site in the Current Number of Sites column.

454

Chapter 11



Monitoring Windows SharePoint Services

Service Pack 1 for WSS added a Stsadm operation that can be used to move an existing site collection from one content database to another. Since the 70 - 631 exam doesn’t cover SP1 information, you won’t need to know how to use this operation for the exam. If you want more information on how to move an existing site collection, Todd Klindt has a very good blog post covering this operation at http://www.toddklindt.com/blog/Lists/ Posts/Post.aspx?ID=53.

Controlling Database Activity When a site collection reaches its maximum quota limit, it will be set to read- only access and no further write activity will be allowed. This will not prevent users from accessing the site but will prevent any additions or updates. You may also sometimes want to manually lock an existing site collection even though it has not reached its maximum quota so that users can no longer add content. You can accomplish both of these tasks using the Site Collection Quotas and Locks page in Central Administration, as shown in Figure 11.1. F I G U R E 11 .1

Managing a database’s quotas and locks

Maintaining SQL Performance

455

Four lock settings are available on this page: Not Locked This is the default setting and enables full functionality on the site collection. Adding Content Prevented This option keeps users from adding new content to the site collection, but updates and deletions are still allowed. Read- Only This option prevents users from adding, updating, or deleting content in the site collection. No Access This option prohibits users from accessing any content in the site collection. Users who try to access a site will receive an Access Denied message as though they had no security rights. You are required to type a reason for the lock in the Additional Lock Information box for all the lock settings except Not Locked. Your explanation is visible only to other administrators on the Site Collection Quotas and Locks page.

Setting a Site Collection to Read - Only James is a site collection administrator for a company that uses WSS site collections to manage all your small- group projects. Site collections used for previous projects provide project managers with a rich source of examples and ideas. Project managers regularly copy existing documentation from previous projects to modify and reuse in new projects. But occasionally they forget and save the updates back to the original site collection instead of the new one. James knows he could modify the security permissions on old site collections once a project is complete, but is afraid that he might miss a document library or list where security inheritance has been customized. It would also involve a lot of tedious work to make all the security changes necessary. Instead of changing security, James has decided to use the Site Collection Quotas and Locks page in the Central Administration website to set closed project site collections to Read Only. This will prevent users from accidentally saving changes in the wrong place, no matter what their security settings are. But users will still have full access to the project site collections they have used in previous projects.

Once a lock has been set on a site collection or a quota has been exceeded, you will need to update the quota, delete content, or release the lock to make the sites fully functional again. In Exercise 11.3, you will learn how to manually lock and unlock a site collection as well as how to update an existing site collection quota.

Chapter 11

456



Monitoring Windows SharePoint Services

E X E R C I S E 11 . 3

Managing Database Quotas and Locks 1.

Select Administrative Tools  SharePoint 3.0 Central Administration and wait for the Home page of the Central Administration website to appear.

2.

Select the Application Management tab of the Central Administration website.

3.

On the Application Management tab, in the SharePoint Site Management section, click the Site Collection Quotas and Locks link. Wait for the Site Collection Quotas and Locks page to appear.

4.

On the Site Collection Quotas and Locks page, fill in the following information: 











In the Site Collection field, make sure that the site collection you wish to change is selected. If it isn’t, click on the field ’s drop - down arrow and select Change Site Collection. Wait for the Select Site Collection page to appear and select the correct site collection. You may also need to use the Web Application drop - down menu on the Select Site Collection page to choose the correct web application. In the Site Lock Information section, change Lock Status for This Site from Not Locked to Read- Only by selecting the appropriate radio button. In the Site Lock Information section, type Site Collection set for Read - Only Access in the Additional Lock Information text box. In the Site Quota Information section, select Individual Quota from the Current Quota Template drop - down menu. In the Site Quota Information section, select the Limit Storage to a Maximum Of check box and fill in a maximum size of 1000 (MB). In the Site Quota Information section, select the Send a Warning E- Mail When Site Storage Reaches check box and fill in a value of 800 (MB).

5.

Click OK and wait for the Application Management page to reappear.

6.

Navigate to a list or library on a site in the site collection that you locked. As you can see in the following graphic, the New, Upload, and Settings menus have been removed. As a result you can no longer create new items or upload documents.

Maintaining SQL Performance

457

7. Select Administrative Tools  SharePoint 3.0 Central Administration and wait for the Home page of the Central Administration site to appear.

8. Select the Application Management tab. 9. On the Application Management tab, in the SharePoint Site Management section, click the Site Collection Quotas and Locks link. Wait for the Site Collection Quotas and Locks page to appear.

10. On the Site Collection Quotas and Locks page, fill in the following information to clear the lock on the site collection: 



In the Site Collection field, make sure that the site collection you wish to change is selected. If it isn’t, click on the field ’s drop - down arrow and select Change Site Collection. Wait for the Select Site Collection page to appear and select the correct site collection. You may also need to use the Web Application drop - down menu on the Select Site Collection page to choose the correct web application. In the Site Lock Information section, change Lock Status for This Site from ReadOnly to Not Locked by selecting the appropriate radio button.

11. Click OK and wait for the Application Management page to reappear.

458

Chapter 11



Monitoring Windows SharePoint Services

SQL Server Maintenance No discussion of SharePoint performance monitoring would be complete without including ongoing maintenance of SQL Server. A recommended maintenance plan for WSS databases should include: 

Checking database integrity.



Defragmenting indexes by reorganizing or rebuilding them.



Setting the fill factor for a server.



Shrinking databases to recover unused disk space.

These activities can be accomplished manually using Transact-SQL commands. You can also run the SQL Database Maintenance Plan Wizard to create a database maintenance plan that can be automated. Not all tasks can be automated safely using the SQL Database Maintenance Plan Wizard. You should never use the wizard to rebuild indexes associated with a WSS installation. This problem has been fixed by WSS Service Pack 2. Remember the exam does not cover material with respect to the service packs. For more information, read the following Knowledge Base article: http://support.microsoft.com/default.aspx/kb/932744.

Using Performance Monitor with WSS Metrics As your organization’s use of WSS grows, you may reach a point at which it begins to strain the resources of your system. It is important to monitor your servers so you can predict when your system needs to be upgraded. One of the most important tools that you can use to do this monitoring is the Performance Monitor built into Windows Server 2003. Using this tool, you will be able to monitor trends as your system grows. You can then use these trends to plan for scaling your WSS environment up and out when necessary. They can also be useful for pinpointing potential issues when troubleshooting problems.

Generating a Performance Baseline The fi rst step when using Performance Monitor to track the resource usage of your SharePoint environment is to perform a baseline. Once a baseline has been established, continue to take frequent snapshots of the performance of your system so that you can

Using Performance Monitor with WSS Metrics

459

generate a history. This history will make it possible to identify trends in the performance of your SharePoint environment. Identifying trends in performance is critical if you want to troubleshoot performance problems or identify when you need to scale your environment up and out. Exercise 11.4 will demonstrate how to add performance counters to Performance Monitor in Windows Server 2003. Adding these counters is the fi rst step to generating a performance baseline. E X E R C I S E 11 . 4

Adding a Counter to Performance Monitor 1.

If it ’s not already running, start Microsoft Internet Explorer (IE) and browse to a site in one of your site collections. Leave IE running.

2.

Select Administrative Tools  Performance to launch Performance Monitor. Wait for the application to load and display the default counters.

3.

Right- click on the graph that displays the values of the default counters in the program and select Add Counters from the context menu. You can also click on the button in the toolbar labeled with a plus sign (+). Wait for the Add Counters dialog box to appear.

4.

In the Add Counters dialog box, fill in the following information: 

Select the radio button Use Local Computer Counters if you are running Performance Monitor on the WSS server. Otherwise, select the radio button Select Counters from Computer and choose your WSS server from the drop - down list.



Select Process from the Performance Object drop - down list.



Accept the default counter % Processor Time in the Select Counters From List.



In the Select Instances from List, select each instance of the w3wp.exe process and click the Add button. Notice that you can also select all the counters and all the instances by selecting the All Counters and All Instances radio buttons. This is usually not a good idea since it will add too many counters to make any sense of the results.

5.

Click the Close button to close the Add Counters dialog box.

6.

Click the lightbulb icon in the toolbar to turn on highlighting of a selected counter.

7.

Leaving Performance Monitor running, return to your WSS site in IE and browse through some lists, libraries, and subsites.

460

Chapter 11



Monitoring Windows SharePoint Services

E X E R C I S E 11 . 4 ( c o n t i n u e d )

8.

In Performance Monitor, select each instance of the w3wp.exe process % Processor Time counters below the graph. One of the instances should show activity similar to the following graphic. This is the w3wp.exe process that is hosting WSS.

There are hundreds of performance object/counter/instance combinations. It ’s impractical to add all of them and try to make any sense out of the result. Later in this section we’ll detail which counters are the most useful for monitoring various aspects of performance for WSS.

Adding counters to Performance Monitor is useful if you want to check on what is happening to your server right now. But what if you want to track how performance changes over time? To do this you will need to generate a performance log that can be compared to other performance logs over time so that you can see trends developing. Studying the performance trends of your servers will help you identify when you need to purchase additional hardware upgrades or when you need to think about expanding your SharePoint farm by adding more servers. In Exercise 11.5, you will learn how to create a log of the activity recorded by the counters you added to Performance Monitor. Once you’ve configured a performance log, you should run it on a regular basis. The additional logs can be compared against the baseline log to reveal performance trends in your environment.

Using Performance Monitor with WSS Metrics

461

E X E R C I S E 11 . 5

Creating a Counter Log 1.

If it ’s not already running, start IE and browse to a site in one of your site collections. Leave IE running.

2.

Select Administrative Tools  Performance to launch the Performance Monitor application. Wait for it to load and display the default counters.

3.

Expand Performance Logs and Alerts in the left panel of Performance Monitor by clicking on the + sign.

4.

Click Counter Logs under Performance Logs and Alerts. A list of existing counter logs will be displayed in the details pane. Currently running logs will display a green icon and stopped logs will be marked with a red icon.

5.

Right- click on Counter Logs and select New Log Settings from the context menu. Wait for the New Log Settings dialog box to appear.

6.

In the New Log Settings dialog box, type a name like WSS performance baseline for the counter log in the Name text box. Click OK and wait for the Counter Log dialog box to appear.

7.

On the General tab: 

Click the Add Counters button to add individual counters using the same procedure as the previous exercise.



Change the entry in the Interval list box to 1.



Select Minutes from the Units drop - down list.



If you are running the log on a remote computer, type a domain account with appropriate permissions in the Run As text box. Click the Set Password button and fill out the Set Password dialog box for the user.

8.

On the Log Files tab, accept all the default settings. Note that you can change the type of log used and where it will be stored using this tab.

9.

On the Scheduled tab: 



In the Start Log section, accept the default setting, which will start the log immediately. In the Stop Log section, select the After radio button. Set the log to stop after 5 minutes.

462

Chapter 11



Monitoring Windows SharePoint Services

E X E R C I S E 11 . 5 ( c o n t i n u e d )

10. Click OK. Your screen should look something like the following graphic. The log you just created will be displayed with a green icon. After 5 minutes the icon will turn red.

Creating Alerts You can also set Performance Monitor to run on your servers and alert you when certain thresholds are reached. For example, you might set Performance Monitor to monitor the average page faults per second and alert you if it exceeds a specific threshold level. You can even instruct Performance Monitor to start a performance data log in response to the alert. This can be useful if you have a recurring issue that happens on weekends or off hours. You can instruct Performance Monitor to do some relatively intense logging when a certain condition occurs rather than logging at that level all night. In Exercise 11.6, you’ll configure Performance Monitor to send a network alert to the console when a certain threshold is reached.

Using Performance Monitor with WSS Metrics

463

E X E R C I S E 11 . 6

Setting a Performance Counter Alert 1.

Select Administrative Tools  Performance to launch the Performance Monitor application. Wait for it to load and display the default counters.

2.

Expand Performance Logs and Alerts in the left panel of Performance Monitor application by clicking on the + sign.

3.

Click on Alerts under Performance Logs and Alerts. A list of existing alerts will be displayed in the details pane. Currently active alerts will display a green icon and inactive alerts will be marked with a red icon.

4.

Right- click on Alerts and select New Alert Settings from the context menu. Wait for the New Alert Settings dialog box to appear.

5.

In the New Alert Settings dialog box, type a name like Monitor for High CPU usage for the alert in the Name text box. Click OK and wait for the Alert dialog box to appear.

6.

On the General tab: 











7.

8.

In the Comments text box, type some text that will remind you about the purpose of the alert. Click the Add Counters button to add an individual counter. Accept the default values of Processor for the object, % Processor Time for the counter, and Total for the instance by clicking the Add button and then clicking the Close button. Set the threshold by accepting the default of Over in the Alert When the Value Is drop - down list and entering 15 in the Limit text box. (Note that this is abnormally low to make it easy to generate a sample alert.) Accept the default of evaluating the data every 5 seconds. If you are running the log on a remote computer, type a domain account with appropriate permissions in the Run As text box. Click the Set Password button and fill out the Set Password dialog box for the user.

On the Action tab: 

Select the Send a Network Message To check box.



Enter High CPU usage encountered in the text box.

Click OK.

464

Chapter 11



Monitoring Windows SharePoint Services

E X E R C I S E 11 . 6 ( c o n t i n u e d )

9.

Start IE and browse to several sites in one of your site collections. When you exceed 15% CPU utilization, you should get a pop - up message similar to the one shown here:

10. Click OK to clear the message. 11. Return to Performance Monitor. Right- click on the alert and select Stop from the context menu to prevent further alerts.

Common WSS Counters You’ve now learned how to add counters to Performance Monitor, how to log the performance data, and how to generate alerts when counters exceed specific thresholds. But the question is, which counters should you monitor for WSS? There are hundreds of counters that Performance Monitor can watch. This makes it difficult to choose the most useful counters to monitor WSS performance. Table 11.1 lists the performance objects and counters that are useful on every server in your WSS farm.

Using Performance Monitor with WSS Metrics

TA B L E 11 .1

465

General WSS Performance Counters

Object

Counter

Recommended Value Description

Memory

% Committed Bytes in Use

Determine trend over The percentage of physical memory in time by baselining. use for which space has been reserved in the paging file vs. the size of the paging file. Increasing the size of the paging file will decrease the percentage.

Available MB

> 10% of total physical memory.

The amount of physical memory available for allocation to a process.

Pages/sec

Sustained values of > 200 indicates need for additional RAM.

Rate pages are read from or written to paging file to resolve hard page faults.

Page Faults/sec

Monitor long-term trends.

The average number of pages faulted per second. It is a combination of hard faults (those that require disk access) and soft faults (where the faulted page is found elsewhere in physical memory). Soft faults are usually not a significant degradation of performance.

Pool Nonpaged Bytes

Large values can cause IIS to stop responding.

The size, in bytes of the area of system memory for objects that cannot be written to disk, but must remain in RAM as long as they are allocated.

Bytes Total/sec

Monitor long-term trends.

The rate at which bytes are sent and received by a network adapter.

Packets/sec

Monitor long-term trends.

The rate at which packets are sent and received by a network adapter.

% Disk Time

Values of > 80% may indicate inadequate RAM or a disk controller problem.

The percentage of elapsed time that the selected disk drive was busy.

Avg. Disk sec/ Transfer

Values of > 0.3 may indicate inadequate disk controller or drive problems.

The time required for an average disk transfer.

Network Interface

Physical Disk

466

Chapter 11

TA B L E 11 .1 Object



Monitoring Windows SharePoint Services

General WSS Performance Counters (continued)

Counter

Recommended Value Description

Current Disk Queue Length

Sustained values > 2 × the drive spindle count may indicate need for additional disks.

The number of requests outstanding on the disk.

Sustained values > 75% indicates need for faster or additional processors.

The percentage of elapsed time that the processor spends executing non-idle threads.

Processor % Processor Time

Interrupts/sec

Monitor long-term The average rate, in incidents per trends. Values < 1000 second, at which the processor are good. received and serviced hardware interrupts.

Redirector

Server Sessions Hung

Should be The number of threads in the procesLength 10 × the number of sor queue. processor cores may indicate need for additional processors or servers.

The number of active sessions that are timed out due to a lack of response from a remote server. The number of times STATUS_DATA_ NOT_ACCEPTED was returned at receive indication time. Indicates whether the InitWorkItems or MaxWorkItems parameters might need to be adjusted.

Table 11.2 focuses on counters that should be used to monitor the performance of a SharePoint web front- end server. These counters monitor the performance of your IIS web server and the underlying ASP.NET Framework used to render SharePoint websites.

Using Performance Monitor with WSS Metrics

TA B L E 11 . 2

467

Web Front-End Server Performance Counters Recommended Value

Object

Counter

Description

Process (w3wp)

% Processor Time

Monitor long-term trends.

The percentage of elapsed time that the process used to execute instructions.

Private Bytes

Monitor long-term trends. Increasing values may indicate a memory leaking.

The current size of RAM that this process has allocated that cannot be shared with other processes.

ASP.NET

Worker Processes Restarts

0

The number of times a worker process has restarted.

ASP.NET Applications

Request/Sec

Monitor long-term trends.

The number of requests executed per second.

.NET CLR Memory

% Time in GC

< 25%

% Time in GC is the percentage of elapsed time that was spent in performing a garbage collection (GC) since the last GC cycle.

Web Service

Connection Attempts/sec

Monitor long-term trends.

The rate that connections to a web service are being attempted.

Search and indexing of WSS content is one of the critical functions in your farm. Table 11.3 displays the performance objects and counters that can be used to monitor the health of the servers in your farm performing the query and indexing roles. TA B L E 11 . 3

Query and Index Server Performance Counters Recommended Value

Description

Queries

Monitor long-term trends.

The number of queries directed against the index.

Crawls in progress

Monitor long-term trends.

The number of crawls in progress.

Document Add Rate

Monitor long-term trends.

The number of document added to the index per second.

Object

Counter

SharePoint Search Indexer Catalogs SharePoint Search Gatherer Projects

468

Chapter 11

TA B L E 11 . 3



Monitoring Windows SharePoint Services

Query and Index Server Performance Counters (continued)

Object

Counter Error Rate

SharePoint Search Gatherer

Web Service

Recommended Value Monitor long-term trends.

Description The number of file protocol errors received while getting documents.

Incremental Crawls Monitor long-term trends.

The number of incremental crawls in progress.

Processed Documents Rate

Monitor long-term trends.

The number of documents processed since the history was reset.

Retries

Monitor long-term trends.

The total number of times a document access has been retried.

Waiting Documents

Monitor long-term trends.

The number of documents waiting to be processed in the queue.

Documents Filtered Rate

Monitor long-term trends.

The number of documents filtered per second.

Filtering Threads

Monitor long-term trends.

The total number of filtering threads in the system.

Threads Accessing Monitor long-term Network trends.

The number of threads waiting for a response from the filter process.

Document Entries

Monitor long-term trends.

The number of document entries currently in memory.

Connection Attempts/sec

Monitor long-term trends.

The rate that connections to the web service are being attempted.

SharePoint performance depends heavily on the performance of the underlying SQL Server. The counters in Table 11.4 can be used to monitor the overall performance of the SQL Server holding the configuration and content databases for WSS.

Troubleshooting Problems with Logs and the Event Viewer

TA B L E 11 . 4

469

SQL Server Performance Counters

Object

Counter

Recommended Value

Description

Process (sqlserver)

% Processor Time

< 80

The percentage of elapsed time that all of the process threads used the processor to execute instructions.

Private Bytes Monitor long-term trends. Increasing values may indicate a memory leak.

The current size of RAM that this process has allocated that cannot be shared with other processes.

Working Set

The maximum size, in bytes of memory pages touched recently by the threads in the process.

Consistently > the Min Server Memory option in SQL Server and < the Max Server Memory option.

SQL Server: Buffer Manager

Buffer Cache > 90% Hit Ratio

The percentage of pages found in the buffer cache without having to read from disk.

SQL Server: Databases

Data File(s) Size (KB)

Monitor to ensure adequate disk space for database.

The cumulative size of all the data files in the database including any automatic growth.

Log File(s) Size (KB)

Monitor to ensure adequate disk space for database.

The cumulative size of all the transaction log files in the database.

SQLServer: Free Space in Monitor to ensure adequate Transactions tempdb (KB) disk space for tempdb.

The amount of space available in tempdb.

Troubleshooting Problems with Logs and the Event Viewer No matter how well you monitor your WSS environment, occasionally things will go wrong. When they do, you will need to troubleshoot the problem. WSS uses several types of logs that are stored in different locations. The various log types and locations are: Application Event Log SharePoint can log events to the regular Application event log maintained by the operating system. These events can be viewed using the Event Viewer available on the Administrative Tools menu. Unified Logging Service (ULS) Logs directory of the 12 hive by default.

WSS can log events to a trace log stored in the Logs

Usage Logs Usage logs record what sites users visit. The logs are stored in the subdirectories under the Logs directory of the 12 hive by web application and date. These logs can be automatically summarized and made available in predefi ned reports.

470

Chapter 11



Monitoring Windows SharePoint Services

Internet Information Services (IIS) logs IIS keeps logs for all websites by default. These logs are similar to the WSS usage logs, but you have more control over the IIS logs than you do over the WSS usage logs. The logs are stored in C:\Windows\system32\LogFiles by default. The rest of this section will show you how to control and use the information provided by these logs. Configuring the logging options will help you with the troubleshooting process.

Diagnostic Logging and Event Throttling When you need to troubleshoot a problem, it is always best to have as many logs and listed events as possible so you can track the root cause of a problem. But extensive logging consumes disk space and steals performance from your WSS servers, so you will want to limit how much information gets logged until you need it for troubleshooting. Click the Diagnostic Logging link in the Logging and Reporting section of the Operations tab in the WSS Central Administration website to set thresholds at which SharePoint logs information to the Application event log and the ULS trace log. You can set unique thresholds for different categories of events. For example, you can set the Database category to write an event to the operating system event log whenever a warning is generated but still have the Web Parts category set to log no events. Figure 11.2 shows the Diagnostic Logging screen with thresholds set to limit events passed to the Application event log to errors only but to pass more detailed information to the ULS trace log. F I G U R E 11 . 2

Diagnostic Logging page

Troubleshooting Problems with Logs and the Event Viewer

471

Adjusting the level of logging on a specific category allows you to troubleshoot a specific problem without filling up the logs with unnecessary information. You should not use high levels of logging detail unless you want to capture every trace of information for that category. If you are running the ULS trace log at the Verbose logging level, you will consume a large amount of disk space on the WSS web front- end servers. You should immediately set it back to your normal required level after the test period to keep your logs from growing too quickly. The Verbose setting eats into the available resources on the server that is running the logging, especially CPU and memory resources. The ULS trace log fi les are stored by default in the Logs directory of the 12 hive. You can change the default location for storing the log fi les by using the Diagnostic Logging page shown in Figure 11.2. You can also control how many log fi les will be created and how much time will be recorded in each fi le before creating a new fi le. These fi les can grow very large, so you will want a balance between the amount of information logged and how many fi les are maintained. If you set the number of fi les too low, you won’t retain the information long enough to be analyzed, but setting the number of log fi les too high may fi ll up the hard drive of your server. The ULS trace fi lenames always start with a prefi x consisting of the name of the server they were generated on, followed by the date and time code when the log was created. For example, a log fi le named WSS01-20090508-1620.log was created on a server named WSS01 on May 8, 2009, at 4:20 p.m. You can set the logging level of the trace logs to several levels, as shown in Table 11.5.

TA B L E 11 . 5

Trace Logging Levels

Tracing Level

Description

None

No information written to the logs

Unexpected

Represents an unexpected code path and actions that should be monitored

Monitorable

Represents an unusual code path and actions that should be monitored

High

Writes high-level detail to the trace log file

Medium

Writes medium-level detail to the trace log file

Verbose

Writes low-level detail to the trace log file

The Application event logs are stored automatically by the server’s operating system. You can view these logs by using the Event Viewer in Administrative Tools on the server.

Chapter 11

472



Monitoring Windows SharePoint Services

The Application event log can be throttled by WSS to report five different levels of events. The five levels, in ascending order of the amount of information recorded, are: 

None



Error



Warning



Audit Failure



Audit Success



Information

Events are normally written to the application event log on each server, but they can be rolled up to a central location using Microsoft Operations Management (MOM) Server 2005. The WSS MOM 2005 management pack will be discussed later in the section “Microsoft Operations Manager (MOM) 2005 and WSS.”

Configuring Usage Analysis Processing WSS records usage information for each web application if usage analysis logging is enabled for the WSS farm. When usage analysis logging is enabled, log fi les are created in a set of subdirectories in the Logs directory of the 12 hive. This directory contains a folder for each web application on the server. Each subdirectory is named with a GUID that identifies a specific web application. Each folder contains subdirectories for each day, which in turn contain the daily usage log for each web application. These logs are useful because they associate users with page hits and time stamps. Usage analysis processing can be a useful tool because it provides you with information on what is happening with your WSS site. To enable usage analysis logging and processing, you click the Usage Analysis Logging link on the Operations tab of the Central Administration website. The resulting options allow you to specify the location and number of log fi les to create. If you set the number of log fi les too low, you run the risk of creating log fi les that are so large they will be difficult to process. The maximum number of fi les for any day is limited to 30. You can also specify when to process the log fi les each day. It’s a good idea to start the processing after your nightly backups have fi nished. You must also make sure there is enough time to process all the usage from that day before the processing stop time. The system will not process the previous day’s results later in the week. Figure 11.3 shows the Usage Analysis Processing page.

Troubleshooting Problems with Logs and the Event Viewer

F I G U R E 11 . 3

473

Usage Analysis Processing page

You can view the reports generated by usage analysis processing by clicking a link in the Site Collection Administration column of the Site Settings page of a top -level site or by using SharePoint Designer. Reports viewed in the user interface are limited to the last 30 days, but you can view usage for a whole site collection. Reports viewed using SharePoint Designer can summarize more than 30 days of activity, but are limited to a specific site. To view the reports, you must be a site collection administrator (or a member of the STS_WPG group, which includes but is not limited to the local administrators group for the server).

Interpreting the IIS Logs Internet Information Services (IIS) logging is designed to be more detailed than the Application event log or performance-monitoring features of Windows Server 2003. It also contains more detailed information than the WSS usage logs. IIS logs provide information on who is connecting to the WSS website, when they are connecting, and the pages they are requesting. You can monitor attempts, either successful or unsuccessful, to access your websites, virtual folders, or fi les. But it also records how the users are connecting to the

Chapter 11

474



Monitoring Windows SharePoint Services

site. By regularly reviewing these log fi les, you can detect areas of your server or your sites that may be subject to attacks or suffer from other security problems. For example, you can use this information to verify that users are accessing your WSS website using SSL encryption. Exercise 11.7 shows you how to configure the IIS logs. E X E R C I S E 11 . 7

Configuring the IIS Logs 1.

Select Administrative Tools  Internet Information Services (IIS) Manager to launch the IIS Manager application. Wait for the application to load.

2.

Expand your WSS server in the left panel of the application by clicking the + sign to the left of the server name.

3.

Expand Web Sites in the left panel of the application by clicking the + sign.

4.

Right- click the WSS web site that you want to log, and select Properties from the context menu. Wait for the Properties dialog box to appear.

5.

On the Web Site tab, fill in the following: 



Select the Enable Logging check box. Accept the default values of W3C Extended Log File Format in the Active Log Format field. This format is recommended because it can be customized to include additional logging information.

6.

Click the Properties button to the right of the Active Log Format field and wait for the Logging Properties dialog box to appear.

7.

On the General tab, fill in the following: 







8.

Select the Hourly radio button in the New Log Schedule section to create a new log file each hour. This will create a new log file starting with the first entry that occurs for each hour. This setting is typically used for high -volume websites. Select the Use Local Time for the File Naming and Rollover check box. WSS will use the local server system clock to name the log files. Accept the default location in the Log File Directory text box. Note that if you select the ODBC Logging format you will also be asked to provide the ODBC Data Source Name (DSN), table, username, and password.

Click the Advanced tab. Note that only the W3C Extended Log File Format contains an Advanced tab. Notice how you can add or remove additional properties from being logged.

Microsoft Operations Manager (MOM) 2005 and WSS

475

9. Click OK to close the Logging Properties dialog box. 10. Click OK to close the Web Site Properties dialog box. 11. Close the IIS Manager application.

The IIS log fi les are stored as text fi les and can be opened directly using applications like Notepad or Wordpad. However, these fi les can be long and tedious, so a log parsing tool can be useful. Microsoft offers a free downloadable tool called Log Parser that can be used to analyze the IIS log fi les. You can download the current version of Log Parser at http://www.microsoft.com/technet/scriptcenter/tools/logparser/default.mspx.

Microsoft Operations Manager (MOM) 2005 and WSS Although the Application event logs on a WSS server provide valuable information, monitoring them can often be a problem when your network includes several servers. Microsoft Operations Manager (MOM) 2005 can centrally manage the status of services on many servers in your network. Using a management pack and agents designed by

476

Chapter 11



Monitoring Windows SharePoint Services

Microsoft, this monitoring can also include your WSS servers. The management pack is installed on the server running MOM 2005, and reporting agents are installed on each WSS server.

If you are doing centralized monitoring today, you should be looking at management packs for Systems Center Operations Manager (SCOM) 2007. But the test was written when the only management packs available were for MOM 2005. You will only need to be familiar with MOM 2005 capabilities, not SCOM 2007, for the 70 - 631 exam.

WSS 3.0 Management Pack for MOM 2005 A MOM 2005 server in your network can be configured to collect information about possible service outages or configuration problems on all the servers in your WSS environment so you can quickly take corrective action. This kind of monitoring will result in increased uptime and higher overall performance for your WSS infrastructure. MOM 2005 monitors events written in the Windows event log by various servers and tracks and responds to a selected set of critical events based on a list of key performance counters. The WSS management pack provides SharePoint-specific operations, knowledge, and rules. The rules are used for monitoring the server health indicators and creating alerts when certain thresholds are exceeded. These alerts inform an administrator when additional action is needed. Here’s an overview of the conditions the management pack can identify: 

Insufficient permissions for the application pool identity account to add or read users from the Active Directory



Insufficient permissions for the application pool identity account to read or write to the disk or Registry



Invalid configuration of an authentication provider



Backup failures and insufficient Recycle Bin quotas



Connectivity problems between WSS servers and SQL



Issues brought on by the deployment and topology of WSS



The health of the tracing infrastructure



SMTP server connectivity issues



Connectivity to Windows Rights Management Services servers



Centralized monitoring of performance counters



Search service operations issues



Other Windows services availability problems



The SharePoint Timer (OWStimer) service issues

Microsoft Operations Manager (MOM) 2005 and WSS



Failure to load event handlers



Problems with safe control assembly paths

477

In addition to the WSS management pack, you should load the management packs for any underlying technologies used by WSS. For example, a server that is running MOM 2005 and monitoring a normal WSS environment should also include the following management packs: 

Windows operating system



Internet Information Services (IIS)



ASP.NET



Microsoft SQL Server



Microsoft Windows Active Directory

Configuring MOM 2005 for WSS MOM 2005 should be installed on a network server in your WSS environment. You will also need to install the MOM 2005 agent on any WSS server you want to monitor. Some additional configuration of the MOM 2005 agent might also be necessary. The high-level steps required for loading and configuring MOM 2005 with the WSS management pack are as follows: 1.

Open the Microsoft Operations Manager Administrative MMC console.

2.

Expand the Microsoft Operations Manager (Default) node.

3.

Expand the Rules subnode.

4.

Select the Processing Rule Groups subnode.

5.

Right- click on the Processing Rule Groups sub -node and then select the Import Management Pack option.

6.

Follow the instructions until you have finished importing the management pack module.

The WSS management pack for MOM 2005 can be downloaded from http://www.microsoft.com/downloads/details.aspx?FamilyId=DB1CADF7-1A1240F5-8EB5-820C343E48CA& displaylang=en. Be sure to enable logging of WSS events to the Application event log using as described in the “Diagnostic Logging and Event Throttling” section earlier in this chapter. Otherwise, you won’t have any WSS events to be collected by MOM 2005.

478

Chapter 11



Monitoring Windows SharePoint Services

Summary In this chapter you learned how to monitor and troubleshoot problems in your WSS infrastructure. You saw how proper planning and maintenance can prevent problems in your WSS farm. You explored the use and configuration of Performance Monitor to monitor the performance of your WSS environment. You also looked at the various log fi les created by WSS, IIS, and the operating system. Finally, you learned that you can centrally monitor your WSS servers using an add-in to the Microsoft Operations Manager (MOM) 2005 Server.

Exam Essentials Know how to manage storage on the SQL Server used by WSS. Know how to create and manage site collection quotas. Know how to create additional content databases and how to separate site collections in them. Your SQL database administrator can improve SQL performance and maximize storage space through standard SQL maintenance like truncating log fi les. Understand how to monitor WSS performance using Performance Monitor. Know how to add counters to Performance Monitor and how to create performance logs or alert thresholds. Be familiar with the most useful performance counters in a WSS environment. Know how to configure event and trace log throttling to be used in troubleshooting. Understand the four different types of logs available to troubleshoot WSS. Know how to control the level of events logged to either the application event log or the trace log by WSS. Be aware of how to centralize monitoring of events in WSS. Know what kinds of events can be monitored by MOM 2005 using the WSS management pack. Understand how MOM can be used to centralize monitoring of events for all the servers in your farm.

Review Questions

479

Review Questions 1.

You have deployed WSS 3.0.You need to configure the IIS server to store its logs in a centralized SQL database. What should you do? A. Configure IIS Manager to use W3C Extended Log File Format for the Active Log Format setting.

2.

B.

Configure IIS Manager to use the NCSA Common Log File Format for the Active Log Format setting.

C.

Download the Microsoft Operations Manager (MOM) 2005 management pack for WSS 3.0. Install the management pack on the WSS server and configure it to send the IIS log to a SQL database.

D.

Configure IIS Manager to use ODBC Logging for the Active Log Format setting.

You have deployed WSS 3.0.You need to configure the WSS server to write only error-level events to the Windows Application event log. What should you do? A. Create a custom Application log view that filters out Warning and Information log entries.

3.

B.

In the Central Administration website, on the Usage Analysis Processing page, select the Enable Logging option and configure a log file location of C:\ErrorsOnly.

C.

On the WSS Central Administration website, select Diagnostic Logging to Error from the Least Critical Event drop - down menu.

D.

On the WSS Central Administration website, enable the Periodically Download a File That Can Help Identify System Problems option.

You have deployed WSS 3.0. You configure the WSS server to use Secure Sockets Layer (SSL) encryption. You need to verify that all traffic to and from the WSS website is encrypted. What should you do? A. Review the IIS logs on the WSS web front- end servers.

4.

B.

Review the system log on the WSS server.

C.

Install Microsoft Internet Security and Acceleration (ISA) Server 2006 on an external server Enable Intrusion Detection Services on the ISA server computer. Review the logs on the ISA server.

D.

Download the MOM 2005 management pack for WSS 3.0. Install the management pack on the WSS server. Review the Application log on the WSS server.

You have deployed WSS 3.0. You need to configure the WSS server to create WSS trace logs and capture user-mode error messages. What should you do? A. Download and install the MOM 2005 management pack for WSS on the WSS server. B.

Create a filter view of the Application log that enables errors, information, and warnings.

C.

On the WSS Central Administration website, configure diagnostic logging on the WSS.

D.

Use the Windows Performance Logs and Alerts management console to create a trace log for the WSS server.

Chapter 11

480

5.



Monitoring Windows SharePoint Services

You have deployed a WSS environment consisting of multiple WSS farms. Each web server farm consists of three or more front- end WSS servers. You need to monitor services across all of the WSS servers in the web server farms. What should you do? A. On each server, configure the Central Administration Diagnostic Logging feature to store trace logs on a network share drive.

6.

B.

Install MOM, and then download and install the WSS management pack on the MOM server.

C.

Create a custom Microsoft Management Console (MMC) that contains the Event Viewer from each WSS server.

D.

Add the Web Service: Current Connections counter for each WSS server to a Performance Monitor chart view.

You deploy several servers that run WSS 3.0. You need to centrally monitor the WSS servers to identify HTTP 404 errors. What should you do? A. Create a custom MMC that contains the Event Viewer from each WSS server.

7.

B.

Create a counter log that uses the Network Interface .Bytes Total/ Sec counter on each WSS server. Store the counter log results in a SQL Server database.

C.

Configure the IIS log active format on each WSS server to use the Microsoft IIS Log File Format option.

D.

Install MOM on a network server. Install the IIS management pack on the MOM server.

You have deployed WSS 3.0. You store all data on a separate SQL 2005 database server. Users report that the WSS server performs slowly during peak business hours. You create a counter log on the WSS server. You need to identify potential hardware bottlenecks. Which two objects should you include in the log? (Each correct answer presents part of the solution. Choose two.) A. Network interface

8.

B.

ASP.NET

C.

WMI objects

D.

Processor

You are a network administrator for your company. You have deployed WSS 3.0 in a server farm with five front- end web servers, named WSS01, WSS02, WSS03, WSS04, and WSS05. All of the front- end servers are managed by a network server named MGMT01. Your IT management policy requires that you log all HTTP Error 500 -13 - Server Too Busy Errors that IIS encounters. What should you do? A. Create a ProcessorInterruptsSec counter log on each web server running WSS 3.0. B.

Install MOM 2005 on the network server, MGMT01, and install the IIS management pack on the five web servers.

C.

View trace logs on each web server running WSS 3.0.

D.

View Application event logs on each web server running WSS 3.0.

Review Questions

481

9. Your organization has deployed two web front- end servers running WSS 3.0. The WSS databases are maintained on a SQL Server 2005 database server. There is one content database. The database server is configured with a mirrored pair through SQL Server database mirroring. The SQL Server database servers are configured for the high-availability mode with a witness server. The principal server fails. The witness and mirror servers register that the principal server is unavailable. You need to restore access to the databases as quickly as possible. What actions must you take? (Each correct answer presents part of the solution. Choose two.) A. Remove the current content database server and add the new server for every web front- end server. B.

Remove the current content database server and add the new server for one web frontend server.

C.

Identify the new search database on every web front- end server.

D.

Identify the new search database on one web front- end server.

10. You have deployed WSS 3.0. You need to configure the WSS server to write only error-level events to the ULS trace log. What should you do? A. Create a custom Application log view that filters out Warning and Information log entries. B.

On the WSS Central Administration website, configure the Trace Throttling feature.

C.

On the Central Administration website, on the Usage Analysis Processing page select the Enable Logging option and configure a log file location of C:\ErrorsOnly.

D.

On the WSS Central Administration website, enable the Periodically Download a File That Can Help Identify System Problems option.

11. You deploy WSS 3.0. You store all data on a separate SQL 2005 database server. Users report that the WSS server performs slowly during peak business hours .You create a counter log on the WSS server. You need to identify potential hardware bottlenecks. Which two objects should you include in the log? (Each correct answer presents part of the solution. Choose two.) A. Network interface B.

WMI objects

C.

Physical memory

D.

ASP.NET

12. You have deployed WSS 3.0. You store all data on a separate SQL 2005 database server. Users report that the WSS server performs slowly during peak business hours. You suspect the problem is poor performance on the SQL Server. You create a performance counter log on the SQL Server. To identify potential problems, which two objects should you include in the log? (Each correct answer presents part of the solution. Choose two.) A. RAS Port B.

SQL Server: Buffer Manager

C.

Process (sqlserver)

D.

Terminal Services Sessions

Chapter 11

482



Monitoring Windows SharePoint Services

13. You have deployed WSS 3.0. In checking the server this morning, you find that you are running out of space on your C: drive. You want to relocate some of the WSS -specific log files to the D: drive on the server. Which of the following logs can you configure to use an alternate location through the WSS Central Administration website? (Each correct answer presents part of the solution. Choose two.) A. ULS trace log B.

Application event log

C.

IIS logs

D.

Usage analysis log

14. You have deployed WSS 3.0 with a single web front- end server and a SQL database server. So far you have created a single web application with several site collections. You are concerned that your SQL Server may run out of storage space. You want to limit how much space can be used by WSS. What do you do? (Each correct answer presents part of the solution. Choose two.) A. Apply the WSS Site Quota template to each site collection in the web application. B.

Create a quota template called WSS Site Quota with appropriate warning and storage limit values.

C.

Configure the SQL Server to limit the growth of the content database for the web application.

D.

Apply the WSS Site Quota template to each website in the web application.

15. You have deployed WSS 3.0 with a single web front- end server and a SQL database server. You have implemented site collection quotas on all your site collections. One of your site collection administrators calls to say that her users can no longer add or edit content in their site collection. You want to increase their quota from 100GB to 110GB. What is the easiest way to increase their quota? A. Click the Site Collection Quotas and Locks link in the Central Administration website and set the site collection to use the My Site Quota template. B.

Create a new quota template with the appropriate storage limit and apply the template to the site collection using the Site Collection Quotas and Locks link in the Central Administration website.

C.

Using the Site Collection Quotas and Locks link in the Central Administration website, unlock the site collection so the users can exceed their quota.

D.

Using the Site Collection Quotas and Locks link in the Central Administration website, set the site collection to use the Individual Quota template and increase the storage limit to 110000.

16. Which of the following is not an object available in Performance Monitor? A. Processor B.

Pages/Sec

C.

SharePoint Search Gatherer

D.

Memory

Review Questions

483

17. Which of the following is not a counter available in Performance Monitor? A. ASP.NET Applications B.

Available MBytes

C.

Current Bandwidth

D.

Processor Queue Length

18. You have deployed WSS 3.0 with a single web front- end server and a SQL database server. You want to limit the storage space used by placing each site collection in its own content database and applying a quota template. What is the STSADM command that you can use to create a new content database when you create a new site collection? A. addcontentdb B.

createsiteinnewdb

C.

mergecontentdbs

D.

runcontentdeploymentjob

19. You deploy WSS 3.0. You store all data on a separate SQL 2005 database server. Network administrators have reported that the backups have failed for the last several nights. The Backup logs show that the backup program can’t load due to inadequate RAM. You want to know what other processes are running when the backup program fails to run. Backups are scheduled to run at 1:00 a.m. What is the best way to get the information you need? A. Go home early so you can come back at midnight and use Performance Monitor to monitor the processes running on the server. B.

Create a Performance Monitor alert that will take a snapshot of running processes when the Available KBytes counter drops below 100.

C.

Setup a Performance Monitor counter log to run from the time you leave work until 1:30 a.m.

D.

Log into the server using Remote Desktop at 12:50 a.m. and use Task Manager to watch the running processes until 1:00 a.m.

20. You have deployed WSS 3.0. You store all data on a separate SQL 2005 database server. Your system has been running for six months. One site collection has become very large. You want to identify infrequently used WSS sites so you can back them up and delete them from the site collection to create more room in the content database. What ’s the best way to get this information? A. On the WSS Central Administration website, configure the Trace Throttling feature. Use the trace log to figure out which websites aren’t being visited. B.

In the Central Administration website, on the Usage Analysis Processing page, select the Enable Logging option and configure it to process usage from 2:00 a.m. to 1:59 a.m. every day.

C.

Configure IIS logging to use W3C Extended Logging File Format. Use a Log Parser application to scan through the log for unused websites.

D.

Install MOM on a network server. Install the IIS management pack on the MOM server.

484

Chapter 11



Monitoring Windows SharePoint Services

Answers to Review Questions 1. D. Using ODBC logging, you can store the IIS logs in a SQL database. W3C Extended Log File Format and NCSA Common Log File Format are stored as fi les on the server hard drive. MOM 2005 uses a SQL database but monitors events in the Application event log, not the IIS log. 2. C. WSS events sent to the Application event log are limited based on their severity by changing settings on the Diagnostic Logging page of the Central Administration website. 3. A. Only the IIS logs record information about whether SSL encryption is used to connect to WSS sites. 4. C. Events sent to the ULS trace log are limited based on their severity using the Least Critical Event to Report to the Trace Log drop-down list on the Diagnostic Logging page in the Central Administration website. 5. B. MOM 2005 with the WSS management pack can be used to monitor WSS events in the Application event logs on multiple servers. 6. D. MOM 2005 with the WSS management pack can be used to monitor HTTP errors generated by IIS on multiple servers. 7. A, D. The processor is always a potential bottleneck on a WSS server. You should also monitor the network interface to make sure that communications are not an issue. ASP.NET and WMI are not likely to cause problems limited to peak business hours. 8. B. MOM 2005 with the WSS management pack should be installed on a central network server. It can then be used to centrally monitor HTTP errors generated by IIS on multiple servers. 9. B, D. These changes only need to be made once in the config database for WSS using the Central Administration website. All the web front-end servers will pick up the change in the config database. 10. B. Events sent to the ULS trace log are throttled using the Least Critical Event to Report to the Trace Log drop-down list on the Diagnostic Logging page in the Central Administration website. 11. A, C. The availability of random access memory is always a potential bottleneck on a WSS server. You should also monitor the network interface to make sure that communications are not an issue. ASP.NET and WMI are not likely to cause problems limited to peak business hours. 12. B, C. You should include the SQL Server: Buffer Manager and Process (sqlserver) objects in the log. WSS does not use either RAS or Terminal Services directly. 13. A, D. You can set an alternate location for the ULS trace log and the usage analysis log in the Central Administration website. The Application event log location is dictated by the operating system and the IIS log location is set through IIS Manager.

Answers to Review Questions

485

14. A, B. Storage quotas can be set on a site collection using quota templates. Limiting database size in SQL could result in corruption of the SharePoint databases if the limit is reached. Quotas can’t be applied at the site level in SharePoint. 15. D. To expand the quota for a single site collection, you can set the site collection to use the Individual Quota template and directly set the storage limits. The My Site Quota template is too small. Creating a new quota template will work but is not necessary, and unlocking the site collection will not allow the users to exceed their quota. 16. B. Pages/Sec is a counter available in Performance Monitor, not an object. 17. A. ASP.NET Applications is a Performance Monitor object, not a counter. 18. B. Using the createsiteinweb command, you can create a new site collection and a new content database at the same time. 19. B. A Performance Monitor alert can be configured to gather the information you need when available memory drops below a certain level. 20. B. Configuring usage analysis processing will make it possible to generate a report that will show you which WSS sites aren’t being used.

Chapter

12

Upgrading Windows SharePoint Services 3.0 from Windows SharePoint Services 2.0 MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:  Deploy Windows SharePoint Services 3.0 (WSS) 

Upgrade WSS 3.0 from WSS 2.0

So far in this book you’ve worked on Windows SharePoint Services (WSS) 3.0 servers that were new installations. But what if you already have a Windows SharePoint Services (WSS) 2.0 installation? If you are using the previous version, you probably already have valuable content stored in the existing system. You wouldn’t want to have to re- create that content, manually copy it, or leave it behind. You would want some way of upgrading the existing system to be a WSS 3.0 installation. So what options are available for upgrading from the previous version, and how do you decide what is the best approach? In this chapter, you will learn about the three different types of upgrades available to go from a WSS 2.0 to a WSS 3.0 installation. You’ll examine the strengths and weaknesses of each approach so you can choose the right approach for every situation. You’ll learn how to prepare existing WSS sites for an upgrade. You will also learn what happens to the WSS environment during an upgrade and how to take care of special circumstances like existing customizations. We’ll also discuss the steps that need to be completed on the new WSS 3.0 system after the upgrade has been completed. Finally, you’ll walk through the steps required to perform each type of upgrade on a sample system.

Upgrade Approaches Software upgrades are one of the facts of life if you are an Information Technology (IT) professional. It always seems like just when you get the previous version fully installed, functional, and stable, a new version is released. Sometimes moving to the new version means starting all over with a new installation. But sometimes there are upgrade paths that can take your existing environment and migrate it to the next version. For WSS there are several different approaches that can be used to get from the Windows SharePoint Services (WSS) 2.0 team site displayed in Figure 12.1 to the WSS 3.0 team site shown in Figure 12.2.

F I G U R E 1 2 .1

A WSS 2.0 team site

F I G U R E 12 . 2

An upgraded WSS 3.0 team site

490

Chapter 12



Upgrading Windows SharePoint Services 3.0

Upgrading Windows SharePoint Services (WSS) 2.0 is not as simple as just inserting the DVD and running setup.exe. First, you’ll need to analyze your existing WSS environment to decide what type of upgrade to use. There are three different ways that you can upgrade an existing WSS 2.0 environment to WSS 3.0. They are: In-Place Upgrade Upgrades the WSS system while leaving the content and configuration data in place. Gradual Upgrade Installs the new version on existing WSS servers without overwriting the existing version. Site collections are then migrated from one version to the other over time. Database Migration WSS 3.0 is installed on a new server. Content databases from the old WSS 2.0 environment are migrated to the new system one at a time. Once you’ve decided on an upgrade approach, you’ll need to prepare for the upgrade, perform the upgrade, and complete any post-upgrade processing. Choosing an appropriate upgrade method depends on a thorough knowledge of your existing system, resources available to you, and the risks involved in upgrading. Each of the three methods has specific benefits and challenges. So let’s examine each of the upgrade methods to enumerate the strengths and weaknesses of each approach. Once you understand the three methods, you’ll be able to decide which one is right for your existing environment.

In-Place Upgrade Running the Windows SharePoint Services 3.0 Setup Wizard on an existing WSS 2.0 server prompts you to choose between two of the upgrade approaches, in-place or gradual. As shown in Figure 12.3, the in-place upgrade is the default choice. F I G U R E 12 . 3

Upgrade options in the WSS 3.0 Setup Wizard

Upgrade Approaches

491

In the in-place upgrade process, the Windows SharePoint Services 2.0 installation is overwritten with Windows SharePoint Services 3.0. This process modifies the schema of the SQL content databases to work with Windows SharePoint Services 3.0. It also modifies the fi les in the IIS websites (web applications). This makes the in-place upgrade irreversible. Before beginning an in-place upgrade, you should test your backup solution since you will need to restore a backup if you need to recover from a failed upgrade. WSS websites are also not available to site visitors during the upgrade process. The outage window is the time it takes to upgrade the entire server farm, plus the time it takes to check and test the results of the upgrade. Site visitors will, however, be able to use the same URLs after the upgrade as they used before the upgrade. This is usually considered the best approach for small or single-server environments. It is also the preferred method for quick upgrades to development, testing, and staging environments. However, it should be noted that in-place upgrades of production environments cannot be easily recovered. This may cause you to consider using a different methodology for all production systems.

Gradual Upgrade The other upgrade option available in the Windows SharePoint Services 3.0 Setup Wizard is to do a gradual upgrade. When using this approach you will install a copy of WSS 3.0 on each existing WSS 2.0 server. These copies will exist side by side with the existing version, and the upgrade will be done by moving each site collection from the WSS 2.0 installation to the WSS 3.0 installation. The gradual upgrade process copies the site collection’s content from the original content database to a new content database. The content is then upgraded to WSS 3.0. The original content remains in the original database until the server administrator deletes it. So you can easily roll back an upgraded site collection to its original version if something goes wrong. Site collections other than the one being upgraded remain available during the upgrade. Only the site collection currently being upgraded is offl ine. This minimizes the effect of the upgrade process for most users. When the upgrade is complete, the original URL is pointed at the upgraded version of the site collection. This makes it possible to use the same URL as before the upgrade. For very large WSS farms a gradual upgrade is the best option because it allows administrators to control how many site collections are upgraded or offline at any point in time. Using this approach, large deployments can be upgraded a piece at a time over several weekends while continuing to host the site collections that have not yet been upgraded on the same server as the upgraded sites. A gradual upgrade is also usually the best approach for sites with pages customized using Front Page 2003 since the customized pages can be maintained in the upgraded environment.

492

Chapter 12



Upgrading Windows SharePoint Services 3.0

Upgrading a Production Web Site with Minimal Downtime Jeanne is the SharePoint farm administrator for a large multinational corporation that has been making extensive use of Windows SharePoint Services (WSS) 2.0. Recently it was decided that the company should move as quickly as possible to the newest version of SharePoint, Windows SharePoint Services (WSS) 3.0. Jeanne recently completed upgrading server hardware and has always kept the servers patched with service packs as they were released and tested. She originally considered upgrading their WSS environment using an in -place upgrade. But she estimated that upgrade and testing of the new environment would take over five days. Users have become dependent on the WSS environment to do their normal work and would not tolerate a five - day outage. So Jeanne has decided to use a gradual upgrade approach instead. She has organized the upgrade into five phases over five weekends. During each upgrade phase, one set of site collections will be upgraded over the weekend and tested. After each upgrade weekend, users will begin accessing the upgraded site collections using the original familiar URLs. Existing site collections will be unaffected by the upgrade process. Jeanne is confident that this approach will provide a controlled upgrade of her existing systems with a minimum of impact on the user community.

Database Migration Upgrade The third approach, database migration, always starts with a fresh installation of WSS 3.0 on a new server. When doing a database migration, you back up each content database from the old WSS 2.0 environment and copy it to the new WSS 3.0 environment. When you attach the content database to the new farm, the equivalent of an in-place upgrade runs and upgrades the database. Figure 12.4 shows the page in Central Administration used to connect an existing content database to the WSS 3.0 farm.

Upgrade Approaches

F I G U R E 12 . 4

493

Adding a content database to the farm

This is the best approach if you are moving to new hardware or redesigning the infrastructure of your deployment. When you perform a database migration, you perform an in-place upgrade on the databases, but you do not upgrade your server farm configuration data. This upgrade path has more manual steps than either an in-place or a gradual upgrade. But it can be the best option if you have custom web parts or custom- coded applications, since it gives you the most control over how to handle the customizations. Since the content is being copied from the old farm to the new one, you can revert back to the old farm at any point if there is a problem. But this also means that you will have to take additional steps if you want to maintain the same URLs in the new environment as the old. As with the gradual approach, you can take your time with this kind of upgrade. You can upgrade each virtual server (web application in WSS 3.0) separately and minimize the downtime for users of other virtual servers (web applications).

Chapter 12

494



Upgrading Windows SharePoint Services 3.0

The database -migration approach can be as granular as the gradual approach if each site collection is stored in its own content database. If a virtual server (web application) contains multiple content databases, then the site collection in the root-managed path must be upgraded first.

Choosing the Best Approach Choosing the best upgrade approach is dependent on several factors. Each of the approaches has specific advantages and limitations. You will need to answer the following questions to decide which approach is best for your situation. 

Is existing hardware adequate for WSS 3.0?



How much downtime can users tolerate?



Do the current URLs need to be maintained?



How customized is the current environment?



Is the current environment multilingual?



Do all the site collections need to be migrated?

TA B L E 1 2 .1

Upgrade Method Advantages and Problems

Method

Advantages

Limitations

Best For

In-place upgrade

Simplest method.

Entire farm is unavailable while being upgraded.

Single server or small uncustomized server farm.

Can’t easily revert to original site.

Development, testing, and staging environments.

Sites retain original URLs. Uses existing hardware.

Customizations hard to handle. Scalable hosting and AD account-creation modes not supported. Gradual upgrade

May stress performance Upgrade individual site col- on production servers. URLs must be redilections. rected during upgrade Reduces individual site process. downtime. Most granular approach.

Sites retain original URLs. Can revert to original site. Uses existing hardware.

Sites using Microsoft Office 2003 web parts.

Medium or large server farms. Upgrade that minimizes downtime without changing URLs.

Extra SQL Server storage required.

Highly customized WSS 2.0 installations.

Scalable hosting and AD account-creation modes not supported.

Sites using Microsoft Office 2003 web parts.

Handling Customizations

Method

Advantages

Database migration

Allows moving to new farm Higher risk due to or new hardware. complex process with manual. Moderate granularity.

Upgrading software and hardware at the same time.

Difficult to retain Upgrade at the web application or content data- original site URLs. base level. Customizations not WSS 2.0 farm is unaffected migrated, only content.

Those who need to minimize downtime or maximize performance in existing environment.

by upgrade process. Better performance than gradual upgrade process.

Limitations

495

Best For

Requires new hardware. Active Directory Account-Creation Mode Requires double or Scalable Hosting storage on SQL Server. Mode environments.

Handling Customizations As you saw in Chapter 9, “Managing Customization,” and Chapter 10, “Extending Windows SharePoint Services,” customizing and extending WSS 3.0 will be required in many instances to get the full functionality you desire from WSS. This was also true for WSS 2.0. But changes made with Microsoft Office FrontPage 2003 will present a challenge when upgrading to WSS 30. You’ll need to plan how to handle these customized pages during the upgrade process. You may also have extended your WSS 2.0 installation with custom site defi nitions, web parts, event handlers, and other custom code. These customizations may involve fi les stored in the 12 hive and may require special processing during an upgrade. Decisions on how you will handle these other customizations will be influenced by how extensive the customizations are, their complexity, and the upgrade approach you have chosen. Some approaches are better at handling specific types of customizations than others.

Customized Pages There are three general ways that customized pages can be handled during the upgrade: 1.

Keep the existing customizations.

2.

Remove the customizations.

3.

Redeploy the customizations.

Each of these methods of dealing with customized pages will limit the upgrade approaches you can use. We’ll look at the specifics for each method.

Keep the Customizations This method allows you to retain the same look and feel, but it may limit your ability to take advantage of some of the new capabilities available in WSS 3.0. For example, if you keep the pages that have been heavily customized by Front Page 2003, then you won’t be

496

Chapter 12



Upgrading Windows SharePoint Services 3.0

able to take advantage of the new master pages in WSS 3.0. There are three ways to keep existing customized pages: 1.

Use the gradual upgrade approach, but don’t upgrade sites with customized pages. This is usually just a short-term solution since you won’t want to run both WSS versions indefinitely.

2.

Do an in-place upgrade, but don’t reset sites to the site definition. This will retain the old look and feel, but some functionality like master pages won’t be available in the upgraded site.

3.

Do a gradual upgrade, but when you upgrade customized sites, don’t reset pages to the site definition. This can result in an uneven look and feel. Uncustomized pages will look like WSS 3.0, but customized pages will look like WSS 2.0. Like the in-place upgrade, this may limit functionality.

The default for both an in-place upgrade and a gradual upgrade is to retain customized pages in the content database. Custom web parts should be tested prior to upgrade because they may not work in the upgraded environment.

Remove the Customizations The introduction of master pages in WSS 3.0 will often make the customizations made to your WSS 2.0 site unnecessary. In this case you may choose to simply remove the customizations during the upgrade. After the upgrade is complete, you can customize the branding of your site using the newer capabilities available in WSS 3.0. If your site contains pages that were created using Front Page 2003, these pages are not in the original site definition. Reverting customized pages to the site definition will not affect these pages.

Redeploy the Customizations You may also choose to take advantage of the new capabilities in WSS 3.0 while wanting to maintain some of the specific customizations you created for WSS 2.0. There are three ways to redeploy the customizations: 1.

Do an in-place upgrade and do not reset the pages to the site definition. After the upgrade open the site and make a copy of the customizations. Then reset pages to the site definition and apply your customizations to the site’s master pages.

2.

Do a gradual upgrade and reset the customized pages to the site definition in the new site. Copy the customizations from pages in the original site, and apply them to master pages in the upgraded site by using Office SharePoint Designer (SPD) 2007.

3.

Do a database migration, which will automatically reset the pages to use the site definition. Then copy the customizations from pages in the original site and apply them to master pages in the new site.

Handling Customizations

497

Custom Web Parts and Other Coding Most code or web parts built to the WSS 2.0 standards will still work in the upgraded environment. However, because of changes in fi le locations and resetting pages to site defi nitions, custom code like web parts and event handlers may need to be redeployed after the upgrade. Web parts built on Microsoft ASP.NET 1.1 and obfuscated may also need to be rebuilt since it will be difficult to redeploy them. This is because the Obfuscator tool that worked with ASP.NET 1.1 does not work with Microsoft ASP.NET 2.0. All custom web parts or other custom code should be tested to verify that they work in the upgraded environment and redeployed if necessary.

Custom Site Definitions The format of site defi nitions has changed between WSS 2.0 and WSS 3.0. When upgrading you can use a site upgrade defi nition fi le to map custom site defi nitions in the WSS 2.0 environment to new site defi nitions in WSS 3.0. Using a site upgrade defi nition fi le, developers can transform sites based on a custom site defi nition to a new custom site defi nition in WSS 3.0. This can be used to automatically bring some customizations into the WSS 3.0 environment. An upgrade defi nition fi le is an XML fi le with the following sections: WebTemplate Specifies upgrade information for the web template as a whole. In this section, you need one WebTemplate tag per upgrade defi nition fi le. Lists Specifies upgrade information for each list or library in the template. In the Lists section, you need one List tag per list or library. Files Specifies upgrade information for the individual pages in the template. In the Files section, you need one File tag for each uncustomized page in the template. AppliedSiteFeature Specifies upgrade information for any site collection-level or subsitelevel features included in the template. In the AppliedSiteFeature and AppliedWebFeature sections, you need one Feature tag for each feature at that level in the template. AppliedWebFeature Specifies upgrade information for any subsite-level features included in the template. In the AppliedWebFeature section, you need one Feature tag for each feature at that level in the template. Upgrade definition files have a name that begins with the name of the site definition they map to. For example, if the custom site definition is called CORP, the name of the upgrade definition file should be something like CORP_upgrade.xml. Upgrade definition files are placed in the Config\Upgrade directory of the 12 hive. For more information about creating upgrade definition files, including a sample upgrade definition file, see the “Upgrade Definition Files” article at http://go.microsoft.com/fwlink/?LinkId= 109945&clcid=0x409.

498

Chapter 12



Upgrading Windows SharePoint Services 3.0

Site Themes WSS 3.0 uses a different set of themes than the ones used by WSS 2.0. So any site that uses a theme will be reset to the WSS 3.0 default theme when it is upgraded. If you want to retain the theme used in your WSS 2.0 sites, you must create a custom WSS 3.0 theme that matches the old theme. This new custom theme must then be applied to all your upgraded sites after the upgrade. For more information see the “How to: Customize Themes” article at: http://msdn.microsoft.com/en-us/library/aa979310.aspx.

The Upgrade Process Upgrades must be done by SharePoint farm administrators or members of the local server administrators group. During an upgrade the hierarchy and content of SharePoint site collections are retained. The WSS binaries, database schema, and security are updated to WSS 3.0. Depending on the upgrade approach used, web part customizations and custom site defi nitions may be also be updated. The decision to retain or discard web part customizations and site definition customizations can be made only during gradual upgrades.

No matter which approach you use, performing an upgrade can be divided into roughly three phases. These phases are 

Preparing for the upgrade



Performing the upgrade



Doing post-upgrade tasks

Preparing for the Upgrade Whichever upgrade approach you decide to use, you should complete several tasks before you proceed with the upgrade in case the upgrade process fails. These tasks include 

Verifying required software and hardware



Running a pre-upgrade scan



Running and testing a full backup

Verifying Required Software and Hardware The fi rst step required before performing any upgrade is to verify that you meet all the hardware and software requirements for WSS 3.0. For the in-place upgrade and the gradual upgrade, these requirements must be met by the existing WSS 2.0 servers. The hardware

The Upgrade Process

499

requirements listed in Table 12.2 and the software requirements listed in Table 12.3 are the same as the requirements for a new WSS 3.0 install. Servers installed in the new farm for the database migration approach will, of course, need to meet these requirements. TA B L E 1 2 . 2

WSS 3.0 Upgrade Hardware Requirements

Component

Minimum

Recommended

Processor

2.5 gigahertz (GHz)

Dual processors that are each 3 GHz or faster

RAM

1 gigabyte (GB)

2 GB

Disk

NTFS file system–formatted partition with a minimum of 3 GB of free space

NTFS file system–formatted partition with 3 GB of free space plus adequate free space for your websites

Drive

DVD drive

DVD drive or the source copied to a local or network-accessible drive

Display

1024 × 768

1024 × 768 or higher-resolution monitor

Network

56 kilobits per second (Kbps) connection between client computers and server

56Kbps or faster connection between client computers and server

The gradual and database -migration approaches maintain two copies of some or all of the WSS content while upgrades are in process. For these approaches it is essential that you have enough storage space on your SQL Server to accommodate the additional content. TA B L E 1 2 . 3

WSS 3.0 Upgrade Software Requirements

Software

Minimum

Recommended

Operating System

Windows Server 2003 SP1t

Windows Server 2003 SP1 or later

SQL

SQL Server 2000 SP3a

SQL Server 2005 SP1 or later

.NET

.NET Framework 3.0

.NET Framework 3.0 or later

IIS

IIS 6.0

IIS 6.0 or later

ASP.NET

ASP.NET 2.0

ASP.NET 2.0

500

Chapter 12



Upgrading Windows SharePoint Services 3.0

In addition to meeting these minimum requirements, you should also verify that all web front- end servers are configured identically. This includes drive letters, websites, application pools, and service accounts. The upgrade process may fail if there are configuration inconsistencies.

Pre-upgrade Scan Before you can upgrade a WSS 2.0 installation using any of the approaches you must run a pre-upgrade scan using prescan.exe. Prescan.exe can be downloaded directly from Microsoft and is also available in the Bin directory of the 12 hive of a WSS 3.0 server installation. This scan will search the existing installation looking for things that could cause a problem during an upgrade. There are five specific potential problems that will be reported by the scan: Customized Site Templates Identify sites built from custom site defi nitions and templates. You will need to map new custom site defi nitions to them during the upgrade to maintain the customizations. Orphaned Objects These are objects that have become disconnected from the normal hierarchy in WSS. These include list items, lists, documents, websites, and site collections that are in the database but not reachable by the WSS hierarchy. They can cause a problem in the upgraded site and should be removed prior to the upgrade. A gradual upgrade will automatically ignore orphaned items, but the other approaches will try to duplicate them. Custom Web Parts Most custom web parts will continue to work in the upgraded system, but all custom web parts should be tested to verify that they will work before they are upgraded. Custom web parts must be redeployed when using the database migration approach. Custom Controls Some custom controls, like the Microsoft Office 2003 web components, cannot be installed directly in WSS 3.0. These controls must be upgraded in place using either the in-place or gradual approach. Other controls may not work at all in WSS 3.0 and must be removed prior to an upgrade. Additional Languages Upgraded sites will be upgraded to only the default language of the server for WSS 3.0. Missing WSS 3.0 language packs will need to be installed after upgrade to return full language support to the upgraded system. You should not proceed with an upgrade unless the numbers of broken sites, broken webs, and webs using custom templates are all zero. WSS 2.0 SP2 contains an update to stsadm, which you can use to remove orphans from a content database. To delete orphaned items use the databaserepair operation with the optional deletecorruption switch, as shown in the following sample command line: stsadm -o databaserepair -url http://WSS01 -databasename WSS_Content_WSS01 deletecorruption

The Upgrade Process

501

E X E R C I S E 1 2 .1

Running the Pre - upgrade Scan Prior to doing any upgrade you should always run a pre - upgrade scan. In this exercise you will perform a scan on a WSS 2.0 farm. After the scan completes you will retrieve and examine the logs. Note: Exercises in this chapter require access to a WSS 2.0 farm. If you don’t have a WSS 2.0 installation, you should still familiarize yourself with the steps prior to the exam.

1.

Download prescan.exe and preupgradescanconfig.xml from the Microsoft download site at http://go.microsoft.com/fwlink/?LinkId=92383 and store them on the WSS 2.0 server in C:\prescan.

2.

Click the operating system Start button in the lower left-hand corner of the server desktop. Select Command Prompt from the Start menu.

3.

Type the following command into the command prompt and hit Enter.

prescan /c preupgradescanconfig.xml /ALL A percentage value will appear, showing progress. An “operation successful” message is displayed when the scan completes. The name and location of a log file and a summary file are also displayed. The prescan output should look similar to the following screenshot:

502

Chapter 12



Upgrading Windows SharePoint Services 3.0

E X E R C I S E 1 2 .1 ( c o n t i n u e d )

4.

Navigate to the files listed in the prescan output screen. Double - click the PreupgradeReport . . . log file and open it in Notepad. Your output should look something like the following screenshot:

5.

Double click the PreupgradeReport . . . xml file and open it in Internet Explorer. Your output should look something like the following screenshot:

The Upgrade Process

503

Run and Test a Full Backup It is always important to have a good backup of your WSS environment. But it’s particularly important that you have a reliable backup when doing an upgrade. When using the inplace approach, restoring a backup will be the only way to get back to the pre-upgrade environment if the upgrade fails. Although the other approaches leave the pre-upgrade environment in place, it’s still a good idea to have a backup in case anything unexpected occurs. You should also test your backup to validate that you can restore it before proceeding with the upgrade. Also make sure your backup strategy includes everything you will need to rebuild the farm in case of a problem. This should include customizations like site defi nitions, web parts, IIS metabase, and any other fi les you might have changed.

Performing an In-Place Upgrade The following changes are made during an in-place upgrade: 

The binary files for WSS 3.0 are installed on the server, and the Farm configuration database is upgraded to a version compatible with WSS 3.0.

Chapter 12

504



Upgrading Windows SharePoint Services 3.0



The content databases are modified to a version compatible with WSS 3.0. This is why an in-place upgrade can’t be rolled back to the previous version.



The original sites are upgraded to WSS 3.0, and the URL addresses remain the same

All the site collections in the farm are unavailable during the upgrade. You will normally keep them unavailable to users until after you have tested the upgrade. The next exercise contains the steps required to perform an in-place upgrade. The exercise assumes that all pre-upgrade steps, including running prescan.exe, have already been completed. E X E R C I S E 12 . 2

Performing an In - Place Upgrade Note: Exercises in this chapter require access to a WSS 2.0 farm. If you don’t have a WSS 2.0 installation, you should still familiarize yourself with the steps prior to the exam.

1.

Download the 32-bit WSS 3.0 Setup program from the Microsoft download site at http://www.microsoft.com/downloads/details.aspx?FamilyId=D51730B5-48FC-4CA2-B4548DC2CAF93951& displaylang=en and store it on the WSS 2.0 server in C:\WSS3.

2.

Open Windows Explorer to C:\WSS3 and double - click on SharePoint.exe. Wait for the files to be extracted and the Microsoft Software License Terms page to appear. Note: If you receive a warning about prerequisite software not being installed, exit and install the required software before running step 2.

3.

Select the I Accept the Terms of This Agreement check box on the Read the Microsoft Software License Terms page, and click the Continue button.

4.

Make sure that the Yes, Perform an Automated In - Place Upgrade radio button is checked on the Upgrade Earlier Versions page.

5.

Click the Install Now button. Wait for the Installation Progress page progress bar to complete.

6.

On the final page, click Close. Wait for the SharePoint Products and Technologies Configuration Wizard to start.

7.

Click Next on the SharePoint Products and Technologies Configuration Wizard Welcome to SharePoint Products and Technologies page.

8.

A dialog box appears, notifying you that Internet Information Services (IIS), the SharePoint Administration Service, and the SharePoint Timer Service may need to be restarted or reset during configuration. Click Yes.

9.

A second dialog box appears, notifying you that you will need to download and install new language template packs after you finish if you’re using other languages. Click OK.

10. On the Configure SharePoint Central Administration Web Application page, do the following: 



Accept the default randomly assigned port number. In the Configure Security Settings section, select either Negotiate (Kerberos) or NTLM, depending on your environment.

The Upgrade Process

505

11. Click Next. 12. Click Next on the Completing the SharePoint Products and Technologies Configuration Wizard page. Wait for the configuration wizard to complete.

13. A message appears notifying you that if you have a server farm with multiple servers, you must run Setup on each server to install new binary files before continuing the configuration wizard. 

If this is the only server in your farm, no other actions are necessary.



If you have other servers in your farm, run SharePoint.exe on all the other servers.

14. Click OK to continue the configuration wizard. Wait for the configuration wizard to finish. 15. Click Finish on the Configuration Successful page after reviewing the settings that have been configured.

16. The SharePoint Products and Technologies Configuration Wizard closes, and the Upgrade Running page in the Central Administration website appears. If you are prompted to log in, enter your user name and password.

17. When the upgrade finishes you will see a status page similar to the screenshot below.

506

Chapter 12



Upgrading Windows SharePoint Services 3.0

Performing a Gradual Upgrade The following changes are made during a gradual upgrade: 

Each site collection or group of site collections is upgraded separately. The root site collection must be upgraded first.



The content is copied from the original content database to a new content database, and then the database is upgraded to version 3.0.



Original sites are locked as Updates Only after they have been copied and upgraded.



The original content database is not upgraded. It must be deleted manually by a farm administrator. Until the original content databases are deleted, the upgrade can be rolled back.



After the new content database is upgraded, the site collection URL is pointed at the new version of the site. Old site collections will no longer be directly addressable.

Most of the site collections in the farm remain available during the upgrade. Only site collections currently being upgraded are unavailable. However, you will normally keep upgraded sites unavailable until after you have tested them. The next exercise contains the steps required to perform a gradual upgrade. The exercise assumes that all pre-upgrade steps, including running prescan.exe, have already been completed. E X E R C I S E 12 . 3

Performing a Gradual Upgrade Note: Exercises in this chapter require access to a WSS 2.0 farm. If you don’t have a WSS 2.0 installation, you should still familiarize yourself with the steps prior to the exam.

1.

Download the 32-bit WSS 3.0 Setup program from the Microsoft download site at http://www.microsoft.com/downloads/details.aspx?FamilyId=D51730B5-48FC-4CA2-B4548DC2CAF93951& displaylang=en and store it on the WSS 2.0 server in C:\WSS3.

2.

Open Windows Explorer to C:\WSS3 and double - click on SharePoint.exe. Wait for files to be extracted and the Microsoft Software License Terms page to appear. Note: If you receive a warning about prerequisite software not being installed, exit and install the required software before running step 2.

3.

Select the I Accept the Terms of This Agreement check box on the Read the Microsoft Software License Terms page, and click the Continue button.

4.

Select the Yes, Perform a Gradual Upgrade radio button on the Upgrade Earlier Versions page.

5.

Click the Install Now button. Wait for the Installation Progress page progress bar to complete.

The Upgrade Process

507

6. Click the Close button on the final page. Wait for the SharePoint Products and Technologies Configuration Wizard to start.

7. Click Next on the SharePoint Products and Technologies Configuration Wizard Welcome to SharePoint Products and Technologies page.

8. Click Yes on the dialog box notifying you that Internet Information Services (IIS), the SharePoint Administration Service, and the SharePoint Timer Service may need to be restarted or reset during configuration.

9. Click OK on the dialog box notifying you that you will need to download and install new language template packs after you finish if you’re using other languages.

10. Click the No, I Want to Create a New Server Farm radio button on the Connect to a Server Farm page.

11. On the Specify Configuration Database Settings page, fill in the following: 





In the Database Server text box, type the name of the server running Microsoft SQL Server. In the Database Name text box, type a database name for the farm configuration database. In the Specify Database Access Account section, type the username and password of the SQL connection account you want to use to connect to SQL Server.

12. Click Next. Wait for the Configure SharePoint Central Administration Web Application page to appear.

13. Click Next on the Configure SharePoint Central Administration Web Application page to accept the default settings. 



Accept the default randomly assigned port number. In the Configure Security Settings section, select either Negotiate (Kerberos) or NTLM, depending on your environment.

14. Click Next on the Completing the SharePoint Products and Technologies Configuration Wizard page. Wait for the configuration wizard to complete.

15. Click Finish on the Configuration Successful page after reviewing the settings that have been configured. The Central Administration website will appear automatically. If you are prompted to log in, enter your username and password.

16. Select the Operations tab and wait for the Operations page to appear.

Chapter 12

508



Upgrading Windows SharePoint Services 3.0

E X E R C I S E 12 . 3 (continued)

17. Click the Site Content Upgrade Status link in the Upgrade and Migration section. Wait for the Site Content Upgrade Status page to appear. You will see a page similar to the screenshot below.

18. Click Begin Upgrade on the Site Content Upgrade Status page next to the URL you want to upgrade.

19. On the Set Target Web Application page, fill in the following: 







In the Web Application to Upgrade section, verify that the web application you want to upgrade appears. In the New URL for Original Content section, in the Port box, type a port number. In the New URL for Original Content section, in the Host Header box, type the host header to use (if needed). In the Application Pool for New Web Application section, select the Use Existing Application Pool radio button.

The Upgrade Process



509

In the Application Pool for New Web Application section, select an existing application pool from the drop - down menu.



In the Reset Internet Information Services section, select Restart IIS Automatically.



In the Security Configuration section, under Authentication Provider, select NTLM.



In the Content Databases section, select Automatic Database Name Selection.

20. Click OK. An Operation in Progress page appears while the new web application is created. Wait for the Site Collection Upgrade page to appear.

21. Select the check boxes next to the sites you want to upgrade on the Site Collection Upgrade page.

22. Click Upgrade Sites, and wait for the Sites Selected for Upgrade page to appear. 23. Click Upgrade Sites after you verify the number of site collections, the storage used, the originating database, and the target database. Wait for an Upgrade Running page similar to the following screenshot to appear. This page will refresh every minute, showing the status of the upgrade job until it completes.

510

Chapter 12



Upgrading Windows SharePoint Services 3.0

E X E R C I S E 12 . 3 (continued)

24. Navigate to the address of one of the site collections that you upgraded to check the upgrade.

Performing a Database Migration The following changes are made during a database migration: 

The binary files for WSS 3.0 are installed on a new server and a new Farm configuration database is created.



New web applications are created in the new farm for each of the existing virtual servers in the WSS 2.0 farm. Unless special steps are taken, site collections in the new farm will have different URL addresses after the upgrade.

The Upgrade Process

511



Backups of the original content databases are attached to the new web applications. Each database is upgraded in the same way that it would be for an in-place upgrade. Since the upgrade takes place on a backup copy, the original content databases remain unchanged.



The original sites are not upgraded to WSS 3.0, and the URL addresses remain the same. The WSS 2.0 farm must be manually uninstalled after the upgrade is complete.

All the original site collections in the farm remain available during the upgrade. You will normally put them in a read- only state until after you have tested the upgrade. After testing you will remove the old WSS 2.0 farm and either instruct users to use new URL addresses or modify the addressing of the upgraded sites to use the old addresses. The next exercise contains the steps required to perform a database migration. The exercise assumes that all pre-upgrade steps, including running prescan.exe, have already been completed. You can also use the database-migration approach to upgrade a WSS 2.0 standalone install that uses Microsoft SQL Server 2000 Desktop Engine (WMSDE) instead of SQL to a full WSS 3.0 environment. Steps for this type of upgrade can be found here: Migrating from WMSDE to SQL Server 2005: http://office.microsoft.com/en-us/ winsharepointadmin/HA100363461033.aspx. E X E R C I S E 12 . 4

Performing a Database Migration Upgrade Note: Exercises in this chapter require access to a WSS 2.0 farm. If you don’t have a WSS 2.0 installation, you should still familiarize yourself with the steps prior to the exam.

1.

From the Administrative Tools menu, select the SharePoint Central Administration link, and wait for the home page of the Central Administration website to appear.

2.

Click Manage Quotas and Locks on the Central Administration Home page in the Component Configuration section.

3.

Click the Manage Site Collection Quotas and Locks link on the Manage Quotas and Locks page.

4.

Type the URL of a site collection in the Enter the Top - Level Web Site URL box.

5.

Click the View Data button. Wait for the Manage Site Collection Quotas and Locks page to appear.

Chapter 12

512



Upgrading Windows SharePoint Services 3.0

E X E R C I S E 12 . 4 (continued)

6.

Select the Adding Content Prevented radio button in the Site Lock Information section of the Manage Site Collection Quotas and Locks page.

7.

Type Locked for Upgrade in the Additional Lock Information text box.

8.

Click OK.

9.

Repeat steps 4 – 8 for each site collection in the content database.

10. Back up the existing content database in SQL. See the following links for detailed instructions:



SQL 2000 - Performing Complete Database Backups: http://technet.microsoft .com/en-us/library/cc966495.aspx#E0BB0AA



SQL 2005 - How to: Back Up a Database (SQL Server Management Studio): http://msdn.microsoft.com/en-us/library/ms187510.aspx

The Upgrade Process

513

11. Restore the backup copy as a new database on your existing SQL Server or a new SQL Server: 





SQL 2000 - Restoring a Complete Backup to a New Database on the Same Server: http://technet.microsoft.com/en-us/library/cc966495.aspx#E5AA SQL 2000 - Restoring a Complete Backup to a New Server: http://technet .microsoft.com/en-us/library/cc966495.aspx#E4AA SQL 2005 - How to: Create a New Database From an Existing Database Backup (SQL Server Management Studio): http://msdn.microsoft.com/en-us/library/ms186390 .aspx

12. Install WSS 3.0 on a new computer in a new farm. Note: You learned how to install WSS 3.0 in Chapter 3, “Installing and Deploying Windows SharePoint Services 3.0.”

13. Create a new web application for each virtual server in the existing WSS 2.0 environment. Do not create any site collections in the new web application. Note: You learned how to create new web applications in Chapter 4, “Configuring the Windows SharePoint Services 3.0 Environment.”

14. Click the operating system Start button in the lower left-hand corner of the server desktop. Select Command Prompt from the Start menu. Note: You cannot add a content database that needs to be upgraded using the Manage Content Databases page in the Central Administration website because the session might time out during the add. You must add the database using the stsdm command -line utility.

15. Type the following command into the command prompt and hit Enter: cd “\Program Files\Common Files\Microsoft Shared\Web server extensions\ 12\Bin”

16. Type the following command into the command prompt and hit Enter: Stsadm -o addcontentdb -url -databasename

where is the URL of the web application to which the content database is being added and is the name of the database that you want to add.

17. Navigate to the address of one of the site collections in the content database that you reattached to check the upgrade.

Post-Upgrade Tasks No matter which upgrade approach you use, there are certain tasks that will need to be performed after the upgrade is completed. Many of these tasks are similar for all the approaches, but some are specific to only one approach. In the next several sections we will look at the list of tasks that need to be performed for each of the upgrade approaches.

514

Chapter 12



Upgrading Windows SharePoint Services 3.0

In-Place Upgrade 

Finalize the upgrade in the Central Administration website. Figure 12.5 shows the warning message you receive when you are finalizing an upgrade.

F I G U R E 12 . 5

Finalizing an upgrade



Remove any WSS 2.0 language packs installed on the server and replace them with appropriate WSS 3.0 language packs.



Reapply any customizations you made to the blocked file type settings.



Uninstall WSS 2.0 from all servers. As the Add or Remove Programs screen in Figure 12.6 shows, WSS 2.0 remains installed even after the server is upgraded to WSS 3.0.

The Upgrade Process

F I G U R E 12 . 6

Uninstalling WSS 2.0

Gradual Upgrade 

Delete WSS 2.0 site collections after they have been upgraded and tested.



Finalize the upgrade in the Central Administration website.



Remove any WSS 2.0 language packs installed on the server and replace them with appropriate WSS 3.0 language packs.



Reapply any customizations you made to the blocked file type settings.



Uninstall WSS 2.0 from all servers.

Database Migration 

Point the original URLs to the newly updated site collections.



Delete WSS 2.0 site collections after they have been upgraded and tested.



Remove any WSS 2.0 language packs installed on the server and replace them with appropriate WSS 3.0 language packs.



Reapply any customizations you made to the blocked file type settings.



Uninstall WSS 2.0 from all servers.

515

516

Chapter 12



Upgrading Windows SharePoint Services 3.0

Summary In this chapter you learned about the three different ways to upgrade an existing WSS 2.0 installation to WSS 3.0. You learned how to prepare for the upgrade, how to conduct an upgrade, and how to fi nalize when you get fi nished. Along the way you looked at how to handle customizations and other specific situations that can make an upgrade difficult. You learned about the following specific topics: 

The three upgrade approaches available to go from WSS 2.0 to WSS 3.0



The strengths and weaknesses of each approach



How to prepare existing WSS 2.0 sites for an upgrade



What changes are made to the WSS environment during an upgrade



How to take handle customizations during an upgrade



How to finalize an upgrade after processing is finished

Exam Essentials Understand the available upgrade approaches. Be able to name the three upgrade approaches. Understand the advantages and limitations of each upgrade approach. Know specific situations that require the use of one of the approaches. Know how to plan to handle customizations. Recognize what types of customizations exist. Know how to identify potential problems using prescan.exe. Understand how different customizations can be handled during and after an upgrade. Be aware of the prerequisites for conducting an upgrade. Know what the software requirements are for upgrading an installation. Know what the hardware requirements are for upgrading an installation. Understand why running prescan.exe is required before an upgrade. Understand how to complete an upgrade. Be aware of the cleanup required after an update is complete. Know how to fi nalize an in-place or gradual upgrade. Know how to plan to handle customizations. Understand what you can do with customized pages. Be aware of potential issues when upgrading web parts and custom code. Understand how to handle mapping custom site defi nitions.

Review Questions

517

Review Questions 1.

You have deployed Microsoft Windows SharePoint Services (WSS) 2.0 with a single-site collection. You want to upgrade it to WSS 3.0. You would like to maintain existing URLs. What should you do? A. Install WSS 3.0 on a new server and configure an alternate access mapping that refers to the WSS 2.0 server.

2.

B.

Run the WSS 3.0 setup on the existing servers’ WSS 2.0 servers and do an in-place upgrade.

C.

Install a new WSS 3.0 farm. Attach the content database to a new Microsoft SQL Server 2005 instance. Create an alias (CNAME) record that references the old server name.

D.

Install a new WSS 3.0 farm. Use Smigrate.exe to migrate the site collection to the new farm.

You upgrade a Microsoft Windows SharePoint Services (WSS) 2.0 server to WSS 3.0. The WSS 2.0 sites supported English, French, and Spanish. After the upgrade, users report that they can only access sites in English. You need to ensure that users can access sites in all three languages. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) A. Create two new copies of the content database. Alter the SQL collations on the databases to match the French and Spanish character sets.

3.

B.

Install the French and Spanish language packs on the WSS 3.0 server.

C.

Install the Windows Server 2003 French and Spanish operating system language packs.

D.

Run the SharePoint Products and Technologies Configuration Wizard.

You are planning to upgrade your existing WSS 2.0 system to WSS 3.0. You are concerned about how to handle the custom site definitions in the current environment. What can you do? A. You do an in-place upgrade. B.

You build the new WSS 3.0 sites and manually copy content from the WSS 2.0 system to the new sites.

C.

You do a database migration to upgrade the existing sites to the new sites.

D.

You create a new WSS 3.0 site definition that matches the existing WSS 2.0 custom site definition. You create and deploy an upgrade definition file that maps the old site definition to the new one.

Chapter 12

518

4.



Upgrading Windows SharePoint Services 3.0

You are a network administrator for your company. You have deployed Microsoft WSS 2.0 in a server farm with five front- end web servers named WSS01, WSS02, WSS03, WSS04, and WSS05 and a single SQL Server named SQL01. You have over 100 site collections and about 2,000GB of content total. Many people in your company depend on WSS. You want to upgrade to WSS 3.0 but need to minimize the amount of downtime involved to off hours. Your existing sites have minimal customization. What should you do? A. Perform an in-place upgrade of the existing system.

5.

B.

Use the gradual upgrade approach to migrate the existing site collections.

C.

Use the database migration method to move the content to a new farm.

D.

Install a new WSS 3.0 environment and manually copy content to the new system.

You are a network administrator for your company. You have deployed Microsoft WSS 2.0 on a single server using the typical installation option. You want to upgrade to WSS 3.0. During the upgrade you would like to migrate your content to a new SQL Server in your environment. What should you do? A. Install a new WSS 3.0 farm with a single WFE server and a SQL Server. Back up the existing MSDE content database and restore it to the new SQL Server. Attach the restored database to the new WSS 3.0 farm.

6.

B.

Use the gradual upgrade approach to migrate the existing system.

C.

Perform an in-place upgrade of the existing system.

D.

Install a new WSS 3.0 environment and manually migrate content to the new system.

You have deployed Microsoft WSS 2.0 in a server farm with one front- end web server named WSS01 and a SQL Server named SQL01. You have over 20 site collections with about 15GB of content each. Microsoft Office 2003 web components are installed on the existing system. You want to upgrade to WSS 3.0 with the least amount of effort. Your existing sites have minimal customization. What should you do? A. Install a new WSS 3.0 environment and manually migrate content to the new system.

7.

B.

Perform an in-place upgrade of the existing system.

C.

Use the database migration method to move the content to the new farm.

D.

Use the gradual upgrade approach to migrate the existing system.

You used the in-place upgrade approach to upgrade your existing WSS 2.0 installation to WSS 3.0. When the site collection administrators check the new sites, they find that colors and graphics on the sites have changed to the default WSS 3.0 colors. How can you correct the problem? A. Create a custom WSS 3.0 master page and use it on the new sites. B.

Do a gradual upgrade instead of an in-place upgrade.

C.

Create a custom WSS 3.0 theme to match the original WSS 2.0 themes that were used on the sites. Have the site collection administrators apply the new theme.

D.

Do a database upgrade instead of an in-place upgrade.

Review Questions

519

8. You recently upgraded your WSS 2.0 farm to WSS 3.0 using the database migration approach. Users are now calling and saying that one of the web parts that they used in the original system is no longer available. What do you do? A. Create a new custom web part with the same functionality as the original. Deploy the new web part to the upgraded farm. B.

Revert to your original WSS 2.0 environment so that the users have access to the web part. Postpone the upgrade until you can figure out why the web part is missing.

C.

Tell users that WSS 2.0 custom web parts can’t be used in a WSS 3.0 farm.

D.

Reinstall the original web part in the new WSS 3.0 farm.

9. You have deployed Microsoft WSS 2.0 in a server farm with two front- end web servers named WSS01 and WSS02. You are using a single SQL Server named SQL01. You have over 30 site collections with about 10GB of content each. Your developers have deployed a number of custom web parts. All the custom web parts have been tested and will work in WSS 3.0. You want to upgrade to WSS 3.0 but need to minimize the amount of downtime involved to off hours. You also don’t want to have to reinstall all the custom web parts. What should you do? A. Use the database migration method to move the content to the new farm. B.

Use the gradual upgrade approach to migrate the existing system.

C.

Perform an in-place upgrade of the existing system.

D.

Install a new WSS 3.0 environment and manually migrate content to the new system.

10. You are upgrading a WSS 2.0 environment that was originally installed to use Active Directory Account Creation Mode authentication. Which upgrade approaches can you use? (Choose two answers. Each answer represents a complete solution.) A. Install a new WSS 3.0 environment and manually migrate content to the new system. B.

Perform an in-place upgrade of the existing system.

C.

Use the database migration method to move the content to the new farm.

D.

Use the gradual upgrade approach to migrate the existing system.

11. You have deployed Microsoft WSS 2.0 in a server farm that you will use for development consisting of one front- end web server named WSS01. You are using a single SQL Server named SQL01. You have five site collections in your development environment. You want to upgrade to WSS 3.0 and are not concerned about the amount of downtime involved. What is the best approach to use? A. Perform an in-place upgrade of the existing system. B.

Use the gradual upgrade approach to migrate the existing system.

C.

Use the database migration method to move the content to the new farm.

D.

Install a new WSS 3.0 environment and manually migrate content to the new system.

Chapter 12

520



Upgrading Windows SharePoint Services 3.0

12. You are performing an in-place upgrade of your existing WSS 2.0 environment. What are the steps that you need to do as part of your post-upgrade processing? (Choose all that apply.) A. Create alias (CNAME) records in DNS for each upgraded website. B.

Uninstall WSS 2.0.

C.

Finalize the upgrade in the Central Administration website.

D.

Delete the old WSS 2.0 site collections after they have been upgraded.

13. You just finished an upgrade of a WSS 2.0 farm. During testing you find that some of the custom web parts that you used in the original farm were not upgraded. The web parts were obfuscated using the tools in Visual Studio 2003 when they were originally developed. What must you do to get the web parts running in the new environment? A. Copy the web part .DWP files from the WSS 2.0 environment to the web part gallery in WSS 3.0. B.

Rerun the upgrade after deploying an upgrade definition file.

C.

Redeploy the original WSS 2.0 web parts.

D.

Rebuild and redeploy the web parts using ASP.NET 2.0.

14. You have deployed Microsoft WSS 2.0 in a server farm with one front- end web server named WSS01 and a SQL server named SQL01. You have over 20 site collections with about 15GB of content each. Microsoft Office 2003 web components are installed on the existing system. You want to replace SQL01 with a new, more-powerful server named SQL02 during the upgrade process. Your existing sites have minimal customization. What should you do? A. Install a new WSS 3.0 environment and manually migrate content to the new system. B.

Perform an in-place upgrade of the existing system.

C.

Use the database migration method to move the content to the new farm.

D.

Use the gradual upgrade approach to migrate the existing system.

15. You are upgrading a WSS 2.0 environment that was originally installed to support Scalable Hosting Mode. Which upgrade approaches can you use? (Choose two answers. Each answer represents a complete solution.) A. Perform an in-place upgrade of the existing system. B.

Use the gradual upgrade approach to migrate the existing system.

C.

Use the database migration method to move the content to the new farm.

D.

Install a new WSS 3.0 environment and manually migrate content to the new system.

16. You are planning a complete redesign of your WSS environment when you upgrade. This includes eliminating some site collections and moving some site collections to different web applications. Which upgrade approach should you use? A. Use the database migration method to move the content to the new farm. B.

Use the gradual upgrade approach to migrate the existing system.

Review Questions

521

C.

Perform an in-place upgrade of the existing system.

D.

Install a new WSS 3.0 environment and manually migrate content to the new system.

17. You attempt to upgrade your WSS 2.0 farm using a gradual update. When site collection administrators test the upgraded sites, they report that there are too many problems. None of the content databases have been removed from the SQL server. You decide to go back to the original farm. What should you do? A. Change the site collection’s IP addresses in the Domain Name System (DNS). B.

Uninstall WSS 3.0 and restore a full WSS 2.0 backup.

C.

Go to the Site Collection Upgrade page in the Central Administration website and use the Revert Site link.

D.

Delete the new WSS 3.0 site collections.

18. You attempt to upgrade your WSS 2.0 farm using a gradual update. When site collection administrators test the upgraded sites, they report that there are too many problems. You have already removed the content databases of the WSS 2.0 sites that have been upgraded. You decide to go back to the original farm. What do you do? A. Change the site collection’s IP addresses in the Domain Name System (DNS). B.

Uninstall WSS 3.0 and restore a full WSS 2.0 backup.

C.

Go to the Site Collection Upgrade page in the Central Administration website and use the Revert Site link.

D.

Delete the new WSS 3.0 site collections.

19. You attempt to upgrade your WSS 2.0 farm using an in-place upgrade. When site collection administrators test the upgraded sites, they report that there are too many problems. You decide to go back to the original farm. How do you do it? A. Change the site collection’s IP addresses in the Domain Name System (DNS). B.

Delete the new WSS 3.0 site collections.

C.

Go to the Site Collection Upgrade page in the Central Administration website and use the Revert Site link.

D.

Uninstall WSS 3.0 and restore a full WSS 2.0 backup.

20. You are upgrading a WSS 2.0 farm to WSS 3.0 using the gradual approach. The servers have not been recently updated. Which of the following software packages are required before you can perform the upgrade? (Choose all that apply.) A. .NET Framework 3.0 B.

WSS 2.0 Service Pack 2

C.

SQL Server 2003 SP3a or SQL Server 2005 SP1

D.

Internet Information Server (IIS) 7.0

522

Chapter 12



Upgrading Windows SharePoint Services 3.0

Answers to Review Questions 1. B. You should run an in-place upgrade on the existing server farm. Creating an alternate access mapping will not redirect users to an existing WSS 2.0 installation. Smigrate.exe is a WSS 2.0 utility that won’t work in WSS 3.0, and creating a CNAME record won’t work unless the old servers are retired fi rst. 2. B, D. You need to install the two WSS 3.0 language packs and then run the SharePoint Products and Technologies Configuration Wizard to make French and Spanish available to WSS 3.0 sites. SharePoint does not use the operating system language packs, and changing the SQL collation won’t do anything. 3. D. You must create a new WSS 3.0 site defi nition and map it to the old WSS 2.0 site defi nition using an upgrade defi nition fi le. 4. B. You should use the gradual upgrade approach. You can migrate some site collections each weekend for several weeks until the whole farm is upgraded. You shouldn’t do an inplace upgrade because the whole farm will need to be down until the upgrade is complete. You could do a database migration or rebuild all the site collections from scratch, but these both adds unnecessary complexity and require additional hardware. 5. A. You must use the database migration method to move from a typical install that uses MSDE to a new farm using a SQL Server. Neither the gradual nor the in-place approach can be used to upgrade the storage used to a SQL Server. Creating a new environment and copying all the data takes too much effort. 6. B. Microsoft Office 2003 web components must be upgraded. They can’t be installed directly on WSS 3.0, so you must use either the in-place or gradual update approach. Your system is a relatively small single-server installation with little customization, so it will be easiest if you use the in-place upgrade approach. 7. C. Themes are not the same in WSS 3.0 as they are in WSS 2.0. You must create a new WSS 3.0 theme and apply it to the new sites. 8. D. Custom web parts depend on resources that are not stored in the content database. So you will need to reinstall the original web part on the new server that you migrated to. You don’t need to create a new custom web part or tell users that the custom web part can’t be used. You also don’t need to revert to the original system. 9. B. You should use the gradual upgrade approach. You can migrate some site collections each weekend for several weeks until the whole farm is upgraded. You shouldn’t do an in-place upgrade because the whole farm would need to be down until the upgrade is complete. You could do a database migration or rebuild all the site collections from scratch, but these would require reinstallation of all the custom web parts. 10. B, D. Account Creation Mode installations can only be upgraded using the in-place or gradual upgrade approach.

Answers to Review Questions

523

11. A. In-place upgrades are the fastest and easiest way to upgrade small development or testing environments. 12. B, D. You should fi nalize the upgrade in the Central Administration website and uninstall WSS 2.0. You need to delete old site collections only when doing a gradual upgrade. You need to create CNAME records in DNS only for a database migration upgrade. 13. D. ASP.NET 2.0, which is used by WSS 3.0, does not recognize the obfuscation used in ASP.NET 1.1, so you will need to rebuild and redeploy the web parts using ASP.NET 2.0. 14. C. You should use the database migration method so you can introduce new servers into the environment during the upgrade process. 15. B, D. Scalable Hosting Mode installations can be upgraded using only the in-place or gradual upgrade approach. 16. D. Since you cannot change the hierarchy of your sites, site collections, and web applications using any of the three upgrade approaches, it would be best if you install a new WSS 3.0 environment and manually migrate content from the existing WSS 2.0 environment to the new one. 17. C. You should use the Revert Site link on the Site Collection Upgrade page in the Central Administration website. 18. B. Since you have already removed the old content databases, you cannot roll back the upgrade. You will have to uninstall WSS 3.0 and restore your backup of WSS 2.0. 19. D. You cannot roll back an in-place upgrade. You will have to uninstall WSS 3.0 and restore your backup of WSS 2.0. 20. A, C. WSS 3.0 requires .NET Framework 3.0 and either SQL Server 2003 SP3a or SQL Server 2005 SP1. WSS 2.0 Service Pack 2.0 will make testing of web parts under ASP.NET 2.0 easier but is not required. IIS 7.0 is the default for Windows Server 2008 and is also not required.

Appendix

About the Companion CD IN THIS APPENDIX:
What you’ll find on the CD
System requirements
Using the CD
Troubleshooting

526

Appendix



About the Companion CD

What You’ll Find on the CD The following sections are arranged by category and summarize the software and other goodies you’ll fi nd on the CD. If you need help with installing the items provided on the CD, refer to the installation instructions in the “Using the CD” section of this appendix.

Sybex Test Engine For Windows The CD contains the Sybex test engine, which includes two bonus exams located only on the CD.

PDF of Glossary of Terms For Windows We have included an electronic version of the Glossary in .pdf format. You can view the electronic version of the Glossary with Adobe Reader.

Adobe Reader For Windows We’ve also included a copy of Adobe Reader so you can view PDF fi les that accompany the book’s content. For more information on Adobe Reader or to check for a newer version, visit Adobe’s website at www.adobe.com/products/reader/.

Electronic Flashcards For PC and Pocket PC These handy electronic flashcards are just what they sound like. One side contains a question or fi ll-in-the-blank question, and the other side shows the answer.

System Requirements Make sure your computer meets the minimum system requirements shown in the following list. If your computer doesn’t match up to most of these requirements, you may have problems using the software and fi les on the companion CD. For the latest and greatest information, please refer to the ReadMe fi le located at the root of the CD -ROM.

Troubleshooting



A PC running Microsoft Windows 98, Windows 2000, Windows NT4 (with SP4 or later), Windows Me, Windows XP, or Windows Vista



An Internet connection



A CD -ROM drive

527

Using the CD To install the items from the CD to your hard drive, follow these steps: 1.

Insert the CD into your computer’s CD -ROM drive. The license agreement appears.

Windows users : The interface won’t launch if you have autorun disabled. In that case, click Start  Run (for Windows Vista, Start  All Programs  Accessories  Run). In the dialog box that appears, type D:\Start.exe. (Replace D with the proper letter if your CD drive uses a different letter. If you don’t know the letter, see how your CD drive is listed under My Computer.) Click OK.

2.

Read the license agreement, and then click the Accept button if you want to use the CD.

The CD interface appears. The interface allows you to access the content with just one or two clicks.

Troubleshooting Wiley has attempted to provide programs that work on most computers with the minimum system requirements. Alas, your computer may differ, and some programs may not work properly for some reason. The two likeliest problems are that you don’t have enough memory (RAM) for the programs you want to use or you have other programs running that are affecting installation or running of a program. If you get an error message such as “Not enough memory” or “Setup cannot continue,” try one or more of the following suggestions and then try using the software again: Turn off any antivirus software running on your computer. Installation programs sometimes mimic virus activity and may make your computer incorrectly believe that it’s being infected by a virus.

528

Appendix



About the Companion CD

Close all running programs. The more programs you have running, the less memory is available to other programs. Installation programs typically update fi les and programs; so if you keep other programs running, installation may not work properly. Have your local computer store add more RAM to your computer. This is, admittedly, a drastic and somewhat expensive step. However, adding more memory can really help the speed of your computer and allow more programs to run at the same time.

Customer Care If you have trouble with the book’s companion CD -ROM, please call the Wiley Product Technical Support phone number at (800) 762-2974. Outside the United States, call +1(317) 572-3994. You can also contact Wiley Product Technical Support at http://sybex .custhelp.com. John Wiley & Sons will provide technical support only for installation and other general quality- control items. For technical support on the applications themselves, consult the program’s vendor or author. To place additional orders or to request information about other Wiley products, please call (877) 762-2974.

Glossary

530

Glossary

Numbers 12 hive The default installation location for WSS 3.0 global installation files on a web front-end server: C:\Program Files\Common Files\Microsoft Shared\web server extensions\12.

A account creation mode An authentication method available in WSS 2.0 that allows Active Directory user accounts to be created automatically for users as needed.

A web Single Sign-On (SSO) service that enables the authentication of users of multiple web applications by implementing claimsbased authentication between different Active Directory forests.

Active Directory Federation Services (ADFS)

This technology is used to add multiple internal URL addresses to a WSS site. Each URL is a replacement for the base address provided by the web application URL.

alternate access mapping

Application Management The page of the Central Administration web site where WSS 3.0 web application configurations and settings take place.

The master page used by almost all administrative pages on SharePoint sites. Administrative pages are stored in the _layouts virtual directory of a SharePoint site.

application.master

The account that runs the application pool’s worker process. This feature is available only when IIS 6.0 is running in Worker Process Isolation Mode.

application pool identity

authentication

A process used to verify the identity and group membership of an

individual user. authorization A process used to determine what a user can do based on his or her authenticated identity and group membership.

B An extranet topology that isolates your server farm wholly within a separate perimeter network between two ISA servers.

back-to-back perimeter topology

breadcrumb This kind of navigation control displays a horizontal list of hyperlinks that lead to the current page. Users can navigate to any intervening page by clicking one of the links. browser

computer.

A tool that allows users to access the Internet and intranet on a personal

Glossary

531

C CIO

A chief information officer.

The ASPX page that displays specific content in your site through the use of web parts. It is used in combination with a specific master page to create the rendered page that is displayed in your browser.

content page

content placeholders The server controls placed on a master page that mark where specific content from the content page should be inserted when rendering the page for display in the browser.

Defines metadata that is associated with a particular class of content; can also be used to define workflows and other characteristics of the content.

content type

customized page An original page from a WSS site that was edited using SharePoint Designer 2007. A copy of the edited page is now stored in the content database for the site. The page can be easily restored to its un-customized or original state by removing the page from the content database.

D database migration An upgrade approach that migrates content databases from servers in the WSS 2.0 environment to new servers in a WSS 3.0 environment. default.master The master page used by all of the pages stored in the content database of your SharePoint sites. The default.master page is stored in the Master Page gallery of the WSS site.

The server controls on a master page that can be replaced during the rendering process by user controls (ASCX files) or other compiled server controls. The replacement is defined by a Feature.

delegate controls

E A firewall topology that uses a reverse proxy server, such as Microsoft Internet Security and Acceleration (ISA) Server, between the Internet users and your corporate network.

edge firewall topology

extranet A website used by a company to securely share information with suppliers, vendors, partners, customers, or other businesses who are not attached to the company’s intranet. extranet environment A private network that is a secure extension of an organization’s internal information and processes that accommodates sharing information with remote employees, external partners, or customers.

Glossary

532

F failover cluster A high availability solution for database servers that combines one or more database server nodes with two or more shared disks. farm The top level of a WSS infrastructure. It is a collection of WSS 3.0 servers that share the same configuration database. Feature In WSS 3.0, a Feature is a component that adds functionality to a SharePoint site, site collection, or farm. Features are typically developed by a .NET Framework developer.

An unambiguous domain name that specifies a computer’s exact location in the DNS hierarchy consisting of the hostname and the domain name.

fully qualified domain name (FQDN)

G A custom list or library used by SharePoint to store files or information used to configure a site collection. For example, the Web Parts gallery stores files that point to the web parts available in the site collection.

gallery

governance A set of policies that define how a WSS environment will be used by an organization. It normally includes service-level agreements (SLAs), adoption plans, usage, and support policies.

An approach that upgrades individual site collections to a WSS 3.0 installation running parallel to the WSS 2.0 installation on the same servers.

gradual upgrade

GUI

Acronym for graphical user interface.

I IIS 6.0 Worker Process Isolation Mode A feature available in IIS 6.0 that isolates one web application from another so that an error in one application does not affect another application running in a different process. in-place upgrade

An approach that directly upgrades the WSS 2.0 installation. It cannot

be rolled back. A website that runs on a company’s own network to share information with the company’s employees.

intranet

K A computer network authentication protocol allowing individuals to communicate over a nonsecure network to prove their identity to one another in a secure manner.

Kerberos

Glossary

533

L list permissions

SharePoint permissions that control what a user can do within a list

or library.

M master page An HTML page that provides a consistent look and feel for the pages in your WSS site. The master page normally contains all the controls that should appear on every page. Media Access Control (MAC) address

A 6-byte identifying number permanently embedded

in the firmware of the network adapter. An ASP.NET 2.0 class that can be used to validate the identity of a user in a forms-based authentication scenario.

MembershipProvider

metadata

The process of describing information by implementing properties.

A Microsoft server product that provides a centralized monitoring capability that can reduce the complexity associated with managing today’s IT infrastructure and lowering the cost of operations.

Microsoft Operations Manager (MOM) 2005

A network load-balancing cluster configuration implemented when you require intrahost communication and you are using only one NIC.

multicast mode

multihomed topology An extranet topology using a single firewall with two network adapters, using one to create a perimeter network.

N network load balancing (NLB) A Windows Server 2003 device driver that provides clustering support for TCP/IP-based server applications such as web applications.

O The Central Administration web site page where the core WSS 3.0 farm operations take place.

Operations

orphaned objects WSS 2.0 objects in the content database that no longer have a valid parent object. For example, a document library that still exists in the database even though the SharePoint website that housed it has been deleted.

534

Glossary

P perfmon.exe is a Windows Server 2003 utility that can be used to measure the current workload of a server.

Performance Monitor

Performance Monitor alert A setting in the Performance Monitor program that can perform a particular action when a threshold value is exceeded for a particular counter. Performance Monitor baseline The first performance log recorded. It can be used as a basis for measuring trends in performance over time as new performance logs are recorded. Performance Monitor counter Counters used to measure the specific aspect of performance that you wish to monitor. For example, Pages/Sec. for the Memory Object records the average number of pages read from or written to disk to resolve hard page faults. Performance Monitor instance The specific object to be measured when multiple objects of the same type exist on a single system. For example, if you go to the Process Performance object, the instances list will display all the active processes on the specified computer.

The subsystem of the computer that you want to monitor, such as the processor or the network interface.

Performance Monitor object

permission levels A collection of individual SharePoint permissions that can be applied to a user or a group for a specific securable object.

SharePoint permissions that control what a user can do to personalize views or web parts on a page.

personal permissions

An alternate security system built in ASP.NET that does not depend on Windows (Active Directory) authentication to control access to WSS sites.

pluggable authentication

A utility that is used before upgrading to scan the WSS 2.0 content databases searching for potential issues.

pre-scan.exe

psconfig A command-line tool that provides an alternate interface for performing many operations to configure WSS 3.0.

Q A navigation control that adjusts dynamically to provide local navigation to lists, libraries, and subsites within the context of a specific site.

Quick Launch

Templates that provide settings that can be applied to multiple site collections, limiting how much storage space can be consumed. They can also be configured to send a warning email to the site collection administrator when a certain level is passed.

quota templates

Glossary

535

R reverse proxy A service on an ISA server that intercepts user requests and forwards them to the appropriate web server located within the corporate intranet.

An optional ASP.NET 2.0 class that can be used to validate the groups to which an authenticated user belongs. It provides group support in a forms-based authentication scenario.

RoleProvider

Really Simple Syndication; this standardized XML file provides a listing of recent additions or changes made to a site, list, or library.

RSS

S scalable hosting mode A configuration of WSS 2.0 that allows your server farm to host several top-level sites on the same virtual server using the same IP address. securable objects SharePoint objects where rights can be limited on a user or group basis. These objects include websites, lists, libraries, folders, items, and files.

A parameter required for Kerberos to support mutual authentication by ensuring the identity of the computer to which it is connecting.

Service Principal Name (SPN)

A set of websites that form a single hierarchy and share common configuration, security, and ownership. This is the primary level at which WSS allows delegation of authority through the appointment of site collection administrators.

site collection

A group of configuration and content files stored in the 12 hive that are used as a blueprint when provisioning new sites.

site definition

SharePoint permissions that control what a user can do at the level of a SharePoint website.

site permissions

site template A file with an .stp extension that is used as a blueprint when provisioning new sites. It contains a snapshot of an existing site and will create a clone of what the site was like when the snapshot was taken. site themes A collection of color settings and graphics that can be applied to a SharePoint website. WSS 2.0 and WSS 3.0 use different sets of themes. split back-to-back topology An extranet topology that isolates components of your server farm, such as web servers and possibly search servers, within a separate perimeter network between two ISA servers; the remaining farm servers, such as the database servers, are contained within the corporate internal network.

536

Glossary

SSL bridging An ISA feature that redirects incoming HTTPS requests to web servers as either an HTTPS or HTTP packet after it completes a stateful inspection filtered all the way up to the application layer. SSL tunneling An ISA feature that redirects incoming HTTPS requests to web servers without inspecting the traffic. strong name A unique identifier for a .NET compiled assembly that has been digitally signed. It consists of the assembly’s name, version number, culture information, and a public key representing the digital certificate used to sign the assembly.

SharePoint Team Services Administration; a command-line interface to perform administration on WSS 3.0 installations. Stsadm

subsites SharePoint sites that are created inside an existing site collection. Each site is created from another site that is its parent. synchronous database mirroring A SQL Server database technology that is used to maintain a single standby database for almost immediate failover by using a witness server.

T The site created when the site collection was created. It becomes the top of a hierarchy of subsites and is where the site collection is administered.

top-level site

By default this kind of navigation control provides access to the top layers of a site collection hierarchy to every site.

Top Nav bar

U An original page from a WSS site that has not been edited using SharePoint Designer 2007. The file used when rendering the page is stored in the WSS 12 hive on the web front-end server.

uncustomized pages

unicast mode The default operating mode for the NLB cluster; this mode does not offer intrahost communications unless a second adapter is installed on your load-balanced servers. Unified Logging Service (ULS) logs This is the collective name given to the log files that WSS creates in the LOGS folder of the 12 hive. They include the trace log and the usage

analysis logs. An XML file used to map new WSS 3.0 site definitions to custom site definitions used in a WSS 2.0 environment that is being upgraded.

upgrade definition file

User Account Control A Windows security feature included with Windows Vista. Windows servers that automatically reduce the risk of potential security breaches by prompting users to allow changes to the Windows operating system.

Glossary

537

V An IP address that is shared among multiple domain names or multiple servers for the purpose of creating redundancy, such as with network load balancing (NLB).

virtual IP (VIP)

virtual server An IIS website used to host SharePoint content in WSS 2.0. It is the equivalent of a web application in WSS 3.0. Visual Studio

A suite of developer tools for application development.

W web application An IIS website created by WSS to provide a root from which site collections are created. Each web application is created with a content database for storing WSS content.

Server controls that can be added and configured by users at runtime. They are the primary way that WSS displays information on a web page.

web part

WSP A web solution package (.wsp). A solution file that is a deployable and reusable package containing Features, assemblies, and site definintions that can be applied to your WSS 3.0 environment.

X XML Extensible Markup Language. An XML file is a general-purpose file that specifies structured and mapped data for applications; the universal file extension recognized in all computers is .xml.

Index Note to the reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations.

A AAM (alternate access mapping) feature configuring, 197–199, 197–200 integration with, 77–78 purpose, 71 support for, 14–15 access and access control anonymous, 161, 184, 353–357, 354, 357 CAS, 358–360, 361 requests management, 349–352, 350–353 requirements, 22 and Stsadm, 384 access control list entries (ACEs), 345 Access Denied page, 350–352, 351 access groups, 325–327, 326 accounts creating, 97–98 farm installation requirements, 52–53 ACEs (access control list entries), 345 Action tab for alerts, 463 Active Directory credential validation, 74 for groups, 330–333 Active Directory Federation Services (ADFS), 330 Activity section in usage summary, 251 Add a Permission Level page, 313, 314, 322–323 Add a Web Part option, 433 Add and Customize Pages permission, 317 Add Columns to Site Content Type page, 297, 297 Add Content Database page, 452, 493, 493

Add Content Types page, 297, 298 Add Counters dialog box, 459 Add Internal URLs option, 197 Add Items permission, 315 Add or Remove Programs screen, 514 Add/Remove Personal Web Parts permission, 320 Add Users page, 181, 181–182, 333, 348 Adding Content Prevented option, 455 Additional Lock Information option, 456 ADFS (Active Directory Federation Services), 330 administration model enhancements, 12–13 administration overview, 371 Central Administration, 371–376, 373–376 collections, 376–380, 378–379 exam essentials, 389 Operations page, 380–383, 380, 382–383 review questions, 390–395 security, 82 Stsadm, 383–388 summary, 388 Administration service, 13 administrative groups, 333–336, 334 Administrative Master Pages (application.master), 402 administrator Tasks Administrator Tasks list, 152–155, 153–155 Central Administration for, 113, 133, 373 Advanced page for IIS logs, 474 Advanced Settings page libraries, 286–287, 287–288 lists, 276, 277 alerts creating, 462–464, 464

displaying and managing, 243, 244 web applications, 167, 169, 170 aliases, DNS extranets, 195–196, 196 intranets, 165–166, 165–166 AllItems.aspx page, 342, 344, 356 alternate access mapping (AAM) feature configuring, 197–199, 197–200 integration with, 77–78 purpose, 71 support for, 14–15 Alternate Access Mapping page, 197–198, 197 Announcements list, 269 anonymous access enabling and setting up, 353–357, 354, 357 web applications, 161, 184 Anonymous authentication, 185 antivirus program settings server farm installations, 132 stand-alone installations, 113 Application Created page collections, 186 web applications, 164, 164 Application event log, 469–472 application layer inspection, 70 Application Management page anonymous access, 355 Central Administration, 149 collections administrators, 334–335 creating, 186 managing, 190 databases, 450–453 farm-based administration, 13 quota templates, 449–450 quotas and locks, 456–457 settings, 168, 168, 375–376, 376 web applications

540

Index

authentication providers, 183, 196 creating, 160 deleting, 174, 174 extending, 194 managed paths, 172, 172 policies, 180–182 security, 176, 176 application.master (Administrative Master Pages), 402 Application Pool for New Web Application section, 508–509 application pool identity, 150 Application Pool Process account, 53 application pools accounts, 53, 98 permissions, 150 web applications, 162, 163, 508–509 Application Security section, 375 application server security, 81 applications, web. See web applications AppliedSiteFeature section, 497 AppliedWebFeature section, 497 Apply Style Sheets permission, 318 Apply Themes and Borders permission, 317 Approve Items permission, 316 architectural view, 4–6, 5 architecture logical, 23 components, 23–29, 24, 27 deployment. See deployment architecture physical, 46 farm installations, 50–53, 53 stand-alone installations, 47–49, 49 web browser support, 54–56 ASP.NET authentication, 313 checking, 49, 49 enabling, 102, 102, 117 performance counters, 467 upgrade requirements, 499 ASP.NET Applications object performance counters, 467 ASPX pages, indexing, 246 associated properties, 293 Attachments setting, 276 Audit Failure events, 472

Audit Success events, 472 auditing, 14 authentication communications for, 74, 74 description, 82 overview, 312–313 providers, 329–330 anonymous access, 355 intranets, 196, 196 web applications, 161, 182–185, 183–184 SMTP service, 109, 130 web applications, 163 Authentication dialog box, 109, 130 Authentication Settings screen, 74, 74 authorization, 82 overview, 312–313 permission levels. See permissions securable objects, 327–329, 328 site access groups, 325–327, 326 availability planning, 56–57 minimum level, 59 database servers, 63–65 front-end web servers, 59–61 search servers, 61–62 server redundancy requirements, 57–58, 57–59 Available MB counter, 465 Avg. Disk sec/Transfer counter, 465

B back-to-back perimeter topology, 67–68, 67 Backup and Restore Job Status page, 383 backup and restore operations, 380–381, 380 for database migration, 512–513 permissions, 381–383, 381–383 Stsadm, 385 for upgrades, 503 Backup and Restore section, 374 Backup and Restore Status page, 382, 382

Backward Compatible Event Handlers setting, 167, 170 baselines, performance, 458–462, 460, 462 Basic authentication, 185 Basic installation option, 32–33 basic meeting workspace template, 222, 223 BDC (Business Data Catalog), 6 benefits overview, 9–12 BI (Business Intelligence), 6 blank meeting workspace template, 223 blank site templates, 219 Blog API Settings options 167, 169, 170 blogs description, 9 planning, 21 templates, 221, 222 branding. See customization breadcrumb trails, 216–217 breaking inheritance folders, items, and documents, 343–346, 345–347 lists and libraries, 341–342, 343 subsites, 338–339 bridging, SSL, 75–76, 76 Browse Directories permission, 318 Browse user Information permission, 319 browser-enabled documents, 286 browser support, 54, 437 feature compatibility, 55–56 levels, 54 Buffer Cache Hit Ratio counter, 469 Business Data Catalog (BDC), 6 Business Intelligence (BI), 6 business processes, 5–6 Bytes Total/sec counter, 465

C Calendar page, 241, 241, 243 calendars lists, 269 regions, 242–243 settings, 241, 241 shared, 19 capabilities enhancements, 14

Index

CAS (Code Access Security) feature, 358–359 customizing, 416–417 trust levels, 359 web solution packages, 360, 361 working with, 359–360 Central Administration, 372, 373 accessing, 148, 149 anonymous access, 355 Application Management page, 375–376, 376 backups and restores, 380–383, 380–383 collections administrators, 334 creating, 186–189, 187–189 managing, 190–193, 190–193 email settings incoming, 110, 131 outgoing, 111–112, 112, 132 exam essentials, 200–201 Home page, 152–156, 153–156, 373, 374 IIS changes, 136, 136 Operations page, 374, 375, 380–383, 380–383 overview, 149, 150 review questions, 202–210 search service, 128, 128 security, 150–152, 151 server farm installations, 118, 133 services, 156–159, 157–158 stand-alone installations, 113 summary, 200 web applications. See web applications centralized configuration and management, 13 certificates for authentication, 185, 330 for Central Administration, 150–152, 151 Change Anonymous Access Settings page, 355–356, 357 Change Log setting, 167, 170, 171 Change Site Collection option, 456–457 child sites, 28 Choose the Installation You Want page, 103, 103, 119, 119, 126

circuit-layer filtering, 70 client integration in web applications, 184 clusters database servers, 63 failover, 58, 63 NLB, 60–61 CNAME records, 165 Code Access Security (CAS) feature, 358–359 customizing, 416–417 trust levels, 359 web solution packages, 360, 361 working with, 359–360 CodeGroups section, 360 collaboration defined, 3 features, 19 services, 8–9 sites for, 214 Collaboration tab, 218 collections, 26, 148, 376 administrators, 334–336, 335 in content databases, 452–454, 453 creating, 186–189, 187–189 deleting, 190–191, 191 hierarchy, 212–217 managing, 190–193, 190–193, 249 moving, 454 overview, 26–28, 27 portal site, 379–380, 379 quota templates, 449–451, 450 Recycle Bin, 249–250, 377–378, 378 site settings. See Site Settings page % Committed Bytes in Use counter, 465 communication for authentication, 74, 74 features, 19 library settings, 289–291, 291–292 list settings, 280 sites for, 214 Completing the SharePoint Products and Technologies Configuration Wizard page, 123, 124, 127, 505 Completing the Windows Components Wizard page, 100, 116 compliance

541

feature enhancements, 14 governance plans for, 266 Config_db file, 159 CONFIG folder, 416 Configuration Successful page, 124, 127, 505, 507 Configure SharePoint Central Administration Web Application page, 123, 123 Configure Windows SharePoint Services Search Service Settings page, 129, 129, 157, 158 Configuring Incoming Email Settings screen, 110, 110, 130 Connect to Server Farm page, 121, 122, 127, 507 Connection Attempts/sec counter, 467–468 connections portal sites, 379–380, 379 preauthentication, 71, 72 proxy server settings, 107, 125 consistency, metadata, 268 contact lists, 9, 269 content databases collections in, 452–454, 453 web applications, 174–176, 175 governance plans for, 266 master pages, 401–402 placeholders, 402 security. See security submissions to lists and libraries, 292–293, 292 types, 293–294, 294 adding to libraries, 297–298, 298 creating, 294–296, 295–296 libraries, 286 metadata, 267 modifying, 296–297, 297 setting, 276 Content Approval setting libraries, 284–285 lists, 275 content pages, 401 Content Publishing workflows, 299 content regions, 402 context in search servers, 62

542

Index

Contract Approval workflows, 299 Contribute permission level, 322 controls master pages, 402–403 navigation, 216–217 pre-upgrade scans, 500 Copy Permission Level page, 324 copying permission levels, 324 core.css file, 410, 411 Counter Log dialog box, 461 counters alerts, 462–464, 464 common, 464–469 performance, 459–462, 460, 462 crawlers, 26 Crawls in progress counter, 467 Create a New Application Pool option, 162 Create a New IIS Website option, 160 Create a New Quota Template option, 450 Create Alerts permission, 316 Create Groups permission, 318 Create New Web Application page, 160–161, 161 Create or Extend Web Application page, 160, 194 Create page libraries, 283 lists, 270, 270, 279 subsites, 225 Create Site Collection page, 186, 187, 453 Create Subsites permission, 317 credentials delegation, 72, 73 validation, 74–75, 74–75 Current Disk Queue Length counter, 466 custom applications, 15 custom lists, 269 Custom Send to Destination option, 287, 288 customers, extranet benefits for, 65 customization, 398 administrator tasks, 155 code access security, 416–417 exam essentials, 418 lists and libraries, 273, 342, 356 master pages, 401–405, 403– 406, 407–410, 408– 411

page requests, 401 permissions, 342, 356 review questions, 419–425 storage location, 398–400, 399– 400 strategies, 406–407 summary, 417–418 in upgrades, 495–498 web part pages, 411–415, 412– 415 web parts for, 438 Customize Administrator Tasks page, 155 Customize Announcements page, 250 Customize Shared Documents page, 284, 284 Customize Vendors page, 272

D DACLs (discretionary access control lists), 330 Data Configuration section, 374 Data File(s) Size (KB) counter, 469 Data Location page, 126 data repositories, 6 Database Capacity Settings page, 176 database migration upgrades overview, 492–495, 493 post-upgrade tasks, 515 process, 510–513, 512 Database Name and Authentication section, 163, 164 database servers, 30 farm installation requirements, 50, 52–53 minimum level of availability, 63–65 mirroring, 63 securing, 81 databases access accounts, 97 changes during installation, 136, 137 collation requirements, 52 collections in, 452–454, 453 overview, 26 quotas and locks, 454–457, 454, 457 size limitations, 449–451, 450

stand-alone installation requirements, 49 web applications, 163, 174–176, 175 decision meeting workspace template, 223–224 default.aspx page, 213, 401, 411 default.master (Global Default Master Page), 402–403, 407 defaults permission levels, 320–321, 321 quota templates, 166, 168 regional settings, 242–243 time zone settings, 166, 168 zones, 25 Define Managed Path page, 172–173, 173 Define Your Work Week setting, 241 definitions. See site definitions delegate controls, 402 delegation of user credentials, 72, 73 Delete Items permission, 315 Delete Selected Paths page, 173 Delete Site Collection page, 190–191, 191 Delete This Library option, 288 Delete This List option, 278 Delete This Site page, 248, 248 Delete Versions permission, 316 Delete Web Application page, 174, 174 deleted items, restoring, 377–378, 378 deleting alerts, 244, 244 collections, 190–191, 191 libraries, 288 Recycle Bin settings for, 249–250 sites, 248, 248 users from groups, 337 web applications, 174, 174 Deny All permissions, 181 Deny Write permissions, 181 Deploy Solution page, 360, 361 deployment architecture, 29 medium and large farm implementations, 34–35, 34 scalability options, 30–31 server roles, 29–30

Index

single-server implementations, 31–33, 32 small farm implementations, 33–34, 33 deployment services, 8 Description setting libraries, 284 lists, 274 Design permission level, 322 diagnostic logging event throttling, 470–471, 470 server farm installation settings, 132 stand-alone installation settings, 113 Digest authentication, 185 Digital Dashboard, 3 directory permissions, 381–383, 381–383 Directory Security tab, 151, 151 discretionary access control lists (DACLs), 330 discussion boards, 9, 269 disk space and format requirements farm installations, 50 stand-alone installations, 47 upgrades, 499 % Disk Time counter, 465, 499 display requirements farm installations, 50 stand-alone installations, 47 upgrades, 499 distribution groups, 331 .dll extension, 360 DNS (Domain Name System) aliases extranets, 195–196, 196 intranets, 165–166, 165–166 round-robin, 61 Document Add Rate counter, 467 Document Entries counter, 468 Document Library Advanced Settings page, 291, 291 Document Library Versioning Settings page, 345, 346 documentation content submissions, 292–293, 292 content types, 293–298, 294–298 exam essentials, 302 installation, 134 documentation (continued)

libraries. See libraries review questions, 303–309 summary, 301 workflows, 299–301, 301 documents inheritance, 343–346, 345–347 management, 264 governance plans, 265–267 lists. See lists metadata, 267–268 overview, 264–265 securable objects, 328 storage features, 20 sites for, 214 workspaces planning, 21 templates, 219, 220 Documents Filtered Rate counter, 468 domain local groups, 332 Domain Name System (DNS) aliases extranets, 195–196, 196 intranets, 165–166, 165–166 round-robin, 61 Dotnetfx3.exe file, 101, 117 Draft Item Security setting libraries, 285 lists, 275 drag-and-drop method for web parts, 436, 436

E ECB (Edit Control Block) menu, 344 edge firewall topology, 66, 66 Edit Authentication page anonymous access, 355 authentication providers, 183, 184, 196, 197 Edit Control Block (ECB) menu, 344 Edit Item page, 154 Edit Items permission, 315 Edit Page for web parts, 433–434, 433 Edit Permission Level page, 324 Edit Permissions option libraries, 289 lists, 280 Edit Permissions page, 342 Edit Personal User Information permission, 319

543

Edit Public URL option, 197 email security, 82 server farm installation settings incoming, 130–131 outgoing, 131–132 stand-alone installation settings incoming, 109–111, 110–111 outgoing, 111–112, 112 Enable an Alternate Calendar option, 241 Enable Anonymous Access option, 355 Enable Blog API option, 169 Enable Logging option, 474 enterprise content management, 5 Enterprise Edition of ISA Server, 69 Enumerate Permissions permission, 318 environments, identifying, 17–18 Error events, 472 Error Rate counter, 468 errors, troubleshooting, 449 event throttling, 470–472 Expense Report workflows, 299 expiration policy, 266 explicit inclusion managed paths, 171 Extend Web Application to Another IIS Web Site page, 194 extending web applications, 193–199, 195–200 extensibility enhancements, 15 extensibility services, 8 external partners, extranet benefits for, 65 extranets alternate access mappings, 77–78 application layer inspection, 70 benefits, 65 credential validation, 74–75, 74–75 description, 17–18 DNS aliases, 195–196, 196 ISA server implementation, 69–70 path redirection and remapping, 71, 71

544

Index

planning factors, 214–215 preauthentication of connections to published sites, 71, 72 publishing multiple sites to single IP address, 73 reverse caching, 73 reverse proxies, 70 scheduling traffic to published sites, 77, 77 security requirements, 98 SSL bridging and SSL tunneling, 75–76, 76 topologies back-to-back perimeter, 67–68, 67 edge firewall, 66, 66 multi-homed, 66–67 split back-to-back, 68–69, 68 user credentials delegation, 72, 73

F failover clusters, 58, 63 Farm Search Service account, 53 Farm Topology web part, 155–156, 156, 373 farms. See server farms Feature folder, 429 feature.xml file, 429–431, 430 Features components, 429–430, 430 creation and deployment process, 15, 430–431, 431 exam essentials, 439 overview, 428–429, 429 review questions, 440–445 in site definitions, 431–432 summary, 439 web browser compatibility, 55–56 FEATURES folder, 429, 430 field-level security, 329 file system changes in installation, 134–135, 135 Files section in site definitions, 497 Filtering Threads counter, 468 fine-grained permissions, 246 firewalls

edge firewall topology, 66, 66 ISA Server, 70 First Stage - Delete Items in the Recycle Bin After setting, 377 five-server farm implementation, 58, 59 folders inheritance, 343–346, 345–347 securable objects, 328–329 Folders setting libraries, 287, 288 lists, 276 forms, libraries, 281 Forms authentication, 183–185, 330 four-server farm implementation, 58, 58 FQDNs (Fully Qualified Domain Names) clusters, 60 DNA aliases, 165, 195 Free Space in tempdb (KB) counter, 469 front-end web servers, 29 farm installation requirements, 50–52 minimum level of availability, 59–61 performance counters, 467 securing, 79–81, 80 Full Control permissions, 181, 321 Full Read permissions, 181 Full trust setting, 359 Fully Qualified Domain Names (FQDNs) clusters, 60 DNA aliases, 165, 195

G GAC (Global Assembly Cache), 359 galleries, 238–239 list, 279, 279, 288 Site Content Type, 293–295, 294–295, 297, 297 Galleries column, 228 General settings alerts, 463 counter logs, 461

IIS logs, 474 libraries, 284–287, 285, 287–288 lists, 274–276, 275–277 web applications, 166–170, 168–171 Global Assembly Cache (GAC), 359 Global Configuration section, 374 Global Default Master Page (default.master), 402–403, 407 global groups, 332 Global Meeting Workspace Master Page (mwdefault. master), 402 governance plans, 265 areas to address, 266 items in, 266–267 gradual upgrades, 14, 494 overview, 491 post-upgrade tasks, 515 process, 506–510, 508–510 groups access, 325–327, 326 Active Directory, 330–333 administrative, 333–336, 334 for subsites, 339–340, 341

H hardware load balancing, 61 hardware requirements server farm installations, 50, 114–115 stand-alone installations, 47, 98–99 upgrades, 498–500 Health Insurance Portability and Accountability Act (HIPAA), 266 Help Desk workflows, 299 hierarchy collections, 212–217 Site Hierarchy page, 252, 252 web applications, 172, 172 High tracing level, 471 HIPAA (Health Insurance Portability and Accountability Act), 266 Home page, 149 Administrator Tasks list, 152–155, 153–155

Index

Farm Topology web part, 155–156, 156 Resources list, 156 settings, 373, 374 host headers DNS entries for, 165–166, 165–166 web applications, 159, 161 HTTP Security Filter, 70 HTTP.sys file, 159

I IFilters, 62 IIS. See Internet Information Services (IIS) IIS Manager. See Internet Information Services (IIS) Manager iisreset command, 189 /images/graphicfilename directory, 229 in-place upgrades, 494 overview, 490–491, 490 post-upgrade tasks, 514, 514–515 process, 503–505, 505 included libraries, 281–282, 281 included lists, 269–270 incoming email, 158 server farm installation settings, 130–131 stand-alone installation settings, 109–111, 110–111 Incremental Crawls counter, 468 index server performance counters, 467–468 indexing ASPX pages, 246 IFilters filters, 62 search service, 129, 129, 158, 158 zones, 26 Information events, 472 information management features, 20 policies, 266 Information Rights Management (IRM) configuring, 185–186 lists and libraries, 273, 290 security, 347 inheritance displaying, 336–337, 337

folders, items, and documents, 343–346, 345–347 lists and libraries, 341–346, 343, 345–347 subsites, 338–339 installation, 96 database changes, 136, 137 documentation, 134 exam essentials, 137–138 file system changes, 134–135, 135 registry entries, 135–136, 135 review questions, 139–145 reviewing, 133–136, 135–137 security requirements, 96–98 server farms. See server farms stand-alone. See stand-alone installations summary, 137 integrating services into networks, 46 availability planning, 56–57 minimum level, 59–65 server redundancy requirements, 57–58, 57–59 exam essentials, 84 extranet environments. See extranets features, 9 physical architecture, 46 farm installation, 50–53, 53 stand-alone installation, 47–49, 49 web browser support, 54–56 review questions, 85–93 secure infrastructure, 78–83, 80 summary, 83 Internet Information Services (IIS) authentication, 184, 313 changes, 136, 136 installing and configuring, 99–101, 99–100, 115–116 logs, 470, 473–475, 475 upgrade requirements, 499 Internet Information Services (IIS) Manager, 100, 100, 116 ASP.NET 2.0, 102, 102, 117 certificates, 150, 151 logs, 474 SMTP service, 109, 130 Internet Options dialog box, 107, 125 Internet Security and Acceleration (ISA) Server

545

credentials delegation, 72, 73 credentials validation, 74–75, 74–75 firewalls, 66 implementation, 69–70 multihomed topology, 67 path redirection and remapping, 71, 71 publishing multiple sites to single IP address, 73 reverse caching, 73 scheduling traffic to published sites, 77, 77 SSL bridging and SSL tunneling, 75–76, 76 web publishing preauthentication, 71, 72 Internet site environments, 214–215 Internet solutions, 18 Interrupts/sec counter, 466 intranets description, 17 DNS aliases, 165–166, 165–166 migrating, 78, 78 planning factors, 214–215 IP addresses, 159 ipconfig /flushdns command, 166, 196 IRM (Information Rights Management) configuring, 185–186 lists and libraries, 273, 290 security, 347 ISA Server. See Internet Security and Acceleration (ISA) Server issue tracking, 9, 269 Item-Level Permissions setting, 276 Item Version History setting libraries, 285 lists, 275 items, 29. See also libraries; lists

K Kerberos authentication, 97, 123, 185 key performance indicator (KPIs), 6 Klindt, Todd, 454

546

Index

L languages in upgrades, 500 large farms implementation, 34–35, 34 server redundancy requirements, 58, 59 /_layouts/images/graphicfilename directory, 228 LDAP credential validation, 74 Level 1 web browsers, 54 Level 2 web browsers, 54 levels availability, 59–65 permissions creating, 322–324, 323, 325 default, 320–322, 321 users, 349, 349 trust, 358–359, 416–417 libraries, 270, 281 content submissions to, 292–293, 292 creating and customizing, 282–283, 282 governance plans for, 266 included, 281–282, 281 inheritance, 341–342, 343 overview, 29 securable objects, 328–329 settings, 284, 284 Communications, 289–291, 291–292 General, 284–287, 285, 287–288 Permissions and Management, 288–289 Limit Invited Users to a Maximum of setting, 451 Limit Storage to a Maximum setting, 450, 456 Limited Access permission level, 322 line-of-business (LOB) applications, 6 links lists, 269 List Templates gallery, 279, 279, 288 lists, 268–269 anonymous access to, 356–357, 357 content submissions to, 292–293, 292 creating and customizing, 270–273, 270–273 governance plans for, 266

included, 269–270 inheritance, 341–346, 343, 345–347 overview, 29 permissions, 178, 314–316, 314 securable objects, 328–329 settings, 273–274, 274 Communications, 280 General, 274–276, 275–277 Permissions and Management, 277–280, 277–279 Lists section in site definitions, 497 load balancing, 60–61, 162 LOB (line-of-business) applications, 6 local administration group, 384 Local Area Network (LAN) Settings dialog box, 107, 125 local groups, 332 local server administrators group, 332–333 Locale setting, 240 Lock Status for This Site option, 456–457 locks, database, 454–457, 454, 457 Log Files page, 461 Log File(s) Size (KB) counter, 469 Log Parser tool, 475 log shipping, 65 Logging and Reporting section, 374 Logging Properties dialog box, 474–475 logical architecture, 23 components, 23–29, 24, 27 deployment, 29–35, 32–34 logs, 14, 469–470 counter, 461–462, 462 diagnostic, 470–472, 470 IIS, 473–475, 475 server farm installation settings, 132 stand-alone installation settings, 113 usage analysis processing, 472–473, 473 Look and Feel column, 228 Quick Launch page, 234 Reset Page to Site Definition Version page, 237–238, 238

Save Site as Template page, 234–237, 235 Site Theme page, 231–232, 232 Title, Description, and Icon page, 228–230, 230 Top Link Bar page, 233 Tree View page, 230, 231

M MAC (media access control) addresses, 60 Major and Minor Versions library option, 285 Major Versions Only library option, 285 Manage Access Requests page, 351, 352 Manage Alerts permission, 319 Manage Checked Out Files setting, 289 Manage Content Database Settings page, 174–176, 175, 453, 454 Manage Content Databases page, 452–454, 513 Manage Content Regions dialog box, 402 Manage Lists permission, 315 Manage Permissions of Parent option libraries, 289 lists, 280 Manage Permissions permission, 317 Manage Personal Views permission, 320 Manage Quotas and Locks page, 511 Manage Site Collection Quotas and Locks page, 511–512, 512 Manage Website permission, 317 managed paths collections, 28, 187, 187 web applications, 171–173, 172–173 management services, 8 manifest.xml file, 360 Map to External Resource option, 198 mapping

Index

alternate access. See alternate access mapping (AAM) feature features, 19 user needs to site capabilities, 215–216 Master Page toolbar, 402, 405, 405, 409 master pages, 401 contents, 401–402 controls, 402–403 customization, 407–410, 408– 411 viewing, 403–405, 403– 406 Master Pages gallery, 239 Maximum Upload Size setting, 167, 169 media access control (MAC) addresses, 60 medium farms implementation, 34–35, 34 server redundancy requirements, 58, 59 Medium tracing level, 471 meeting workspaces, 9, 21 Meetings tab, 218 Members group, 325 Memory objects performance counters, 465 memory requirements farm installations, 50 stand-alone installations, 47 metadata, 264 consistency, 268 defining, 267–268 governance plans for, 266 Microsoft .NET Framework 3.0 farm installation requirements, 52 installing, 101–102, 116–117 stand-alone installation requirements, 49 Microsoft Operations Manager (MOM) 2005, 475–476 configuring, 477 management pack, 476–477 Microsoft SQL Server 2000 Desktop Engine (WMSDE), 511 migrateuser command, 386 migrating intranets, 78, 78 minimum level of availability, 59 database servers, 63–65 front-end web servers, 59–61 search servers, 61–62 mirroring, database, 58, 63

547

MOM (Microsoft Operations Manager) 2005, 475–476 configuring, 477 management pack, 476–477 Monitorable tracing level, 471 monitoring, 448 exam essentials, 478 goals, 448 logs, 469–470 diagnostic, 470–472, 470 IIS, 473–475, 475 usage analysis processing, 472–473, 473 MOM for, 475–477 performance, 448–449 Performance Monitor, 458 alerts, 462–464, 464 baselines, 458–462, 460, 462 counters, 464–469 review questions, 479–485 SQL Server. See SQL Server summary, 478 moving collections, 454 web parts, 435–438, 436–437 MSDN site, 431 MSSQLSERVER service, 97 multi-homed topology, 66–67 multicast mode in NLB, 60 multipage meeting workspace template, 224, 225 multiple sites, publishing, 73 multistage Recycle Bin, 14 mwdefault.master (Global Meeting Workspace Master Page), 402

.NET CLR Memory object performance counter, 467 .NET requirements for upgrades, 499 Network Interface object performance counter, 465 network load balancing (NLB), 60–61 network requirements farm installations, 50 stand-alone installations, 47 upgrades, 499 network support enhancements, 14–15 New Alert Settings dialog box, 463 New Group page, 327 New Link page, 233 New Log Settings dialog box, 461 New page libraries, 283, 283 lists, 271, 271 New Resource Record dialog box, 195, 195 New SharePoint Site page, 226, 228, 236, 236 New Site Content Type page, 295, 295 New URL for Original Content section, 508 NLB (network load balancing), 60–61 No Access option, 455 Not Locked option, 455 NTLM (NT LAN Manager) authentication, 72, 123, 185 number of nines availability, 56

N

O

NamedPermissionSets section, 360 names groups, 325 libraries, 284 lists, 274 strong, 416 templates, 450 navigation collections, 27 controls, 216–217 governance plans for, 266 libraries, 284 lists, 274

Obfuscator tool, 497 objectives, determining, 16–17 ODBC Logging format, 474 Onboarding Processes workflows, 299 online presence, 8, 166–167 Online Web Part Gallery, 177 Open permission, 319 Open Items permission, 316 operating system requirements farm installations, 51–52 stand-alone installations, 48–49 upgrades, 499

548

Index

operating system services, 6–7 Operation Completed Successfully page lists, 279, 279 sites as templates, 235 Operation in Progress page gradual upgrades, 509 web applications, 164 operational tools, 14 Operations page, 149 administrators group, 333 backups and restores, 380–383, 380–383 gradual upgrades, 507 incoming email settings, 110, 110, 131 options, 374, 375 outgoing email settings, 112, 112, 132 search service, 128, 128 orphaned objects in pre-upgrade scans, 500 outgoing email settings server farm installations, 131–132 stand-alone installations, 111–112, 112 overhead, databases, 451 Override Check Out permission, 315 Owners group, 325

P packet filtering, 70 Packets/sec counter, 465 Page Faults/sec counter, 465 page requests, 401 pages customized, 495–496 web parts for adding, 433–434, 433–434 customizing, 438 moving, 435–438, 436–437 removing, 434–435, 435 Pages/sec counter, 465 passwords counter logs, 461 search service, 128 server farms, 122, 127 web applications, 162–163, 167, 170 paths managed

collections, 28, 187, 187 web applications, 171–173, 172–173 redirecting and remapping, 71, 71 site, 28 People and Groups page adding users, 348 farm administrators, 333–334 new groups, 327 request access, 352, 353 subsite groups, 340 Perform a Backup page, 381, 381 performance maintaining, 448 Performance Monitor, 458 alerts, 462–464, 464 baselines, 458–462, 460, 462 counters, 464–469 scaling for, 30 SQL Server, 449 counters, 469 database size, 449–451, 450 maintenance, 458 quotas and locks, 454–457, 454, 457 permissions, 313 backup and restore operations, 381–383, 381–383 changing, 337 collections, 27 levels creating, 322–324, 323, 325 default, 320–322, 321 users, 349, 349 libraries, 288–289 lists, 178, 277–280, 277–279, 314–316, 314 MOM, 476 personal, 320 security, 82 sites, 228, 316–319 users, 348–349, 349 web applications, 178–182, 179, 181–182 Permissions and Management settings libraries, 288–289 lists, 277–280, 277–279 Permissions for This Library setting, 289 Permissions for This List setting, 279, 279 Permissions page

anonymous access to lists, 356–357 documents, 344 inheritance, 336–339, 337, 339 lists and libraries, 342, 343 Person Name Smart Tag and Presence settings, 166–167 personal permissions, 320 lists, 313–315 web applications, 178 physical architecture, 46 farm installations, 50–53, 53 stand-alone installations, 47–49, 49 web browser support, 54–56 Physical Disk object performance counter, 465–466 picture libraries, 282 /picturelibraryname/ graphicfilename directory, 229 pinging DNA tests, 166, 166 PlaceHolderMain control, 402 planning, 15–16 availability, 56–57 minimum level, 59–65 server redundancy requirements, 57–58, 57–59 purpose in, 16–18 user needs in, 18–21 user number and type, 21–23 platform services, 7–8 pluggable authentication, 15, 330 policies information management, 14, 266 web applications, 179–182, 179, 181–182 Pool Nonpaged Bytes counter, 465 portal services, 5 Portal Site Connection page, 253, 253 portal site connections breadcrumbs, 217 managing, 379–380, 379 ports securing, 83 web applications, 159 post-upgrade tasks, 513–515, 514–515 postinstallation tasks, 106 pre-upgrade scans, 500–502, 501–503

Index

preauthentication of connections, 71, 72 predefined application pools, 162 prescan.exe utility, 500–501, 504 primary environments, 17–18 Private Bytes counter, 467, 469 Process object performance counters, 467, 469 Processed Documents Rate counter, 468 Processor object performance counters, 466 Processor Queue Length counter, 466 processor requirements farm installations, 50 stand-alone installations, 47 upgrades, 499 % Processor Time counter, 459–460, 460, 466–467, 469 project tasks list, 270 protocols, securing, 83 proxies, reverse, 70 proxy server settings server farm installations, 125–126 stand-alone installations, 107 published sites preauthentication of connections, 71, 72 scheduling traffic to, 77, 77 publishing multiple sites to single IP address, 73 purpose of solutions, 16–18

Q Queries counter, 467 query server performance counters, 467–468 Quick Launch bar description, 216–217 modifying, 409–411 Quick Launch page, 234 quotas and quota templates collections, 188, 188, 192, 192 creating, 449–451, 450 database, 454–457, 454, 457 governance plans for, 266 web applications, 166, 168–169, 169

R RADIUS (remote authentication dial-in user service), 74 RADIUS OTP, 74 RAID (Redundant Array of Independent Disks), 30–31 RAM requirements for upgrades, 499 Read-Only option, 455 Read permission level, 322 Really Simple Syndication (RSS) description, 20 libraries, 289 lists, 280 settings, 244, 245 web applications, 167, 169, 170 recovering Recycle Bin items, 249–250, 377–378, 378 Recycle Bin, 14 for lists, 278, 278 managing, 377–378, 378 recovering items in, 249–250, 377–378, 378 turning on and off, 377 web applications, 167, 170, 171 Recycle Bin Status option, 377 redeploying customizations, 496 redirecting paths, 71, 71 Redirector object performance counters, 466 Redistributable Package page, 101, 116 redundancy, server, 57–58, 57–59 Redundant Array of Independent Disks (RAID), 30–31 Regional Settings page, 239–243 regions, content, 402 registry entries, 135–136, 135 Relay Restrictions dialog box, 109, 130–131 remapping paths, 71, 71 remote authentication dial-in user service (RADIUS), 74 remote employees, extranets for, 65 removing customizations, 496 users from groups, 348–349, 349 web parts from pages, 434–435, 435 reparenting, 14 replication, database, 65

549

Request/Sec counter, 467 requests access, 349–352, 350–353 page, 401 Require Approval option, lists, 275 Require Check Out option, 285–286, 285 Require Content Approval option, 285 Reset Internet Information Services section, 163 Reset Page to Site Definition Version page, 237–238, 238 Reset to Site Definition option, 415 Resources list, 156 Resources section, 373 Restart IIS Automatically option, 163 restore command in Stsadm, 385–386 Restore from Backup page, 383, 383 restoring backups. See backup and restore operations Recycle Bin items, 249–250, 377–378, 378 Retries counter, 468 reverse caching, 73 reverse proxies, 70 Rights Management Services (RMS), 186, 290 root paths (/), 28 root site collections, 186–189, 187–189 round-robin DNS load balancing, 61 routers in hardware load balancing, 61 RSA SecurID, 74 RSS. See Really Simple Syndication (RSS)

S Sarbanes-Oxley Act (SOX), 266 Save as Template pages, 278, 278 Save Library as Template option, 288 Save List as a Template option, 278, 278

550

Index

Save Site as Template page, 234–237, 235 scalability options, 30–31 scaling out, 30 scaling up, 30–31 scans, pre-upgrade, 500–502, 501–503 scheduling counter logs, 461 IIS logs, 474 traffic to published sites, 77, 77 SCOM (Systems Center Operations Manager), 476 Search Visibility page, 245–246, 246 searches and search service accounts, 97 collections, 27 description, 5 farm installations, 127–130, 128–129 governance plans for, 267 indexing pages for, 246 libraries, 287, 288 limitations, 216 lists, 276 minimum level of availability, 61–62 overview, 157–158, 158 security, 82 server roles, 29–30 visibility, 245, 246 web applications, 164 Second Stage - Delete Items in the Recycle Bin After setting, 377 securable objects, 327–329, 328 secure infrastructure application servers, 81 database servers, 81 guidelines, 79 miscellaneous areas, 81–82 ports and protocols, 83 web front-end servers, 79–81, 80 Secure Sockets Layer (SSL) bridging and tunneling, 75–76, 76 Central Administration, 150 web applications, 161, 194 security, 8, 312 accounts, 97–98 Active Directory groups, 330–333

administrative groups, 333–336, 334 authentication, 313 authentication providers, 329–330 authorization, 313 Central Administration, 150–152, 151 Code Access Security, 358–360, 361 content, 336–337, 337 folders, items, and documents inheritance, 343–346, 345–347 groups for subsites, 339–340, 341 Information Rights Management, 347 list and library inheritance, 341–342, 343 subsite inheritance, 338–339 exam essentials, 362 extranets, 98 lists, 275 overview, 312 permissions. See permissions planning, 79–83, 80 requirements, 96–97 review questions, 363–370 securable objects, 327–329, 328 site access groups, 325–327, 326 summary, 361 users, 348 access requests, 349–352, 350–353 adding and removing users, 348–349, 349 anonymous access, 353–357, 354, 357 web applications authentication, 161, 162 authentication providers, 182–185, 183–184 configuring, 176–177 enabling, 170 implementing, 358 IRM, 185–186 parts, 177, 177 permissions, 178–182, 179, 181–182 policies, 179–182, 179, 181–182 self-service site management, 178, 178

validation, 167 Security Configuration section description, 374 web applications, 161 Security for Web Part Pages page, 177, 177 security identifiers (SIDs), 345 security trimming, 14 SecurityClasses section, 359 Select Site Collection page, 334, 453, 456–457 Select Web Application page, 355 Self-Service Site Management page, 178, 178 Send a Network Message option, 463 Send a Warning E-Mail When Site Storage Reaches setting, 450, 456 Send User Name and Password in E-mail setting, 167, 170 server farms accounts, 97 administration interface, 13 administrators, 13, 333–334 defined, 13 gradual upgrades, 491 installation, 114 antivirus program settings, 132 ASP.NET 2.0, 117 Central Administration tasks, 133 configuring servers as web servers, 115–116 diagnostic logging settings, 132 hardware requirements, 50, 114–115 incoming email settings, 130–131 Microsoft .NET Framework 3.0, 116–117 outgoing email settings, 131–132 proxy server settings, 125–126 search service, 127–130, 128–129 on servers, 118–120, 119–120 servers for, 126

Index

SharePoint Products and Technologies Configuration Wizard, 120–124, 121–124, 127 software requirements, 51–53, 53, 114–115 trusted sites, 125 medium and large farm implementations, 34–35, 34 overview, 24–25 redundancy requirements, 57–58, 57–59 small farm implementations, 33–34, 33 server local groups, 332 Server object performance counters, 466 Server Sessions Hung counter, 466 Server Type page, 103, 104, 119, 119, 126 servers configuring as web servers, 99–101, 99–100, 115–116 database. See database servers farm. See server farms overview, 25 roles in deployment architecture, 29–30 in scaling up, 31 search, 61–62 SQL. See SQL Server Servers in Farm page, 128, 128 service principal names (SPNs), 97, 161 Services on Server page, 156, 157 Set Password dialog box, 461 Set Target Web Application page, 508–509 Set Up Groups for This Site page, 340 Set Your Calendar setting, 241 setadminport command, 386–387 Setup user account, 53 Setup Wizard, 490, 490 Shared Documents page, 198, 198 Shared Versions, 433 SharePoint Designer master pages, 407–410, 408– 411 web part pages, 411–415, 412– 415

SharePoint Products and Technologies Configuration Wizard in-place upgrades, 504–505, 507 server farm installations, 120–124, 121–124, 127 tasks, 104–106, 105–106 SharePoint Search Gatherer object performance counters, 468 SharePoint Search Gatherer Projects object performance counter, 467–468 SharePoint Search Indexer Catalogs object performance counter, 467 SharePoint Site Management section, 375 SharePoint Web Application Management section, 375 SIDs (security identifiers), 345 Simple Mail Transfer Protocol (SMTP) server, 109, 111–112, 112, 131–132 single-server implementation, 31–33, 32 Single Sign-On (SSO) authentication, 330 Site Administration column, 228, 239 Delete This Site page, 248, 248 Regional Settings page, 239–243 RSS page, 244, 245 Search Visibility page, 245–246, 246 Site Libraries and Lists page, 243 Site Usage Reports page, 243 Sites and Workspaces page, 246–247, 247 Sites Features page, 247–248 User Alerts page, 243, 244 Site Administrators, 13 Site Collection Administration column, 228, 249 Portal Site Connection page, 253, 253 Recycle Bin page, 249–250 Site collection features page, 252 Site Collection Usage Summary page, 251, 251

551

Site Hierarchy page, 252, 252 Site Collection Administrators page, 192, 193, 334–336 Site collection features page, 252 Site Collection List page, 193, 193 Site Collection Quotas and Locks page, 192, 192, 454–457, 454 Site Collection Upgrade page, 509, 509 Site Collection Usage Summary page, 251, 251 Site Columns gallery, 239 Site Columns page, 272, 272 Site Content Type Advanced Settings page, 296, 296 Site Content Type gallery, 239, 293–295, 294–295, 297 Site Content Type page, 297, 297 Site Content Upgrade Status page, 508, 508 Site Definition Page Warning dialog box, 414, 414 site definitions custom, 497–498 features in, 431–432 modifying, 414–415, 414 vs. templates, 218 Site Features option, 429 Site Features page, 247–248 Site Hierarchy page, 252, 252 Site Libraries and Lists page, 243, 249 Site Owners, 13 Site Settings page, 227–228, 227 anonymous access, 355–356 collection administrators, 335–336, 335 features, 429, 429 galleries, 238–239 groups, 327 Look and Feel column, 228–238, 230–232, 235–236, 238 permission levels, 322, 324 Site Administration column, 239–248, 240–241, 244–248 Site Collection Administration column, 249–253 subsite groups, 340 subsite security, 338 usage analysis reports, 473 users, 348

552

Index

Site Theme page, 231–232, 232 Site Usage Reports page, 243 Site Use Confirmation and Deletion page, 191, 191 sites access groups, 325–327, 326 collections. See collections creating, 217 deleting, 248, 248 environment, 214–215 vs. hierarchy, 212–213 mapping user needs to capabilities, 215–216 models, 8 navigation controls, 216–217 objectives, 214 overview, 28 paths, 28 permissions, 178, 316–319 search limitations, 216 site definitions vs. site template, 218 stand-alone installations, 113 subsites, 28, 213 creating, 225–226, 226 groups for, 339–340, 341 inheritance, 338–339 templates, 218–224, 220–223, 225 themes, 231–232, 232, 498 Sites and Workspaces page, 246–247, 247 Sites Selected for Upgrade page, 509 size database, 449–451, 450 upload, 167, 169 small farms implementations, 33–34, 33 server redundancy requirements, 57–58, 57–58 SMTP (Simple Mail Transfer Protocol) server, 109, 111–112, 112, 131–132 social meeting workspace template, 224 software load balancing, 60–61 software requirements server farm installations, 51–53, 53, 114–115 stand-alone installations, 48–49, 49, 98–99 upgrades, 498–500

Solution Deployment packages, 360, 361 Sort Order setting, 240 SOX (Sarbanes-Oxley Act), 266 special considerations, 18–19 special site types, 21 Specify Configuration Database Settings page, 122, 122, 127, 507 split back-to-back topology, 68–69, 68 SPNavigationManager, 409 SPNs (service principal names), 97, 161 SPSite object, 28 SPWeb object, 28 SQL Database Maintenance Plan Wizard, 458 SQL Server farm installation requirements, 52 performance, 449 counters, 469 database size, 449–451, 450 maintenance, 458 quotas and locks, 454–457, 454, 457 service accounts, 97 upgrade requirements, 499 SQL Server 2005 Surface Area Configuration dialog box, 53, 53 SQL Server: Buffer Manager object performance counters, 469 SQL Server: Databases object performance counters, 469 SQL Server Express utility, 108 SQL Server Management Studio Express, 108 SQL Server: Transactions object performance counters, 469 SQLCMD utility, 108 SQLSERVERAGENT service, 97 SSL (Secure Sockets Layer) bridging and tunneling, 75–76, 76 Central Administration, 150 web applications, 161, 194 SSO (Single Sign-On) authentication, 330 stakeholder involvement in planning, 16 stand-alone installations, 32–33, 47, 98–99

antivirus program settings, 113 ASP.NET 2.0, 102, 102 Central Administration tasks, 113 configuring servers as web servers, 99–101, 99–100 diagnostic logging settings, 113 hardware requirements, 47, 98–99 incoming email settings, 109–111, 110–111 Microsoft .NET Framework 3.0, 101–102 outgoing email settings, 111–112, 112 postinstallation tasks, 106 proxy server settings, 107 SharePoint Products and Technologies Configuration Wizard, 104–106, 105–106 site creation, 113 software requirements, 48–49, 49, 98–99 trusted sites, 106–107 WID, 102–104, 103–104, 108, 108 Standard Edition of ISA Server, 69 stateful filtering, 70 storage locations, 398–400, 399– 400 Platform Services, 7 Storage section in usage summary, 251 .stp extension, 218 strong names, 416 Stsadm tool, 14, 360, 383–384 backup command, 385 benefits, 387–388 collection databases, 451 considerations, 384 feature installation and activation, 431, 431 location, 384 migrateuser command, 386 moving collections, 454 operations and parameters, 384–385 pre-upgrade scans, 500 restore command, 385–386

Index

setadminport command, 386–387 styles master pages, 401, 409–410, 411 themes, 231 web solution packages, 360 subsites, 28, 213 creating, 225–226, 226 groups for, 339–340, 341 inheritance, 338–339 surface area settings, 52–53, 53 survey lists, 270 switch boxes, 61 synchronous mirroring, 58, 63 System object performance counters, 466 Systems Center Operations Manager (SCOM), 476

T Team Folders, 3 team sites description, 9 templates, 219 TEMPLATE folder, 399, 399 templates collections, 187–188 vs. definitions, 218 from existing sites, 234–236, 235–236 libraries, 286 from lists, 278, 278 names, 450 quota, 166, 168, 169, 449–451, 450 saving libraries as, 288 sites, 218–224, 220–223, 225 themes, 231–232, 232, 498 This List search scope, 216 Threads Accessing Network counter, 468 three-server farm implementation, 57–58, 58 Three-State workflows, 300–301, 301 throttling, event, 470–472 Tier 1 management, 13 Tier 2 management, 13 Time Format setting, 241 % Time in GC counter, 467 time zones

regional settings, 240 web applications, 166, 168 Timer service, 13 Title, Description, and Icon page, 228–230, 230 titlegraphic.gif file, 228 toolbars for Master Page, 402, 405, 405, 409 Top-Level Site Successfully Created page, 189, 189 Top Link bar, 216–217, 233 topology, 212 collection hierarchy, 212–217 exam essentials, 254 review questions, 255–262 site creation, 217 subsites, 225–226, 226 templates, 218–224, 220–223, 225 site settings. See Site Settings page summary, 254 Topology and Services section, 374 trace logs, 470–471 Transact-SQL commands, 458 Tree View page, 230, 231 troubleshooting errors, 449 logs for, 469–470 diagnostic, 470–472, 470 IIS, 473–475, 475 usage analysis processing, 472–473, 473 trust levels in CAS, 358–359, 416–417 trusted sites, adding sites to, 106–107, 125 tunneling, SSL, 75–76, 76 12 hive CONFIG folder, 416 contents, 134–135, 135 icons, 228 logs, 469, 471–472 master pages, 402 pre-scan upgrades, 500 site definitions, 218, 398, 497 TEMPLATE folder, 399, 399 themes, 231 two server farm implementation, 57, 57 two-tier administration model, 13

553

U ULS (unified logging service) logs, 469–471 uncustomized pages, 399 Unexpected tracing level, 471 unicast mode in NLB, 60 unified logging service (ULS) logs, 469–471 universal groups, 332 Universal Time Code (UTC) format, 240 Update Personal Web Parts permission, 320 upgrade definition files, 497 Upgrade Earlier Versions page, 504, 506 Upgrade Running page, 505, 505, 509, 510 upgrades, 488 approach overview, 488–490, 489 customizations in, 495–498 database migration overview, 492–495, 493 process, 510–513, 512 exam essentials, 516 gradual overview, 491 process, 506–510, 508–510 in-place overview, 490–491 process, 503–505, 505 post-upgrade tasks, 513–515, 514–515 pre-upgrade scans, 500–502, 501–503 review questions, 517–523 selection criteria, 494–495 software and hardware requirements, 498–500 summary, 516 upload size setting, 167, 169 uploading documents to libraries, 292–293, 292 usage analysis processing, 243, 472–473, 473 usage logs counter, 469 usage reports, 243 usage summary, 251, 251 Use a Proxy Server for Your LAN option, 107, 126

554

Index

Use an Existing Website option, 160 Use Client Integration Features permission, 319 Use Existing Application Pool option, 162, 508 Use Local Computer Counters option, 459 Use Local Time for the File Naming and Rollover option, 474 Use Self-Service Site Creation permission, 318 User Alerts page, 243, 244 User Information page, 241 User Permissions for Web Application page, 178, 179 User Remote Interfaces permission, 319 usernames search service, 128 server farms, 122, 127 web applications, 162–163, 167, 170 Users and Permissions column, 228 users and user security, 348 access requests, 349–352, 350–353 adding and removing, 348– 349, 349 anonymous access, 353–357, 354, 357 credentials delegation, 72, 73 validation, 74–75, 74–75 needs determination, 18–21 number and type, 21–23 in usage summary, 251 UTC (Universal Time Code) format, 240

V Vendors page, 272, 272 Verbose tracing level, 471 versioning libraries, 284–286 lists, 275, 276 View All Site Content page, 270, 271 View Application Pages permission, 316

View Items permission, 316 View Pages permission, 318 View Usage Data permission, 317 View Versions permission, 316 viewing lists, 273, 273 master pages, 403–405, 403– 406 virtual IPs (VIP) clusters, 60 Visitors group, 325 Visual Aids option, 403, 409 Volume Shadow Copy Service, 14

W W3C Extended Log File Format, 474 Waiting Documents counter, 468 Warning events, 472 Web Application Settings page, 168–169, 168 Web Application to Upgrade section, 508 web applications, 159 anonymous access, 355 configuring, 166–170, 168–171 content databases, 174–176, 175 creating, 160–164, 161–164 deleting, 174, 174 DNS entries for host headers, 165–166, 165–166 extending, 193–199, 195–200 managed paths, 171–173, 172–173 overview, 25–26 security. See security services, 159 web browser support, 54, 437 feature compatibility, 55–56 levels, 54 web.config file, 183, 196, 358 Web Front-End (WFE) servers, 29 farm installation requirements, 50–52 minimum level of availability, 59–61 performance counters, 467 securing, 79–81, 80 Web Page Security Validation settings, 167, 170

Web Part Manager, 437, 437 Web Part Modification tool, 438 web parts, 9, 428 adding to pages, 433–434, 433– 434 for customized pages, 438 customizing, 411–415, 412– 415 exam essentials, 439 moving, 435–438, 436– 437 overview, 432, 432 pre-upgrade scans, 500 removing from pages, 434–435, 435 review questions, 440–445 summary, 439 in upgrades, 497 Web Parts task pane, 412 web servers configuring servers as, 99–101, 99–100, 115–116 front-end. See Web Front-End (WFE) servers minimum level of availability, 59–61 Web Service object performance counters, 467–468 Web Single Sign On authentication, 183–185 Web Site page for IIS logs, 474 Web Sites Properties dialog box, 100, 100, 116 webs, defined, 28. See also sites WebTemplate section in site definitions, 497 Welcome to SharePoint Products and Technologies page, 105, 105, 121, 121 WF (Workflow Foundation) technology description, 15 downloading, 101–102 installing, 116–117 working with, 299–301, 301 WFE (Web Front-End) servers, 29 farm installation requirements, 50–52 minimum level of availability, 59–61 performance counters, 467 securing, 79–81, 80

Index

WID (Windows Internal Database) basic installations, 26, 32, 47 installation and configuration with, 102–104, 103–104 interface, 108, 108 wikis description, 9 page libraries, 282 planning, 21 site templates, 220, 221 wildcard inclusion managed paths, 171–173, 172–173 Windows Active Directory credential validation, 74 for groups, 330–333 Windows authentication support for, 330 web applications, 163, 183 Windows components farm installations, 51 IIS configuration, 100, 116 stand-alone installations, 48 Windows Internal Database (WID)

basic installations, 26, 32, 47 installation and configuration with, 102–104, 103–104 interface, 108, 108 Windows Workflow Foundation (WF), 15 WMSDE (Microsoft SQL Server 2000 Desktop Engine), 511 Work Item Shortages counter, 466 Worker Processes Restarts counter, 467 Workflow Foundation (WF) technology description, 15 downloading, 101–102 installing, 116–117 working with, 299–301, 301 Workflow Management section, 375 workflows creating, 300–301, 301 description, 20 examples, 299–300 library settings, 289

555

list settings, 280 Working Set counter, 469 .wsp extension, 360 WSS_ADMIN_WPG group, 332 WSS_Medium.config file, 416–417 WSS_Medium trust setting, 359, 416–417 WSS_Minimal.config file, 416–417 WSS_Minimal trust setting, 359, 416–417 WSS_RESTRICTED_WPG group, 332–333 WSS_WPG group, 332

Z Zone option, 437 Zone Index option, 437 zones default, 25 description, 18 web applications, 181–183 web parts, 413, 437–438, 437

Wiley Publishing, Inc. End-User License Agreement READ THIS. You should carefully read these terms and conditions before opening the software packet(s) included with this book “Book”. This is a license agreement “Agreement” between you and Wiley Publishing, Inc. “WPI”. By opening the accompanying software packet(s), you acknowledge that you have read and accept the following terms and conditions. If you do not agree and do not want to be bound by such terms and conditions, promptly return the Book and the unopened software packet(s) to the place you obtained them for a full refund. 1. License Grant. WPI grants to you (either an individual or entity) a nonexclusive license to use one copy of the enclosed software program(s) (collectively, the “Software,” solely for your own personal or business purposes on a single computer (whether a standard computer or a workstation component of a multi-user network). The Software is in use on a computer when it is loaded into temporary memory (RAM) or installed into permanent memory (hard disk, CD -ROM, or other storage device). WPI reserves all rights not expressly granted herein. 2. Ownership. WPI is the owner of all right, title, and interest, including copyright, in and to the compilation of the Software recorded on the physical packet included with this Book “Software Media”. Copyright to the individual programs recorded on the Software Media is owned by the author or other authorized copyright owner of each program. Ownership of the Software and all proprietary rights relating there to remain with WPI and its licensers. 3. Restrictions On Use and Transfer. (a) You may only (i) make one copy of the Software for backup or archival purposes, or (ii) transfer the Software to a single hard disk, provided that you keep the original for backup or archival purposes. You may not (i) rent or lease the Software, (ii) copy or reproduce the Software through a LAN or other network system or through any computer subscriber system or bulletin-board system, or (iii) modify, adapt, or create derivative works based on the Software. (b) You may not reverse engineer, decompile, or disassemble the Software. You may transfer the Software and user documentation on a permanent basis, provided that the transferee agrees to accept the terms and conditions of this Agreement and you retain no copies. If the Software is an update or has been updated, any transfer must include the most recent update and all prior versions. 4. Restrictions on Use of Individual Programs. You must follow the individual requirements and restrictions detailed for each individual program in the About the CD -ROM appendix of this Book or on the Software Media. These limitations are also contained in the individual license agreements recorded on the Software Media. These limitations may include a requirement that after using the program for a specified period of time, the user must pay a registration fee or discontinue use. By opening the Software packet(s), you will be agreeing to abide by the licenses and restrictions for these individual programs that are detailed in the About the CD -ROM appendix and/or on the Software Media. None of the material on this Software Media or listed in this Book may ever be redistributed, in original or modified form, for commercial purposes. 5. Limited Warranty. (a) WPI warrants that the Software and Software Media are free from defects in materials and workmanship under normal use for a period of sixty (60) days from the date of purchase of this Book. If WPI receives notification within

the warranty period of defects in materials or workmanship, WPI will replace the defective Software Media. (b) WPI AND THE AUTHOR(S) OF THE BOOK DISCLAIM ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE SOFTWARE, THE PROGRAMS, THE SOURCE CODE CONTAINED THEREIN, AND/OR THE TECHNIQUES DESCRIBED IN THIS BOOK. WPI DOES NOT WARRANT THAT THE FUNCTIONS CONTAINED IN THE SOFTWARE WILL MEET YOUR REQUIREMENTS OR THAT THE OPERATION OF THE SOFTWARE WILL BE ERROR FREE. (c) This limited warranty gives you specific legal rights, and you may have other rights that vary from jurisdiction to jurisdiction. 6. Remedies. (a) WPI’s entire liability and your exclusive remedy for defects in materials and workmanship shall be limited to replacement of the Software Media, which may be returned to WPI with a copy of your receipt at the following address: Software Media Fulfillment Department, Attn.: MCTS: Windows SharePoint Services 3.0 Configuration Study Guide, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, or call 1-800 -762-2974. Please allow four to six weeks for delivery. This Limited Warranty is void if failure of the Software Media has resulted from accident, abuse, or misapplication. Any replacement Software Media will be warranted for the remainder of the original warranty period or thirty (30) days, whichever is longer. (b) In no event shall WPI or the author be liable for any damages whatsoever (including without limitation damages for loss of business profits, business interruption, loss of business information, or any other pecuniary loss) arising from the use of or inability to use the Book or the Software, even if WPI has been advised of the possibility of such damages. (c) Because some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation or exclusion may not apply to you. 7. U.S. Government Restricted Rights. Use, duplication, or disclosure of the Software for or on behalf of the United States of America, its agencies and/or instrumentalities “U.S. Government” is subject to restrictions as stated in paragraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause of DFARS 252.227-7013, or subparagraphs (c) (1) and (2) of the Commercial Computer Software - Restricted Rights clause at FAR 52.227-19, and in similar clauses in the NASA FAR supplement, as applicable. 8. General. This Agreement constitutes the entire understanding of the parties and revokes and supersedes all prior agreements, oral or written, between them and may not be modified or amended except in a writing signed by both parties hereto that specifically refers to this Agreement. This Agreement shall take precedence over any other documents that may be in conflict herewith. If any one or more provisions contained in this Agreement are held by any court or tribunal to be invalid, illegal, or otherwise unenforceable, each and every other provision shall remain in full force and effect.

T

he Best MCTS: Windows SharePoint Services 3.0 Configuration Book/CD Package on the Market!

Get ready for your Microsoft Certified Technology Specialist: Microsoft Windows SharePoint Services 3.0, Configuration certification with the most comprehensive and challenging sample tests anywhere! The Sybex Test Engine features:
All the review questions, as covered in each chapter of the book
Challenging questions representative of those you’ll find on the real exam
Two bonus exams available only on the CD
An Assessment Test to narrow your focus to certain objective groups. Use the Electronic Flashcards to jog your memory and prep last-minute for the exam!
Reinforce your understanding of key concepts with these hardcore flashcard-style questions.

Search through the complete book in PDF!
Access the entire MCTS: Windows SharePoint Services 3.0 Configuration Study Guide complete with figures and tables, in electronic format.
Search the MCTS: Windows SharePoint Services 3.0 Configuration Study Guide chapters to find information on any topic in seconds.

MCTS: Windows SharePoint Services 3.0 Configuration Study Guide Exam 70-631: TS: Microsoft Windows SharePoint Services 3.0, Configuring Objectives OBJECTIVE

CHAPTER

DEPLOY WINDOWS SHAREPOINT SERVICES 3.0 (WSS) Configure WSS server roles.

1

Configure WSS topology.

1

Create WSS namespace.

4

Upgrade WSS 3.0 from WSS 2.0.

12

Install WSS.

3

MONITOR WINDOWS SHAREPOINT SERVICES Maintain storage performance.

11

Configure centralized monitoring for WSS.

11

Configuring performance monitor.

11

Identify WSS problems using the Web Event Viewer.

11

Monitor logs.

11

CONFIGURE SECURITY FOR WINDOWS SHAREPOINT SERVICES Configure Web application authentication.

4

Configure a Web application for SSL.

4

Configure NTLM or Kerberos authentication.

4

Configure roles and site permissions.

7

Implement access policies.

4, 7

Manage database permissions.

2

Configure Information Rights Management (IRM).

4.6

ADMINISTER WINDOWS SHAREPOINT SERVICES Configure site settings.

4, 5, 6, 7, 8

Manage Central admin.

4, 8

Administer Windows SharePoint Services by using STSADM.

8

Configure backup and restore (disaster/recovery).

8

OBJECTIVE

CHAPTER

MANAGE CUSTOMIZATION Configure master page.

9

Customize pages by using SharePoint Designer.

9

Customize pages using browser.

9, 10

Configure code access security.

9

CONFIGURE NETWORK INFRASTRUCTURE FOR WINDOWS SHAREPOINT SERVICES Configure names resolution.

4

Configuring Network Load Balancing (NLB).

2

Configure WSS to support perimeter network.

2

Configure Internet Security and Acceleration Server (ISA).

2

Exam objectives are subject to change at any time without prior notice and at Microsoft's sole discretion. Please visit Microsoft's website ( www.microsoft.com/learning) for the most current listing of exam objectives.

Get the Preparation You Need for Exam 70-631 The demand for qualified SharePoint administrators is growing. Validate your expertise in this expanding career field with certification as a Microsoft Certified Technology Specialist in Windows SharePoint Services 3.0 Configuration. This in-depth study guide thoroughly covers all exam objectives for Exam 70-631 and prepares you to deploy, secure, and monitor Windows SharePoint Services 3.0. Inside, you’ll find:

FEATURED ON THE CD

Full coverage of all exam objectives in a systematic approach, so you can be confident you’re getting the instruction you need for the exam Practical hands-on exercises to reinforce critical skills Real-world scenarios that put what you’ve learned in the context of actual job roles

SYBEX TEST ENGINE Test your knowledge with advanced testing software. Includes chapter review questions and bonus exams.

Challenging review questions in each chapter to prepare you for exam day Exam Essentials, a key feature in each chapter that identifies critical areas you must become proficient in before taking the exam A handy tear card that maps every official exam objective to the corresponding chapter in the book, so you can track your exam prep objective by objective

Look inside for complete coverage of all exam objectives.

ELECTRONIC FLASHCARDS

www.sybex.com ABOUT THE AUTHORS Marilyn Miller-White, MCT, MCTS, MCITP, is a trainer and well-known author, as well as owner of White Consulting, a New Jersey–based consultancy and training company. She has been a presenter at Microsoft launch events for SQL Server 2005 and Visual Studio 2005, as well as a Technical Learning Guide and a presenter at TechEd. Paul Stork, MCT, MCTS, MCITP, is a SharePoint Server MVP who currently works as a trainer and consultant for Mindsharp. With over 20 years of experience, he is a much sought-after resource for SharePoint questions that involve both administration and development issues. Kris Wagner, MCP, MCSE, MCTS, MCITP, is a Microsoft SharePoint Solutions Architect currently working as a Senior Consultant for Slalom Consulting. Kris has over nine years of experience in SharePoint concept design, installation, and system delivery.

$49.99 US $59.99 CN

Reinforce your understanding with electronic flashcards.

Also on CD, you’ll find the entire book in searchable and printable PDF. Study anywhere, any time, and approach the exam with confidence.

C AT E G O RY COMPUTERS/Certification Guides ISBN: 978-0-470-44931-8