Module 5: Configuring Sharepoint Products and Technologies On A Server Farm

Module 5: Configuring SharePoint Products and Technologies on a Server Farm
Contents Overview Lesson: Configuring Security for SharePoint Products and Technologies Lesson: Configuring Multiple Servers Lesson: Single Sign-On Lesson: Configuring the User Experience Lesson: Managing Data on SharePoint Products and Technologies Lesson: Removing Windows SharePoint Services from a Virtual Server 1 2 16 26 39 51 69
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. 2004 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, BizTalk, FrontPage, InfoPath, Microsoft Press, MSDN, OneNote, Outlook, PowerPoint, SharePoint, Visual Basic, Visual Studio, and Windows Media are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
iii
Instructor Notes
Presentation: 3 hours, 45 minutes Lab: 00 minutes There are several administration pages within Microsoft SharePoint Products and Technologies. These administration pages make it possible to monitor and modify all aspects of the portal and sites. After completing this module, students will be able to:
! ! ! !
Manage and identify security configuration. Identify server configuration. Identify component configuration. Identify virtual server configuration.
Required materials
To teach this module, you need the following materials:

!
Microsoft PowerPoint file 2012B_05.ppt.
Important It is recommended that you use PowerPoint 2002 or later to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, all the features of the slides may not be displayed correctly. Preparation tasks To prepare for this module:
! !
Read all of the materials for this module. Complete the practices and labs.
iv
How to Teach This Module

This section contains information that will help you to teach this module. Verify that you can log onto the Domain Controller before you begin teaching this module. At the end of each day in the classroom, keep the virtual computers running for use in the next days class. Restarting the computers will require a minimum of 30 minutes.
Lesson: Configuring Security for SharePoint Products and Technologies

Managing Security Managing Site Collection Owners and Groups Instructor-Led Practice: Setting SharePoint Administration Group Accounts Configuring Security Settings Remind the students that security needs to be managed across a number of areas including, but not limited to those listed on the slide. Key point: Students can add their own site groups such as Partners, Customers or Contractors. This practice applies the content covered in the prior topic.
Have a short discussion with the class about the balance between restricting rights for security reasons, and adding rights to improve productivity. Discuss how the sides of this conflict are defined by roles: Systems administrators vs. users. This practice applies the content covered in the prior topic. Start with group rights, then select individuals rights. Discuss with the class when it would be appropriate to block files, and when not. Key point: How you configure virus scanning will depend on you virus checker.
Instructor-Led Practice: Configuring Security Settings Managing Blocked File Types Configuring Antivirus Settings
Lesson: Configuring Multiple Servers

Instructor-Led Practice: Specifying the Content Database Server Setting Up the Configuration Database Server E-mail Server Key point: The difference between SharePoint Portal Server and Windows SharePoint Services can have major impacts on storage. Do not perform the procedures for this topic, since this may make future labs and instructor-led practices unworkable. Key point: In order to limit problems, students should plan their email processes before installing SharePoint Products and Technologies.
Configuring Server Farm Accounts
This is where students establish the contacts for the server farm. Have a discussion with the class about who would be the contact person in their organization, and what impact that would have on the person. In this instructor-led practice (ILP), the students are making Suzan Fine the contact person for this server farm. This is the only time this procedure is covered. There is no follow up lab.
Instructor-Led Practice: Configuring Server Farm Accounts
Lesson: Single Sign-On

The first two ILPs in this lesson build on each other and are subsets of the third ILP. Why Have Single SignOn? Instructor-Led Practice: Preparing for Single Sign-On Configuring Single SignOn Security Key point: Without single sign-on, users need to re-log on every time they navigate to a new site. This is the only time this procedure is covered. There is no follow up lab.
Do not follow these procedures since they may damage the classroom setup. Mention that the classroom setup is configured for instructional purposes, and does not reflect the best security practices. Note that steps 1 and 9 were covered in the two prior topics. This is the only time this procedure is covered. There is no follow up lab
Instructor-Led Practice: Configuring Single SignOn
Lesson: Configuring the User Experience

Instructor-Led Practice: Configuring Virtual Servers Instructor-Led Practice: Creating Top Level Sites Instructor-Led Practice: Configuring URL Paths Instructor-Led Practice: Self-Service Site Creation Configuring Web Part Pages Configuring Automated Web Site Management Key point: Each server can be customized for a different audience.
Discuss with the class how much ownership their organization allows users. Will the administrators create top level sites, or will the users do it themselves? Discuss the value of providing paths with simple names for specific groups, such as http://partners/prefered partners. Again, discuss with the class how much ownership their organization allows users. Will they need to create top level sites, or will the users do it themselves? Again, discuss with the class how much ownership their organization allows users. Will they need to create top level sites, or will the users do it themselves? Best-practice: Back up regularly; users who are on vacation may miss all of the confirmation emails and will want you to recover their sites.
vi
Lesson: Managing Data on SharePoint Products and Technologies

Configuring the HTML Viewer Configuring E-mail Setting Instructor-Led Practice: Configuring Content Databases Configuring Data Retrieval Services Instructor-Led Practice: Configuring Data Retrieval Services Configuring Search Service on a Server Farm Configuring Usage Analysis Processing Instructor-Led Practice: Configuring Diagnostic Settings The HTML view is provided for devices that do not use Microsoft Office; discuss with the class when this condition is likely to arise. For international companies, review the languages used between offices. The default character set may be the best compromise, even in organizations that are based outside of English speaking areas. Key point: Configuration databases are linked to virtual servers.
Key point: This allows students to work with Web services. Key point: Students need to set the size and time-out limits to protect their own systems performance. Key point: The key difference between single-server and server farms is that server farms typically have a dedicated search server. You will perform a usage analysis in Module 9. Make sure that the class enables logging events. They will use this data in Module 9. This is the only time this procedure is covered. There is no follow up lab
Lesson: Removing Windows SharePoint Services from a Virtual Server

This one slide lesson is an Instructor-Led Practice. Stop the instructor-led practice at step 6. The next step may make future labs and instructor-led practices unworkable.
Overview
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Microsoft SharePoint Products and Technologies are designed to be deployed onto server farms that provide increased scalability and reliability over a single server deployment. There are several administration pages within SharePoint Products and Technologies. These administration pages make it possible to monitor and modify all aspects of the portal and sites. After completing this module, you will be able to:
! ! ! !
Objectives
Configure a server farm deployment for a high level of security. Deploy SharePoint Products and Technologies across multiple servers. Configure single sign-on Optimize your users experience with SharePoint Products and Technologies. Manage the virtual servers that support SharePoint Products and Technologies. Remove Windows SharePoint Services from a virtual server.
Lesson: Configuring Security for SharePoint Products and Technologies
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction In this lesson, you will learn how to use the links under Security Configuration on the SharePoint Portal Server Administration page to view or configure security settings for SharePoint Products and Technologies for servers in this server farm. After completing this lesson, you will be able to:
! ! ! ! ! !
Lesson objectives
Set SharePoint administration group accounts. Manage site collection owners. Mange security settings. Manage Web site users. Manage blocked file types. Configure antivirus settings.
Managing Security
*****************************ILLEGAL FOR NON-TRAINER USE****************************** About security options User authentication Windows SharePoint Services includes or takes advantage of the following elements that interact with and affect your security for Web site content. User authentication is the process used to validate the user account that is attempting to gain access to a Web site or network resource. You manage security using Microsoft Windows NT users and security groups (DOMAIN\user and DOMAIN\security group). You cannot use distribution lists to control access to content in Microsoft Windows SharePoint Services, because distribution lists are not used for authentication in Windows. User authentication for Windows SharePoint Services is based on Internet Information Services (IIS) authentication methods. You can use Windows SharePoint Services with the following forms of user authentication:
! ! ! ! !
Anonymous authentication Basic authentication Integrated Windows authentication Digest and Advanced Digest authentication Certificates authentication (SSL)
You choose the authentication method you want to use when you set up your Web server. You cannot change the authentication method by using the Windows SharePoint Services administration tools; you must use the IIS administration tool for your server computer to change the authentication method.
Anonymous authentication
Anonymous authentication provides access to users who do not have Windows accounts on the server computer, such as Web site visitors. IIS creates the anonymous account for Web services, which is often named IUSR_computername. When IIS receives an anonymous request, it impersonates the anonymous account. You can allow or disallow anonymous access in IIS for a particular virtual server, and allow or disallow anonymous access for a site on that virtual server by using SharePoint Central Administration. Anonymous access must be enabled in IIS before you can enable it for a Web site on that virtual server.
Basic authentication
Basic authentication is an authentication protocol supported by most Web servers and browsers. Although Basic authentication transmits user names and passwords in easily decoded clear text, it has some advantages over more secure authentication methods, in that it works through a proxy server firewall and ensures that a Web site is accessible by almost any Web browser. If you use Basic authentication in combination with Secure Sockets Layer (SSL) security, you can help protect user names and passwords, making your user information more secure than using only Basic authentication. Integrated Windows authentication (also known as Windows NT Challenge Response) encrypts user names and passwords in a multiple transaction interaction between client and server, thus making this method more secure than Basic authentication. Disadvantages are that this method cannot be performed through a proxy server firewall, and some Web browsers (such as Netscape Navigator) do not support it. You can choose to use this authentication method and Basic authentication. Most Web browsers select the most secure option. For example, if both Basic authentication and Integrated Windows authentication are enabled, Microsoft Internet Explorer tries Integrated Windows authentication first. Certificates authentication, also known as Secure Sockets Layer (SSL) security, provides communications privacy, authentication, and message integrity for a TCP/IP connection. By using the SSL protocol, clients and servers can communicate in a way that prevents eavesdropping, tampering, or message forgery. With Windows SharePoint Services, SSL helps secure access across firewalls and allows more secure remote administration of Windows SharePoint Services. You can also specify that SSL be used when opening a Web site based on Windows SharePoint Services. The SharePoint administrators group is a Microsoft Windows user group authorized to perform administration tasks for Windows SharePoint Services. To install Windows SharePoint Services, you must be a member of the local administrators group on the server computer. This group also gives users the permissions needed to control settings on the SharePoint Central Administration pages, and to run the command-line tool Stsadm.exe. You can also identify a specific domain group to allow administration access to Windows SharePoint Services, in addition to the local administrators group. Help documentation for SharePoint Products and Technologies refers to this domain group as the SharePoint administrators group. You can add users to this group rather than to the local administrators group, to separate administration access to Windows SharePoint Services from administration access to the local server computer.
Integrated Windows authentication
Certificates authentication (SSL)
SharePoint administrators group
Members of the SharePoint administrators group do not have access to the IIS metabase, so they cannot perform the following actions for Windows SharePoint Services:
!
Extend virtual servers. Note Members of this group can create top-level Web sites and change virtual server settings.
! ! ! !
Manage paths. Change the SharePoint administrators group. Change the configuration database settings. Use the Stsadm.exe command-line tool.
Members of the SharePoint administrators group can perform any other administrative action using SharePoint Central Administration or the object model for Windows SharePoint Services. Members of both the SharePoint administrators group and the local administrators group have rights to view and manage all sites created on their servers. This means that a server administrator can read documents or list items, change survey settings, delete a site, or perform any action on a site that the site administrator can perform. Site groups Site groups provide a means of assigning rights to specific users or groups in a SharePoint site. There is a predefined list of site groups for each Web site (Administrators and Web Designers, for example). To grant a user access to a Web site, you assign that user to a site group. Windows SharePoint Services also uses cross-site groups. A cross-site group is a group of users that can be assigned to a site group on any Web site in a site collection. There are no site groups defined by default in Windows SharePoint Services. Security practices recommended to help secure the port used for SharePoint Central Administration are Secure Sockets Layer (SSL) security and a firewall. These two features can help to prevent external access to the administration port. Use either Windows NT Integrated authentication or SQL Server authentication to connect to your configuration database and content database. A firewall helps protect your data from access by other people and organizations on the Internet. Windows SharePoint Services can work inside or through a firewall.
Secure Sockets Layer and firewall protection
Microsoft SQL Server connection security Firewall protection
Managing Site Collection Owners and Groups
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Site Collection Owner A set of Web sites on a virtual server that have the same owner and share administration settings is referred to as a site collection. Each site collection contains a top-level Web site and can contain one or more sub-sites. There can be multiple site collections on each virtual server. You can view or change the owner and secondary owner for a site collection. These users receive any quota or auto-deletion notices, and have site collection administrator privileges. The secondary owner is an optional entry for a Web site collection. The current secondary owner is displayed. Note Making a user a site owner also adds that person to the list of site collection administrators. Removing users from the list of site owners also removes them from the list of site collection administrators but does not change any other group member rights granted to them. Site groups Windows SharePoint Services uses site groups to manage security across a SharePoint site. Each user must be a member of at least one site group in order to view or access a SharePoint site. Each site group possesses corresponding rights. Rights are rules associated with the system as a whole, granted to local groups, global groups, and users. A right within Windows SharePoint Services may be actions that you can perform, such as Manage Lists. In addition, you can edit the rights assigned to a specific site group, create an additional site group, or delete an unused site group. You manage site groups in Windows SharePoint Services from SharePoint Central Administration or by using the command-line administration tool.
Note You can add user accounts to a SharePoint site without assigning them to a site group. For example, you can create the user accounts and then assign the users to site groups later. You can also remove a user from all site groups. When you remove a user from all site groups, the user has no access to the Web site. Windows SharePoint Services includes the following site groups by default:
!
GuestHas limited rights to view pages and specific page elements. Use this site group to give users access to a particular page or list without granting them rights to view the entire site. You cannot add users explicitly to the Guest site group; users who are given access to lists or document libraries by way of per-list permissions are automatically added to the Guest site group. You cannot customize or delete the Guest site group. Reader Has rights to view items, view pages, and create a top-level Web site using the Self-Service Site Creation feature. Readers can only view pages on a SharePoint site; they cannot add content. Note When a member of the Reader site group creates a site using the SelfService Site Creation feature, that person becomes the site owner and a member of the Administrator site group for the new site. This does not affect the site group membership of the user for any other site.
ContributorHas Reader rights plus the rights to add, edit, and delete items, browse directories, manage personal views, add, remove, or update personal Web Parts, and create cross-site groups. Members of the Contributor site group cannot create lists or document libraries, but they can add content to existing lists and document libraries. Web DesignerHas Contributor rights plus the rights to cancel check-out, manage lists, add and customize pages, define and apply themes and borders, and apply style sheets. Members of the Web Designer site group can modify the structure of the site and create lists or document libraries. AdministratorHas all rights from other site groups plus the rights to manage site groups, manage list permissions, create SharePoint sites, and view usage analysis data. You cannot customize or delete the Administrator site group. In addition, there must always be at least one member of the Administrator site group. Members of the Administrator site group always have access to, or can grant themselves access to, any item in the Web site. Note The owner and secondary owner of a site collection are members of the Administrator site group for their site, but they are also identified separately in the configuration database as site collection owners. This owner flag can only be changed by using the Manage Site Collection Owners page in SharePoint Central Administration or by using the siteowner operation with Stsadm.exe. If you remove an owner from the Administrator site group for the site, the owner retains the owner flag in the database, and can still perform site collection administrative tasks.
These site groups are defined per SharePoint site. Users assigned to the Administrator site group are administrators only for a particular SharePoint site. To perform any administrative tasks that affect settings for all SharePoint sites and virtual servers on the server computer, a user must be an administrator for the server computer (also known as a local machine administrator) or a member of the SharePoint administrators group, rather than a member of an Administrator site group for a specific SharePoint site. Customizing rights for site groups You can create a site group or customize an existing site group to include only the rights you want (except for the Guest and Administrator site groups, which cannot be customized). For example, to allow only the Web Designers to be able to edit lists on the site, you can remove the Edit Items right from the Contributor site group. Note Some rights depend on other rights. You must be able to view items before you can edit items. If a right is deleted from a site group, any rights dependent on that right are also deleted. For example, when the View Items right is deleted, the Add Items, Edit Items, and Delete Items rights are also deleted. In the same way, if you add a right that requires another right, the required right is also added. So, if you grant the Edit Items right to a user, the View Items right is granted automatically. Security and user rights User rights grant you the ability to perform certain actions on a Web site, and restrict other users from performing those actions. Some rights do not completely restrict certain actions. The Apply Themes and Borders and Apply Style Sheets rights allow you to make changes to an entire Web site. Any user with the Add and Customize Pages right, however, can perform the same changes on a page-by-page basis in the actual HTML code. Be aware that if you give users the Add and Customize Pages right by assigning them to a site group that contains the right, you also give them the ability to change the theme, border, and style sheets for individual pages in the SharePoint site. When you assign rights to site groups, ensure that you assign the appropriate rights, and do not unintentionally allow members of the site group to perform more actions that you want on the SharePoint site. Conversely, ensure that members of the site group are not unintentionally restricted from performing the actions they need to perform. About site owners and secondary owners When a user creates a site, the user is listed as the site owner. Depending on your configuration, the user may also be required to specify a secondary contact for the site. Confirmation notifications are automatically sent to the site owner and to the secondary contact, if one exists. The owner and secondary owner of a site collection are members of the Administrator site group for their site, but they are also identified separately in the configuration database as site collection owners. This owner flag can only be changed by using the Manage Site Collection Owners page in Central Administration or by using the siteowner operation with Stsadm.exe. If you remove an owner from the Administrator site group for the site, the owner retains the owner flag in the database, and can still perform Web site administrative tasks.
Instructor-Led Practice: Setting SharePoint Administration Group Accounts
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Specify the Windows NT security group account to which you want to grant administrative access for SharePoint Products and Technologies. Members of this group account do not have to be local administrators to perform administration tasks for SharePoint. Note Members of the local Administrators group account can also perform administration tasks for SharePoint Products and Technologies. In this instructor-led practice, use the following values:
Variable Virtual Computer Virtual Computer - Domain controller Virtual Computer - SQL server domain_administrator name Value Madrid Glasgow Melbourne ADVWORKS\SuzanF
Specifying the SharePoint administrators group account
! To specify the SharePoint administrators group account

1. If you have not already, log the Madrid virtual computer onto the MADRID (this computer) as Administrator with a password of P@ssw0rd, and then start SharePoint Portal Server Central Administration. 2. On the SharePoint Central Administration for MADRID page, in the Security Configuration section, click Set SharePoint administrative group account.
10
3. In the Set SharePoint Administrator Group Account section, type the domain_administrator_name to grant administrative access to SharePoint Products and Technologies. 4. Click Cancel. Ordinarily you would click OK to apply these settings, but the current configuration on Madrid needs to be preserved for use in later practices and labs. You can only assign one domain account as the SharePoint administrators group account. To include other members, use a group account and add the additional members to the group account by using User Accounts in Control Panel. You must be logged on as an administrator or a member of the SharePoint Administrator group in order to complete this procedure. If your computer is connected to a network, network policy settings may also prevent you from completing this procedure. To change the assigned group, follow the steps to specify a group and specify a different domain group. When you specify a new group, the members of the previous group can no longer manage the server or server farm running Microsoft Windows SharePoint Services.
! Virtual computer set-up

Keep the Glasgow, Melbourne and Madrid virtual computers running for use in the next instructor-led practice.
11
Configuring Security Settings
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Security and user rights User rights grant users the ability to perform certain actions on a Web site, and restrict other users from performing those actions. Some rights do not completely restrict certain actions. The Apply Themes and Borders and Apply Style Sheets rights allow users to make changes to an entire Web site. Any user with the Add and Customize Pages right, however, can perform the same changes on a page-by-page basis in the actual HTML code. Be aware that if you give users the Add and Customize Pages right by assigning them to a site group that contains the right, you also give them the ability to change the theme, border, and style sheets for individual pages in the SharePoint site. When you assign rights to site groups, ensure that you assign the appropriate rights, and do not unintentionally allow members of the site group to perform more actions that you want on the SharePoint site. Conversely, ensure that members of the site group are not unintentionally restricted from performing the actions they need to perform. Editing rights for a site group You can edit rights for specific site groups. To edit the rights for a site group, you must at a minimum be a member of the Administrator site group on the portal site. You can also edit the rights for a site group if you are a member of the SharePoint administrators group or if you are a member of the local Administrators group on the front-end Web server on which the portal site is located. Important The View Area right must be assigned to the Reader site group if Readers are to be able to view the home page of the portal site.
12
Instructor-Led Practice: Configuring Security Settings
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction In this instructor-led practice, use the following values:
Variable Virtual Computer Virtual Computer - Domain controller Virtual Computer - SQL server site_group Value Madrid Glasgow Melbourne Contributor
Editing security and user rights
! To edit rights for a site group

1. If you have not already, log the Madrid virtual computer onto the MADRID (this computer) as Administrator with a password of P@ssw0rd, and then navigate to http://madrid using Internet Explorer. 2. Click Site Settings. 3. On the Site Settings page, in the General Settings section, click Manage security and additional settings. 4. On the Manage security and additional settings page, in the Users and Permissions section, click Manage site groups. 5. On the Manage Site Groups page, click the site_group for which you want to edit the rights (click the name of the site group, not the check box).
13
6. On the Members of Contributor page, click Edit Site Group Permissions. 7. On the Change Site Group Rights page, select the rights for the site group, and then click Cancel. Ordinarily you would click OK to apply these settings, but the current configuration on Madrid needs to be preserved for use in later practices and labs.

14
Managing Blocked File Types
*****************************ILLEGAL FOR NON-TRAINER USE****************************** About Blocked File Types Windows SharePoint Services provide the ability to restrict certain kinds of files from being uploaded or retrieved, based on the file extension. For example, a file with the .exe file extension could potentially contain code that runs on client computers when it is downloaded. Because it has the .exe file extension, the file can be run on demand when it is downloaded. If files with the .exe file extension are blocked, you can neither upload nor download a file with the .exe extension, and potentially dangerous content in the .exe file cannot be downloaded. This feature does not prevent all exploits based on file types, nor is it designed to do so. By default, several standard file extensions are blocked, including any file extensions that are treated as executable files by Windows Explorer. Files with curly braces { or } are also blocked automatically. Refer to the documentation for extensions blocked by default.
15
Configuring Antivirus Settings
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction With SharePoint Products and Technologies, you can specify when you want documents stored in document libraries and lists to be virus scanned, and whether you want your virus scanner to attempt to clean infected documents. You can also specify how long the virus scanner should run before timing out, and the number of execution threads on the server that it may use. If server response time is slow while scanning, you may want to decrease the number of seconds and threads allowed for virus scanning. You can specify antivirus settings by using SharePoint Central Administration or by using the command line. You can also configure antivirus protection by setting properties on the command line. To set a property, you use the Stsadm.exe tool with the setproperty operation. Refer to documentation for command line usage of antivirus protection configuration.
Configure antivirus settings Use the command line to configure antivirus protection
16
Lesson: Configuring Multiple Servers
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction In this lesson, you will learn how to use the links under Server Configuration on the SharePoint Server Central Administration page to configure server topology, database server settings, e-mail server information, and server farm account settings. After completing this lesson, you will be able to:
! ! ! !
Lesson objectives
Specify the content database server. Configure the configuration database server. Configure the e-mail server settings. Configure server farm account settings.
17
Instructor-Led Practice: Specifying the Content Database Server
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction SharePoint Products and Technologies use content databases to store content for individual sites. However, SharePoint Portal Server uses a different content database for each site, while Windows SharePoint Services use a single content database for multiple sites. You can view the complete list of database settings for the server farm in the Database Server Settings section on the Configure Server Topology and Component Assignments page. An asterisk (*) next to the server name in the site settings entry indicates the default database server for the content database for the next portal site created. All servers that have stored the content database for previously-created portal sites are also listed. In this instructor-led practice, use the following values:
Variable Virtual Computer Virtual Computer - Domain controller Virtual Computer - SQL server Value Madrid Glasgow Melbourne
Specifying Content Database Settings
! To specify content database settings

1. If you have not already, log the Madrid virtual computer onto the MADRID (this computer) as Administrator with a password of P@ssw0rd, and then start SharePoint Portal Server Central Administration. 2. On the SharePoint Portal Server Central Administration for MADRID page, in the Server Configuration section, click Specify content database server.
18
3. On the Specify Content Database Settings page, verify that MELBOURNE\ADVWORKSPORTAL displays in the Server name box. Note If you need to change the server name, you must first de-select the check box. 4. Click Cancel. Ordinarily you would click OK to apply these settings, but the current configuration on Madrid needs to be preserved for use in later practices and labs. Removing a Server from the Server Farm The following procedure is not necessary to complete as part of the instructorled practice. The preferred method for removing a server running SharePoint Portal Server from the server farm is to disconnect the server from the configuration database. Note For information about configuration database settings, see Specifying Configuration Database Settings on the Help menu, or http://www.microsoft.com/sharepoint/. It is recommended that you remove a server from the server farm by using the Remove Server button on the Configure Server Topology page only in the following situations:
! ! !
The server does not have SharePoint Portal Server installed on it. The server running SharePoint Portal Server is unresponsive or offline. The server is running the optional component for backward-compatible document libraries only.
Before you remove a server from the server farm, you must remove all dependencies from the server, unless it is the last computer remaining in the server farm.

19
Setting Up the Configuration Database Server
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Specifying configuration database settings SharePoint Portal Server uses the configuration database to store configuration and site mapping information for the servers in the server farm. There can be only one configuration database for each server farm. The preferred method for removing a server running SharePoint Portal Server from the server farm is to disconnect the server from the configuration database. If this is not possible (for example, the server is offline), you might need to use the Remove Server button on the Configure Server Topology page.
! To create a configuration database

Note The following procedure should not be attempted on the virtual computer set-up because the configuration database has already been created. An error message will occur. 1. Start SharePoint Portal Server Central Administration. 2. On the SharePoint Portal Server Central Administration page, in the Server Configuration section, click Configure configuration database server. The Specify Configuration Database Settings page displays. 3. In the Database Connections section, click Create configuration database. 4. In the Configuration Database Server section, in the Database server box, type the name of the computer running Microsoft SQL Server. This is the server on which the configuration database is stored. Note If you have a named SQL Server instance, specify both the name of the computer running SQL Server and the SQL Server instance name in the format server_name\SQL_instance_name.
20
5. In the Configuration Database Name section, click Use default name. 6. Click OK. Connecting to an existing configuration database
! To connect to an existing configuration database

1. In the Database Connections section, click Connect to existing configuration database. 2. In the Configuration Database Server section, in the Database server box, type the name of the computer running Microsoft SQL Server. This is the server on which the configuration database is stored. Note If you have a named SQL Server instance, specify both the name of the computer running SQL Server and the SQL Server instance name in the format server_name\SQL_instance_name. 3. In the Configuration Database Name section, do one of the following: If you want to use the default database name that is displayed, click Use default name. If you want to specify a name for the database, click Specify custom name, and then type a name for the database. 4. Click OK.
21
E-Mail Server
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Windows SharePoint Services uses an SMTP server to send alerts and other administrator messages. This feature is also required for end-users to request access to a site or list. You can specify which SMTP server to use, and set the e-mail address to use for sending alerts and receiving replies for all sites, by using the SharePoint Central Administration e-mail settings. You can also specify different settings for a specific virtual server. At either level, you can specify the following settings: outbound SMTP server, from address, reply-to address, and character set to use. When you configure e-mail settings, one of the settings that you specify is the character set to use in e-mail. The default character set is 65001 (Unicode UTF8), a standard character set that works well for most languages. You can choose a specific language code to apply instead, such as 1256 (Arabic [Windows]), but be aware that changing to a specific language code may cause the e-mail messages to be unreadable to clients of other language codes, for example, 1252 (Western European [Windows]). If you want to use an SMTP server in Internet Information Services (IIS) to send outbound e-mail messages from Windows SharePoint Services, you must configure the SMTP server to allow anonymous access and to allow e-mail messages to be relayed. Note that the SMTP server that you use must have Internet access to be able to send messages to external e-mail addresses. Note The SMTP Service for IIS is not installed by default. For more information about installing, configuring, or managing the SMTP Service, see the Help system for Internet Information Services (IIS) Manager.
Character sets and e-mail
Configuring an SMTP server in Internet Information Services
22
Configuring Server Farm Accounts
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Server farm account options You can configure the following on the Configure Server Farm Account Settings page:
!
Contact e-mail address. SharePoint Portal Server provides an e-mail address to each Web site it crawls when creating an index. If a problem occurs while crawling (for example, the crawler is hitting the site too much), the administrator of the Web site can contact this address. All portals on the server provide this e-mail address when creating an index. For this reason, the e-mail address for the server farm administrator is typically specified. Configuration database administration account. The configuration database administration account is the user name and password that SharePoint Portal Server uses when connecting to the configuration database or when propagating full-text indexes from index management servers to search servers. At a minimum, this account must be a member of the Power Users local group on the front-end Web servers, index management servers, and search servers. This account must be a member of the local Administrators group on the document library server. In addition, this account must be a member of the Security Administrators and Database Creators server roles on Microsoft SQL Server. Default content access account. The default content access account is the user name and password used when SharePoint Portal Server creates a fulltext index of content outside the portal. The account must have Read permissions for the Web sites and servers being crawled.

!
23
Portal site application pool identity. This account is the identity of the application pool used by portal sites. This account must be a member of the local Administrators group on the document library server. Proxy server settings. You can configure SharePoint Portal Server to use a proxy server when it creates full-text indexes of external Web sites. Using a proxy server enhances the security of your intranet by helping to prevent unauthorized access by someone on the Internet. A proxy server also enhances performance by caching recently accessed Web pages, which minimizes download time.
Note For more information about access accounts for search, see About Access Accounts for Search. For more information about configuring proxy server settings, see Specifying Proxy Server Settings.
24
Instructor-Led Practice: Configuring Server Farm Accounts
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction In this instructor-led practice, use the following values:
Variable Virtual Computer Virtual Computer - Domain controller Virtual Computer - SQL server email_address DOMAIN user_name password Value Madrid Glasgow Melbourne [email protected] ADVWORKS SuzanF P@ssw0rd
Configuring server farm accounts
! To configure server farm account settings

1. If you have not already, log the Madrid virtual computer onto the MADRID (this computer) as Administrator with a password of P@ssw0rd, and then start SharePoint Portal Server Central Administration. 2. On the SharePoint Portal Server Central Administration for MADRID page, in the Server Configuration section, click Configure Server Farm Account Settings. 3. On the Configure Server Farm Account Settings page, in the Contact Email Address section, in the E-mail address box, type the email_address that an external site administrator can contact if problems occur when SharePoint Portal Server crawls the external site.
25
4. Select all three check boxes on the page: Select the Specify account check box in the Configuration Database Administration Account section. Select the Specify account check box in the Default Content Access Account section. Select the Change account settings check box in the Portal Site Application Pool Identity section. Note If you do not select the check boxes first, the page will refresh and erase your password entries. 5. In the Configuration Database Administration Account section, do the following: a. In the User name (DOMAIN\user name) box, type the account name in the format DOMAIN\user_name. b. In the Password box, type the password for the account. c. In the Confirm Password box, type the password again. 6. In the Default Content Access Account section, do the following: a. In the User name (DOMAIN\user name) box, type the account name in the format DOMAIN\user_name. b. In the Password box, type the password for the account. c. In the Confirm Password box, type the password again. 7. In the Portal Site Application Pool Identity section, do the following: a. In the User name (DOMAIN\user name) box, type the account name in the format DOMAIN\user_name. b. In the Password box, type the password for the account. c. In the Confirm Password box, type the password again. 8. In the Proxy Server Settings section, verify the Do not connect by using a proxy server radio button is selected. 9. Click Cancel. Ordinarily you would click OK to apply these settings, but the current configuration on Madrid needs to be preserved for use in later practices and labs.

26
Lesson: Single Sign-On
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction By default, everything in SharePoint Products and Technologies is a protected resource. Users who do not have Active Directory accounts will be required to log on to each new site that they try to access. With single sign-on, users can log on once and then view multiple sites without having to re-log on. After completing this lesson, you will be able to:
! !
Lesson objectives
Explain why single sign-on is valuable. Prepare a SharePoint Products and Technologies implementation for single sign-on. Explain how to configure single sign-on for security. Configure single sign-on in SharePoint Products and Technologies.
! !
27
Why Have Single Sign-On?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** By default, everything in SharePoint Products and Technologies is a protected resource. Users who have Active Directory accounts can access resources based on their rights and authentication. However, partners and customers who do not have Active Directory accounts will be required to log on to each new site that they try to access. This requirement to continually re-log on when navigating your site can be a major usability issue. With single sign-on, users can log on once and then view multiple sites without having to re-log on. As the administrator you can control the sites that these individuals have access to with their single sign-on authentication. Note The classroom configuration of SharePoint Products and Technologies is not configured for security.
28
Instructor-Led Practice: Preparing for Single Sign-On
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Before users can use single sign-on with enterprise application definitions, users must perform pre-configuration steps, configure the service, and supply the necessary information. In this instructor-led practice, use the following values:
Variable Virtual Computer Virtual Computer - Domain controller Virtual Computer - SQL server DOMAIN username password Value Madrid Glasgow Melbourne ADVWORKS SuzanF P@ssw0rd
Pre-configuration steps
! Before configuring single sign-on, users must set up the following

1. Configuration account. Select the Windows account that will be used to configure single sign-on. When setting up single sign-on, users use this account to log on to the job server. This account must meet the following requirements: Be a member of the local Administrators group on the job server. Be a member of the local Administrators group on the computer running Microsoft SQL Server that stores the single sign-on database. Belong to the single sign-on administrator account. 2. Single sign-on administrator account. Determine the Windows Global group or user account that will be used as the administrative account. The single sign-on service run-as account must be this user or a member of this group.
29
This user or members of this group have full access to the single sign-on administration pages and can make configuration and application definition changes. This group or user account is entered in the Account name box in the Single Sign-On Settings section on the Manage Server Settings for Single Sign-On page. Adding to the STS_WPG group membership This user or group must be a member of the local group STS_WPG on all servers running SharePoint Portal Server in the server farm.
! To make a user a member of STS_WPG

1. If you have not already, log the Madrid virtual computer onto the MADRID (this computer) as Administrator with a password of P@ssw0rd. 2. Click Start, point to All Programs, point to Administrative Tools, and then click Computer Management. 3. In the console tree, under the System Tools node, expand the Local Users and Groups node. 4. Click Groups. 5. Double-click STS_WPG. 6. In the STS_WPG Properties dialog box, click Add. 7. Add the user. The user is now a member of the local group SPS_WPG on all servers running SharePoint Portal Server in the server farm, and the user has db_owner and public rights on the SharePoint Portal Server configuration database. Note On a single server deployment, if the single sign-on service runs under an account that is a member of the local Administrators group, users do not need to ensure that the user has db_owner and public rights on the configuration database. However, for security reasons, it is recommended that users do not run the service under an account that is a member of the local Administrators group. Assigning rights The following procedure is not necessary to complete as part of the instructorled practice. Ordinarily you would follow the procedure below, but the current configuration on Melbourne needs to be preserved for use in later practices and labs.
! To assign rights on the configuration database

1. On the SQL Server computer, open SQL Server Enterprise Manager. 2. Expand the Microsoft SQL Servers node. 3. Expand the SQL Server Group node. 4. Expand the (local) (Windows NT) node. 5. Expand the Security node.
30
6. Click Logins, and then do one of the following: If the logon name does not exist, right-click Logins, click New Login, and then in the Name box, type the account for the user in the format DOMAIN\user_name. If the logon name already exists, right-click the logon name, and then click Properties. 7. Click the Database Access tab. 8. In the Specify which databases can be accessed by this login section, select the check box for the configuration database. 9. In the Database roles for database_name section, select the db_owner and public check boxes. 10. Click OK. 11. Close SQL Server Enterprise Manager. Enterprise application manager account Determine the Windows Global group or account that will be used to give access to application definitions.
!
This account or members of this group have rights to create, modify or delete application definitions from the single sign-on administration pages. This account or members of this group do not have rights to configure single sign-on. Only members of the single sign-on administrator account can configure single sign-on.
Rights that this user or members of this group have are automatically contained in the single sign-on administrator account.
!
This account or group is entered in the Account name box in the Enterprise Application Definition Settings section on the Manage Server Settings for Single Sign-On page.
Enabling single sign-on
To enable the single sign-on service on the server farm, you must enable it on each front-end Web server, on the job server, and on any server running the single sign-on service. After you enable the service, you can configure single sign-on and application definitions. Note The Microsoft Single Sign-On Service (SSOSrv) must run as a member of the local Administrators group or as a member of the STS_WPG and SPS_WPG local groups. The account under which the service is running must also be a member of the Single Sign-On Administrator group or account, have the public right on the configuration database for SharePoint Portal Server, and be a member of the Server Administrators server role on the Microsoft SQL Server instance where the single sign-on database is located.
! To enable single sign-on

1. If you have not already, log the Madrid virtual computer onto the MADRID (this computer) as Administrator with a password of P@ssw0rd. 2. Click Start, point to All Programs, point to Administrative Tools, and then click Services. 3. On the Services management console, double-click Microsoft Single Signon Service.
31
4. Click the Log On tab. 5. Under Log on as, click This account. 6. In the This account box, type the DOMAIN\user_name. 7. In the Password and Confirm password boxes, type the password. 8. Click Apply. 9. Click the General tab. 10. In the Startup type list, select Automatic. 11. In the Service status section, if the service status does not display Started, click Start. 12. Click OK. Specifying settings for single sign-on and application definitions Before you can specify the settings for single sign-on and application definitions, Microsoft Single Sign-On Service (SSOSrv) must be running. You must be logged on as the configuration account on the job server before running these steps.
! To specify settings for single sign-on and application definitions

1. If you have not already, log the Madrid virtual computer onto the MADRID (this computer) as Administrator with a password of P@ssw0rd, and then start SharePoint Portal Server Central Administration. 2. On the SharePoint Portal Server Central Administration for MADRID page, in the Component Configuration section, click Manage settings for single sign-on. -ORClick Start, point to All Programs, point to SharePoint Portal Server, and then click SharePoint Portal Server Single Sign-On Administration. 3. On the Manage Settings for Single Sign-On for MADRID page, in the Server Settings section, click Manage server settings. 4. On the Manage Server Settings for Single Sign-On page, in the Single Sign-On Settings section, in the Account name box, type the name of the single sign-on administrator account, DOMAIN\username, that can set up and manage the single sign-on service. Important The account can be a group account or an individual user account. It cannot be a local domain group or a distribution list. The format of the account is DOMAIN\group_name or DOMAIN\user_name.
32
5. In the Enterprise Application Definition Settings section, in the Account name box, type the name of the enterprise application manager account, DOMAIN\username, that can set up and manage application definitions. Important The account can be a group account or an individual user account. It cannot be a local domain group or a distribution list. The format of the account is DOMAIN\group_name or DOMAIN\user_name. 6. In the Database Settings section: a. Verify that MELBOURNE\ADVWORKSPORTAL displays in the Server name box. This is the name of the database server on which you want to store the settings and account information for single sign-on. b. Verify that SSO displays in the Database name box. This is the name of the single sign-on database. If the database does not exist, it is created. 7. In the Time Out Settings section: a. Verify that 2 displays in the Ticket time out (in minutes) box. This is the number of minutes to wait before allowing a ticket, or access token, to time out. b. Verify that 10 displays in the Delete audit log records older than (in days) box. This is the number of days to hold records in the audit log before deleting. Note The audit log is overwritten after the number of days you specify. Because the log contains a record of any illicit operations or logon attempts, it is recommended that you maintain backup copies of the logs. The logs reside in the single sign-on database and are automatically backed up when you back up this database. 8. Click OK. 9. If a message box appears stating that you have reconfigured single sign-on, click OK.

Keep the Glasgow, Madrid and Melbourne virtual computers running for use in the next instructor-led practice.
33
Configuring Single Sign-on Security
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Before users can use single sign-on with enterprise application definitions, you must have a secure authentication process. Note The classroom configuration of SharePoint Products and Technologies is not configured for security. Creating the Encryption Key The encryption key is used as part of the encryption process for credentials used with single-sign on. The key helps to decrypt encrypted credentials stored in the single sign-on database. The first time you configure single sign-on and enterprise application definitions on the Manage Server Settings for Single Sign-On page, the encryption key is created automatically. Users can regenerate the key if the previous credentials are compromised or if users have a policy to change the key after a certain number of days. When users create an encryption key, users can choose to re-encrypt the existing credentials with the new key. When users re-encrypt the Microsoft Single Sign-On Service (SSOSrv) credential store, events are logged in the Microsoft Windows Server 2003 application event log. After re-encryption is initiated, you can monitor the application event log to verify that the credential store has been re-encrypted. Event ID 1032 is recorded in the application event log when re-encryption is started. Event ID 1033 is recorded in the application event log when re-encryption has ended. If there are any failures during reencryption, an event is recorded in the log. If the job server is restarted or SSOSrv is stopped on the job server during the re-encryption process, you should look in the event log for errors. If the event log reports an error, you must restart the re-encryption process from the Manage Encryption Key page.
34
Note During the re-encryption process, Write operations (such as updating credentials and changing application definitions) are not allowed. Read operations (such as retrieving credentials) continue to work as normal. Recommendation - It is recommended that you change or restore the encryption key during non-peak periods. Important You cannot manage the encryption key remotely. To manage the encryption key, go to the computer running as the job server and specify these settings locally. Creating an application definition An enterprise application definition is used by a Web Part to integrate with an enterprise application within a portal site. The application definition controls how credentials will be stored for a particular business application. The Web Part uses the application definition to retrieve credentials that are used to integrate with an enterprise application. Note If you specify a group account as the account type, so that all users log on by using a single account, ensure that you have the appropriate number of client licenses for the application that you are accessing. The following procedure is not necessary to complete as part of an instructorled practice.
! To create an application definition

1. On the SharePoint Portal Server Central Administration page, in the Component Configuration section, click Manage settings for single signon. -ORClick Start, point to All Programs, point to SharePoint Portal Server, and then click SharePoint Portal Server Single Sign-On Administration. 2. On the Manage Settings for Single Sign-On page, in the Enterprise Application Definition Settings section, click Manage settings for enterprise application definitions. 3. On the Manage Enterprise Application Definitions page, click New Item. 4. On the Create Enterprise Application Definition page, in the Application and Contact Information section: a. In the Display name box, type a display name for this application definition. The display name is what the user sees on the logon form when entering credentials. If you enter a long name with no spaces in it for the display name, the entire name may not be displayed. b. In the Application name box, type an application name for the application definition. The application name is used by developers. If you enter a long name with no spaces in it for the application definition name, the entire name may not be displayed.
35
5. In the Account Type section, do one of the following: If you want all users to log on by using a single account, select Group. You do not need to enter any credentials with this option. If you want users to log on by using their own account information, select Individual. Each user must enter credentials when accessing the Web Part. 6. In the Logon Account Information section, select one or more fields to map to the required logon information for this application definition. If necessary, see the documentation provided with the enterprise application to identify the required information and its appropriate order. a. Type a display name for each field to remind users of the required information. b. To ensure that sensitive information, such as a password, is not displayed when viewing account information, click Yes for Mask. For example, for SAP credentials you might enter the following:
Field Field Field Field Field 1 2 3 4 5 = = = = = SAP user name SAP password (select Yes for the Mask option) SAP system number SAP client number language
7. Click OK. Editing an application definition You can edit the display name, e-mail contact, and application information for an enterprise application definition. You cannot edit the application definition name or the account type. The following procedure is not necessary to complete as part of an instructorled practice.
! To edit an application definition

1. On the SharePoint Portal Server Central Administration page, in the Component Configuration section, click Manage settings for single signon. Alternatively, click Start, point to All Programs, point to SharePoint Portal Server, and then click SharePoint Portal Server Single Sign-On Administration. 2. On the Manage Settings for Single Sign-On page, in the Enterprise Application Definition Settings section, click Manage settings for enterprise application definitions. 3. On the Manage Enterprise Application Definitions page, rest the pointer on the display name for the application definition, and then click the arrow that appears. 4. On the menu that appears, click Edit.
36
5. On the Edit Enterprise Application Definition page, in the Application and Contact Information section, you can edit the display name and the email contact. a. In the Display Name box, type a display name for this application definition. The display name is what the user sees. b. In the E-mail Contact box, type an e-mail address for users to contact for this application. 6. In the Account Information section, select one or more fields to map to the required logon information for this application definition. If necessary, see the documentation provided with the enterprise application to identify the required information and its appropriate order. a. Type a display name for each field to remind users of the required information. The display names for the fields will appear on the logon page for the application. b. To ensure that sensitive information, such as a password, is not displayed when viewing account information, click Yes for Mask.
37
Instructor-Led Practice: Configuring Single Sign-On
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Before users can use single sign-on with enterprise application definitions, users must perform pre-configuration steps, configure the service, and supply the necessary information. In this instructor-led practice, use the following values:
Configuring single sign-on
! To configure single sign-on

1. Perform the pre-configuration steps as discussed in the prior topic. 2. If you have not already, log the Madrid virtual computer onto the MADRID (this computer) as Administrator with a password of P@ssw0rd. 3. Click Start, point to Administrative Tools, and then click Services. The Services window displays. 4. Double-click Microsoft single sign on service from the list of services. 5. In the Service Status section, click the Start button, and then click OK. 6. Click X to close the Services window. 7. Reset IIS. 8. Enable the single sign-on service on the job server.
38
9. Configure the single sign-on service by using the single sign-on administration pages as discussed in the prior topic. 10. Enable the single sign-on service on each front-end Web server. In this instructor-led practice, enable this for both Cardiff and Madrid.

Keep the Glasgow, Madrid and Melbourne virtual computers running for use in the next instructor-led practice.
39
Lesson: Configuring the User Experience
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction There are several components in SharePoint Products and Technologies that can be configured based on your environment and user needs that directly affect the users experience. These components allow both the administrator and the users to customize the users experience. After completing this lesson, you will be able to:
! ! ! !
Lesson objectives
Configure virtual servers on a server farm. Create or allow users to create top-level sites. Create alternate URL paths available to users. Configure SharePoint Products and Technologies to allow self-service site creation. Manage Web Part page settings. Configure automated Web site management.
! !
40
Instructor-Led Practice: Configuring Virtual Servers
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction As the administrator, you can configure each virtual server with different settings to reflect the audience needs. For example, by changing the time zone you can customize a virtual server for a specific geographic audience. This section describes how to adjust the settings which apply to all site collections in the virtual server. In this instructor-led practice, use the following values:
Variable Virtual Computer Virtual Computer - Domain controller Virtual Computer - SQL server quota_template Value Madrid Glasgow Melbourne No Quota
Configuring a virtual server
! To configure a virtual server

1. If you have not already, log the Madrid virtual computer onto the MADRID (this computer) as Administrator with a password of P@ssw0rd, and then start SharePoint Portal Server Central Administration. 2. On the SharePoint Portal Server Central Administration for MADRID page, in the Portal Site and Virtual Server Configuration section, click Configure virtual server settings from the Virtual Server List page. 3. On the Virtual Server List page, click the Adventure Works Corporate Partners link in the Name column. 4. On the Virtual Server Settings page, under Virtual Server Management, click Virtual server general settings. 5. In the Default Time Zone section, select a time zone to use for all sites and subsites under the virtual server.
41
6. In the Default Quota Template section, select the quota_template to use as a default for sites. Note If there are no quota templates, you can create a template by using the Manage Quota Templates page. Note that when you specify a default template for the virtual server, you can still select a different template when you create a site. 7. In the Person Name Smart Tag and Presence Settings section, verify the Yes radio button is selected next to Enable Person Name smart tag and Online Status for members. This will show the selected information for all sites under the virtual server. 8. In the Maximum Upload Size section, verify the maximum file size to allow is 50 MB. 9. In the Alerts section, specify settings for alerts: Verify the On radio button is selected to allow alerts for all sites under this virtual server. To limit the number of alerts that users can create, verify that 50 is entered under Maximum number of alerts that a user can create. 10. In the Web Page Security Validation section, specify the following settings: Verify the On radio button is selected to allow Web page security validation. Verify the After radio button is selected, and then verify the length of time to wait before the security validations expire is set to 30 minutes. 11. In the Send User Name and Password in E-Mail section, verify the Yes radio button is selected to allow this option. 12. In the E-Mail Enabled Document Libraries section, specify the option to allow attachments to be inserted: Verify the No radio button is selected to disallow e-mail attachments. 13. In the Event Handlers section, verify the Off radio button is selected to disallow event handlers. Note When this feature is enabled, you can write code to handle events, and then specify the code to use for a particular document library in the document library settings. 14. Click Cancel. Ordinarily you would click OK to apply these settings, but the current configuration on Madrid needs to be preserved for use in later practices and labs.

42
Instructor-Led Practice: Creating Top-Level Sites
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction You can give users the ability to create their own top-level Web sites by enabling self-service site creation. However, if you want to control top-level Web site creation yourself, you can disable self-service site creation and create top-level Web sites on your users behalf from SharePoint Central Administration. To create a top-level Web site outside of self-service site creation, you must be an administrator of the local machine on which the site will reside or a member of the SharePoint administrators group. When you are running a server farm with multiple host names or are in Active Directory account creation mode, you cannot create a top-level Web site from SharePoint Central Administration. To perform this action in Active Directory account creation mode, you must use the command line or object model. The site owner can select a template for the site when first browsing to the URL or you can browse to the URL on the confirmation page and select one yourself. You must alert the site owner and secondary owner when you have created the site with the URL. They are not notified automatically when you create a site. In this instructor-led practice, use the following values:
Variable Virtual Computer Virtual Computer - Domain controller Virtual Computer - SQL server DOMAIN user_name email_address Value Madrid Glasgow Melbourne ADVWORKS SuzanF [email protected]
43
Creating a top-level Web site
! To create a top-level Web site from Windows SharePoint Services

Central Administration 1. If you have not already, log the Madrid virtual computer on to the MADRID (this computer) as Administrator with a password of P@ssw0rd, and then start Windows SharePoint Services Central Administration. 2. On the Windows SharePoint Services Central Administration page, under Virtual Server Configuration, click Create a top-level Web site. 3. On the Virtual Server List page, click the Adventure Works Corporate Partners link in the Name column. 4. You will create a site under a selected URL path for the virtual server. On the Create Top-level Web Site page, in the Web Site Address section, verify the Create site under this URL radio button is selected. Type site001 (the name for the top-level Web site) in the URL name box, and then select sites in the URL path box. The name and URL path are combined with the server name to create the full URL to the site. Note To create a site at a predefined URL path, click the Create site at this URL radio button, then select the desired URL in the URL path box. The site is created at the top level of the URL path you select. For example, on http://madrid, if you select /portal as the path, the site is created at http://madrid/portal. 5. In the Site Collection Owner section, type the user name, DOMAIN\user_name, and email address for the user who will be the site owner and administrator. Tip If you want to identify a user as the secondary owner of the new toplevel Web site (which is the recommended practice), in the Secondary Owner section, type the user name and e-mail address for a secondary owner and administrator of the new site. If you are using quotas, in the Quota Template section, select a quota template to use. 6. In the Site Language section, verify that English is selected in the Language list. 7. Click OK. 8. On the Top-Level Site Successfully Created page, click OK.

44
Instructor-Led Practice: Configuring URL Paths
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction When you add a new path, you also need to define the managed path. A managed path allows you to perform two important tasks.
!
You can specify which pieces of the URL namespace are managed by Windows SharePoint Services. Many organizations installing Windows SharePoint Services already have a Web server or server farm in use and must be able to identify areas of the existing URL namespace that should not be managed by Windows SharePoint Services.
You can specify paths to use for self-service site creation. You can restrict self-service site creation users to specific paths when they create sites. By default, the /sites path is created and added as a path for selfservice site creation users when you enable self-service site creation. You can create other paths for self-service site creation users, or you can remove the /sites path when you manage paths.
By adding paths, you have the ability to give your users customized paths that reflect their interests, positions or affiliations. In this instructor-led practice, use the following values:
Variable Virtual Computer Virtual Computer - Domain controller Virtual Computer - SQL server sample_path Value Madrid Glasgow Melbourne Business Conventions
45
Adding paths
! To add a new path

1. If you have not already, log the Madrid virtual computer onto the MADRID (this computer) as Administrator with a password of P@ssw0rd, and then start Windows SharePoint Services Central Administration. 2. On the Windows SharePoint Services Central Administration page, in the Virtual Server Configuration section, click Configure virtual server settings. 3. On the Virtual Server List page, click Adventure Works Corporate Partners for the virtual server that you want to configure. 4. On the Virtual Server Settings page, under Virtual Server Management, click Define managed paths. 5. In the Add a New Path section, in the Path box, type the sample_path to add. 6. Select the Included path radio button, and then select Wildcard inclusion from the Type list. Note An included path indicates that Windows SharePoint Services manages that path. A wildcard inclusion means that the specific site and any sites below the path you set will be managed by Windows SharePoint Services. 7. Click OK.
Removing paths
If you change how you use the URL namespace, and no longer need a path to be included or excluded, you can remove the path.
! To remove a path
1. Navigate to the Windows SharePoint Services Central Administration page. 2. On the Windows SharePoint Services Central Administration page, in the Virtual Server Configuration section, click Configure virtual server settings. 3. On the Virtual Server List page, click Adventure Works Corporate Partners for the virtual server that you want to configure. 4. On the Virtual Server Settings page, in the Virtual Server Management section, click Define managed paths. 5. Under the Included Paths or Excluded Paths section, select the check box next to the sample_path that you want to remove. 6. Click Remove selected paths.

1. Keep the Glasgow, Melbourne and Madrid virtual computers running for use in the next instructor-led practice. 2. Start up the Cardiff virtual computer.
46
Instructor-Led Practice: Self-Service Site Creation
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Self-service site creation is a feature that is enabled by administrators and allows users to create their own top-level Web sites. Users do not need administrator permissions on the server or virtual server; they only need permissions on the Web site where self-service site creation is hosted. The users simply enter some basic information to create their own top-level Web sites automatically. You can use either HTML Administration pages or the command-line tool to turn on and configure self-service site creation. Either method allows you to turn self-service site creation on or off, and allows you to specify the type of information to require when creating a site. In this instructor-led practice, use the following values:
Variable Virtual Computer Virtual Computer Virtual Computer - Domain controller Virtual Computer - SQL server Value Madrid Cardiff Glasgow Melbourne
Configuring self-service site creation
! To turn on self-service site creation from SharePoint Central

Administration 1. If you have not already, log the Madrid virtual computer onto the MADRID (this computer) as Administrator with a password of P@ssw0rd, and then start Windows SharePoint Services Central Administration. 2. On the Windows SharePoint Services Central Administration page, in the Virtual Server Configuration section, click Configure virtual server settings. 3. On the Virtual Server List page, click the Adventure Works Corporate Partners virtual server to enable.
47
4. On the Virtual Server Settings page, under Automated Web Site Collection Management, click Configure Self-Service Site Creation. 5. In the Enable Self-Service Site Creation section, verify the On radio button is selected next to Self-Service Site Creation is. Note To require two contact names for each site, select the Require secondary contact check box. 6. Click OK. 7. If the Refresh Config Cache on Other Web Servers page displays, click OK to turn on self-service site creation on the Cardiff virtual computer as well (since they are connected in the server farm).
! To disable the ability for users to create sites

1. Go to the Configure Self-Service Site Creation page. 2. In the Enable Self-Service Site Creation section, click the Off radio button. 3. Click OK. Configuring self-service site creation from the command line Use the enablessc operation to turn on and configure self-service site creation from the command line. The enablessc operation requires the URL parameter, and optionally takes the requiresecondarycontact parameter. For example, to turn on self-service site creation for a server called My_Server and require two contact names for each site, you would use the following syntax:
stsadm -o enablessc -url http://My_Server requiresecondarycontact
To disable self-service site creation, use the disablessc operation. The disablessc operation takes only the URL parameter. To turn off self-service site creation for My_Server, use the following syntax:
stsadm -o disablessc -url http://My_Server

Keep the Glasgow, Melbourne, Madrid and Cardiff virtual computers running for use in the next lesson.
48
Configuring Web Part Pages
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Web Part connections You can specify whether to allow users to connect Web Parts by passing data or values from a source Web Part to a target Web Part.
! !
Enabled - Allows users to create connections between Web Parts. Disabled - Prevents users from creating connections between Web Parts, and helps to improve security and performance.
Online Web Part gallery
You can specify whether to allow users access to the online Web Part gallery. Users can search, browse, and preview Web Parts and add them to Web Part Pages. Note If your server is behind a proxy server or firewall, you may need to specify some additional settings to enable the online Web Part gallery
! !
Enabled - Allows users to access the online Web Part gallery. Disabled - Prevents users from accessing the online Web Part gallery, and helps to improve security and performance.
49
Configuring Automated Web Site Management
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Site collections In Windows SharePoint Services, new administrative options allow you to automatically send notices to site collection owners requiring them to confirm that their sites collections are in use. You can also delete unconfirmed site collections automatically. These features give you a way to control the number of unused Web sites on your server. Use confirmation is similar to alerts. When you create a site collection, Windows SharePoint Services adds it to the database and logs it as an active site. After a specified time, Windows SharePoint Services sends the site collection owner an e-mail notification asking the owner to either reactivate or delete the unused site collection. The e-mail notification contains links to confirm that a site collection is active or to delete a site collection. After Windows SharePoint Services sends the notification, there are three possible outcomes:
!
If the site is in use, the site collection owner confirms that the site collection is active and Windows SharePoint Services preserves the site collection. When the owner clicks the confirmation link, the certification date of the site is renewed. If the site collection is not in use, the owner can delete the site collection by following the instructions in the e-mail notification, or do nothing. The owner continues to receive periodic e-mail notifications according to the interval specified by the virtual server administrator until the owner confirms that the site collection is in use or deletes the site collection. If the site collection is not in use, and you turn on the automatic deletion feature, Windows SharePoint Services queries the site collection owner a specific number of times. If the site collection owner does not confirm site collection use, Windows SharePoint Services automatically deletes the site collection.
50
You can use automatic deletion to delete unneeded site collections without any administrative intervention and without any backup mechanism. To prevent a site collection from being deleted without any notification, you must turn on site collection use confirmation before you can turn on automatic deletion. Also, Windows SharePoint Services must always send the site collection owner at least two confirmation notices before deleting a site collection. You can configure automatic deletion from SharePoint Central Administration pages or from the command line. In addition to these basic safeguards included as defaults, it is recommended that you consider the following best practices:
! !
Require a secondary contact when users create site collections. Set reasonable intervals between confirmations and before automatic deletion. Back up site collections regularly, so you can restore a recent copy if Windows SharePoint Services deletes a site collection as a result of miscommunication.
Note For more information about configuring automatic deletion from SharePoint Central Administration pages or from the command line, see the Windows SharePoint Services Resource Kit. Configure site collection It is recommended that you configure the following settings to control how much confirmation and deletion time elapses between site collection usage confirmation and automatic deletion:
!
When to begin sending site collection use confirmation notices. The initial notification value controls when Windows SharePoint Services sends the first confirmation notice to a site collection. This value does not control the frequency of notifications, only the number of days to wait before the first notification.
How frequently to check for site collections needing confirmation and how frequently to send out notifications. The frequency value affects both how often Windows SharePoint Services checks the server and how often Windows SharePoint Services sends confirmation notices. If you set the frequency to weekly, Windows SharePoint Services checks the server weekly and also sends notifications weekly, immediately after checking the server.
How many notifications to send before allowing automatic deletion. Adjust this number to ensure site collection owners receive notification before Windows SharePoint Services deletes a site collection. The number of notifications also depends on the frequency, so if you specify daily checks, with thirty reminders before deletion, Windows SharePoint Services notifies the site collection owner every day for a month before deleting the site collection.
Configure these times according to the requirements of your organization. In a large organization, where users may need long-term storage of data, specify longer intervals. For example, send notifications at 180 days, notify every month, and delete after six months without a confirmation. If you host free sites for customers, you may choose to shorten these intervals. For example, send notifications at 45 days, notify weekly, delete after four weeks. If you host paid sites for customers, you may not use this feature, unless you have an automated backup strategy that allows you to restore sites on request.
51
Lesson: Managing Data on SharePoint Products and Technologies
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction The IIS web server enables you to create multiple Web sites on a single server. These multiple web sites are also referred to as virtual server. To add a site or virtual server to a Web server, you must prepare the server and associated network services, and create a unique identity for the site. A virtual server is a virtual computer that resides on an HTTP server but appears to the user as a separate HTTP server. Several virtual servers can reside on one computer, each capable of running its own programs and each with individualized access to input and peripheral devices. Each virtual server can have its own domain name and IP address. SharePoint Products and Technologies allow you to extend virtual servers and configure portal sites on these virtual servers. Lesson objectives After completing this lesson, you will be able to:
! ! ! ! ! ! !
Configure the HTML viewer. Configure e-mail settings. Manage content databases. Configure usage analysis processing. Configure data retrieval services. Configure search services. Configure diagnostic settings.
52
Configuring the HTML Viewer
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Windows SharePoint Services includes the ability to connect to an HTML Viewer server. The HTML Viewer server provides support for users who want to view the content of files on the Windows SharePoint Services Web site but do not have Microsoft Word, Microsoft Excel, or Microsoft PowerPoint from Microsoft Office 97, or a later release of Office, installed on their local computers. Even users who have only a Web browser can view content by having the native Office file format converted to HTML on the fly. Although a slight delay occurs while the transformation takes place, the converted file is extremely close to the WYSIWYG formatting of the original. In addition to the process of transforming files on the fly for end users, administrators can use a batch process mode to convert the contents of entire folders to HTML. By default, the HTML Viewer service supports only the following document types:
! ! ! !
Microsoft Word .doc files Microsoft PowerPoint Show .pps files Microsoft PowerPoint Presentation .ppt files Microsoft Excel .xls files
Transformation
Transformation of a supported document can take between one and thirty seconds, depending on the complexity and size of the document as well as the speed and available resources of the dedicated computer. To provide for this ability and assure a fast response time, it is recommended that you dedicate a separate computer to this service.
53
Configuring E-Mail Settings
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Windows SharePoint Services sends alerts and other administrator messages by using an SMTP server. This feature is also required for end-users to request access to a site or list. You can specify which SMTP server to use, and set the e-mail address to use for sending alerts and receiving replies for all sites, by using the SharePoint Central Administration e-mail settings. You can also specify different settings for a specific virtual server. At either level, you can specify the following settings: outbound SMTP server, from address, reply-to address, and character set to use. When you configure e-mail settings, one of the settings that you specify is the character set to use in e-mail. The default character set is 65001 (Unicode UTF8), a standard character set that works well for most languages. You can choose a specific language code to apply instead, such as 1256 (Arabic [Windows]), but be aware that changing to a specific language code may cause the e-mail messages to be unreadable to clients of other language codes, for example, 1252 (Western European [Windows]). If you want to use an SMTP server in Internet Information Services (IIS) to send outbound e-mail messages from Windows SharePoint Services, you must configure the SMTP server to allow anonymous access and to allow e-mail messages to be relayed. Note that the SMTP server that you use must have Internet access to be able to send messages to external e-mail addresses. Note The SMTP Service for IIS is not installed by default. If you have not installed the SMTP Service, or you do not see the default SMTP virtual server in IIS, you must install the SMTP Service. For more information about installing, configuring, or managing the SMTP Service, see the Help system for Internet Information Services (IIS) Manager.
About character sets and e-mail
Configuring an SMTP server in IIS
54
Instructor-Led Practice: Configuring Content Databases
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction You can change database settings for a content database. You can also change database connection settings and warning and maximum site levels for a content database. In this instructor-led practice, use the following values:
Variable Virtual Computer Virtual Computer Value Madrid Cardiff (Keep this computer running in the background for use in a future instructor-led practice) Glasgow Melbourne Adventur1_SITE
Virtual Computer - Domain controller Virtual Computer - SQL server database
Managing content databases
! To manage content databases

1. If you have not already, log the Madrid virtual computer onto the MADRID (this computer) as Administrator with a password of P@ssw0rd, and then start Windows SharePoint Services Central Administration. 2. On the Windows SharePoint Services Central Administration page, under Virtual Server Configuration, click Configure virtual server settings. 3. On the Virtual Server List page, click the Adventure Works Corporate Partners virtual server. 4. On the Virtual Server Settings page, under Virtual Server Management, click Manage content databases. 5. On the Manage Content Databases page, under Content Databases, click the database that you want to change.
55
6. The Manage Content Database Settings page displays. In the Database Information section, verify that Ready is selected in the Database Status box. Note If you select Offline in the Database Status box, then no new sites can be created. 7. The Database Capacity Settings section allows you to change the number of sites allowed for a content database. If necessary, type a new warning and maximum number. For the purpose of this practice, leave the values at 9000 and 15000. 8. Click Cancel. Ordinarily you would click OK to apply these settings, but the current configuration on Madrid needs to be preserved for use in later practices and labs.

Keep the Glasgow, Melbourne, Madrid and Cardiff virtual computers running for use in the next instructor-led practice.
56
Configuring Data Retrieval Services
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction A data retrieval service implements a new data-binding technology that enables data consumers and data sources to communicate with each other through Simple Object Access Protocol (SOAP) and Extensible Markup Language (XML). A data retrieval service is a Web service that returns XML data from different data sources or manipulates data against those data sources. A data retrieval service is installed and runs on a server running Microsoft Windows SharePoint Services. Windows SharePoint Services includes a default set of data retrieval services for working with data in SharePoint lists, OLEDB, and XML data sources. Client applications, and data-bound Web Parts, such as the spreadsheet Web Part, can use a data provider service to query the data source supported by the particular data source. You can allow or disallow data retrieval services and configure settings for data retrieval services by using the SharePoint Central Administration page. Note If your data retrieval service is attempting to connect to a remote Microsoft SQL Server database that is configured to use Microsoft Windows authentication, the server with the data retrieval service, the remote server running SQL Server, and the client initially making the request against the data retrieval service must be using Kerberos authentication. For more information about setting up Kerberos authentication, see the Help system for IIS 6.0.
57
Instructor-Led Practice: Configuring Data Retrieval Services
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Web services communicate with each other through Simple Object Access Protocol (SOAP) and Extensible Markup Language (XML). In this instructor-led practice, use the following values:
Variable Virtual Computer Virtual Computer Virtual Computer - Domain controller Virtual Computer - SQL server response_size length_of_time Value Madrid Cardiff Glasgow Melbourne 9000 45
Configuring data retrieval services
! To configure data retrieval services

1. If you have not already, log the Madrid virtual computer onto the MADRID (this computer) as Administrator with a password of P@ssw0rd, and then start Windows SharePoint Services Central Administration. 2. On the Windows SharePoint Services Central Administration page, in the Component Configuration section, click Configure data retrieval service settings. 3. On the Data Retrieval Service Settings page, in the Enable Data Retrieval Services section, select Enable these data retrieval services. 4. In the Limit Response size section, type the response_size (in kilobytes) in the Response size limit box. This number is used as the upper size limit for requests and responses to and from the data retrieval service. 5. Select the Enable update query support check box to allow updatable queries.
58
6. In the Request time-out box, type the length_of_time (in seconds) to allow the data source to respond before timing out. 7. Click OK. 8. If the Connect to cardiff dialog box displays, sign on as Administrator with a password of P@ssw0rd. The new settings will be automatically updated on the Cardiff virtual computer since it is part of the server farm. 9. On the Refresh Config Cache on Other Web Servers page, confirm the Status is Succeeded. 10. Click OK.

1. Keep the Glasgow, Melbourne and Madrid virtual computers running for use in the next instructor-led practice. 2. Shut down the Cardiff virtual computer.
59
Configuring Search Service on a Server Farm
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Search service settings When you set up the search service there are several options that you can configure:
!
Contact e-mail address. SharePoint Portal Server provides an e-mail address to each Web site it crawls when creating an index. If a problem occurs while crawling (for example, the crawler is hitting the site too much), the administrator of the Web site can contact this address. All portals on the server provide this e-mail address when creating an index. For this reason, the e-mail address for the server farm administrator is typically specified. Default content access account. The default content access account is the user name and password used when SharePoint Portal Server creates a fulltext index of content outside the portal. The account must have Read permissions for the Web sites and servers being crawled. Configuration database administration account. The configuration database administration account is the user name and password that SharePoint Portal Server uses when connecting to the configuration database or when propagating full-text indexes from index management servers to search servers. At a minimum, this account must be a member of the Power Users local group on the front-end Web servers, index management servers, and search servers. This account must be a member of the local Administrators group on the document library server. In addition, this account must be a member of the Security Administrators and Database Creators server roles on Microsoft SQL Server. Proxy server settings. You can configure SharePoint Portal Server to use a proxy server when it creates full-text indexes of external Web sites. Using a proxy server enhances the security of your intranet by helping to prevent unauthorized access by someone on the Internet. A proxy server also enhances performance by caching recently accessed Web pages, which minimizes download time.
60
Resource usage
SharePoint Portal Server includes a resource usage control for the resourceintensive processes that are commonly performed on SharePoint Portal Server computers. These processes are crawling content to create full-text indexes and searching. With the Background usage setting, the server gives higher priority to other applications. With the Dedicated usage setting, the server reserves most of the system resources for searching or creating a full-text index. By default, SharePoint Portal Server configures the control as follows:
!
In a single-server deployment, the setting is halfway between Background and Dedicated. In a server farm configuration, any index management server will have the index resource usage set to Dedicated. Any search server will have the query resource usage set to Dedicated. The resource usage is automatically configured when you make changes on the Configure Server Topology page.
Note If you use this server to run other applications, such as Microsoft SQL Server, avoid adjusting the controls to Dedicated or near-Dedicated usage because this setting may affect resources that are dedicated to those applications. Proxy server settings You can configure SharePoint Portal Server to use a proxy server when it creates full-text indexes of external Web sites. Using a proxy server enhances the security of your intranet by helping to prevent unauthorized access by someone on the Internet. A proxy server also enhances performance by caching recently accessed Web pages, which minimizes download time. By default, SharePoint Portal Server uses the proxy server setting of the default content access account. The default content access account uses the current proxy server settings from Internet Explorer. Changes to the proxy settings for the SharePoint Portal Server computer do not affect other applications on the server. For example, configuring the server to use a proxy server that is different from the proxy server used by Internet Explorer does not affect Internet Explorer. Changing the proxy settings on the Search Server Settings page affects servers running the index component. For other servers, you can change the proxy settings from the Configure Server Farm Account Settings page.
61
Time-out settings for search
You can specify how long to wait when connecting to other servers. Connection Time - You can specify how long to wait when trying to establish a connection with a Web site or server by adjusting the number of seconds to wait for a connection time-out. By default, the wait time is 20 seconds. When specifying the wait time, consider the following:
!
If a wait time setting is too high (greater than two minutes), SharePoint Portal Server spends a significant amount of time waiting while trying to crawl nonexistent sites, bad links, or servers that are unavailable. If the wait time setting is too low, less than ten seconds, a lot of content is not included in the full-text index because SharePoint Portal Server bypasses the busier servers. If, during full-text index creation, SharePoint Portal Server encounters 32 consecutive time-outs related to one server, SharePoint Portal Server designates the server as unavailable and does not process any requests to that server for the next ten minutes. SharePoint Portal Server records an access error in the gatherer log. If you are crawling Microsoft Exchange public folders, the wait time must be greater than ten seconds. The recommended wait time is 60 seconds.
Specifying the location for temporary files
SharePoint Portal Server may need to create temporary files for documents being crawled. For best performance, the temporary files location should point to a disk other than the system disk or the disk that contains any SharePoint Portal Server data files, including the full-text index files. Note If this location changes, the existing files do not move to the new path. However, SharePoint Portal Server creates subsequent files in the new location. By default, the Microsoft SharePointPS Search service (SharePointPSSearch) temporary files are stored in the folder specified by the system TMP variable (typically WINDOWS\Temp on the system drive). If this folder does not exist, the temporary files are stored in the folder specified by the system TEMP variable. Important For SharePointPSSearch to operate correctly, you must ensure that there is sufficient space on this drive to store the SharePointPSSearch temporary files. The typical default for the system TMP variable points to the system drive, which is not the optimal configuration for performance. To optimize performance, you should ensure that the property store files, the fulltext indexes, the system page files, and the Web Storage System files are stored on spindles separate from the SharePointPSSearch temporary folder.
62
Site hit frequency rules
A site hit frequency rule determines the rate at which SharePoint Portal Server requests documents from one or more Web sites during crawling. The rate can be specified as the number of simultaneous documents requested or as the delay between requests. By default, the site hit frequency is limited to five simultaneous document requests. You can use the site hit frequency rule to modify demands on specific sites. Although you may want a higher document request frequency for creating or updating an index of your own intranet, it is recommended that you specify a lower frequency for external Web sites so that you do not overload the sites with document requests. Web sites can identify you from the e-mail address you provide when you configure an index management server. If you overload a site with requests, you could be denied access to that site in the future.
Using the Topic Assistant
The Topic Assistant provides a way for you to easily organize items in the portal into areas based on the areas used by existing items. This reduces the time and effort it takes to manage areas, allowing items in the portal to appear in search results and the portal site map according to the areas to which they belong. To use the Topic Assistant to organize items into areas, you must train it to recognize areas for items based on a training set of items that you select. That set of items is then used as a sample to suggest areas for other items in the portal. New items created after training are automatically suggested for areas based on this training set.
63
Configuring Usage Analysis Processing
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction In Windows SharePoint Services, usage analysis data is gathered from the front-end Web servers and collected into temporary files. When the scheduled log processing takes place, the data is merged into the content databases on the back-end servers. Usage data is collected for an entire site collection on server at a time. Even though the data is logged and stored for an entire site collection, when you view the data in HTML Administration pages, users can see only the data for a particular Web site or subsite, not for the entire site collection. If you want to know what kind of impact your Web site has, you need to track how many users visit your site, the type and number of hits your site receives, and other site-usage information. Windows SharePoint Services includes features that analyze the usage of your site. Summary and detailed usage reports supply information such as:
! ! ! !
Number of hits per page. Number of unique users. Browser and operating system information. Referring domains and URLs.
Tracking usage information can be useful for identifying which content on your site is being heavily used (and therefore should be kept) and which content is not being heavily used (and may be a candidate for archival). In addition to site usage statistics, you can keep track of how much storage space your site is taking up and the level of activity that your site is generating. This information is gathered as part of the quota tracking for sites. Although you can see the total number of hits for a site collection on the Site Collection Usage Summary page, for detailed information you must use the Site Usage Report page for the individual site or subsite.
64
The usage reports rely on usage log data gathered from the Web sites and stored in the content database for each virtual server. The log data is a summary record of transactions on your Web site. When you view a usage report, the data is arranged into a list format. You must be a member of the Administrator site group or have the Access Usage Data right for a site to view the site usage statistics. You can view summary data about a site from the Site Administration page. About usage analysis administration options Usage analysis allows you to track how Web sites on your server are being used. You configure the settings for processing the usage log by using commands in HTML Administration pages. From the SharePoint Central Administration page, you can control the following:
!
Whether or not to log usage data. Usage analysis is not enabled by default. If you want to use the usage analysis features for your server, you must enable the usage analysis logging process. Log files are created daily to track usage information. When the log file is processed, a flag is added to indicate that is has been processed. Log files are not automatically deleted. If you do not want to track usage analysis data and you want to conserve disk space, you can turn off data logging for usage analysis.
When and for how long to process the usage logs. By default, the log files are set to be processed every day from midnight to 6:00 A.M. By default, the log files are in c:\WINNT\system32\LogFiles. Inside this folder is a folder for every virtual server, and within those folders is a folder for each day. You can specify any other location that you prefer. Note If you choose a different log file location, you must be sure to give the STS_WPG user group Read, Write, and Update permissions to the directory. Without these permissions, the usage log files cannot be created or updated by IIS. For more information about setting permissions for a directory, see the Microsoft Windows Help system.

!
65
Whether or not to process the usage logs and when to do so. By default, the log files are set to be processed every day at 1:00 A.M. You can schedule the usage log to be processed at a more convenient downtime for your Web sites. You can also specify the end time for the usage log processing. If your Web sites are primarily used by internal employees, for example, you might schedule the log to be processed at night, when demand on the sites is lower than during working hours. If you have multiple servers, you can stagger the processing. For example, you can configure the processing to start at midnight, and stagger it by 15 minutes, so that server1 starts at 12:00, server2 starts at 12:15, server3 at 12:30, and so on. Usage data can be stored for up to 24 months. Daily information is stored for 31 days and monthly information for two months. The log files will not be deleted, even after processing. Note that usage analysis processes rely on the Microsoft SharePoint Timer service to manage the timing of log processing. Because usage analysis processing runs only once a day, when you enable usage analysis processing, you will not see any data until the next day. Log processing is only done for a single days worth of data. If you turn off the log processing for a week but leave the data logging turned on, the next time you turn on processing, it will only process one days worth of log files. The log files for all of the days before that will remain unprocessed. You control settings for usage analysis processing from the SharePoint Central Administration page. You must be an administrator of the local server computer or a member of the SharePoint Administrators group to configure usage analysis settings. When you configure usage analysis processing for a server, it takes effect for any existing virtual servers. If you later add a virtual server, you must configure usage analysis processing again to enable usage analysis for the new virtual server.
66
Instructor-Led Practice: Configuring Diagnostic Settings
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction You can specify the logging settings for components of SharePoint Portal Server, such as the single sign-on service and the search service. You can choose to do the following:
! ! ! !
Log no events for this component. Log critical events only. Log informational events and critical events. Log tracing information.
Note You should select Log tracing information only for troubleshooting purposes. Logging tracing information might affect performance and disk use. You can also choose to save a copy of the log automatically after a specified number of days, and you can choose to delete logs automatically after a specified number of days. In this instructor-led practice, use the following values:
67
Specifying logging settings for a component
! To specify logging settings for a component

1. If you have not already, log the Madrid virtual computer onto the MADRID (this computer) as Administrator with a password of P@ssw0rd, and then start SharePoint Portal Server Central Administration. 2. On the SharePoint Portal Server Central Administration for MADRID page, in the Component Configuration section, click Configure diagnostic settings. 3. On the Configure Diagnostic Settings for MADRID page, in the Logging Settings section, select BackupRestore, then click Edit. 4. In the Frequency for Saving and Deleting section, do the following: In the Save a copy every (in days) box, type 1. The server will save a copy of the log file for this component every day. Note If you do not want to save a copy of the log, type 0. In the Delete copies older than (in days) box, type 14. The log files for this component will be deleted automatically after 14 days. Note To delete files manually, type 0. 5. Click OK.
Viewing and deleting diagnostic logs
! To view and delete diagnostic logs

1. On the SharePoint Portal Server Central Administration for MADRID page, in the Component Configuration section, click Configure diagnostic settings. 2. On the Configure Diagnostic Settings for MADRID page, in the View Diagnostic Logs section, select a diagnostic log, then click View Log: Note To delete the selected log, click Delete. To delete unused log files, click Delete Unused Log Files. You cannot delete log files that are in use.
Specifying automatic error reporting
You can configure SharePoint Portal Server to automatically send reports of errors that cause it to crash to Microsoft. Automatic error reporting uses a connection that uses the HTTP over SSL (HTTPS) protocol, which is more secure than an ordinary Internet connection. The data that Microsoft collects is used strictly for the purpose of tracking down and solving problems that you are experiencing. The information is stored in a secure database with limited access. You can view the Microsoft Error Reporting Data Collection Policy from a link on the Diagnostic tools for server server_name page. There is a link to this page on the SharePoint Portal Server Central Administration for server_name page. You must be logged on to the computer as a member of the local Administrators group to complete this procedure. The following procedure is not necessary to complete as part of the instructorled practice.
68
! To specify automatic error reporting for all applications on the server

1. On the taskbar, click Start, and then click Run. 2. Type gpedit.msc, and then click OK. 3. In the Group Policy Object Editor, under the Local Computer Policy node, verify the Computer Configuration node is expanded. 4. Right-click Administrative Templates, then click Add/Remove Templates. 5. In the Add/Remove Templates dialog box, click Add. 6. The Policy Templates dialog box displays. Select AER_LanguageID.ADM, and then click Open. For example, for English, you would select AER_1033.ADM. For more information about language IDs, see Regional and Language Settings. 7. Click Close to close the Add/Remove Templates dialog box. 8. Under the Computer Configuration node, expand the Administrative Templates node. 9. Expand the Application Error Reporting node. 10. Click the Queued Reporting node. 11. In the details pane, right-click Bypass queue and send all reports, then click Properties. 12. On the Properties dialog box, on the Setting tab, click Enabled. 13. Click Cancel. Ordinarily you would click OK to apply these settings, but the current configuration on Madrid needs to be preserved for use in later practices and labs. 14. Close the Group Policy Object Editor.

Keep the Glasgow, Melbourne and Madrid virtual computers running for use in the next lesson.
69
Lesson: Removing Windows SharePoint Services from a Virtual Server
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction You can remove Windows SharePoint Services from a virtual server by using HTML Administration or the command line administration tool. Both of these tools allow you to either preserve or delete content when you remove Windows SharePoint Services. After completing this lesson, you will be able to:
!
Lesson Objectives
Remove Windows SharePoint Services using HTML administration
Removing Windows SharePoint Services using Central Administration
In this instructor-led practice, use the following values:

! To remove Windows SharePoint Services using Central Administration

1. If you have not already, log the Madrid virtual computer onto the MADRID (this computer) as Administrator with a password of P@ssw0rd, and then start Windows SharePoint Services Central Administration. 2. On the Windows SharePoint Services Central Administration page, under Virtual Server Configuration, click Configure virtual server settings. 3. On the Virtual Server List page, click the Adventure Works Corporate Partners link in the Name column. 4. On the Virtual Server Settings page, under Virtual Server Management, click Remove Windows SharePoint Services from Virtual Server.
70
5. On the Remove Windows SharePoint Services from Virtual Server page, select one of the following: Remove without deleting content databases This removes only the Windows SharePoint Services folders from the virtual server - the content database remains intact, so you can reconnect to it later using the same virtual server or a different one. Remove and delete content databases This both removes the Windows SharePoint Services folders from the virtual server and deletes the content database. You will not be able to reconstruct the sites previously stored on that virtual server unless you have a backup. 6. Click Cancel. Ordinarily you would click OK to apply these settings, but the current configuration on Madrid needs to be preserved for use in later practices and labs.

Keep the Glasgow, Melbourne and Madrid virtual computers running for use in the next module.

Module 5: Configuring Sharepoint Products and Technologies On A Server Farm

Uploaded by

Copyright:

Available Formats

Module 5: Configuring Sharepoint Products and Technologies On A Server Farm

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Module 5: Configuring Sharepoint Products and Technologies On A Server Farm

Uploaded by

Copyright:

Available Formats

Module 5: Configuring SharePoint Products and Technologies on a Server Farm