Deploy Windows Sharepoint Services 3.0

March 25, 2018 | Author: raymond.tang | Category: Share Point, Microsoft Windows, Microsoft, Command Line Interface, Windows Server 2008
Share
Report this link


Comments



Description

Deployment for Windows SharePoint Services 3.0 technology Microsoft Corporation Published: February 2009 Author: Microsoft Office System and Servers Team ([email protected]) Abstract This book provides information and guidelines to lead a team through the steps of deploying a solution based on Windows SharePoint Services 3.0. The audiences for this book are business application specialists, line-of-business specialists, information architects, IT generalists, program managers, and infrastructure specialists who are deploying a solution based on Windows SharePoint Services 3.0. You can find information about upgrading to Windows SharePoint Services 3.0 in the book Upgrading to Windows SharePoint Services 3.0 technology (http://go.microsoft.com/fwlink/?LinkId=85554&clcid=0x409 ). The content in this book is a copy of selected content in the Windows SharePoint Services technical library (http://go.microsoft.com/fwlink/?LinkId=81199) as of the date above. For the most current content, see the technical library on the Web. 2 The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Access, Active Directory, Excel, Groove, InfoPath, Internet Explorer, OneNote, Outlook, PerformancePoint, PowerPoint, SharePoint, SQL Server, Visio, Windows, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. ii Contents Deployment for Windows SharePoint Services 3.0 technology................................................1 Abstract.............................................................................................................................. 1 Contents................................................................................................................................... iii Getting Help............................................................................................................................. xi Roadmap to Windows SharePoint Services 3.0 content..........................................................1 Windows SharePoint Services 3.0 content by audience...........................................................1 Windows SharePoint Services 3.0 IT professional content by stage of the IT life cycle...........2 Evaluate............................................................................................................................. 2 Plan.................................................................................................................................... 3 Deploy................................................................................................................................ 4 Operate.............................................................................................................................. 6 Security and Protection...................................................................................................... 6 Technical Reference........................................................................................................... 7 Solutions............................................................................................................................ 7 I. End-to-end deployment scenarios........................................................................................ 8 Chapter overview: End-to-end deployment scenarios..............................................................9 Install Windows SharePoint Services 3.0 on a stand-alone computer....................................10 Hardware and software requirements.....................................................................................10 Configure the server as a Web server....................................................................................11 Install and configure IIS.................................................................................................... 11 Install the Microsoft .NET Framework version 3.0............................................................12 Enable ASP.NET 2.0........................................................................................................ 12 Install and configure Windows SharePoint Services 3.0 with Windows Internal Database.....12 Post-installation steps............................................................................................................. 14 Deploy in a simple server farm...............................................................................................16 Deployment overview............................................................................................................. 16 Deploying Windows SharePoint Services 3.0 in a DBA environment..................................17 Suggested topologies....................................................................................................... 17 Before you begin deployment...........................................................................................17 Overview of the deployment process...............................................................................18 Phase 1: Deploy and configure the server infrastructure....................................................18 Phase 2: Deploy and configure SharePoint site collections and sites.................................18 Deploy and configure the server infrastructure.......................................................................18 Prepare the database server............................................................................................ 18 SQL Server and database collation.....................................................................................19 Required accounts.............................................................................................................. 19 iii .................Verify that servers meet hardware and software requirements...............................NET 2..................................52 Perform additional configuration tasks.................................................................................................... 40 Deploying Windows SharePoint Services 3.......................................................................45 Run Setup on all servers in the farm.........................................................................................................................................................21 Enable ASP..............................................................34 About deploying by using DBA-created databases....................................46 Run Setup on the first server.............0......................42 Prepare the database server............................................................................................................40 Deployment overview......22 Run Setup on the first server......................0.....................................................................................................................................................................................................................................................................27 Perform additional configuration tasks............................................................ 32 Deploy using DBA-created databases.............................................................NET Framework version 3....................................................... 44 Verify that servers meet hardware and software requirements.................................... 41 Before you begin deployment....54 iv ................................................... 42 SQL Server and database collation...................................................................37 Deploy a simple farm on the Windows Server 2008 operating system................. 35 Create and configure the databases.................23 Add servers to the farm.................................................... 50 Start the Windows SharePoint Services Search service................0...........................20 Install and configure IIS.................................................................................................................................................... 26 Start the Windows SharePoint Services Search service....................................................................................................................35 Required accounts.............................................43 Required accounts..........53 Create a site collection and a SharePoint site.......................................................................................................................................................................................................51 Configure Windows Firewall with Advanced Security................................................................................................................................................................................................................28 Configure the trace log................................................41 Overview of the deployment process.............................................................46 Run the SharePoint Products and Technologies Configuration Wizard..................................NET Framework version 3.......................................42 Phase 2: Deploy and configure SharePoint site collections and sites........41 Suggested topologies............................................................. 49 Run the SharePoint Products and Technologies Configuration Wizard on additional servers .................45 Install Microsoft ....................................................................34 Required database hardware and software................................................0 in a DBA environment................................................ 25 Run the SharePoint Products and Technologies Configuration Wizard on additional servers .....................................................................................................................................................................................................................................................................................................................................................................................................................42 Phase 1: Deploy and configure the server infrastructure................42 Deploy and configure the server infrastructure.........................................22 Run the SharePoint Products and Technologies Configuration Wizard...................... 22 Run Setup on all servers in the farm..............................28 Create a site collection and a SharePoint site.... 21 Install the Microsoft .................................................................................................................................47 Add servers to the farm.... ...........0 with Service Pack 1............................................................ 80 Determine required accounts for least privilege administration.....................................68 Install software requirements............................................................76 Configure the trace log..................................................................................................62 Install Microsoft ...........0 by running Setup at a command prompt..........................................................................................................0 for a server farm environment...................................................0 in a server farm environment...................................Configure the trace log..............................................................76 Create a Web application and a site collection by using the Stsadm command-line tool.88 Configure the trace log.........................................................0 by using the command line....................................................................................................................................................................................................................... 96 SQL Server and database collation...............................................................................................................................................................NET Framework version 3.......94 Phase 1: Deploy and configure the server infrastructure..................0 on a stand-alone server............. 96 Preinstall databases (optional)........................................................85 Perform additional configuration tasks...........87 Create a Web application and a site collection by using the Stsadm command-line tool.............................................................................................................................................................. 79 Install software requirements.............................................0......95 Prepare the database servers.........................................96 Required accounts...................................... Install Windows SharePoint Services 3................................. 97 v ....................................85 Configure Windows SharePoint Services 3.......................0 for a server farm environment......92 Chapter overview: Install Windows SharePoint Services 3............ 78 Install Windows SharePoint Services 3............. 83 Configure the server by using the Psconfig command-line tool..................................................... 89 II...... Deploy Windows SharePoint Services 3................................................62 Install and configure Windows SharePoint Services 3................................94 Overview of the deployment process......94 Phase 2: Deploy and configure SharePoint site collections and sites........................ 65 Configure Windows Server Backup.......................................93 Suggested topologies................................................. 93 Before you begin deployment..............................61 Hardware and software requirements..............................................59 Install a stand-alone server on Windows Server 2008.........................................91 A.................................................................... 58 Configure Windows Server Backup......0 on the server by using the least privilege account......................................69 Install Windows SharePoint Services 3......................................................................................................................................................................... 64 Configure the trace log........................................................74 Perform additional configuration tasks.................................................85 Configure Windows SharePoint Services 3.............................................................................................66 Install Windows SharePoint Services 3.....72 Configure the server by using the Psconfig command-line tool.....................................................................62 Post-installation steps........................................ 68 Determine required accounts for installation....................................................................................0 on a farm....................................................0 with least privilege administration by using the command line...........................80 Install Windows SharePoint Services 3.......... .................................. 103 Start the Windows SharePoint Services Search service................................100 Add servers to the farm...........98 Enable ASP..................120 Configure e-mail drop folder permissions for the application pool account for a Web application.....................................125 vi .........................................................................................................................................................................................................118 To delegate full control of the organizational unit to the Central Administration application pool account....................................................................................................111 Configure incoming e-mail settings....... 119 Configure permissions to the e-mail drop folder..................................105 About language IDs and language packs.119 Configure e-mail drop folder permissions for the logon account for the Windows SharePoint Services Timer service.......................116 Configure Active Directory.........................................................110 Chapter overview: Perform additional configuration tasks........................................... 120 Configure DNS Manager............................................ 99 Run the SharePoint Products and Technologies Configuration Wizard................................................................................................98 Install the Microsoft ................................................0)....................................................104 Deploy language packs (Windows SharePoint Services 3.....................114 Install the SMTP service...........................................................................................................................................................................NET Framework version 3..................NET 2.................................. 114 Configure the SMTP service.................... 121 Configure attachments from Outlook 2003.......113 Start the Windows SharePoint Services Web Application service...122 Configuring incoming e-mail on SharePoint sites...............................................................................................................................................................105 Preparing your front-end Web servers for language packs......Prepare the front-end Web servers............................................................................ 99 Run Setup on the first server...............................................................................................................................................................................................................124 Configure outgoing e-mail settings......................... 118 To add the Delete Subtree permission for the Central Administration application pool account................................................................................................0.........................................................................................................................0.................................................................................................................................111 Configure additional administrative settings......... 115 Add an SMTP connector in Exchange Server..............................................................................................................................................................................................................122 Configure incoming e-mail settings...............................................................................................113 Install and configure the SMTP service............. 116 Configure Active Directory under atypical circumstances...........................107 Installing language packs on your front-end Web servers........................................................................................................... 109 B................................................................................................................................................................................0 and run the SharePoint Products and Technologies configuration wizard............................................... 98 Install Windows SharePoint Services 3............................108 Uninstalling language packs......................... Perform additional configuration tasks...................................................................... 102 Run the SharePoint Products and Technologies Configuration Wizard on additional servers......................................................................... ........................................................151 Allowing users access to your extranet Web site................................................................................................................................................. 128 Configure the SMTP service............................................................................. 150 Configuring your extranet Web application to use Web SSO authentication...........................................................................133 Error reports....................................................................................................................................................................................................131 Configure diagnostic logging settings.................148 Configure Web SSO authentication by using ADFS..............127 Configure outgoing e-mail settings for a specific Web application.................................................................................................................................................................143 Configure forms-based authentication.......139 Windows authentication provider.................. 134 Configuring diagnostic logging settings......................................145 About forms-based authentication..........................................................................................................................................................................125 Install the SMTP service.............................................................129 Configure outgoing e-mail settings...................150 Before you begin................................... 133 Event throttling...............................................................................................................................................................130 Configure workflow settings..............................................................128 Install the SMTP service................................................................... 125 Configure the SMTP service.....................................................................................................................................................................................................153 About using Central Administration................................................... 156 Working with E-mail and UPN claims.................................................................................................................135 Configure anti-virus settings........................................................................................................ 139 Windows SharePoint Services authentication................ 131 Configuring workflow settings........................................................................................................................................................Install and configure the SMTP service......143 Configure IIS to enable digest authentication..... 137 Administrative credentials................141 Web single sign-on (SSO) authentication provider......................... 145 Configure forms-based authentication across multiple zones..................................................................................... 142 About digest authentication. 140 Forms authentication provider..................................................................................................................................................................................................................................................155 Working with the People Picker..........................................................................................128 Install and configure the SMTP service.................................................................................................. 142 Enable digest authentication for a zone of a Web application............................133 Customer Experience Improvement Program...................................................................................................................... 137 Run the Best Practices Analyzer Tool..............................................................................................................................................126 Configure outgoing e-mail settings........................................................................................................................................................................................................................138 Configure authentication.......141 Configure digest authentication.............................................................................................150 About federated authentication systems........................157 vii ................................. .......................................................................................................................................................................................................................................................................................................................185 Solution prerequisites.............................................................................................................................178 Solution prerequisites.................................................................................................172 Create zones for Web applications...................................................................................... Deploy and configure SharePoint sites....................................................160 Enable anonymous access for individual sites......................... 185 viii ................................171 Add an internal URL................................................................................................................................................................................................166 Create a new Web application.................................... 163 C............................. 180 Deploy the solution..... 166 Extend an existing Web application...............................................................................................................................................................182 Grant user permissions.........................................................................................................171 Manage alternate access mappings...............................................................................................................................................................................161 Enable anonymous access for individual lists................................. 175 Create a new quota template.......................................................................................................................... 184 Prepare to crawl host-named sites that use forms authentication....................................................................................................................................................................................................................... 178 High-level solution overview...................................................................................162 SQL Server Reporting Services integration with SharePoint Products and Technologies: white paper...................................................................................................... 176 Delete a quota template......................................... 174 View existing zones.... 160 Enable anonymous access for a zone...............................................................179 High-level steps................................................ 181 Map site names to static IP addresses in DNS.................................................................................................................................................................171 Edit public URLs........................Working with groups and organizational group claims...............................................................................................................................................175 Edit an existing quota template.................................................................................... 174 Create quota templates.............. 176 Create site collections....................................................................................................................................168 Configure alternate access mapping.............................................. 177 Prepare to crawl host-named sites that use Basic authentication.... 180 Extend the Web application...................................................165 Create or extend Web applications...............................................................................164 Chapter overview: Deploy and configure SharePoint sites.........174 Create a new zone... 172 Map to an external resource........................................................ 160 About anonymous access.......................................................................................................................................................................157 Configure anonymous access................... 171 Edit or delete an internal URL............................................................................................................................... ......................................................................................................................................................................................................................................................................High-level solution overview...............................................................220 Known issues.............................................200 Site Admin Templates..........221 Error: The search request is unable to connect to the search service.............189 Extend the Web application..................................................... 191 Map site names to static IP addresses in DNS................config files..................................................................................................................214 Verify installation..205 Before you begin....221 Setup stops responding when you use an alternate location for the Updates folder....................................................................221 GroupBoard Workspace 2007 and software update failures...0)....................................................................................................196 Add site owners or other users............................................ 200 Server Admin Templates.................... 224 ix ......................0...............................................................................................................................................................................................................................................................................210 Perform installation steps................................................................. Install application templates.................................................. Deploy software updates and upgrade to a new operating system............................................................................................................................................................................................ 210 Install the software update.............. 193 Add site content...........................................................................................................................................................................218 Update language template packs.....................................................................................................................................................207 Overview of installation sequence........ 194 Use Web site designers to design and add content............... 220 Error: Failed to upgrade SharePoint Products and Technologies...........204 Deploy software updates for Windows SharePoint Services 3.........................................................................................222 Create an installation source that includes software updates (Windows SharePoint Services 3.. 206 Pre-upgrade preparation................................................................194 Migrate content from another site...............................................196 Add site collection administrators.............................................................................................220 Error: Unknown SQL Exception 15363.................................................................................................... 223 Language template packs......................................................................... 201 IV...................................................................... 197 III..................................191 Grant user permissions............................................................................................ 223 Use the updates folder........................................................199 Installing application templates for Windows SharePoint Services 3............ 215 Add new servers to a server farm...................................................................................................... 187 Deploy the solution....................................195 Enable access for end users............................................ 195 Allow users to add content directly....................................0.......................................................................................................................................................186 High-level steps.................................................................................................................................... 187 Add configuration settings to the applicable Web.............221 Foxit PDF IFilter must be reinstalled after installing software update......................................................................................... 211 Large-farm optimization.................................................................................................. ...229 x ............................................225 Before you begin....................................225 Install Windows Internal Database SP2.....................................................................226 Configure Windows Server Backup....................................................................................................227 Fixing problems after upgrading without Windows Internal Database Service Pack 2....................................225 Stop the Search service.....................................................................................................................228 Reset the Windows SharePoint Services Search service index.........................................0 with SP1........... 225 Address any installation issues.......................................................................................................................................................Upgrading to Windows Server 2008 for Windows SharePoint Services 3.......................225 Install Windows Server 2008....................227 Known issues................................................................................................................................................... 226 Perform post-installation procedures.............. 227 Repair not allowed when Least User Access is enabled........................................... Getting Help Every effort has been made to ensure the accuracy of this book.microsoft.com/office If you do not find your answer in our online content.microsoft. you can send an e-mail message to the Microsoft Office System and Servers content team at: [email protected] If your question is about Microsoft Office products. and not about the content of this book. This content is also available online in the Office System TechNet Library. so if you run into problems you can check for updates at: http://technet.com xi . please search the Microsoft Help and Support Center or the Microsoft Knowledge Base at: http://support. . 0 content by audience Each audience for Windows SharePoint Services 3.com/ fwlink/? LinkID=86923&clcid=0x 409) 1 .microsoft.0 can go to a specific Web site for content that is tailored to that audience.microsoft.0 content by audience Windows SharePoint Services 3.com/fwlink/ ?LinkId=88902&clcid=0x409) • Newly published content — an article that lists new or updated content in the Technical Library (http://go.0 IT professional content by stage of the IT life cycle Windows SharePoint Services 3.com/fwlink/ ?LinkId=88906&clcid=0x409) • Downloadable books — an article that lists the books available for download (http://go.0 content In this article: • • Windows SharePoint Services 3. Information Workers IT Professionals Developers Content available on Office Online • Home page — a central portal for Information Worker resources (http://go.Roadmap to Windows SharePoint Services 3.microsoft.microsoft.com/fwlink/ ?LinkID=73953&clcid=0x409) • Technical Library — an index for IT professional content (http://go.com/fwlink/ ?LinkId=88907&clcid=0x409) Content available on: MSDN • Developer Center — a central portal for Developer resources (http://go.com/f wlink/? LinkId=88899&clcid=0x4 09) Content available on: TechNet • TechCenter — a central portal for IT professional resources (http://go. The following table lists the audiences and provides links to the content for each audience.microsoft.com/ fwlink/? LinkId=88910&clcid=0x4 09) • MSDN Library — an index for Developer content (http://go.microsoft.microsoft.com/f wlink/? LinkId=88898&clcid=0x4 09) • Help and How-to — an index for Information Worker content (http://go.microsoft. Content Description Links Online content Includes the most up-to-date Evaluation for Windows SharePoint Services 3.0 technology 2 .com/fwlink/? LinkId=88915&clcid=0x409) • SharePoint Products and Technologies team blog — a group blog from the teams who develop the SharePoint Products and Technologies (http://go. For an updated list. and system architects) focus on understanding a new technology and evaluate how it can help them address their business needs. etc.microsoft. The most up-to-date content is always available on the TechNet Web site. plus books that cover all stages of the life cycle for a specific solution.com/fwlink/? LinkId=88916&clcid=0x409) • Support Center for Microsoft Windows SharePoint Services 3.com/fwlink/? LinkId=89561&clcid=0x409) Windows SharePoint Services 3.0 IT professional content by stage of the IT life cycle IT Professional content for Windows SharePoint Services 3. IT professionals (including decision makers. deploy. Evaluate During the evaluation stage.Additionally. The following sections describe each stage in the IT life cycle and list the content available to assist IT professionals during that stage.0. newsgroups. see Downloadable books for Windows SharePoint Services (http://go.microsoft. and operate — plus technical reference content.microsoft.com/fwlink/?LinkId=88907&clcid=0x409 ). solution architects. there is information for all users of SharePoint Products and Technologies at the community and blog sites listed in the following table. The following table lists resources that are available to help you evaluate Windows SharePoint Services 3. Community content and blogs • SharePoint Products and Technologies community portal — a central place for community information (blogs.) about SharePoint Products and Technologies (http://go. We also offer downloadable books that cover each stage of the IT life cycle.0 — a central place for issues and solutions from Microsoft Help and Support (http://go.0 includes content appropriate for each stage of the IT life cycle — evaluate.microsoft. plan. Evaluation Guide Provides an overview. and understand system requirements for Windows SharePoint Services 3. (http://go.0 you want to take advantage of. information about what's new. including worksheets. and information architecture for a site.0.microsoft.0. and that helps you to plan for those capabilities and to tailor the solution to your organization's needs. including determining the structure. you might want information that helps you to determine which capabilities of Windows SharePoint Services 3. plan authentication methods. IT professionals have different needs depending on their role within an organization. 3 . capabilities. to address both of these needs.Content Description Links content.microsoft.0 Evaluation Guide (http://go.com/fwlink/?LinkID=88902&clcid=0x409 ) Windows SharePoint Services 3. The Technical Library on TechNet is continually refreshed with new and updated content. We have planning content.com/fwlink/?LinkId=86962&clcid=0x409 ) Plan During the planning stage. On the other hand. and conceptual information for understanding Windows SharePoint Services 3. if you are focused on the hardware and network environment for your solution. you might want information that helps you to structure the server topology. If you are focused on designing a solution. 0 (http://go. part 1 (http://go.The following table lists resources that are available to help you plan for using Windows SharePoint Services 3. you may have templates. or Windows SharePoint 4 . The process of upgrading from a previous-version product. Additionally. part 2 (http://go. Part 1 Planning and architecture for Windows SharePoint Services. or other custom elements to deploy into your environment. such as Microsoft Office SharePoint Portal Server 2003. The Technical Library on TechNet is continually refreshed with new and updated content.com/fwlink/? information for IT LinkId=85553) professionals who are designing the environment to host a solution based on Windows SharePoint Services 3.microsoft.microsoft.com/fwlink/? LinkId=79600) Planning Guide. Deploy During the deployment stage. Part 2 Provides in-depth Planning and architecture for Windows SharePoint planning Services. Depending on your environment and your solution. Planning and architecture for Windows SharePoint Services 3.com/fwlink/? LinkId=88954&clcid=0x409) Planning Guide.0. you may have several configuration steps to perform for your servers. and for your sites. you configure your environment. and then start creating SharePoint sites. Provides in-depth planning information for application administrators who are designing a solution based on Windows SharePoint Services 3. install Windows SharePoint Services 3.0. features.0. Microsoft Content Management Server 2002.microsoft. for your Shared Services Providers. Content Description Links Online content Includes the most up-to-date content.0. The Technical Library on TechNet is continually refreshed with new and updated content. The following table lists resources that are available to help you deploy or upgrade to Windows SharePoint Services 3.0.microsoft.0.0.Services. We have content that addresses planning for upgrade. 5 . and performing post-upgrade steps. is also part of the deployment stage of the IT life cycle.com/fwlink/?LinkId=85554) depth information for upgrading from a previous version product to Windows SharePoint Services 3. Content Description Links Online content Includes the most up-to-date content.(http://go. Deployment for Windows SharePoint Services 3. performing the upgrade.com/fwlink/?LinkID=79602) Upgrade Guide Provides Upgrading to Windows SharePoint Services 3.microsoft.microsoft.com/fwlink/?LinkID=80752&clcid=0x409 ) Deployment Guide Deployment for Windows SharePoint Services (http://go. Provides indepth deployment information for Windows SharePoint Services 3.0 (http://go.0 overview and in. in which you install and configure your environment. you move to the operations stage. 6 . The following table lists resources that are available to help with day-to-day operations for Windows SharePoint Services 3. an aggregate view of this content is provided in a Security and Protection section of the documentation. appropriate content for security and protection is included in the content for each life cycle stage. The following table lists resources that are available to help you understand security and protection for Windows SharePoint Services 3. Content Description Links Online content Includes the most up-to-date content.0 (http://go.0. maintenance.0.com/fwlink/?LinkId=89152&clcid=0x409 ) Security and Protection Because security and protection are concerns during all phases of the IT life cycle. The Technical Library on TechNet is continually refreshed with new and updated content.0. During this stage. Operate After deployment.Migration and Upgrade Information for SharePoint audience (IT Developers and developer) (http://go. However.microsoft. Operations for Windows SharePoint Services 3. and tuning of your environment.microsoft.Content Description Links Migration and Upgrade for SharePoint Developers Provides cross.com/fwlink/?LinkId=89129&clcid=0x409 ) information for migration and upgrade from a previous version product to Windows SharePoint Services 3. you are focused on the day-to-day monitoring. For example.com/fwlink/? LinkId=89165&clcid=0x409).0.0 (http://go. we also offer several solution guides that help you plan. The Technical Library on TechNet is continually refreshed with new and updated content. the Technical Reference content has information about how permissions work.com/fwlink/? LinkId=89154&clcid=0x409) Technical Reference Technical reference information supports the content for each of the IT life cycle stages by providing the technical information you need to work with Windows SharePoint Services 3.microsoft.0 (http://go.0 (http://go.microsoft. and how to use Setup.0. 7 . Content Description Links Online content Includes the most up-to-date content. and operate a specific type of solution based on Windows SharePoint Services 3.Content Description Links Online content Includes the most up-to-date content. how to perform operations from the command line.exe from the command line.0. Security and protection for Windows SharePoint Services 3. Technical Reference for Windows SharePoint Services 3.microsoft.0. The following table lists resources that are available to help you work with Windows SharePoint Services 3. For a current list of solution guides for Windows SharePoint Services 3. The Technical Library on TechNet is continually refreshed with new and updated content. deploy.com/fwlink/?LinkID=88902&clcid=0x409 ) Solutions In addition to these IT life cycle-specific resources. see Downloadable books for Windows SharePoint Services 3. End-to-end deployment scenarios 8 .I. A stand-alone configuration is useful if you want to evaluate Windows SharePoint Services 3. such as collaboration. You can deploy in a server farm environment if you are hosting a large number of sites. • ∆επλοψ α σιµπλε φαρµ ον τηε Ωινδοωσ Σερϖερ 2008 οπερατινγ σψστεµ discusses how to deploy Windows SharePoint Services 3. A server farm consists of one or more servers dedicated to running the Windows SharePoint Services 3. A server farm consists of one or more servers dedicated to running the Windows SharePoint Services 3.0 in a server farm environment.0 on a single server computer.0 features and capabilities.0 applications. 9 . A stand-alone configuration is useful if you want to evaluate Windows SharePoint Services 3.0 in an environment in which database administrators create and manage databases. • Ινσταλλ α στανδ−αλονε σερϖερ ον Ωινδοωσ Σερϖερ 2008 discusses how to install Windows SharePoint Services 3.0 applications.0 with Service Pack 1 (SP1) on the new Windows Server 2008 operating system. Only Windows SharePoint Services 3. A stand-alone configuration is also useful if you are deploying a small number of Web sites and you want to minimize administrative overhead. Only Windows SharePoint Services 3.0 with SP1 or later can be installed on Windows Server 2008. You can deploy in a server farm environment if you are hosting a large number of sites. • ∆επλοψ ιν α σιµπλε σερϖερ φαρµ discusses how to do a clean installation of Windows SharePoint Services 3. The deployment includes all the required databases and one portal site. and search.0 as an end-to-end solution.0 ον α στανδ−αλονε χοµπυτερ discusses how to install Windows SharePoint Services 3. see Deploy Windows SharePoint Services 3. if you want the best possible performance. or if you want the scalability of a multi-tier topology. or if you want the scalability of a multi-tier topology. whether on a single computer or in a simple server farm. This chapter does not discuss more complex deployments.0 in a server farm environment.0 features and capabilities. if you want the best possible performance. • ∆επλοψ υσινγ ∆ΒΑ−χρεατεδ δαταβασεσ discusses how to deploy Windows SharePoint Services 3. This article discusses how database administrators (DBAs) can create these databases and how farm administrators configure them. The articles in this chapter include: • Ινσταλλ Ωινδοωσ ΣηαρεΠοιντ Σερϖιχεσ 3. such as collaboration.0 in a large server farm. For information about deploying Windows SharePoint Services 3.Chapter overview: End-to-end deployment scenarios This chapter provides information and directions for deploying Windows SharePoint Services 3. A stand-alone configuration is also useful if you are deploying a small number of Web sites and you want to minimize administrative overhead. document management.0 with SP1 or later can be installed on Windows Server 2008. document management. and search.0 with Service Pack 1 (SP1) on the new Windows Server 2008 operating system. see 10 . such as collaboration. the Microsoft . or how to upgrade from SharePoint Portal Server 2003. and Windows System Resources Manager. A stand-alone configuration is also useful if you are deploying a small number of Web sites and you want to minimize administrative overhead.0 on a single server using the default settings. In addition. For information about how to do this.0 features and capabilities. Hardware and software requirements Before you install and configure Windows SharePoint Services 3.0 in a farm environment.0 on a single server computer. When you deploy Windows SharePoint Services 3. document management.0 on a stand-alone computer In this article: • • • • Hardware and software requirements Configure the server as a Web server Install and configure Windows SharePoint Services 3.0 You can quickly publish a SharePoint site by deploying Windows SharePoint Services 3. Active Directory Rights Management Services. see Install a stand-alone server on Windows Server 2008.0 are different. the Setup program automatically installs the Windows internal Database uses it to create the configuration database and content database for your SharePoint sites. Windows Internal Database uses SQL Server technology as a relational data store for Windows roles and features only. A stand-alone configuration is useful if you want to evaluate Windows SharePoint Services 3. see the following articles: • • ∆επλοψ ιν α σιµπλε σερϖερ φαρµ Upgrading to Windows SharePoint Services 3.Install Windows SharePoint Services 3. the steps to install and configure Internet Information Services (IIS). Note: There is no direct upgrade from a stand-alone installation to a farm installation.0 with Windows Internal Database Post-installation steps This information applies to Microsoft Windows Server 2003.NET Framework version 3. and search. If you are in a Windows Server® 2008 environment. Windows Server Update Services. For more information. Important: This document discusses how to install Windows SharePoint Services 3. UDDI Services. For more information about these requirements. It does not cover installing Windows SharePoint Services 3. Setup installs the SharePoint Central Administration Web site and creates your first SharePoint site collection and site.. upgrading from previous releases of Windows SharePoint Services 3.0 on a single computer as a stand-alone installation.0. be sure that your servers have the required hardware and software.0. such as Windows SharePoint Services. and Windows SharePoint Services 3.0. right-click the Web Sites folder.0 isolation mode check box is only selected if you have upgraded to IIS 6.com/enus/library/cc288751. click Next. point to Administrative Tools.NET 2. click Next. 5.0 worker process isolation mode by default. 11. Configure the server as a Web server Before you install and configure Windows SharePoint Services 3. 9. and you must ensure that IIS is running in IIS 6. point to Administrative Tools. 6. In the IIS Manager tree. and then click Internet Information Services (IIS) Manager.0. 8. 4. On the Server Role page. In the Web Sites Properties dialog box. and then click Properties. 2. and then click Next.aspx). On the Summary of Selections page. clear the Run WWW service in IIS 5.NET Framework version 3. Click Start.0 on Microsoft Windows 2000. Install and configure IIS 1. click Next. you must install and configure the required software.0 worker process isolation mode. click the Service tab.0. click the plus sign (+) next to the server name. 11 . Note: The Run WWW in IIS 5. On the Preliminary Steps page.0 use IIS 6. Install and configure IIS Internet Information Services (IIS) is not installed or enabled by default in the Microsoft Windows Server 2003 operating system. This includes installing and configuring Internet Information Services (IIS) so your computer acts as a Web server.Determine hardware and software requirements ( http://technet. click Next. In the Isolation mode section. Click Start. To make your server a Web server. New installations of IIS 6. On the Application Server Options page. On the Welcome to the Configure Your Server Wizard page.NET). Click Finish.0 isolation mode check box.0 on Windows Server 2003 from IIS 5. point to All Programs. and then click Configure Your Server Wizard.microsoft. you must install and enable IIS. 7. installing the Microsoft . 10. and then click OK. click Application server (IIS. and enabling ASP. point to All Programs.0. 3. ASP. 2. You can download the . In the Internet Information Services tree.NET 2. click the plus sign (+) next to the server name.0. which is required by workflow features.50727.0. 3. Windows Internal Database uses SQL Server technology as a relational data store for Windows roles and features only.NET Framework version 3.0.0 with Windows Internal Database When you install Windows SharePoint Services 3.microsoft. You can create a new configuration database by running the following command: • psconfig -cmd configdb -create -database <uniquename> 12 .0 Go to the Microsoft Download Center Web site (http://go. There are separate downloads for x86-based computers and x64-based computers. Click Start. the Setup program could fail when creating the configuration database causing the entire installation process to fail.NET Framework version 3.NET 2.0 on the same computer.microsoft. Install and configure Windows SharePoint Services 3. and then click the Web Service Extensions folder.0 Redistributable Package page. UDDI Services. This option uses the Setup program's default parameters to install Windows SharePoint Services 3.Install the Microsoft .0. You can prevent this failure by either deleting all the existing Windows SharePoint Services 3. and on the Microsoft .NET v2.5 from the Microsoft Web site (http://go. right-click ASP. and then later install Windows SharePoint Services 3.0 ASP. run the Setup program using the Basic option.0 and Windows Internal Database.0 download contains the Windows Workflow Foundation technology.NET Framework version 3.0 on a single server.com/fwlink/? LinkID=72322&clcid=0x409).com/fwlink/? LinkId=110508). such as Windows SharePoint Services.NET 2. Windows Server Update Services. and Windows System Resources Manager. the Central Administration Web Site.5. and then click Internet Information Services (IIS) Manager.NET Framework 3.0 databases on the computer or by creating a new configuration database.0 1.. Note: You can also use the Microsoft . point to Administrative Tools. Notes • If you uninstall Windows SharePoint Services 3. The .NET Framework version 3. Active Directory Rights Management Services. Be sure to download and install the appropriate version for your computer. follow the instructions for downloading and installing the . In the details pane. Enable ASP.NET Framework version 3. point to All Programs. Enable ASP.0 is required for proper functioning of Web content. and many other features and functions of Windows SharePoint Services 3. and then click Allow. Your new SharePoint site opens. 2. Note: If you are prompted for your user name and password. Instructions for configuring these settings are provided in the following procedure. review the terms. type the URL to your site. In the Add this Web site to the zone box. When Setup finishes. In the dialog box that notifies you that some services might need to be restarted or reset during configuration.Run Setup 1. click Internet Options. Click Close to close the Trusted Sites dialog box. you might need to add the SharePoint site to the list of trusted sites and configure user authentication settings in Internet Explorer. Be sure that the Run the SharePoint Products and Technologies Configuration Wizard now check box is selected. On the Read the Microsoft Software License Terms page. click Advanced. 2. On the Welcome to SharePoint Products and Technologies page. use the following steps to configure Internet Explorer to bypass the proxy server for local addresses. select the I accept the terms of this agreement check box. click Basic to install to the default location. click Yes. and then click Add. To install to a different location. click Next. 3. in the Select a Web content zone to specify its security settings box. On the Security tab. 13 . and then on the Data Location tab. 2. Clear the Require server verification (https:) for all sites in this zone check box. click Finish. specify the location you want to install to and finish the installation. on the Tools menu. Run the SharePoint Products and Technologies Configuration Wizard 1. and then click Sites. Instructions for configuring proxy server settings are provided later in this section. 3. 4. Note: If you see a proxy server error message. On the Configuration Successful page. Click OK to close the Internet Options dialog box. Add the SharePoint site to the list of trusted sites 1. 5. 4. 6. If you are using a proxy server in your organization. and then click Continue. Click Close to start the configuration wizard. 3. a dialog box prompts you to complete the configuration of your server. On the Choose the installation you want page. In Internet Explorer. you might need to configure your proxy server settings so that local addresses bypass the proxy server. click Trusted Sites. • Configure antivirus protection settings You can configure several antivirus settings if you have an antivirus program that is designed for Windows SharePoint Services 3. • Configure diagnostic logging settings You can configure several diagnostic logging settings to help with troubleshooting. Select the Bypass proxy server for local addresses check box. Click OK to close the Local Area Network (LAN) Settings dialog box. For more information. click Internet Options. see Configure diagnostic logging settings. and you can specify how many 14 . Post-installation steps After Setup finishes. we recommend that you perform the following administrative tasks by using the SharePoint Central Administration Web site. You can configure both the "From" e-mail address and the "Reply" e-mail address that appear in outgoing alerts. In Internet Explorer. 8. Antivirus settings enable you to control whether documents are scanned on upload or download and whether users can download infected documents. clear the Automatically detect settings check box. and Customer Experience Improvement Program events. you can configure the SharePoint Directory Management Service to provide support for e-mail distribution list creation and management. 2. Type the port number of the proxy server in the Port box. In the Proxy Server section. 6. For more information. In addition.Configure proxy server settings to bypass the proxy server for local addresses 1. your browser window opens to the home page of your new SharePoint site. 4. 9. see Configure incoming email settings • Configure outgoing e-mail settings You can configure outgoing e-mail settings so that your Simple Mail Transfer Protocol (SMTP) server sends e-mail alerts to site users and notifications to site administrators. You can also configure incoming email settings so that SharePoint sites can archive e-mail discussions as they happen. on the Tools menu. • Configure incoming e-mail settings You can configure incoming e-mail settings so that SharePoint sites accept and archive incoming e-mail. and show e-mailed meetings on site calendars. 7. in the Local Area Network (LAN) settings area. 5. see Configure outgoing e-mail settings. Type the address of the proxy server in the Address box. Click OK to close the Internet Options dialog box. In the Automatic configuration section. 3. save emailed documents. This includes enabling and configuring trace logs. For more information. click LAN Settings. You can also specify how long you want the antivirus program to run before it times out. event messages. user-mode error messages. select the Use a proxy server for your LAN check box. Although you can start adding content to the site or you can start customizing the site.0. On the Connections tab. sites. see Deploy and configure SharePoint sites. You can create more SharePoint sites collections. 2. point to All Programs.execution threads the antivirus program can use on the server. Click Start. next to Action. • Create SharePoint sites When Setup finishes. you have a single Web application that contains a single SharePoint site collection that hosts a SharePoint site. Perform administrator tasks by using the Central Administration site 1. For more information. under Administrator Tasks.0 Central Administration. click the task you want to perform. On the Administrator Tasks page. point to Administrator Tools. For more information. 3. On the Central Administration home page. 15 . click the task. and Web applications if your site design requires multiple sites or multiple Web applications. see Configure anti-virus settings. and then click SharePoint 3. For more information.0. see Planning and architecture for Windows SharePoint Services 3.0. the Microsoft . It does not cover upgrading from previous releases of Windows SharePoint Services 3. For more information. the steps to install and configure Internet Information Services (IIS). see Deploy a simple farm on the Windows Server 2008 operating system. For more information about upgrading from a previous release of Windows SharePoint Services.0 on a single computer as a stand-alone installation.0 is more complex than a stand-alone deployment.0 technology. 16 . For information about planning.Deploy in a simple server farm In this article: • • • • • Deployment overview Deploy and configure the server infrastructure Perform additional configuration tasks Create a site collection and a SharePoint site Configure the trace log This information applies to Microsoft Windows Server 2003. Deployment overview Important: This article discusses how to do a clean installation of Windows SharePoint Services 3. if you want the best possible performance. You can deploy Windows SharePoint Services 3. Because a server farm deployment of Windows SharePoint Services 3.0 in a server farm environment.0 or from previous releases of Windows SharePoint Services.NET Framework version 3.0 in a server farm environment if you are hosting a large number of sites. or if you want the scalability of a multi-tier topology.0 are different. If you are in a Windows Server® 2008 environment. see Upgrading to Windows SharePoint Services 3. Note: There is no direct upgrade from a stand-alone installation to a farm installation. Note: This article does not cover installing Windows SharePoint Services 3.0 on a stand-alone computer. we recommend that you plan your deployment. and Windows SharePoint Services 3. A server farm consists of one or more servers dedicated to running the Windows SharePoint Services 3. Planning your deployment can help you to gather the information you need and to make important decisions before beginning to deploy. see Install Windows SharePoint Services 3.0 application. Deploying Windows SharePoint Services 3.0 in a DBA environment In many IT environments, database creation and management are handled by the database administrator (DBA). Security and other policies might require that the DBA create the databases required by Windows SharePoint Services 3.0. For more information about deploying using DBAcreated databases, including detailed procedures that describe how the DBA can create these databases, see Deploy using DBA-created databases. Suggested topologies Server farm environments can encompass a wide range of topologies and can include many servers or as few as two servers. A server farm typically consists of a database server running either Microsoft SQL Server 2005 or Microsoft SQL Server 2000 with the most recent service pack, and one or more servers running Internet Information Services (IIS) and Windows SharePoint Services 3.0. In this configuration, the front-end servers are configured as Web servers. The Web server role provides Web content and services such as search. A large server farm typically consists of two or more clustered database servers, several loadbalanced front-end Web servers running IIS and Windows SharePoint Services 3.0, and two or more servers providing search services. Before you begin deployment This section provides information about actions that you must perform before you begin deployment. • To deploy Windows SharePoint Services 3.0 in a server farm environment, you must provide credentials for several different accounts. For information about these accounts, see Plan for administrative and service accounts (http://technet.microsoft.com/enus/library/cc288210.aspx). • You must install Windows SharePoint Services 3.0 on the same drive on all loadbalanced front-end Web servers. • All the instances of Windows SharePoint Services 3.0 in the farm must be in the same language. For example, you cannot have both an English version of Windows SharePoint Services 3.0 and a Japanese version of Windows SharePoint Services 3.0 in the same farm. • You must install Windows SharePoint Services 3.0 on a clean installation of the Microsoft Windows Server 2003 operating system with the most recent service pack. If you uninstall a previous version of Windows SharePoint Services 3.0, and then install Windows SharePoint Services 3.0, Setup might fail to create the configuration database and the installation will fail. Note: We recommend that you read the Known Issues/Readme documentation before you install Windows SharePoint Services 3.0 on a domain controller. Installing Windows SharePoint Services 3.0 on a domain controller requires additional configuration steps that are not discussed in this article. 17 Overview of the deployment process The deployment process consists of two phases: deploying and configuring the server infrastructure, and deploying and configuring SharePoint site collections and sites. Phase 1: Deploy and configure the server infrastructure Deploying and configuring the server infrastructure consists of the following steps: • • • Preparing the database server. Preinstalling databases (optional). Verifying that the servers meet hardware and software requirements. • Running Setup on all servers you want to be in the farm, including running the SharePoint Products and Technologies Configuration Wizard. • Starting the Windows SharePoint Services Search service. Phase 2: Deploy and configure SharePoint site collections and sites Deploying and configuring SharePoint site collections and sites consists of the following steps: • • Creating site collections. Creating SharePoint sites. Deploy and configure the server infrastructure Prepare the database server The database server computer must be running Microsoft SQL Server 2005 or Microsoft SQL Server 2000 with Service Pack 3a (SP3a) or later. The Windows SharePoint Services 3.0 Setup program automatically creates the necessary databases when you install and configure Windows SharePoint Services 3.0. Optionally, you can preinstall the required databases if your IT environment or policies require this. For more information about prerequisites, see Determine hardware and software requirements (http://technet.microsoft.com/en-us/library/cc288751.aspx). If you are using SQL Server 2005, you must also change the surface area settings. Configure surface area settings in SQL Server 2005 1. Click Start, point to All Programs, point to Microsoft SQL Server 2005, point to Configuration Tools, and then click SQL Server Surface Area Configuration. 2. In the SQL Server 2005 Surface Area Configuration dialog box, click Surface Area Configuration for Services and Connections. 3. In the tree view, expand the node for your instance of SQL Server, expand the Database Engine node, and then click Remote Connections. 4. Select Local and Remote Connections, select Using both TCP/IP and named pipes, and then click OK. 18 SQL Server and database collation The SQL Server collation must be configured for case-insensitive. The SQL Server database collation must be configured for case-insensitive, accent-sensitive, Kana-sensitive, and widthsensitive. This is used to ensure file name uniqueness consistent with the Windows operating system. For more information about collations, see Selecting a SQL Collation (http://go.microsoft.com/fwlink/?LinkId=121667&clcid=0x409 ) or Collation Settings in Setup (http://go.microsoft.com/fwlink/?LinkId=121669&clcid=0x409 ) in SQL Server 2005 Books Online. Required accounts The following table describes the accounts that are used to configure SQL Server and to install Windows SharePoint Services 3.0. For more information about the required accounts, including specific privileges required for these accounts, see Plan for administrative and service accounts [Windows SharePoint Services]. Account Purpose Requirements SQL Server Service Account This account is used as the service account for the following SQL Server services: • • SQLSERVERAGENT If you are not using the default instance, these services will be shown as: • MSSQL$InstanceName • SQLAgent$InstanceNam e MSSQLSERVER SQL Server prompts for this account during SQL Server Setup. You have two options: • Assign one of the built-in system accounts (Local System, Network Service, or Local Service) to the logon for the configurable SQL Server services. For more information about these accounts and security considerations, refer to the Setting Up Windows Service Accounts topic (http://go.microsoft.com/fwlink/? LinkId=121664&clcid=0x409) in the SQL Server documentation. • Assign a domain user account to the logon for the service. However, if you use this option you must take the additional steps required to configure Service Principal Names (SPNs) in Active Directory in order to support Kerberos authentication, which SQL Server uses. 19 Account Purpose Requirements Setup user account The Setup user account is used to run the following: • Setup on each server • The SharePoint Products and Technologies Configuration Wizard • The PSConfig command-line tool • The Stsadm command-line tool • Domain user account • Member of the Administrators group on each server on which Setup is run • SQL Server login on the computer running SQL Server • Member of the following SQL Server security roles: • • securityadmin fixed server role dbcreator fixed server role If you run Stsadm command-line tool commands that read from or write to a database, this account must be a member of the db_owner fixed database role for the database. • Domain user account. Server farm The Server farm account is account/Database used to: access account • Act as the application pool identity for the SharePoint Central Administration application pool. • Run the Windows SharePoint Services Timer service. • If the server farm is a child farm with Web applications that consume shared services from a larger farm, this account must be a member of the db_owner fixed database role on the configuration database of the larger farm. Additional permissions are automatically granted for this account on Web servers and application servers that are joined to a server farm. This account is automatically added as a SQL Server login on the computer running SQL Server and added to the following SQL Server security roles: • • dbcreator fixed server role securityadmin fixed server role • db_owner fixed database role for all databases in the server farm Verify that servers meet hardware and software requirements Before you install and configure Windows SharePoint Services 3.0, be sure that your servers have the recommended hardware and software. To deploy a server farm, you need at least one server computer acting as a Web server and an application server, and one server computer 20 and then click Configure Your Server Wizard. Click Start.microsoft. point to Administrative Tools. 11. and then click OK. point to All Programs. and then click Next. 6.acting as a database server. Install and configure IIS Internet Information Services (IIS) is not installed or enabled by default in the Microsoft Windows Server 2003 operating system. There are separate downloads for x86-based computers and x64-based computers. see Determine hardware and software requirements (http://technet. 3. and you must ensure that IIS is running in IIS 6.0 cannot be installed in a farm on a Microsoft Windows NT Server 4. 9. right-click the Web Sites folder.0 requires Active Directory directory services for farm deployments. click Next. For more information about these requirements.NET Framework 3. click Next.NET). Click Finish. clear the Run WWW service in IIS 5.0 worker process isolation mode by default.0. click the Service tab. Therefore Windows SharePoint Services 3. On the Server Role page. point to All Programs.aspx).microsoft.0 isolation mode check box. follow the instructions for downloading and installing the Microsoft . In the Web Sites Properties dialog box.NET Framework version 3. Install and configure IIS 1. click Next. you must install and enable IIS. ASP. On the Application Server Options page. 2. Click Start.0 on Microsoft Windows 2000.0 use IIS 6. 8.0 worker process isolation mode. On the Preliminary Steps page.0 Go to the Microsoft Download Center Web site (http://go. click Next.com/fwlink/? LinkID=72322&clcid=0x409). Install the Microsoft .0 Redistributable Package page. Important: Windows SharePoint Services 3. click the plus sign (+) next to the server name. 7.0 on Windows Server 2003 from IIS 5. and then click Internet Information Services (IIS) Manager. 4. On the Welcome to the Configure Your Server Wizard page. In the IIS Manager tree. 10. and on the Microsoft . point to Administrative Tools.0 domain.NET Framework version 3. and then click Properties. click Application server (IIS. Be sure 21 . 5.0 isolation mode check box is only selected if you have upgraded to IIS 6. In the Isolation mode section.com/en-us/library/cc288751. New installations of IIS 6. On the Summary of Selections page. To make your server a Web server. Note: The Run WWW in IIS 5. such as additional load-balanced Web servers.0 download contains the Windows Workflow Foundation technology. Setting up the first server involves two steps: installing the Windows SharePoint Services 3. When you install Windows SharePoint Services 3. After Setup finishes.0. installing Windows SharePoint Services 3.NET Framework version 3.5 from the Microsoft Web site (http://go.NET Framework version 3.50727. In the IIS Manager tree. Adding servers to the farm can be done at any time to add redundancy. you can use the SharePoint Products and Technologies Configuration Wizard to configure Windows SharePoint Services 3. Run Setup on the first server We recommend that you install and configure Windows SharePoint Services 3. Note: You can also use the Microsoft . click ASP.NET 2. including: installing and configuring the configuration database.NET Framework version 3.0 services. Enable ASP.to download and install the appropriate version for your computer. 22 .microsoft. point to Administrative Tools. Note: We recommend that you run Setup on all the servers that will be in the farm before you configure the farm.0 on the first server.0 on all of your farm servers before you configure Windows SharePoint Services 3.0 on all servers. Click Start. and configuring the farm. and then click the Web Service Extensions folder.NET 2.0.5. The Microsoft . and then click Allow. which is required by workflow features. In the details pane. Run Setup on all servers in the farm Run Setup and then the SharePoint Products and Technologies Configuration Wizard on all your farm servers. and creating the Central Administration Web site. 2. You must have SQL Server running on at least one back-end database server before you install Windows SharePoint Services 3. 3.NET 2. Any additional servers that you add must be joined to this farm. and then click Internet Information Services (IIS) Manager. click the plus sign (+) next to the server name.0 services and create sites. Enable ASP.0 on your farm servers.0 You must enable ASP.com/fwlink/? LinkId=110508).NET v2. The SharePoint Products and Technologies Configuration Wizard automates several configuration tasks. you establish the farm.0 1. You can download the .0 components on the server. point to All Programs. Instructions for completing the wizard are provided in the next set of steps. 4. When you have chosen the correct options. 5. On the Welcome to SharePoint Products and Technologies page. and then type the location name or Browse to the location. including: installing and configuring the configuration database. 23 . The Stand-alone option is for standalone installations. click No.0 at a custom location. The Basic option is for stand-alone installations. To learn more about the program. you can use the SharePoint Products and Technologies Configuration Wizard to configure Windows SharePoint Services 3. select the Feedback tab and select the option you want. Run Setup on the first server 1. run Setup. On the Read the Microsoft Software License Terms page. click the link.0. On the Connect to a server farm page. Use the following instructions to run the SharePoint Products and Technologies Configuration Wizard. From the product disc. Optionally. 2.0 is a server from which you want to run the Central Administration Web site. or from the product download. run WSSv3. a dialog box appears that prompts you to complete the configuration of your server. click Install Now. 2. on one of your Web server computers.Note: Setup installs the Central Administration Web site on the first server on which you run Setup. select the I accept the terms of this agreement check box. installing Windows SharePoint Services 3.exe. 3. On the Choose the installation you want page. 3. On the Server Type tab. I want to create a new server farm. and creating the Central Administration Web site. 8. to install Windows SharePoint Services 3. You must have an Internet connection to view the program information. select the Data Location tab. click Advanced. When Setup finishes. 7. we recommend that the first server on which you install Windows SharePoint Services 3.exe. Click Yes in the dialog box that notifies you that some services might need to be restarted during configuration. 9. Optionally. and then click Continue. click Next. review the terms. Click Close to start the configuration wizard. click Web Front End. Run the SharePoint Products and Technologies Configuration Wizard 1. Therefore. and then click Next.0 services. 6. to participate in the Customer Experience Improvement Program. Be sure that the Run the SharePoint Products and Technologies Configuration Wizard now check box is selected. The configuration wizard automates several configuration tasks. Run the SharePoint Products and Technologies Configuration Wizard After Setup finishes. 4. 6. 10. On the Configure SharePoint Central Administration Web Application page. select the Specify port number check box and type a port number if you want the SharePoint Central Administration Web application to use a specific port. type the user name of the server farm account. click Next. and then click Next. click Negotiate (Kerberos).) Important: This account is the server farm account and is used to access your SharePoint configuration database. (Be sure to type the user name in the format DOMAIN\username. 7. To do this. In the Password box. the SQL Server Database Creator server role. click Next. and then click Next. In the Specify Configuration Database Settings dialog box. you must be a member of the Domain Admins group.microsoft. For more information. On the Completing the SharePoint Products and Technologies Configuration Wizard page. you should use the default setting (NTLM). in the Database server box. Note: In most cases. Using the Negotiate (Kerberos) option requires you to configure a Service Principal Name (SPN) for the domain user account. It also acts as the application pool identity for the SharePoint Central Administration application pool and it is the account under which the Windows SharePoint Services Timer service runs. 24 . We recommend that you follow the principle of least privilege and specify a user account that is not a member of the Administrators group on your Web servers or your back-end servers. or use the default database name. In the User name box. The SharePoint Products and Technologies Configuration Wizard adds this account to the SQL Server Logins. type the user's password. On the Configure SharePoint Central Administration Web Application dialog box. type the name of the computer that is running SQL Server. The user account that you specify as the service account must be a domain user account. 5. 8. and the SQL Server Security Administrators server role. 9.com/fwlink/?LinkID=76570&clcid=0x409 ). • If you want to use Kerberos authentication. or leave the Specify port number check box cleared if you do not care which port number the SharePoint Central Administration Web application uses. but it does not need to be a member of any specific security group on your Web servers or your back-end database servers. The default name is "SharePoint_Config". see How to configure a Windows SharePoint Services virtual server to use Kerberos authentication and how to switch from Kerberos authentication back to NTLM authentication (http://go. do one of the following: • If you want to use NTLM authentication (the default). Use Negotiate (Kerberos) only if Kerberos authentication is supported in your environment. Type a name for your configuration database in the Database name box. Click OK to close the Internet Options dialog box. Configure proxy server settings to bypass the proxy server for local addresses 1. in the Local Area Network (LAN) settings area. on the Tools menu. select the Use a proxy server for your LAN check box.0 services and create sites. and then click Add. Instructions for configuring this setting are provided later in this section. Add the SharePoint Central Administration Web site to the list of trusted sites 1. In the Proxy Server section. On the Configuration Successful page. 8. 5. and then click Sites.11. In Internet Explorer. 3. Note: If a proxy server error message appears. 5. Select the Bypass proxy server for local addresses check box. click LAN Settings. Clear the Require server verification (https:) for all sites in this zone check box. Note: If you are prompted for your user name and password. 25 . Click OK to close the Internet Options dialog box. 4. In Internet Explorer. 3. Instructions for configuring these settings are provided in the next set of steps. click Internet Options. 6. On the Connections tab. Add servers to the farm We recommend that you install and configure Windows SharePoint Services 3. click Finish. 4. type the URL for the SharePoint Central Administration Web site. in the Select a Web content zone to specify its security settings box. 7. 2. Click OK to close the Local Area Network (LAN) Settings dialog box. clear the Automatically detect settings check box. 2. The SharePoint Central Administration Web site home page opens. On the Security tab. 6. Type the port number of the proxy server in the Port box. 9. on the Tools menu. you might need to configure your proxy server settings so that local addresses bypass the proxy server. In the Automatic configuration section. click Trusted sites. Click Close to close the Trusted sites dialog box. In the Add this Web site to the zone box.0 on all of your farm servers before you configure Windows SharePoint Services 3. click Internet Options. you might need to add the SharePoint Central Administration site to the list of trusted sites and configure user authentication settings in Internet Explorer. Type the address of the proxy server in the Address box. On the Read the Microsoft Software License Terms page.0 on your farm servers. run Setup. use the SharePoint Products and Technologies Configuration Wizard to configure Windows SharePoint Services 3. select the Feedback tab and select the option you want. On the Connect to a server farm page. click Web Front End. select the I accept the terms of this agreement check box. Click Close to start the configuration wizard. Optionally. and then click Next.0. Click Yes in the dialog box that notifies you that some services might need to be restarted during configuration. 5. Run the SharePoint Products and Technologies Configuration Wizard 1. click Install Now. To learn more about the program. to participate in the Customer Experience Improvement Program. click Yes. your farm might experience problems. 6.exe. On the Choose the installation you want page. including: installing and configuring the configuration database. review the terms.0 at a custom location. Be sure that the Run the SharePoint Products and Technologies Configuration Wizard now check box is selected. The Basic option is for stand-alone installations. 8. a dialog box appears that prompts you to complete the configuration of your server. The configuration wizard automates several configuration tasks. I want to connect to an existing server farm. 2. 4. click Next. 2.0 from the first server on which you installed it. to install Windows SharePoint Services 3. select the Data Location tab. click Advanced. When Setup finishes. The Stand-alone option is for standalone installations. and then click Continue. 3.exe. and installing Windows SharePoint Services 3. On the Welcome to SharePoint Products and Technologies page. Important: If you uninstall Windows SharePoint Services 3. Run the SharePoint Products and Technologies Configuration Wizard on additional servers After Setup finishes. Use the following instructions to run the SharePoint Products and Technologies Configuration Wizard. From the product disc. 26 . 9. or from the product download. When you have chosen the correct options. Run Setup on additional servers 1. 7. You must have an Internet connection to view the program information. run WSSv3. On the Server Type tab. click the link.You must have SQL Server running on at least one back-end database server before you install Windows SharePoint Services 3. Optionally. and then type the location name or Browse to the location. on one of your Web server computers. Instructions for completing the wizard are provided in the next set of steps. 3.0 services. On the Completing the SharePoint Products and Technologies Configuration Wizard page. click Servers in farm. click Finish. 3. or specify the schedule that you want the search service to use when searching over content. On the Servers in Farm page. 27 . 2. In the User name box. in the Service Account section. 5. the same account used for the search service will be used. 8. type the user's password. In the Specify Configuration Database Settings dialog box. In the Indexing Schedule section.) This must be the same user account you used when configuring the first server.4. Next to Window SharePoint Services Search. In the Password box. 8. select the database name that you created when you configured the first server in your server farm. You must start it on at least one of your servers. 7. On the Operations page. Start the Windows SharePoint Services Search service You must start the Windows SharePoint Services Search service on every computer that you want to search over content. In the Content Access Account section. This account must have read access to all the content you want it to search over. 9. On the SharePoint Central Administration home page. On the Configure Windows SharePoint Services Search Service Settings page. type the name of the computer that is running SQL Server. click Start. specify the user name and password for the user account that the search service will use to search over content. specify the user name and password for the user account under which the search service will run. click Start. click Next. either accept the default settings. On the Configuration Successful page. click the server on which you want to start the Windows SharePoint Services Search service. After you have configured all the settings. and then click Next. If you do not enter credentials. in the Database server box. click the Operations tab on the top link bar. 6. (Be sure to type the user name in the format DOMAIN\username. type the user name of the account used to connect to the computer running SQL Server. 5. 4. and then from the Database name list. see Spsearch. 6. For information about how to perform this procedure using the Stsadm command-line tool. Start the Windows SharePoint Services Search service 1. in the Topology and Services section. Click Retrieve Database Names. 7. 0. On the Central Administration home page. and you can specify how many execution threads the antivirus program can use on the server. Create a site collection and a SharePoint site This section guides you through the process of creating a single site collection containing a single SharePoint site. Although you can start adding content to the site or customizing the site. save emailed documents. we recommend that you first perform the following administrative tasks by using the SharePoint Central Administration Web site. 3. You can create many site collections and many sites under each site collection. see Configure anti-virus settings Perform administrator tasks by using the Central Administration site 1. You can also configure incoming email settings so that SharePoint sites archive e-mail discussions as they happen. Click Start.Perform additional configuration tasks After Setup finishes. see Configure outgoing e-mail settings. Antivirus settings enable you to control whether documents are scanned on upload or download. see Chapter overview: Deploy and configure SharePoint sites 28 . You can configure both the "From" e-mail address and the "Reply" e-mail address that appear in outgoing alerts. You can also specify how long you want the antivirus program to run before it times out. and whether users can download infected documents. For more information. event messages.0 Central Administration. see Configure incoming email settings. your browser window opens to the home page of your new SharePoint site. • Configure incoming e-mail settings You can configure incoming e-mail settings so that SharePoint sites accept and archive incoming e-mail. see Configure diagnostic logging settings. For more information. For more information. For more information. and show e-mailed meetings on site calendars. For more information. and Customer Experience Improvement Program events. • Configure outgoing e-mail settings You can configure outgoing e-mail settings so that your Simple Mail Transfer Protocol (SMTP) server sends e-mail alerts to site users and notifications to site administrators. • Configure diagnostic logging settings You can configure several diagnostic logging settings to help with troubleshooting. point to Administrative Tools. click the task. In addition. click the task you want to perform. 2. user-mode error messages. in the Administrator Tasks section. On the Administrator Tasks page. • Configure antivirus protection settings You can configure several antivirus settings if you have an antivirus program that is designed for Windows SharePoint Services 3. This includes enabling and configuring trace logs. point to All Programs. and then click SharePoint 3. you can configure the SharePoint Directory Management Service to provide support for e-mail distribution list creation and management. next to Action. click Create a new Web application. In the Port box. 3. When you create a new Web application.You can create new portal sites or migrate pre-existing sites or content from a previous version of Windows SharePoint Services. For information about planning SharePoint sites and site collections. then migrate content databases. on the Application Management page. type the path to the site directory on the server. On the Create New Web Application page. 29 . If you are using an existing Web site. To choose to use an existing Web site. For information about migrating content. On the Create or Extend Web Application page. a. this field is populated with the current path. If you are creating a new Web site. In the Host Header box. in the SharePoint Web Application Management section. you might also need to extend a Web application to another IIS Web site. in the Adding a SharePoint Web Application section. this field is populated with the current port number. In the Path box. In the Security Configuration section. 4. see Plan Web site structure and publishing ( http://technet. 2. you must first create a Web application. click Create or extend Web application.0. If you are using an existing Web site. see Deploy a new server farm. In the Authentication Provider section. This is an optional field. A Web application is comprised of an Internet Information Services (IIS) site with a unique application pool. in the IIS Web Site section.aspx).microsoft. this field is populated with a suggested port number. If you are in an extranet environment where you want different users to access content by using different domains. To choose to create a new Web site. d. Before you can create a site or a site collection. e. In the SharePoint Central Administration Web site. this field is populated with a suggested path. configure authentication and encryption for your Web application. choose either Negotiate (Kerberos) or NTLM. select Use an existing Web site. and type the name of the Web site in the Description box. b. If you are creating a new Web site. a. This action exposes the same content to different sets of users by using an additional IIS Web site to host the same content. You can also migrate content from a pre-existing Microsoft Content Management Server 2002 source. Create a new Web application 1. you can configure the settings for your new Web application.com/enus/library/cc288423. type the URL you want to use to access the Web application. c. and specify the Web site on which to install your new Web application by selecting it from the drop-down menu. type the port number you want to use to access the Web application. For information. see Upgrading to Windows SharePoint Services 3. select Create a new IIS Web site. you also create a new database and define the authentication method used to connect to the database. see Create or extend Web applications. type the name of the new application pool. By default. In the User name box. d. To use an existing application pool. In the Use Secure Sockets Layer (SSL) section. If you choose to allow anonymous access. 5. In the Application pool name box. type the user name of the account you want to use. you must configure SSL by requesting and installing an SSL certificate. see Plan authentication methods (http://technet.aspx ). and type the password for the account in the 30 . select Create a new application pool. a. you must perform additional configuration. To create a new application pool.com/en-us/library/cc288957.microsoft. c. choose whether to use an existing application pool or create a new application pool for this Web application. Important: If you use SSL. choose Yes or No. To change the zone for a Web application. select Yes or No. b. Select Configurable to use an account that is not currently being used as a security account for an existing application pool.aspx). you must add the appropriate certificate on each server by using IIS administration tools.Note: To enable Kerberos authentication. IUSR_<computername>). you must enable anonymous access for the entire Web application. this enables anonymous access to the Web site by using the computer-specific anonymous access account (that is. and then select the security account from the drop-down menu. Later.com/en-us/library/cc288488. and cannot be changed from this page. In the Select a security account for this application pool section. c. site owners can configure how anonymous access is used within their sites. 6.com/enus/library/cc288475. For more information about authentication methods. the box is populated with the current server name and port. In the Load Balanced URL section. In the Allow Anonymous section. Then select the application pool you want to use from the drop-down menu. select Predefined to use an existing application pool security account. This URL domain will be used in all links shown on pages within the Web application. For more information about using SSL. For more information about anonymous access.microsoft. or keep the default name. see Choose which security groups to use (http://technet. see Plan for secure communication within a server farm (http://technet. type the URL for the domain name for all sites that users will access in this Web application. Note: If you want users to be able to access any site content anonymously. In the Application Pool section. The Zone box is automatically set to Default for a new Web application. b.microsoft. select Use existing application pool.aspx). If you choose to enable SSL for the Web site. 2. 5.microsoft. 2. see Createsiteinnewdb: Stsadm operation (http://technet. in the URL column. type a title 31 .aspx ). Create a SharePoint site 1. specify the user account for the user you want to be the primary administrator for the site collection. In the Primary Site Collection Administrator section. In the Template Selection section.com/en-us/library/cc287992.microsoft. 3. and then. On the New SharePoint Site page. select a Web application to host the site collection from the Web Application drop-down list. On the SharePoint Central Administration home page.com/en-us/library/cc288051. Copy and paste the full URL path into your browser. click Create site collection. on the Site Actions menu.For information about how to perform this procedure using the Stsadm command-line tool. on the home page of the top-level site for the site collection. in the Web Application section. On the Create Site Collection page. The full URL path for the site collection appears in the URL box. select a URL type (personal or sites). On the Site Collection List page. For information about how to perform this procedure using the Stsadm command-line tool. Create a site collection 1. click Sites and Workplaces. On the Application Management page. 4.aspx ). 6. In the Title and Description section. click the Application Management tab on the top link bar. in the SharePoint Site Management section. You can check the user account by clicking the Check Names icon to the right of the text box. 8. On the SharePoint Central Administration home page. In the Web Site Address section. in the Title and Description section. 3. Optionally. 9. You can check the user account by clicking the Check Names icon to the right of the text box. 5. 7. and then type a URL for the site collection. 6. specify the user account for the user you want to be the secondary administrator for the site collection. in the Web Pages section. in the Secondary Site Collection Administrator section. select a template from the tabbed template control. in the SharePoint Site Management section. 4. You can also browse for the user account by clicking the Book icon to the right of the text box. You can also browse for the user account by clicking the Book icon to the right of the text box. see Createsite: Stsadm operation (http://technet. type a title and description for the site collection. click Create. On the Create page. click the URL for the site collection to which you want to add a site. On the Application Management page. click Site collection list. click the Application Management tab on the top link bar. Click Create to create the site collection. do the following: • • In the Number of log files box. When you are using the Windows SharePoint Services Search service. 7. or change the path to another location. This means that trace log files that contain events that are older than two days are deleted. and they enable Windows SharePoint Services 3. 96 log files are kept. click Diagnostic logging. Ensure that the path specified in the Path box has enough room to store the extra log files. see Plan alternate access mappings (http://technet. for example). You can also specify the location where the log files are written or accept the default path. select a template from the tabbed template control. type a URL for the site. in the Logging and Reporting section. 96 log files * 30 minutes of events per file = 2880 minutes or two days of events. 3.0 Web site.com/en-us/library/cc288609. each one containing 30 minutes of events. In the Number of minutes to use a log file box. we recommend that you configure the trace log to save seven days of events. Windows SharePoint Services 3. On the Diagnostic Logging page. You can use events that are written to the trace log to determine what configuration changes were made in Windows SharePoint Services 3. By default. 8. The new site opens. Configure the trace log to save seven days of events 1.0 to serve the correct content back to the user.0 saves two days of events in the trace log files. In the Web Site Address section. 10. Tip: To save 10. you can use any combination of number of log files and minutes to store in each log file. Alternate access mappings enable Windows SharePoint Services 3. you might want to configure alternate access mappings. 9.0 before the problem occurred.aspx). 32 . in the Trace Log section. type 336. For more information.080 minutes (seven days) of events. on the Operations tab. In Central Administration. Configure the trace log The trace log can be useful for analyzing problems that might occur.0 (while browsing to the home page of a Windows SharePoint Services 3. or click Create to create the site. You can use the Diagnostic Logging page in Central Administration to configure the maximum number of trace log files to maintain and how long (in minutes) to capture events to each log file. Alternate access mappings direct users to the correct URLs during their interaction with Windows SharePoint Services 3. type 30. By default.and description for the site. In the Template Selection section. After creating sites.0 to map Web requests to the correct Web applications and sites.microsoft. Either change other settings. 2. we recommend that you save all trace log files that the system creates on any day that you make any configuration changes related to either search service.microsoft.aspx). Because problems related to configuration changes are not always immediately discovered.Tip: We recommend that you store log files on a hard drive partition that is used to store log files only. 4. Click OK. Trace log files can help you to troubleshoot issues related to configuration changes of the Windows SharePoint Services Search service. 33 .com/enus/library/cc288075. For information about how to perform this procedure using the Stsadm command-line tool. Store these log files for an extended period of time in a safe location that will not be overwritten. See step 3 in the previous procedure to determine the location that the system stores trace log files for your system. see Logging and Events: Stsadm operations (http://technet. Central Administration Web application (only one per farm — created by Setup). 34 . By using the procedures in this article. This article only applies to farms that use Microsoft SQL Server 2000 with the most recent service pack or Microsoft SQL Server 2005 database software.0 in an environment in which DBAs create and manage databases. Note: This article does not cover using the Windows SharePoint Services 3. see Deploy in a simple server farm.0 graphical user interface tools. For information about creating and configuring databases by using the Windows SharePoint Services 3. This article discusses how DBAs can create these databases and farm administrators can configure them. the steps to install and configure Internet Information Services (IIS). These tools are both located in the following folder: Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN.0 graphical user interface tools to create or configure databases. Configuration database (only one per farm). 2. Windows SharePoint Services search database (only one per farm). Content database for Central Administration (only one per farm).Deploy using DBA-created databases In this article: • • • • About deploying by using DBA-created databases Required database hardware and software Required accounts Create and configure the databases This information applies to Microsoft Windows Server 2003.0 are different. Security policies and other policies in your organization might require that DBAs create the databases that Windows SharePoint Services 3.0. About deploying by using DBA-created databases In many IT environments. For more information. see Deploy a simple farm on the Windows Server 2008 operating system.NET Framework version 3. the Microsoft . This article describes how to deploy Windows SharePoint Services 3. and Windows SharePoint Services 3. The deployment includes all the required databases and one portal site. If you are in a Windows Server® 2008 environment. Some procedures in this article use the Psconfig and Stsadm command-line tools. database administrators (DBAs) create and manage databases. 3. 4.0 requires. DBAs and farm administrators create and configure the following databases and components in the following order: 1. Web application content databases (optional). All of the databases required by Windows SharePoint Services 3. Required accounts The DBA needs to create SQL Server logins for the accounts that are used to access the databases for Windows SharePoint Services 3.5. a Web application is also created in Internet Information Services (IIS). All of the databases require that the Setup user account be assigned to them as the database owner (or dbo). For more information about the security requirements for these databases.com/enus/library/cc288751.com/en-us/library/cc288210. be sure that your database servers have the recommended hardware and software.aspx ).microsoft.aspx). Extending a Web application will create an additional Web site in IIS. the DBA must configure surface area settings so that local and remote connections use TCP/IP only. For more information about required accounts.0 use the Latin1_General_CI_AS_KS_WS collation. see Plan for administrative and service accounts (http://technet.0 and add them to roles. For more information about these requirements. Web applications (optional).microsoft. but not an additional application pool.com/enus/library/cc288210. There is one content database for each Web application. extending a Web application does not require an additional content database.microsoft. Note: As part of the Web site and application pool creation process. see Plan for administrative and service accounts ( http://technet. 6.aspx). including specific permissions and user rights required for these accounts. see Determine hardware and software requirements ( http://technet. Required database hardware and software Before you install and configure the databases. If you are using SQL Server 2005 database software. 35 . which SQL Server uses. For more information about these accounts and security considerations. However. You have two options: • Assign one of the built-in system accounts (Local System. • Domain user account Setup user account The Setup user account is used to run the following: • Setup on each server • The SharePoint Products and Technologies Configuration Wizard • The PSConfig command-line tool • The Stsadm command-line tool • Member of the Administrators group on each server on which Setup is run • SQL Server login on the computer running SQL Server • Member of the following SQL Server security roles: • • securityadmin fixed server role dbcreator fixed server role If you run Stsadm command-line tool commands that read from or write to a database. Account Purpose Requirements SQL Server Service Account This account is used as the service account for the following SQL Server services: • • SQLSERVERAGENT If you are not using the default instance. these services will be shown as: • MSSQL$InstanceName • SQLAgent$InstanceNam e MSSQLSERVER SQL Server prompts for this account during SQL Server Setup. 36 .0.microsoft.com/fwlink/? LinkId=121664&clcid=0x409) in the SQL Server documentation. • Assign a domain user account to the logon for the service. refer to the Setting Up Windows Service Accounts topic (http://go. if you use this option you must take the additional steps required to configure Service Principal Names (SPNs) in Active Directory in order to support Kerberos authentication. this account must be a member of the db_owner fixed database role for the database. Network Service. or Local Service) to the logon for the configurable SQL Server services.The following table describes the accounts that are used to access the databases for Windows SharePoint Services 3. Account Purpose Requirements Server farm The Server farm account is account/Database used to: access account • Act as the application pool identity for the SharePoint Central Administration application pool. use a different account for each service. Additional permissions are automatically granted for this account on Web servers and application servers that are joined to a server farm. [Setup] Run Setup on each of the server computers that run Windows SharePoint Services 3. the Central Administration content database. process.0. and application pool identity for each Web application. Each step is labeled [DBA] or [Setup] to indicate which role performs the action. Create and configure the configuration database. • If the server farm is a child farm with Web applications that consume shared services from a larger farm. • Domain user account. Create and configure the databases Use the procedures in this section to create the required databases and give the appropriate accounts membership in the database security groups or roles. 2. and the Central Administration Web application 1. [DBA] Create the configuration database and the Central Administration content database using the LATIN1_General_CI_AS_KS_WS collation sequence and set the database owner (dbo) to be the Setup user account. this account must be a member of the db_owner fixed database role on the configuration database of the larger farm. You must run Setup on at least one of these computers by using the Web 37 . The following procedure is performed once for each farm. This account is automatically added as a SQL Server login on the computer running SQL Server and added to the following SQL Server security roles: • • dbcreator fixed server role securityadmin fixed server role • db_owner fixed database role for all databases in the server farm Note: If you are using the least-privilege principle for added security. • Run the Windows SharePoint Services Timer service. The procedures require action by the DBA and the Setup user account. The farm only has one configuration database and one content database for Central Administration. and then run the following command to configure the databases: Psconfig –cmd configdb –create –server <SQL Server Name> –database <SQL Database Name> –user <Domain Name\User Name> –password <password> – admincontentdatabase <SQL Admin Content Database Name> Note: SQL Database Name is the configuration database. The databasename is the Windows SharePoint Services Search database. 2. do not run the SharePoint Products and Technologies Configuration Wizard after Setup. 38 . [Setup] After the command has completed. [DBA] Create a database for the Windows SharePoint Services Search database using the LATIN1_General_CI_AS_KS_WS collation sequence and set the database owner (dbo) to be the Setup user account. The following procedure will only have to be performed once for the farm. The following procedure is performed once for each portal site in the farm.front end installation option. Create and configure the Windows SharePoint Services search database and start the Windows SharePoint Services Search service. see Spsearch. and then run the following command to configure the database and start the Windows SharePoint Services Search service: stsadm -o spsearch -action start -farmserviceaccount <Domain Name\User Name> -farmservicepassword <password> -farmcontentaccessaccount <Domain Name\User Name> -farmcontentaccesspassword <password> -databaseserver <Server\Instance> -databasename <Database Name> Note: farmserviceaccount is the server farm account. Instead. For information about how to perform this procedure using the Stsadm command-line tool. SQL Admin Content Database Name is the Central Administration content database. 4. if you are using the default instance of SQL Server. farmcontentaccessaccount is the Windows SharePoint Services Search service account. open the command line. Domain Name\User Name is the server farm account. you only have to specify the name of the computer running SQL Server. [Setup] On the computer on which you used the Web front end installation option. This creates the Central Administration Web application and performs other setup and configuration tasks. [Setup] Open the command line. The farm only has one Windows SharePoint Services search database. For databaseserver. 1. run the SharePoint Products and Technologies Configuration Wizard and complete the remainder of the configuration for your server. 3. The host name and port combination must not describe a Web application that already exists or an error results and the Web application is not created. see Extendvs. apidlogin is the identity for the application pool in IIS.Create and configure the portal site Web application and content database 1. 3. databasename is the content database for the portal site Web application. [Setup] Open the command line. 39 . add the application pool process account to the Users group and the db_owner role for the Web application content database. This is the application pool process account. and then run the following command to create the Web application and configure the portal site Web application content database: stsadm. This is the same computer that will be running the portal site Web application. Important: This command must be run on the same computer that is indicated in the url parameter.exe -o extendvs -url <URL> -donotcreatesite -exclusivelyusentlm -databaseserver <Database Server Name> -databasename <Database Name> -apidtype configurableid -description <IIS Web Site Name> -apidname <App Pool Name> -apidlogin <Domain Name\User Name> -apidpwd <password> Note: url is the URL (in the form http://hostname:port) of the portal site Web application. description is the text name you give to the Web site in IIS. [DBA] Using SQL Server Management Studio. [DBA] Create the portal site Web application content database using the LATIN1_General_CI_AS_KS_WS collation sequence and set the database owner (dbo) to be the Setup user account. 2. For information about how to perform this procedure using the Stsadm command-line tool. apidname is the text name that you give to the Web application pool in IIS. and Active Directory Domain Services.0. you must download and run Setup and the SharePoint Products and Technologies Configuration Wizard. Do not uninstall them.NET Framework version 3.0 on a single computer as a stand-alone installation on Windows Server 2008. Note: This article does not cover installing Windows SharePoint Services 3. 40 .0 without service packs on Windows Server 2008.0 in a server farm environment if you are hosting a large number of sites.Deploy a simple farm on the Windows Server 2008 operating system In this article: • • • • • • Deployment overview Deploy and configure the server infrastructure Configure Windows Firewall with Advanced Security Perform additional configuration tasks Create a site collection and a SharePoint site Configure the trace log As of Windows SharePoint Services 3. It does not cover upgrading the operating system from Windows Server 2003 to Windows Server 2008.0 with SP1 in a server farm environment on Windows Server 2008. You can deploy Windows SharePoint Services 3. if you want the best possible performance.0 will cease to run.0 with Service Pack 1 (SP1). A server farm consists of one or more servers dedicated to running Windows SharePoint Services 3.0 with SP1.0 on Windows Server 2008. see Upgrading to Windows Server 2008 for Windows SharePoint Services 3. Deployment overview Important: This article discusses how to do a clean installation of Windows SharePoint Services 3. or Windows SharePoint Services 3.0 to run correctly: the Web Server role. or if you want the scalability of a multi-tier topology. the Microsoft . For more information. see Install a stand-alone server on Windows Server 2008. You cannot install Windows SharePoint Services 3.0. you can now install Windows SharePoint Services 3. For more information about upgrading the operating system. As with the Windows Server 2003 operating system. Important: The following components are required for Windows SharePoint Services 3. For information about these accounts. and two or more servers providing search services. • All the instances of Windows SharePoint Services 3.0. Because a server farm deployment of Windows SharePoint Services 3. Planning your deployment can help you to gather the information you need and to make important decisions before beginning to deploy. several loadbalanced front-end Web servers running IIS and Windows SharePoint Services 3.0 in the farm must be in the same language.0.0 in a server farm environment. 41 .0 technology. Before you begin deployment This section provides information about actions that you must perform before you begin deployment. Security and other policies might require that the DBA create the databases required by Windows SharePoint Services 3. database creation and management are handled by the database administrator (DBA). including detailed procedures that describe how the DBA can create these databases.0 is more complex than a stand-alone deployment.0. the front-end servers are configured as Web servers. For information about planning.aspx). see Planning and architecture for Windows SharePoint Services 3. • To deploy Windows SharePoint Services 3. In this configuration. A large server farm typically consists of two or more clustered database servers.microsoft. you cannot have both an English version of Windows SharePoint Services 3. you must provide credentials for several different accounts.0 and a Japanese version of Windows SharePoint Services 3. For example. and one or more servers running Internet Information Services (IIS) and Windows SharePoint Services 3.Note: There is no direct upgrade from a stand-alone installation to a farm installation.com/enus/library/cc288210. For more information about deploying using DBAcreated databases.0 in a DBA environment In many IT environments. Suggested topologies Server farm environments can encompass a wide range of topologies and can include many servers or as few as two servers. see Deploy using DBA-created databases. • You must install Windows SharePoint Services 3.0 in the same farm.0 on the same drive on all loadbalanced front-end Web servers. A server farm typically consists of a database server running either Microsoft SQL Server 2005 or Microsoft SQL Server 2000 with the most recent service pack. The Web server role provides Web content and services such as search. see Plan for administrative and service accounts (http://technet. Deploying Windows SharePoint Services 3. we recommend that you plan your deployment. Verifying that the servers meet hardware and software requirements. point to Microsoft SQL Server 2005. • Running Setup on all servers you want to be in the farm. see Determine hardware and software requirements (http://technet.com/en-us/library/cc288751.0 on a domain controller. Phase 2: Deploy and configure SharePoint site collections and sites Deploying and configuring SharePoint site collections and sites consists of the following steps: • • Creating site collections. Configure surface area settings in SQL Server 2005 1. Creating SharePoint sites. including running the SharePoint Products and Technologies Configuration Wizard. Phase 1: Deploy and configure the server infrastructure Deploying and configuring the server infrastructure consists of the following steps: • • • Preparing the database server. Deploy and configure the server infrastructure Prepare the database server The database server computer must be running Microsoft SQL Server 2005 or Microsoft SQL Server 2000 with the most recent service pack. Overview of the deployment process The deployment process consists of two phases: deploying and configuring the server infrastructure. 42 . Click Start. Preinstalling databases (optional). and then click SQL Server Surface Area Configuration. For more information about prerequisites. Optionally.0 on a domain controller requires additional configuration steps that are not discussed in this article. Installing Windows SharePoint Services 3.0.microsoft. you must also change the surface area settings.0 Setup program automatically creates the necessary databases when you install and configure Windows SharePoint Services 3. point to Configuration Tools. you can preinstall the required databases if your IT environment or policies require this. and deploying and configuring SharePoint site collections and sites.aspx). • Starting the Windows SharePoint Services Search service. The Windows SharePoint Services 3.Note: We recommend that you read the Known Issues/Readme documentation before you install Windows SharePoint Services 3. point to All Programs. If you are using SQL Server 2005. This is used to ensure file name uniqueness consistent with the Windows operating system.2.microsoft. In the SQL Server 2005 Surface Area Configuration dialog box. click Surface Area Configuration for Services and Connections. In the tree view. 43 . see Selecting a SQL Collation (http://go. expand the node for your instance of SQL Server. 4. The SQL Server database collation must be configured for case-insensitive. 3. accent-sensitive.microsoft.com/fwlink/?LinkId=121669&clcid=0x409 ) in SQL Server 2005 Books Online. and widthsensitive. and then click OK. For more information about collations. expand the Database Engine node.com/fwlink/?LinkId=121667&clcid=0x409 ) or Collation Settings in Setup (http://go. and then click Remote Connections. SQL Server and database collation The SQL Server collation must be configured for case-insensitive. select Using both TCP/IP and named pipes. Select Local and Remote Connections. Kana-sensitive. However.microsoft. including specific role memberships and permissions required for these accounts. 44 .Required accounts The following table describes the accounts that are used to configure SQL Server and to install Windows SharePoint Services 3. • Assign a domain user account to the logon for the service. For more information about these accounts and security considerations. Network Service. refer to the Setting Up Windows Service Accounts topic (http://go. • Domain user account Setup user account The Setup user account is used to run the following: • Setup on each server • The SharePoint Products and Technologies Configuration Wizard • The PSConfig command-line tool • The Stsadm command-line tool • Member of the Administrators group on each server on which Setup is run • SQL Server login on the computer running SQL Server • Member of the following SQL Server security roles: • • securityadmin fixed server role dbcreator fixed server role If you run Stsadm command-line tool commands that read from or write to a database. this account must be a member of the db_owner fixed database role for the database. Account Purpose Requirements SQL Server Service Account This account is used as the service account for the following SQL Server services: • • SQLSERVERAGENT If you are not using the default instance. if you use this option you must take the additional steps required to configure Service Principal Names (SPNs) in Active Directory in order to support Kerberos authentication. You have two options: • Assign one of the built-in system accounts (Local System. these services will be shown as: • MSSQL$InstanceName • SQLAgent$InstanceNam e MSSQLSERVER SQL Server prompts for this account during SQL Server Setup. or Local Service) to the logon for the configurable SQL Server services.com/fwlink/? LinkId=121664&clcid=0x409) in the SQL Server documentation.0. see Plan for administrative and service accounts [Windows SharePoint Services]. which SQL Server uses. For more information about the required accounts. 0 requires Active Directory Domain Services for farm deployments in a Windows Server 2008 environment.NET Framework version 3.com/en-us/library/cc288751.NET Framework version 3.0 1. point to Administrative Tools. this account must be a member of the db_owner fixed database role on the configuration database of the larger farm.Account Purpose Requirements Server farm The Server farm account is account/Database used to: access account • Act as the application pool identity for the SharePoint Central Administration application pool. and then click Server Manager. Install Microsoft . Use the following procedure to install Microsoft .microsoft. • Run the Windows SharePoint Services Timer service.NET Framework version 3. Important: Windows SharePoint Services 3. you need at least one server computer acting as a Web server and an application server. and one server computer acting as a database server. You do not need to install the Web Server role or the Windows Process Activation Service.aspx). see Determine hardware and software requirements (http://technet.0. • If the server farm is a child farm with Web applications that consume shared services from a larger farm. Additional permissions are automatically granted for this account on Web servers and application servers that are joined to a server farm. these are installed automatically along with the Windows Internal Database when you install Windows SharePoint Services 3. Click Start.0 Before you install Windows SharePoint Services 3.0. be sure that your servers have the recommended hardware and software. • Domain user account.NET Framework version 3.0. For more information about these requirements. This account is automatically added as a SQL Server login on the computer running SQL Server and added to the following SQL Server security roles: • • dbcreator fixed server role securityadmin fixed server role • db_owner fixed database role for all databases in the server farm Verify that servers meet hardware and software requirements Before you install and configure Windows SharePoint Services 3.0. 45 . Install Microsoft . To deploy a server farm.0 on Windows Server 2008. you must install the Microsoft . Service Pack 1. and configuring the farm. Run Setup on the first server 1. installing Windows SharePoint Services 3.0 on your farm servers. 3. 46 . Note: Setup installs the Central Administration Web site on the first server on which you run Setup. In the Features list. When you install Windows SharePoint Services 3. adding load-balanced Web servers. click Add features.0 with SP1 from the Microsoft Web site (http://go. you can use the SharePoint Products and Technologies Configuration Wizard to configure Windows SharePoint Services 3.0 services. Therefore. After Setup finishes. Any additional servers that you add must be joined to this farm. and then run SharePoint. Follow the wizard steps to install Microsoft . On the Read the Microsoft Software License Terms page.0. select the I accept the terms of this agreement check box.microsoft. Adding servers to the farm can be done at any time to add redundancy — for example. select the . you establish the farm. You must have SQL Server database software running on at least one back-end database server before you install Windows SharePoint Services 3. 2.0 components on the server.0 on all of your farm servers before you configure Windows SharePoint Services 3. and creating the Central Administration Web site. we recommend that the first server on which you install Windows SharePoint Services 3.NET Framework version 3.com/fwlink/?LinkId=105656). on the Action menu. The SharePoint Products and Technologies Configuration Wizard automates several configuration tasks. In Server Manager.0 is a server on which you want to run the Central Administration Web site. review the terms.0 Features check box.NET Framework 3.0 services and create sites.0 on the first server.0. Run Setup on all servers in the farm Run Setup and then the SharePoint Products and Technologies Configuration Wizard on all your farm servers. Note: We recommend that you run Setup on all the servers that will be in the farm before you configure the farm. Run Setup on the first server We recommend that you install and configure Windows SharePoint Services 3.2.exe on one of your Web server computers. 4. Setting up the first server involves two steps: installing the Windows SharePoint Services 3. including: installing and configuring the configuration database. and then click Continue. Download Windows SharePoint Services 3. and then click Next. 4. Use the following instructions to run the SharePoint Products and Technologies Configuration Wizard. On the Server Type tab.0. On the Connect to a server farm page. On the Welcome to SharePoint Products and Technologies page. Instructions for completing the wizard are provided in the next set of steps.0 services.0. the setup process will fail and you will need to uninstall and reinstall Windows SharePoint Services 3. I want to create a new server farm. To learn more about the program. (Be sure to 47 . When you have chosen the correct options. select the Data Location tab. click Next.0 is complete. click Advanced. click the link. in the Database server box. 2. 6. type the name of the computer that is running SQL Server. 4. Type a name for your configuration database in the Database name box.0 at a custom location. Optionally. and then click Next. On the Choose the installation you want page. 9. Click Yes in the dialog box that notifies you that some services might need to be restarted during configuration. 3. and then type the location name or Browse to the location. In the Specify Configuration Database Settings dialog box. When Setup finishes. click No. The configuration wizard automates several configuration tasks. 7. to participate in the Customer Experience Improvement Program. click Web Front End. You must have an Internet connection to view the program information. Optionally. 6. Click Close to start the configuration wizard. The default name is "SharePoint_Config". to install Windows SharePoint Services 3. select the Feedback tab and select the option you want. a dialog box appears that prompts you to complete the configuration of your server. Note: Do not add any server roles in Windows Server 2008 Server Manager before setup for Windows SharePoint Services 3.3. The Basic option is for stand-alone installations. and creating the Central Administration Web site. Run the SharePoint Products and Technologies Configuration Wizard 1. 5. type the user name of the server farm account. Run the SharePoint Products and Technologies Configuration Wizard After Setup finishes. 8. click Install Now. The Stand-alone option is for standalone installations. Be sure that the Run the SharePoint Products and Technologies Configuration Wizard now check box is selected. you can use the SharePoint Products and Technologies Configuration Wizard to configure Windows SharePoint Services 3. If you add a server role. installing Windows SharePoint Services 3. including: installing and configuring the configuration database. 5. In the User name box. or use the default database name. com/fwlink/?LinkID=76570&clcid=0x409 ). Note: In most cases. select the Specify port number check box and type a port number if you want the SharePoint Central Administration Web application to use a specific port.microsoft. 9. The SharePoint Products and Technologies Configuration Wizard adds this account to the SQL Server logins. you must be a member of the Domain Admins group.) Important: This account is the server farm account and is used to access your SharePoint configuration database. Note: If you are prompted for your user name and password. type the user's password. On the Completing the SharePoint Products and Technologies Configuration Wizard page. you should use the default setting (NTLM). Use Negotiate (Kerberos) only if Kerberos authentication is supported in your environment. click Next. see How to configure a Windows SharePoint Services virtual server to use Kerberos authentication and how to switch from Kerberos authentication back to NTLM authentication (http://go. The user account that you specify as the service account must be a domain user account. or leave the Specify port number check box cleared if you do not care which port number the SharePoint Central Administration Web application uses. and then click Next. On the Configure SharePoint Central Administration Web Application page. 10. click Next. To do this. and then click Next. It also acts as the application pool identity for the SharePoint Central Administration application pool and it is the account under which the Windows SharePoint Services Timer service runs. you might need to add the SharePoint Central Administration site to the list of trusted sites and configure 48 . The SharePoint Central Administration Web site home page opens. but it does not need to be a member of any specific security group on your Web servers or your back-end database servers. On the Configuration Successful page.type the user name in the format DOMAIN\username. In the Password box. click Negotiate (Kerberos). For more information. 7. On the Configure SharePoint Central Administration Web Application dialog box. 8. 11. do one of the following: • If you want to use NTLM authentication (the default). • If you want to use Kerberos authentication. Using the Negotiate (Kerberos) option requires you to configure a service principal name (SPN) for the domain user account. click Finish. We recommend that you follow the principle of least-privilege administration by specifying a user account that is not a member of the Administrators group on your Web servers or your back-end servers. and to the dbcreator and securityadmin fixed server roles in SQL Server. Add the SharePoint Central Administration Web site to the list of trusted sites 1. 9. 6. on the Tools menu. Type the port number of the proxy server in the Port box. Add servers to the farm We recommend that you install and configure Windows SharePoint Services 3. on the Tools menu. In the Add this Web site to the zone box. 6. and then click Add. 5. type the URL for the SharePoint Central Administration Web site. Click OK to close the Internet Options dialog box. click LAN Settings. In the Proxy Server section. and then click Sites. click Internet Options.0 services and create sites. 4. and then later install Windows SharePoint Services 3. Instructions for configuring this setting are provided later in this section. in the Select a Web content zone to specify its security settings box.0 on the same computer. Notes • If you uninstall Windows SharePoint Services 3. 2. 3. Clear the Require server verification (https:) for all sites in this zone check box.user authentication settings in Internet Explorer. the Setup program could fail when 49 . Select the Bypass proxy server for local addresses check box. Configure proxy server settings to bypass the proxy server for local addresses 1. 2. 8. 5. 7. You must have SQL Server running on at least one back-end database server before you install Windows SharePoint Services 3. Type the address of the proxy server in the Address box. On the Connections tab. 4. Click OK to close the Local Area Network (LAN) Settings dialog box. you might need to configure your proxy server settings so that local addresses bypass the proxy server. 3. On the Security tab. clear the Automatically detect settings check box. Note: If a proxy server error message appears. Instructions for configuring these settings are provided in the next set of steps.0 on all of your farm servers before you configure Windows SharePoint Services 3. Click OK to close the Internet Options dialog box. In Internet Explorer. In the Automatic configuration section. click Internet Options. Click Close to close the Trusted sites dialog box. click Trusted sites. select the Use a proxy server for your LAN check box.0 on your farm servers. In Internet Explorer.0. in the Local Area Network (LAN) settings area. Click Close to start the configuration wizard. click the link. The Basic option is for stand-alone installations.0 with SP1 from the Microsoft Web site (http://go. The Stand-alone option is for standalone installations. and then type the location name or Browse to the location. Use the following instructions to run the SharePoint Products and Technologies Configuration Wizard. 2. On the Read the Microsoft Software License Terms page. click Next. click Web Front End. 6. a dialog box appears that prompts you to complete the configuration of your server. Run the SharePoint Products and Technologies Configuration Wizard 1. click Advanced.0. select the I accept the terms of this agreement check box. select the Feedback tab and select the option you want. 8. including: installing and configuring the configuration database. 3. 50 . 9. You can create a new configuration database by running the following command from the path %COMMONPROGRAMFILES%\Microsoft shared\Web server extensions\12\bin: • psconfig -cmd configdb -create -database <unique database name> Run Setup on additional servers 1. On the Server Type tab. Click Yes in the dialog box that notifies you that some services might need to be restarted during configuration. Download Windows SharePoint Services 3. 5. click Install Now. When you have chosen the correct options. Optionally. and installing Windows SharePoint Services 3. Instructions for completing the wizard are provided in the next set of steps.creating the configuration database causing the entire installation process to fail. Be sure that the Run the SharePoint Products and Technologies Configuration Wizard now check box is selected.microsoft.exe on one of your additional Web server computers. On the Welcome to SharePoint Products and Technologies page. To learn more about the program. 7.0 databases on the computer or by creating a new configuration database. On the Choose the installation you want page. to participate in the Customer Experience Improvement Program. review the terms.0 at a custom location. and then run SharePoint. and then click Continue. The configuration wizard automates several configuration tasks. 4.com/fwlink/?LinkId=105656). You must have an Internet connection to view the program information. You can prevent this failure by either deleting all the existing Windows SharePoint Services 3.0 services. When Setup finishes. 2. use the SharePoint Products and Technologies Configuration Wizard to configure Windows SharePoint Services 3. Optionally. Run the SharePoint Products and Technologies Configuration Wizard on additional servers After Setup finishes. select the Data Location tab. to install Windows SharePoint Services 3. Next to Window SharePoint Services Search. 5. in the Database server box.3. click the server on which you want to start the Windows SharePoint Services Search service. type the user's password. and then from the Database name list. In the Specify Configuration Database Settings dialog box. either accept the default settings. click Finish. On the Configuration Successful page. On the Operations page. Start the Windows SharePoint Services Search service 1. 4. 6. 51 . I want to connect to an existing server farm. 6. click Next. On the Configure Windows SharePoint Services Search Service Settings page. and then click Next. On the Servers in Farm page. or specify the schedule that you want the search service to use when searching over content. On the SharePoint Central Administration home page. click Start. select the database name that you created when you configured the first server in your server farm. click Start. the same account used for the search service will be used. This account must have read access to all the content you want it to search over. After you have configured all the settings. If you do not enter credentials. In the Password box. specify the user name and password for the user account that the search service will use to search over content. 8. specify the user name and password for the user account under which the search service will run. 3. and then click Next. 5. 7. in the Service Account section. 7. In the Content Access Account section. type the user name of the account used to connect to the computer running SQL Server. 9. Start the Windows SharePoint Services Search service You must start the Windows SharePoint Services Search service on every computer that you want to search over content. type the name of the computer that is running SQL Server. On the Completing the SharePoint Products and Technologies Configuration Wizard page. 8. On the Connect to a server farm page. click Yes. click the Operations tab on the top link bar.) This must be the same user account you used when configuring the first server. in the Topology and Services section. In the User name box. 2. Click Retrieve Database Names. In the Indexing Schedule section. (Be sure to type the user name in the format DOMAIN\username. click Servers in farm. You must start it on at least one of your servers. 4. point to Administrative Tools. you must use Windows Firewall with Advanced Security in Windows Server 2008 to open ports on computers that host Web Applications. click Application Management. Alternatively. for more centralized rule management you can create one rule to manage all the ports. 2. Determine ports used by Web Applications 1. Click Start. You must also open the ports for any additional Web applications that you create in your server farm. Configure Windows Firewall with Advanced Security 1. including Central Administration. 4. Public. For Web applications you only need to create a rule to open a port for incoming connections. click Web application list. point to All Programs. you must use Windows Firewall with Advanced Security in Windows Server 2008 to open ports on computers that host Web Applications. 3. you use the host header mode in Windows SharePoint Services 3. If.0 to create multiple domain-named sites in a single Web application you will need to perform the procedures in this section to determine which ports the Web applications. in the URL column.Configure Windows Firewall with Advanced Security After you create Web applications in your server farm. By default. Note: If you configure host headers in IIS. and then click 52 . will use in your server farm. Click Start. After you create Web applications in your server farm. The default configuration of the Windows Server 2008 firewall is to deny all connections unless there is an exception. On the Central Administration site. we recommend that you create one rule per Web application. For ease in managing the rules. and then click SharePoint 3. Make sure you create the exceptions for the currently enabled profile (Private. in the SharePoint Web Application Management section.0 Central Administration. however. On the Application Management Web page. the server name with port number is listed for each Web application. the ports for the Web Applications will be created on port 80 and you may not have to perform the procedures in this section. or Domain) when you are making changes to ports. On the Web Application List Web page. point to All Programs. You should use Windows Firewall with Advanced Security to open the ports required for your server farm as identified in the Determine ports used by Web Applications procedure. If you create the exceptions in the wrong profile they will not work. but to be able to communicate with other computers you must open the port for Central Administration. port 80 is open on Web servers. point to Administrative Tools. Wizard page Settings Rule Type Protocol and Ports Select Port. identify all the ports that you need. Select TCP.0 traffic. On the details pane. then you must proceed to the next step in this procedure to configure the firewall to allow Windows SharePoint Services 3. Enable Domain. 2. 3.Windows Firewall with Advanced Security. and then in the action pane click New Rule. verify that the domain profile is active by noting if the domain network location entry displays Domain Profile is Active. • If it is Inbound connections that do not match a rule are blocked. we recommend that you first perform the following administrative tasks by using the SharePoint Central Administration Web site. select Inbound Rules. depending on how the inbound connections rule is configured. In the Specific local ports text box. As a best practice. your browser window opens to the home page of your new SharePoint site. see Windows Firewall (http://go. in the Overview section. Action Profile Select Allow the connection. Perform additional configuration tasks After Setup finishes. then you do not need to complete this procedure. For more information about Windows Firewall with Advanced Security. On the console tree. In the Domain Profile is Active area. Unique names makes management using the netsh commands much easier. Complete the New Inbound Rule Wizard using the settings from the following table. Although you can start adding content to the site or customizing the site. Select Specific local ports. choose one of these options. 53 . 4. • If it is Inbound connections that do not match a rule are allowed. 5. Clear Private and Public. we recommend that you give the firewall rules a unique name.microsoft.com/fwlink/?LinkID=84639). Name In the Name and Description text boxes type information that is both descriptive and meaningful for your network administrators. You can configure both the "From" e-mail address and the "Reply" e-mail address that appear in outgoing alerts. 54 . 3. On the Administrator Tasks page. For more information. Click Start. and then click SharePoint 3. you also create a new database and define the authentication method used to connect to the database. You can also specify how long you want the antivirus program to run before it times out. next to Action. Perform administrator tasks by using the Central Administration site 1. A Web application is composed of an Internet Information Services (IIS) site with a unique application pool.aspx). You can also configure incoming email settings so that SharePoint sites can archive e-mail discussions as they happen. For more information. you must first create a Web application.0 Central Administration. 2. click the task. event messages. • Configure outgoing e-mail settings You can configure outgoing e-mail settings so that your Simple Mail Transfer Protocol (SMTP) server sends e-mail alerts to site users and notifications to site administrators. point to Administrative Tools. For more information. • Configure antivirus protection settings You can configure several antivirus settings if you have an antivirus program that is designed for Windows SharePoint Services 3.com/en-us/library/cc288423. and Customer Experience Improvement Program events. For more information. save emailed documents. • Configure diagnostic logging settings You can configure several diagnostic logging settings to help with troubleshooting. Create a site collection and a SharePoint site This section guides you through the process of creating a single site collection containing a single SharePoint site. click the task you want to perform. For more information. you can configure the SharePoint Directory Management Service to provide support for e-mail distribution list creation and management. see Configure diagnostic logging settings.microsoft.• Configure incoming e-mail settings You can configure incoming e-mail settings so that SharePoint sites accept and archive incoming e-mail. In addition. see Configure anti-virus settings. point to All Programs.0. Before you can create a site or a site collection. see Chapter overview: Deploy and configure SharePoint sites. Antivirus settings enable you to control whether documents are scanned on upload or download and whether users can download infected documents. When you create a new Web application. see Configure outgoing e-mail settings. and show e-mailed meetings on site calendars. and you can specify how many execution threads the antivirus program can use on the server. user-mode error messages. You can create many site collections and many sites under each site collection. see Plan Web site structure and publishing (http://technet. This includes enabling and configuring trace logs. in the Administrator Tasks section. For information about planning SharePoint sites and site collections. see Configure incoming email settings. On the Central Administration home page. b. you 55 . choose either Negotiate (Kerberos) or NTLM. Create a new Web application 1. IUSR_<computername>). select Use an existing Web site. For more information about authentication methods. a. select Create a new IIS Web site. on the Application Management page. Note: To enable Kerberos authentication. This action exposes the same content to different sets of users by using an additional IIS Web site to host the same content. In the Authentication Provider section. click Create or extend Web application. and type the name of the Web site in the Description box. In the Allow Anonymous section. In the Security Configuration section.com/enus/library/cc288475.microsoft. If you are creating a new Web site. click Create a new Web application. In the SharePoint Central Administration Web site. In the Host Header box. type the path to the site directory on the server. type the URL you want to use to access the Web application. this field is populated with a suggested path.If you are in an extranet environment where you want different users to access content by using different domains. b. This is an optional field. To choose to use an existing Web site. 4.aspx). In the Port box. in the SharePoint Web Application Management section. this field is populated with a suggested port number. In the Path box. If you choose to allow anonymous access. choose Yes or No. and specify the Web site on which to install your new Web application by selecting it from the drop-down menu. a. To choose to create a new Web site. 3. c. If you are using an existing Web site. type the port number you want to use to access the Web application. Note: If you want users to be able to access any site content anonymously. this enables anonymous access to the Web site by using the computer-specific anonymous access account (that is. On the Create New Web Application page. configure authentication and encryption for your Web application. If you are using an existing Web site. this field is populated with the current path. 2. you can configure the settings for your new Web application. this field is populated with the current port number. On the Create or Extend Web Application page. you might also need to extend a Web application to another IIS Web site. see Plan authentication methods (http://technet. in the IIS Web Site section. in the Adding a SharePoint Web Application section. you must perform additional configuration. If you are creating a new Web site. d. e. d.must enable anonymous access for the entire Web application. see Plan for secure communication within a server farm (http://technet. a. 8. and type the password for the account in the Password box. database name. In the User name box. choose whether to allow Windows SharePoint Services to restart IIS on other farm servers. In the Select a security account for this application pool section. Then select the application pool you want to use from the drop-down menu.com/en-us/library/cc288957. you must wait until the IIS Web site is created on all servers and then run iisreset/noforce on each Web server. Select Configurable to use an account that is not currently being used as a security account for an existing application pool. choose whether to use an existing application pool or create a new application pool for this Web application. In the Use Secure Sockets Layer (SSL) section. type the user name of the account you want to use. If this option is not selected and you have more than one server in the farm. 7. Important: If you use SSL. select Yes or No. In the Reset Internet Information Services section. The new IIS site is not usable until that action is completed. To create a new application pool. The Zone box is automatically set to Default for a new Web application. see Create or extend Web applications. To change the zone for a Web application. select Predefined to use an existing application pool security account. By default. In the Database Name and Authentication section. For more information about using SSL.microsoft. The choices are unavailable if your farm only contains a single server. site owners can configure how anonymous access is used within their sites. In the Application Pool section. b. select Create a new application pool. Later. and then select the security account from the drop-down menu. the box is populated with the current server name and port. select Use existing application pool. 56 . For more information about anonymous access.aspx ).microsoft. In the Load Balanced URL section. choose the database server.com/en-us/library/cc288488. If you choose to enable SSL for the Web site. In the Application pool name box. type the name of the new application pool. To use an existing application pool. and authentication method for your new Web application. type the URL for the domain name for all sites that users will access in this Web application.aspx). or keep the default name. 6. you must configure SSL by requesting and installing an SSL certificate. c. This URL domain will be used in all links shown on pages within the Web application. The local server must be restarted manually for the process to finish. and cannot be changed from this page. see Choose which security groups to use (http://technet. 5. c. you must add the appropriate certificate on each server by using IIS administration tools. click the Application Management tab on the top link bar. 4. On the Application Management page. On the Create Site Collection page. specify the user account for 57 . select a Web application to host the site collection from the Web Application drop-down list. select a template from the tabbed template control. 5. Choose whether to use Windows authentication (recommended) or SQL authentication. In the Web Site Address section. leave this option selected. Click OK to create the new Web application. You can also use the default entry. type a title and description for the site collection. 2. • If you want to use Windows authentication. in the SharePoint Site Management section.Item Action Database Server Type the name of the database server and Microsoft SQL Server instance you want to use in the format <Server name\instance>. or use the default entry. In the Title and Description section. in the Web Application section. Create a site collection 1. • If you want to use SQL authentication. click Create site collection. type the name of the account you want the Web application to use to authenticate to the SQL Server database. select a URL type (personal or sites). and then type the password in the Password box. Type the name of the database. 6. 7. select SQL authentication. In the Template Selection section. On the SharePoint Central Administration home page. In the Account box. 3. and then type a URL for the site collection. In the Primary Site Collection Administrator section. or click Cancel to cancel the process and return to the Application Management page. Database Name Database Authentication 9. 8. You can check the user account by clicking the Check Names icon to the right of the text box. The full URL path for the site collection appears in the URL box. in the Title and Description section. You can also browse for the user account by clicking the Book icon to the right of the text box.microsoft. You can also browse for the user account by clicking the Book icon to the right of the text box. 7. or click Create to create the site. on the Site Actions menu. Click Create to create the site collection. click the URL for the site collection to which you want to add a site. in the SharePoint Site Management section. you might want to configure alternate access mappings.0 to map Web requests to the correct Web applications and sites. In the Web Site Address section. 58 . see Plan alternate access mappings (http://technet.com/en-us/library/cc288609. Copy and paste the full URL path into your browser. 4. and then. select a template from the tabbed template control. The new site opens. click Create. specify the user account for the user you want to be the secondary administrator for the site collection. Create a SharePoint site 1.the user you want to be the primary administrator for the site collection. click Sites and Workplaces. click Site collection list. On the Application Management page. You can check the user account by clicking the Check Names icon to the right of the text box. 10.0 to serve the correct content back to the user. type a URL for the site.aspx). 3. Alternate access mappings direct users to the correct URLs during their interaction with Windows SharePoint Services 3. For more information. 2. on the home page of the top-level site for the site collection. After creating sites. in the URL column. 5. 8. On the Site Collection List page. On the Create page. and they enable Windows SharePoint Services 3. Either change other settings. You can use events that are written to the trace log to determine what configuration changes were made in Windows SharePoint Services 3. In the Template Selection section.0 Web site.0 before the problem occurred. 9. Optionally. in the Web Pages section. in the Secondary Site Collection Administrator section. 9. On the New SharePoint Site page. type a title and description for the site. Alternate access mappings enable Windows SharePoint Services 3.0 (while browsing to the home page of a Windows SharePoint Services 3. 6. for example). click the Application Management tab on the top link bar. On the SharePoint Central Administration home page. Configure the trace log The trace log can be useful for analyzing problems that might occur. we recommend that you configure the trace log to save seven days of events. Store these log files for an extended period of time in a safe location that will not be overwritten. type 336. 2. you can use any combination of number of log files and minutes to store in each log file. in the Logging and Reporting section.By default. You can also specify the location where the log files are written or accept the default path. Tip: We recommend that you store log files on a hard drive partition that is used to store log files only. we recommend that you save all trace log files that the system creates on any day that you make any configuration changes related to either search service. Click OK. Configure the trace log to save seven days of events 1. Configure Windows Server Backup If you want to use Windows Server Backup with Windows SharePoint Services 3.0. This means that trace log files that contain events that are older than two days are deleted. By default. do the following: • • In the Number of log files box. Ensure that the path specified in the Path box has enough room to store the extra log files. Incorrectly editing the registry might severely damage your 59 . Because problems related to configuration changes are not always immediately discovered. Trace log files can help you to troubleshoot issues related to configuration changes of the Windows SharePoint Services Search service. on the Operations tab. each one containing 30 minutes of events. On the Diagnostic Logging page. in the Trace Log section.080 minutes (seven days) of events.0 saves two days of events in the trace log files. Important: You must be logged on as a member of the Administrators group on the local server computer to edit the registry. 96 log files are kept. You can use the Diagnostic Logging page in Central Administration to configure the maximum number of trace log files to maintain and how long (in minutes) to capture events to each log file. See step 3 in the previous procedure to determine the location that the system stores trace log files for your system. If you do not configure these registry keys. 96 log files * 30 minutes of events per file = 2880 minutes or two days of events. When you are using the Windows SharePoint Services Search service.0. you must configure the following registry keys. In the Number of minutes to use a log file box. click Diagnostic logging. Tip: To save 10. In Central Administration. Windows Server Backup will not work properly with Windows SharePoint Services 3. 4. or change the path to another location. 3. Windows SharePoint Services 3. type 30. On the Edit menu. and then click DWORD (32-bit) Value.system. Type {c2f52614-5e53-4858-a589-38eeb25c6184} as the key name and then press ENTER. type regedit. Type WindowsServerBackup. On the Edit menu. and then click OK. 9. Type Application Support. 8. and then press ENTER. Select the WindowsServerBackup key. 17. Right-click the UseSameVssContext value. Click Start. and then click String Value. and then click Modify. and then press ENTER. Type Application Identifier as the new value name. click New. click Run. 6. In the Value Data box. Right click the Application Identifier value. 7. 15. click New. and then on the Edit menu. and then click OK. 10. you should back up any valued data on the computer. type 00000001. Configure registry keys for Windows Server Backup 1. and then click Key. Select the new key. In the Value Data box. Select the Application Support key. 14. click Continue to open the Registry Editor. 3. Navigate to the following path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ 4. click New. click New. and then press ENTER. and then on the Edit menu. and then click Modify. type Windows SharePoint Services. and then click OK. In the User Account Control dialog box. 5. 11. Before making changes to the registry. and then click Key. 13. and in the Open box. and then on the Edit menu. 2. and then press ENTER. and then click Key. Type UseSameVssContext as the new value name. 60 . 16. 12. This is the GUID for the WSS Writer. click New. UDDI Services.. Important: This article discusses how to do a clean installation of Windows SharePoint Services 3. For more information about upgrading the operating system. 61 . document management. A stand-alone configuration is also useful if you are deploying a small number of Web sites and you want to minimize administrative overhead. you can now install Windows SharePoint Services 3. You can quickly publish a SharePoint site by deploying Windows SharePoint Services 3. You cannot install Windows SharePoint Services 3. Note: This article does not cover installing Windows SharePoint Services 3. When you deploy Windows SharePoint Services 3. As with the Windows Server 2003 operating system. you must download and run Setup and the SharePoint Products and Technologies Configuration Wizard. and search.0 in a server farm installation on Windows Server 2008.0 on a single server using the default settings. see Deploy a simple farm on the Windows Server 2008 operating system. see Upgrading to Windows Server 2008 for Windows SharePoint Services 3. and Windows System Resources Manager. A stand-alone configuration is useful if you want to evaluate Windows SharePoint Services 3.0 features and capabilities.0 with SP1.0 without service packs on Windows Server 2008. In addition. It does not cover upgrading the operating system from Windows Server 2003 to Windows Server 2008. the Setup program automatically installs the Windows Internal Database and uses it to create the configuration database and an initial content database for your SharePoint sites.0 with Service Pack 1 Post-installation steps Configure the trace log Configure Windows Server Backup As of Windows SharePoint Services 3.Install a stand-alone server on Windows Server 2008 In this article: • • • • • Hardware and software requirements Install and configure Windows SharePoint Services 3. Windows Internal Database uses SQL Server technology as a relational data store for Windows roles and features only.0 on Windows Server 2008. Active Directory Rights Management Services.0 on a single server computer. such as Windows SharePoint Services. Windows Server Update Services. Setup installs the SharePoint Central Administration Web site and creates your first SharePoint site collection and site. For more information.0 Service Pack 1 (SP1).0 with SP1 in a stand-alone environment on Windows Server 2008. such as collaboration. com/enus/library/cc288751. see Determine hardware and software requirements ( https://technet. Notes • If you uninstall Windows SharePoint Services 3. Install Microsoft . or Windows SharePoint Services 3.0 1.microsoft.0 Features check box. click Add features.NET Framework version 3. In the Features list. Click Start. 2.0 on Windows Server 2008. This option uses the Setup program's default parameters to install Windows SharePoint Services 3. the Microsoft . 3.0 on the same computer. Note: There is no direct upgrade from a stand-alone installation to a farm installation. select the .Important: The following components are required for Windows SharePoint Services 3. Follow the wizard steps to install Microsoft .aspx). on the Action menu. Do not uninstall them.NET Framework version 3. the Setup program could fail when creating the configuration database causing the entire installation process to fail.0 with Service Pack 1 When you install Windows SharePoint Services 3. and then later install Windows SharePoint Services 3.0.NET Framework version 3.0 will cease to run. In Server Manager. You can create 62 . these are installed automatically along with the Windows Internal Database when you install Windows SharePoint Services 3.0 to run correctly: the Web Server role. For more information about these requirements. Hardware and software requirements Before you install and configure Windows SharePoint Services 3. you must install the Microsoft . You can prevent this failure by either deleting all the existing Windows SharePoint Services 3.0. and then click Next.0 Before you install Windows SharePoint Services 3.NET Framework 3.Use the following procedure to install Microsoft .NET Framework version 3. 4.NET Framework version 3.0 on a single server.NET Framework version 3.0.0. You do not need to install the Web Server role or the Windows Process Activation Service.0.0.0 databases on the computer or by creating a new configuration database. Install Microsoft . and then click Server Manager. point to Administrative Tools. run the Setup program using the Basic option. Install and configure Windows SharePoint Services 3. Service Pack 1.0. be sure that your servers have the required hardware and software. and Windows Internal Database.0 and Windows Internal Database. exe. On the Welcome to SharePoint Products and Technologies page. click Internet Options.microsoft. and then click Continue.0 with SP1 1. the setup process will fail. In Internet Explorer. If you add a server role. Add the SharePoint site to the list of trusted sites 1. To install to a different location. you might need to configure your proxy server settings so that local addresses bypass the proxy server. Note: If you see a proxy server error message. 63 . specify the location you want to install to and finish the installation. select the I accept the terms of this agreement check box. and you will need to uninstall and reinstall Windows SharePoint Services 3. Note: Do not add any server roles in Windows Server 2008 Server Manager before setup for Windows SharePoint Services 3. On the Choose the installation you want page. 4. Click Close to start the wizard. click Yes. a dialog box prompts you to complete the configuration of your server. 5. When Setup finishes. on the Tools menu. 3. Your new SharePoint site opens. Run the SharePoint Products and Technologies Configuration Wizard 1.0.a new configuration database by running the following command from the path %COMMONPROGRAMFILES%\Microsoft shared\Web server extensions\12\bin: • psconfig -cmd configdb -create -database <unique database name> Download and run setup for Windows SharePoint Services 3. and then run SharePoint. On the Read the Microsoft Software License Terms page.0 is complete. In the dialog box that notifies you that some services might need to be restarted or reset during configuration. click Advanced. Instructions for configuring proxy server settings are provided later in this section. 3. Be sure that the Run the SharePoint Products and Technologies Configuration Wizard now check box is selected. On the Configuration Successful page. click Next. 2. and then on the Data Location tab. Instructions for configuring these settings are provided in the following procedure. 2. review the terms. click Finish.0 with SP1 from the Microsoft Web site (http://go. click Basic to install to the default location. Download Windows SharePoint Services 3. you might need to add the SharePoint site to the list of trusted sites and configure user authentication settings in Internet Explorer.com/fwlink/?LinkId=105656). Note: If you are prompted for your user name and password. and then click Sites. 4. click LAN Settings. we recommend that you perform the following administrative tasks by using the SharePoint Central Administration Web site. on the Tools menu. and show e-mailed meetings on site calendars. use the following steps to configure Internet Explorer to bypass the proxy server for local addresses. Select the Bypass proxy server for local addresses check box. For more information. In Internet Explorer. Click Close to close the Trusted Sites dialog box. You can also configure incoming email settings so that SharePoint sites can archive e-mail discussions as they happen. select the Use a proxy server for your LAN check box. Click OK to close the Internet Options dialog box. • Configure incoming e-mail settings You can configure incoming e-mail settings so that SharePoint sites accept and archive incoming e-mail. On the Security tab. click Internet Options. On the Connections tab. Type the port number of the proxy server in the Port box. Post-installation steps After Setup finishes. clear the Automatically detect settings check box. Type the address of the proxy server in the Address box. type the URL to your site. • Configure outgoing e-mail settings You can configure outgoing e-mail settings so that your Simple Mail Transfer Protocol (SMTP) server sends e-mail alerts to site users and notifications to site administrators. in the Local Area Network (LAN) settings area. 2.2. Click OK to close the Local Area Network (LAN) Settings dialog box. click Trusted Sites. Configure proxy server settings to bypass the proxy server for local addresses 1. In addition. 4. 8. 3. 9. your browser window opens to the home page of your new SharePoint site. in the Select a Web content zone to specify its security settings box. In the Automatic configuration section. 6. you can configure the SharePoint Directory Management Service to provide support for e-mail distribution list creation and management. In the Add this Web site to the zone box. If you are using a proxy server in your organization. see Configure incoming email settings. and then click Add. Although you can start adding content to the site or you can start customizing the site. save emailed documents. 5. 5. 3. In the Proxy Server section. You can configure both the "From" e-mail address and the 64 . Clear the Require server verification (https:) for all sites in this zone check box. 6. Click OK to close the Internet Options dialog box. 7. 0. This includes enabling and configuring trace logs. This means that trace log files that contain events that are older than two days are deleted. • Create SharePoint sites When Setup finishes. see Configure anti-virus settings. see Deploy and configure SharePoint sites. 65 . Antivirus settings enable you to control whether documents are scanned on upload or download and whether users can download infected documents. On the Administrator Tasks page. see Deploy a simple farm on the Windows Server 2008 operating system. and Web applications if your site design requires multiple sites or multiple Web applications. event messages. • Configure antivirus protection settings You can configure several antivirus settings if you have an antivirus program that is designed for Windows SharePoint Services 3. you have a single Web application that contains a single SharePoint site collection that hosts a SharePoint site. and you can specify how many execution threads the antivirus program can use on the server. You can also specify how long you want the antivirus program to run before it times out. For more information.0 Central Administration. On the Central Administration home page. see Configure diagnostic logging settings. we recommend that you configure the trace log to save seven days of events. next to Action. • Configure diagnostic logging settings You can configure several diagnostic logging settings to help with troubleshooting. Note: If you create additional Web applications to host SharePoint sites. and Customer Experience Improvement Program events. click the task you want to perform."Reply" e-mail address that appear in outgoing alerts. 3. For more information. see Configure outgoing e-mail settings. and then click SharePoint 3. point to All Programs. click the task.0 saves two days of events in the trace log files. For more information. Configure the trace log The trace log can be useful for analyzing problems that might occur. user-mode error messages. under Administrator Tasks. Click Start. 2. For more information. When using the Windows SharePoint Services Search service. point to Administrative Tools.0 before the problem occurred. you must also configure Windows Firewall to allow communication on the ports for those Web applications. Perform administrator tasks by using the Central Administration site 1. sites. You can create more SharePoint sites collections. You can use events that are written to the trace log to identify what configuration changes were made in Windows SharePoint Services 3. For more information. By default. Windows SharePoint Services 3. Before making changes to the registry. each one containing 30 minutes of events. in the Logging and Reporting section. 96 log files * 30 minutes of events per file = 2880 minutes or two days of events. do the following: • • In the Number of log files box. Configure Windows Server Backup If you want to use Windows Server Backup with Windows SharePoint Services 3. Ensure that the path specified in the Path box has enough room to store the extra log files or change the path to another location. Tip: To save 10. In the Number of minutes to use a log file box. Windows Server Backup will not work properly with Windows SharePoint Services 3. Store these log files for an extended period of time in a safe location that will not be overwritten. If you do not configure these registry keys. type 30. Because problems related to configuration changes are not always immediately discovered. Trace log files can help you to troubleshoot issues related to configuration changes of the Windows SharePoint Services Search service.You can use the Diagnostic Logging page in Central Administration to configure the maximum number of trace log files to maintain and how long (in minutes) to capture events to each log file.080 minutes (seven days) of events. in the Trace Log section. Click OK.0. you should back up any valued data on the computer. 66 . click Diagnostic logging. 4. Tip: We recommend that you store log files on a hard drive partition that is used to store log files only. you must configure the following registry keys. In Central Administration. Incorrectly editing the registry might severely damage your system. On the Diagnostic Logging page. 3. on the Operations tab. we recommend that you save all trace log files that the system creates on any day that you make any configuration changes related to the search service. Important: You must be logged on as a member of the Administrators group on the local server computer to edit the registry. 2. By default.0. 96 log files are kept. See step 3 in the previous procedure to determine the location that the system stores trace log files for your system. type 336. Configure the trace log to save seven days of events 1. You can also specify the location where the log files are written or accept the default path. you can use any combination of number of log files and minutes to store in each log file. 17. click New. 11. 5. and then click Key. type 00000001. In the User Account Control dialog box. In the Value Data box. and then click DWORD (32-bit) Value. and then click Key. and then on the Edit menu. and then click OK. click New. click New. Type Application Support. 14. and in the Open box. click New. Right-click the Application Identifier value. Type UseSameVssContext as the new value name. 67 . 6. Select the WindowsServerBackup key. and then click OK. Type {c2f52614-5e53-4858-a589-38eeb25c6184} as the key name. and then press ENTER. click New. Click Start. This is the GUID for the WSS Writer. and then click Modify. 8. click Run. 13. Select the new key. 7. Select the Application Support key. and then click OK. and then on the Edit menu. 15. 3. Type WindowsServerBackup and then press ENTER. 12. On the Edit menu. 2. and then press ENTER. 9. and then press ENTER. On the Edit menu. and then press ENTER. and then on the Edit menu. and then click String Value. type Windows SharePoint Services.Configure registry keys for Windows Server Backup 1. click Continue to open the Registry Editor. Right-click the UseSameVssContext value. type regedit. and then click Modify. In the Value Data box. 10. and then click Key. Type Application Identifier as the new value name. Navigate to the following path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ 4. 16. see Install Windows SharePoint Services 3.0. see Chapter overview: End-to-end deployment scenarios.0 for a server farm environment. Plan your deployment and ensure that you have installed all the software requirements.0 by using the command line In this article: • • • • • • • Install software requirements Determine required accounts for installation Install Windows SharePoint Services 3. 5.0 by running Setup at a command prompt Configure the server by using the Psconfig command-line tool Perform additional configuration tasks Create a Web application and a site collection by using the Stsadm command-line tool Configure the trace log This article discusses how to do a clean installation of Windows SharePoint Services 3. To install Windows SharePoint Services 3. Install Windows SharePoint Services 3. 2. Ensure that you have the following software requirements before you run Setup: • Windows SharePoint Services 3. Configure the server by using the Psconfig command-line tool with the appropriate options. 4. Determine the required accounts that are used during installation. Install software requirements Before you run Setup. To install Windows SharePoint Services 3. Create a Web application by using the Stsadm command-line tool. 3. you must perform several actions to prepare your deployment.Install Windows SharePoint Services 3.0 on Windows Server 2008.0 by running Setup at a command prompt and specifying a configuration file. 68 . Create a site collection by using the Stsadm command-line tool.0 on a clean installation of the Windows Server 2003 operating system with the most recent service pack. you can streamline deployment by using command-line tools in combination with other administrator tools to automate unattended installations.0 in a server-farm environment by using command-line tools. Additionally. you have to complete the following steps: 1.0 on a server farm. Command-line tools enable you to customize the configuration of Windows SharePoint Services 3. For more information about the complete list of actions you must perform before installation. 6. NET Framework version 3.aspx) • Plan for administrative and service accounts (Windows SharePoint Services 3.0 at a command prompt.5 from the Microsoft Download Center (http://go.com/fwlink/?LinkId=110508). • Microsoft SQL Server 2000 or Microsoft SQL Server 2005 with the most recent service pack running on at least one database server before you install Windows SharePoint Services 3.microsoft. For more information.0) (http://technet.NET Framework version 3.5.0.0 download contains the Windows Workflow Foundation technology. and one server computer acting as a database server.Note: All the instances of Windows SharePoint Services 3. You can download the .com/en-us/library/cc288210.NET 2. you must have at least one server computer acting as a Web server and an application server.0.microsoft. The .0 on your Web servers. and the detailed account permissions that are required for each configuration.aspx) • Windows SharePoint Services security account requirements (http://go. To deploy a server farm. • The Microsoft .0.NET Framework version 3.microsoft.com/fwlink/?LinkId=92885&clcid=0x409 ) 69 .0 enabled in the Internet Information Services (IIS) Manager on all servers that are running Windows SharePoint Services 3.0) (http://technet. see the following resources: • Plan for security roles (Windows SharePoint Services 3. which is required by workflow features. Note: You can also use the Microsoft . For example. • ASP.0 in the same farm. Determine required accounts for installation Before installing Windows SharePoint Services 3. you should understand the two-tier security model for Windows SharePoint Services 3.0 in the farm must be in the same language.com/en-us/library/cc288186.microsoft. you cannot have both English and Japanese versions of Windows SharePoint Services 3.NET Framework version 3. The following table describes the accounts that are used during installation and configuration of Windows SharePoint Services 3.0. 70 . You must create and configure these accounts before you run Setup. • Member of the Administrators group on each server on which Setup is run. • SQL Server login on the computer that is running SQL Server. the Setup user account must be a member of the db_owner fixed database role for the database. Additional permissions are automatically granted for the server farm account on Web servers and application servers that are joined to a server farm. • The SharePoint Products and Technologies Configuration Wizard. • The Stsadm command-line tool. • Member of the following SQL Server security roles: • securityadmin fixed server role • dbcreator fixed server role If you run Stsadm command-line tool commands that read from or write to a database. • The Psconfig command-line tool. • Domain user account.Account Purpose Requirements Setup user account The Setup user account is used to run the following: • Setup on each server. Server farm account or database access account The server farm account is used to: • Configure and manage the server farm. • Run the Windows SharePoint Services Timer service. and added to the following SQL Server security roles: • dbcreator fixed server role • securityadmin fixed server role • db_owner fixed database role for all databases in the server farm 71 . The server-farm account is automatically added as a SQL Server login on the computer that is running SQL Server. • Act as the application pool identity for the SharePoint Central Administration application pool. • Domain user account. xml file.0. To install Windows SharePoint Services 3. and save the SharePoint. which you do at the command prompt: drive:\path\SharePoint.xml SetupUpgradeSilent\Config.xml SetupSilent\Config.com/fwlink/?LinkID=105656&clcid=0x409 ) • Windows SharePoint Services 3. 2.xml) files. 3.0 omit the <Setting Id="SETUP_REBOOT"Value="Never"/> setting. you have to do the following: 1. Configuration file Description Setup\Config. in folders that correspond to different scenarios. you can install Windows SharePoint Services 3. 72 . Depending on your hardware requirements.exe /extract:drive:\path The folder to which you extracted the SharePoint. Select a Config.microsoft.xml SetupGradualUpgradeSilent\Config.exe file to your computer. Install Windows SharePoint Services 3. you have to install Windows SharePoint Services 3.exe file has to be extracted. Extract the SharePoint. These example files are described in the following table.xml file. These example files are stored under the \Files folder in the root directory of the DVD. Run Setup with the selected Config.0 x64 with Service Pack 1 (http://go.exe file to your computer: • Windows SharePoint Services 3. You must include this setting if you want to suppress restarts during a command-line installation.0 with Service Pack 1 (SP1) (http://go.com/fwlink/?LinkID=105802&clcid=0x409 ) The SharePoint.exe file.0 from one of the following resources.microsoft. Note: You must install Windows SharePoint Services 3. 4.Install Windows SharePoint Services 3.xml SetupFarmSilent\Config.0 and save the SharePoint.0 by running Setup at a command prompt After you have determined the required accounts for the installation.exe file contains examples of configuration (Config.0.0 on the same drive on all loadbalanced front-end Web servers.xml Note: Single server installation Server-farm installation in silent mode Gradual upgrade of an existing farm in silent mode Single server installation in silent mode In-place upgrade of an existing farm in silent mode The example configuration files that are included with Windows SharePoint Services 3. to edit the Config.0 is installed. To control the installation. which you can view if command-line installation fails.xml file.exe file. change to the root directory to locate the setup.0 Setup(*). Do not use a generalpurpose XML editor such as Microsoft Office Word 2007.log"/>. type the following command at a command prompt. Example To set up a farm in silent mode.log"/> <Setting Id="SERVERROLE" Value="WFE"/> <Setting Id="USINGUIINSTALLMODE" Value="0"/> <Display Level="none" CompletionNotice="no" /> </Configuration> Run Setup with a Config. Setup is now finished. Run Setup with the selected Config. Important: Use a text editor. On the drive on which Windows SharePoint Services 3. or customize your own configuration file. Then run setup /config<path and file name> to specify that Setup runs and uses the options that you set in the Config.Example The following example shows the configuration for setting up a farm in silent mode (SetupFarmSilent). such as Notepad. 2. a typical configuration option includes adding a location for a log file. and then press ENTER: setup /config Files\SetupFarmSilent\config.xml file. first edit the Config.xml You can also customize your own configuration file. Press ENTER. setup /config<path and file name> Note: You can select one of the example configuration files. 3. <Logging Type="off" | "standard"(default) | "verbose" Path="path name" Template="file name. 73 . <Configuration> <Package Id="sts"> <Setting Id="REBOOT" Value="ReallySuppress"/> <Setting Id="SETUPTYPE" Value="CLEAN_INSTALL"/> </Package> <Logging Type="verbose" Path="%temp%" Template="Microsoft Windows SharePoint Services 3.xml file. For example.xml file in a text editor to include the elements that you want with the appropriate settings for those elements.xml file at a command prompt 1. 0 is a server from which you want to run the Central Administration Web site.xml reference (Windows SharePoint Services 3. see Command-line reference for the SharePoint Products and Technologies Configuration Wizard (Windows SharePoint Services 3. these parameters are not required. change to the following directory: %COMMONPROGRAMFILES%\Microsoft shared\Web server extensions\12\Bin. you use the Psconfig command-line tool to create a new farm or to connect to an existing farm. Create the configuration database: psconfig-cmd configdb -create -server<database server name>-database<database name> [ -dbuser<domain\user name>-dbpassword <password>] -user<domain\user name>-password<password> -admincontentdatabase<Central Administration Web application content database name> Note: The dbuser and dbpassword parameters are only used in deployments that use SQL Server authentication. For more information about the command-line options for Setup. see Config. On the drive on which SharePoint Products and Technologies is installed. we recommend that the first server on which you install Windows SharePoint Services 3. 2. The tool is located on the drive on which SharePoint Products and Technologies is installed in the following directory: %COMMONPROGRAMFILES%\Microsoft shared\Web server extensions\12\Bin. The following procedure describes how to configure the first server in your farm.com/en-us/library/cc288033.exe command-line reference (https://technet.0).For more information about the options available for customizing the configuration file.0 after Setup has finished. If you are using Windows authentication. Configure Windows SharePoint Services 3. 3. In server-farm deployments. Configure the server by using the Psconfig command-line tool You use the Psconfig command-line tool to configure Windows SharePoint Services 3. see Setup.aspx).0). Psconfig installs the SharePoint Central Administration Web site on the first server in your farm. For more information about the SharePoint Products and Technologies Configuration Wizard and the Psconfig command-line tool and its operations and parameters. How to add servers to your farm is described at the end of this procedure.0 on a farm by using the Psconfig commandline tool 1. Install the Help collection: psconfig-cmd helpcollections -installall 74 . Therefore.microsoft. The log files are available at %COMMONPROGRAMFILES%\Microsoft shared\Web server extensions\12\Logs. psconfig -cmd configdb -connect -server<server name>-database<database name> Note: Omit the -admincontentdatabase command because you have already included this command when you created the configuration database. Perform resource security enforcement: psconfig-cmd secureresources 5. Note: If any of these commands fail. you have to run the configdb command together with the -connect parameter instead of the create parameter. Provision the services of the farm: psconfig -cmd services –provision 6. Register services in the server farm: psconfig-cmd services -install Note: After installing services. b. We recommend that you install and configure Windows SharePoint Services 3. Register all features: psconfig-cmd installfeatures 7. Note: Use the domain and user account information for the server farm account that you created and configured previously. you must start and configure Windows SharePoint Services Search by using the Stsadm command-line tool: a. stsadm-o spsearch -action start -farmserviceaccount <domain\user name> -farmservicepassword<password>[-database name<content database name>][database server<server instance>][-search server<search server name>] For more information. 75 . Install shared application data: psconfig-cmd applicationcontent –install The SharePoint Central Administration Web site has now been created. and can be identified by a file name that begins with “PSC” and the .log file name extension.microsoft.aspx).com/en-us/library/cc288507. Provision the SharePoint Central Administration Web application: psconfig-cmd adminvs -provision -port<port>-windowsauthprovider onlyusentlm 8.0 on all the farm servers before you create sites. look in the post-setup configuration log files. see Spsearch: Stsadm operation (https://technet. To connect to an existing configuration database and join the server to an existing server farm.4. Type the following command. This action exposes the same content to different sets of users by using an additional IIS Web site to host the same content.Use the psconfig -cmd adminvs -provision -port<port>-windowsauthprovider onlyusentlm command if you want to provision the SharePoint Central Administration Web application on additional servers. before you create a Web application and a site collection. 2. you must use the Stsadm command-line tool to create a Web application and a site collection. which minimizes the risk if the server that is running the SharePoint Central Administration Web application fails. you might also need to extend a Web application to another IIS Web site. However. On the drive on which SharePoint Products and Technologies is installed. we recommend that you perform the following administrative tasks: • • • • • • Χονφιγυρε ινχοµινγ ε−µαιλ σεττινγσ Χονφιγυρε ουτγοινγ ε−µαιλ σεττινγσ Χονφιγυρε ωορκφλοω σεττινγσ Χονφιγυρε διαγνοστιχ λογγινγ σεττινγσ Configure antivirus settings Configure outgoing e-mail settings for a specific Web application Create a Web application and a site collection by using the Stsadm command-line tool After you create and configure Windows SharePoint Services 3. Perform additional configuration tasks After you have installed Windows SharePoint Services 3.0. we recommend that you first perform some additional configuration tasks. you must be a member of the Administrators group on the local computer. you also create a new database and define the authentication method that is used to connect to the database. Important: To run the Stsadm command-line tool. When you create a new Web application. If you are in an extranet environment in which you want different users to access content by using different domains. change to the following directory: %COMMONPROGRAMFILES%\Microsoft shared\Web server extensions\12\Bin. you must use the Stsadm command-line tool to create a Web application and a site collection for the farm. A Web application is composed of an Internet Information Services (IIS) site together with a unique application pool.0 on a farm. To successfully complete the command-line installation. and then press ENTER: 76 . Create a Web application and a site collection by using the Stsadm command-line tool 1. com/en-us/library/cc287873. stsadm -o extendvs -url http://intranet -ownerlogin <domain\user name> -owneremail <user@domain. site owners can choose the template when they first browse to the site. 77 .com>-sitetemplate STS#0 -exclusivelyusentlm -databaseserver <database server name> -databasename <content database name> -apidname <application pool name> -apidtype {configurableID | NetworkService} -apidlogin <domain\user name> -apidpwd <password> If you do not specify the template to use. you can use either the extendvs or createsite operation. Example The following command creates a Web application and a site collection with the URL http://intranet that uses the corporate team site template. Note: The createsite operation does not create a new content database. see Stsadm command-line tool (https://technet.com/enus/library/cc288981. see the createsiteinnewdb operation.aspx) and Extendvs: Stsadm operation (https://technet.microsoft.microsoft.aspx). If you want to create a new content database together with the new site. The createsite operation creates a site collection at a specific URL with a specified user as site owner. If you want to create additional Web applications or site collections by using the Stsadm command-line tool. The extendvs operation extends a Web application and creates a new content database.stsadm -o extendvs -url <URL name> -ownerlogin <domain\user name> -owneremail <e-mail address> [-exclusivelyusentlm] [ownername<display name>] [databaseuser<database user name>] [-databaseserver <database server name>] [-databasename <new content database name>] [databasepassword<database password>] [lcid<language>] [sitetemplate<site template>] [description] [sethostheader] [-apidname <application pool name>] [-apidtype {configurableID | NetworkService}] [-apidlogin <domain\user name>] [-apidpwd <application pool password>] For more information. Trace log files can help you troubleshoot issues related to configuration changes of the Windows SharePoint Services Search service.com/en-us/library/cc288051. and how long (in minutes) to capture events to each log file. we recommend that you configure the trace log to save seven days of events. Alternate access mappings enable Windows SharePoint Services 3.0 before the problem occurred. for example). see Createsite: Stsadm operation (https://technet. Alternate access mappings direct users to the correct URLs during their interaction with Windows SharePoint Services 3.aspx). and they enable Windows SharePoint Services 3. By default. 78 .0 (while browsing to the home page of a Windows SharePoint Services 3. see List of Locale ID (LCID) Values as Assigned by Microsoft(http://go. you might want to configure alternate access mappings. The extendvs operation also enables administrators to specify the language of the site collection by using the Locale ID (LCID) parameter.microsoft. Windows SharePoint Services 3. the language of the server is used for the site collection.microsoft. Because problems related to configuration changes are not always immediately discovered. For more information about the available LCID values.microsoft. For more information.0 saves two days of events in the trace log files.aspx ). see Plan alternate access mappings (http://technet.aspx) and Createsiteinnewdb: Stsadm operation (https://technet.For more information. If you do not specify an LCID. each one containing 30 minutes of events. You can use events that are written to the trace log to determine what configuration changes were made in Windows SharePoint Services 3. When you are using the Windows SharePoint Services Search service.0 Web site.com/fwlink/? LinkId=63028&clcid=0x409). You can use the Diagnostic Logging page in Central Administration to configure the maximum number of trace log files to maintain.com/en-us/library/cc288609. After creating sites.microsoft. Store these log files for some time in a safe location that will not be overwritten. 96 log files are kept.0 to serve the correct content back to the user. This means that trace log files that contain events that are older than two days are deleted.0 to map Web requests to the correct Web applications and sites. Configure the trace log The trace log can be useful for analyzing problems that might occur. We recommend that you store log files on a hard disk partition that is used to store log files only. we recommend that you save all trace log files that the system creates on any day that you make any configuration changes.com/enus/library/cc287992. By default. 96 log files * 30 minutes of events per file = 2880 minutes (two days) of events. You can also specify where the log files are written or accept the default path. We strongly recommend that you use least-privilege administration. To install Windows SharePoint Services 3.0 by using least-privilege administration on either a stand-alone server or a server farm. Configure the server by using the Psconfig command-line tool with the appropriate options. 4. 3. Determine the required accounts that are used during installation.0 with least privilege administration by using the command line In this article: • • • • • • • Install software requirements Determine required accounts for least-privilege administration Install Windows SharePoint Services 3. enterprises are often required to use the least-privilege security practice in which each service or user is provided with only the minimum permissions and group memberships that they must have to do the tasks that they are authorized to perform. 79 . 5. Use the least-privilege Setup user account to install Windows SharePoint Services 3.0 standard configuration uses a set of user accounts and installation settings for both stand-alone servers and server farms to simplify the installation process. Plan the deployment and ensure that you have installed all the software requirements.0 by using Setup at a command prompt. Installing Windows SharePoint Services 3. Create a site collection by using the Stsadm command-line tool (only applies on serverfarm installations). 2. you must complete the following steps: 1. However. The Windows SharePoint Services 3.0 on a stand-alone server or on a server farm by using least-privilege administration. and specifying a configuration file. Create a Web application by using the Stsadm command-line tool (only applies on server-farm installations). 6.0 by using the least-privilege account Configure the server by using the Psconfig command-line tool Perform additional configuration tasks Create a Web application and a site collection by using the Stsadm command-line tool Configure the trace log This article discusses how to install Windows SharePoint Services 3.Install Windows SharePoint Services 3.0 to meet least-privilege requirements requires additional preparation and configuration steps. see the following resources: • Plan for security roles (Windows SharePoint Services 3. • ASP.0 on Windows Server 2008. To deploy a server farm.0) (http://technet.NET Framework version 3.microsoft. Note: You can also use the Microsoft . To install Windows SharePoint Services 3.0 by using least-privilege administration in any security configuration. see Chapter overview: End-to-end deployment scenarios.0 in the same farm.NET Framework version 3. you must perform several actions to prepare the deployment.5 from the Microsoft Download Center (http://go.microsoft. For more information. For example. you cannot have both English and Japanese versions of Windows SharePoint Services 3.0) (http://technet. Ensure that you have the following software requirements before you run Setup in any deployment: • Windows SharePoint Services 3. and one server computer acting as a database server. The . Determine required accounts for least privilege administration Before installing Windows SharePoint Services 3.0 and the detailed account permissions that are required for each configuration. you should understand the two-tier security model for Windows SharePoint Services 3.0 enabled in Internet Information Services (IIS) Manager on all servers that are running Windows SharePoint Services 3.NET Framework version 3.0. Note: All the instances of Windows SharePoint Services 3.com/en-us/library/cc288210. For more information about the complete list of actions you must perform before installation.NET Framework version 3.microsoft.com/en-us/library/cc288186.0 for a server farm environment. You can download the . • The Microsoft .0 in the farm must be in the same language.microsoft.0.aspx) • Plan for administrative and service accounts (Windows SharePoint Services 3.com/fwlink/?LinkId=92885&clcid=0x409 ) 80 . you must have at least one server computer acting as a Web server and an application server.com/fwlink/?LinkId=110508).0 on the Web servers.NET 2.Install software requirements Before running Setup.5.0 on a clean installation of the Windows Server 2003 operating system with the most recent service pack. which is required by workflow features. see Install Windows SharePoint Services 3.0 download contains the Windows Workflow Foundation technology. • Microsoft SQL Server 2000 or Microsoft SQL Server 2005 with the most recent service pack running on at least one database server before you install Windows SharePoint Services 3.aspx) • Windows SharePoint Services security account requirements (http://go. Account Purpose Server farm standard requirements Least-privilege administration using domain user accounts requirements Setup user account The Setup user account that is used to run the following: • Setup on each server.0 by using least-privilege administration. with which you should be familiar. • Member of the following SQL Server security roles: • securityadmin fixed server role • dbcreator fixed server role If you run Stsadm commandline commands that read from or write to a database. The following table describes the accounts that are used to install Windows SharePoint Services 3. • The Stsadm command-line tool.Many requirements and configuration steps for installing Windows SharePoint Services 3. Server farm standard requirements with the following additions or exceptions: • Use a separate domain user account.0 by using least-privilege administration resemble the standard farm installation. 81 . For more information about the standard farm installation. • SQL Server login on the computer that is running SQL Server. compared to the standard account requirements for farm installation. • Member of the Administrators group on each server on which Setup is run. • The SharePoint Products and Technologies Configuration Wizard. the Setup user account must be a member of the db_owner fixed database role for the database. • The Psconfig command-line tool. see Install Windows SharePoint Services 3. • Domain user account.0 for a server farm environment. • The Setup user account should not be a member of the Administrators group on the computer that is running SQL Server. depending upon the security configuration of each scenario. • Run the Windows SharePoint Services Timer service. This includes the computer that is running SQL Server. Additional permissions are automatically granted for the server farm account on Web servers and application servers that are joined to a server farm. No executing service or process account is running with local administrator permissions.Account Purpose Server farm standard requirements Least-privilege administration using domain user accounts requirements Server farm account or database access account The server farm account is used to: • Configure and manage the server farm. • Act as the application pool identity for the SharePoint Central Administration Web site. • The server farm account is not a member of the Administrators group on any server in the server farm. The minimum requirements to achieve least-privilege administration include the following: • • Separate accounts are used for different services and processes. By using separate service accounts for each service and limiting the permissions assigned to each account. you reduce the opportunity for a malicious user or process to compromise the environment. You can implement least-privilege administration in many ways. • Domain user account. The configurations for least-privilege administration include: • • • Separate domain user accounts SQL Server authentication Domain user accounts connecting to existing databases 82 . • The server farm account does not require permissions to SQL Server before you create the configuration database. The server farm account is automatically added as a SQL Server login on the computer that is running SQL Server and added to the following SQL Server security roles: • dbcreator fixed server role • securityadmin fixed server role • db_owner fixed database role for all databases in the server farm Server farm standard requirements with the following additions or exceptions: • Use a separate domain user account. xml SetupGradualUpgradeSilent\Config.xml SetupSilent\Config.exe file contains examples of configuration (Config.exe /extract:drive:\path The folder to which you extracted the SharePoint.exe file has to be extracted.0 from one of the following resources. Run Setup with the selected Config. Depending on hardware requirements. you can install Windows SharePoint Services 3. To install Windows SharePoint Services 3. and save the SharePoint.xml file. which you do at the command prompt: drive:\path\SharePoint.0. Extract the SharePoint.xml file.0 x64 with Service Pack 1(http://go. and by using the least-privilege Setup user account that you previously created.0 on the server by using the least privilege account After you have determined the required accounts for the installation.exe file to the computer.com/fwlink/? LinkID=105656&clcid=0x409) • Windows SharePoint Services 3. These example files are stored under the \Files folder in the root directory of the DVD. Configuration file Description Setup\Config. 3. Install Windows SharePoint Services 3. in folders that correspond to different scenarios. The example files are listed and described in the following table. install Windows SharePoint Services 3. You must include this setting if you want to suppress restarts during a command-line installation.microsoft. you perform the following actions: 1.0 and save the SharePoint.xml Important: Single server installation Server-farm installation in silent mode Gradual upgrade of an existing farm in silent mode Single server installation in silent mode In-place upgrade of an existing farm in silent mode The example configuration files that are included with Windows SharePoint Services 3.Install Windows SharePoint Services 3. Note: You must install Windows SharePoint Services 3.xml SetupFarmSilent\Config. Select a Config.exe file to the computer: • Windows SharePoint Services 3.com/fwlink/?LinkID=105802&clcid=0x409 ) The SharePoint. 4.0 with Service Pack 1 (http://go.0 on the same drive on all loadbalanced front-end Web servers.xml SetupUpgradeSilent\Config.0.xml) files. 2.0 omit the <Setting Id="SETUP_REBOOT" Value="Never"/> setting.microsoft. 83 .exe file. Important: Use a text editor. 84 .xml file. <Configuration> <Package Id="sts"> <Setting Id="REBOOT" Value="ReallySuppress"/> <Setting Id="SETUPTYPE" Value="CLEAN_INSTALL"/> </Package> <Logging Type="verbose" Path="%temp%" Template="Microsoft Windows SharePoint Services 3. Example To set up a farm in silent mode. 3.log"/>.0 Setup(*). to edit Config. type the following command at a command prompt.0 is installed. such as Notepad. which you can view if command-line installation fails.log "/> <Setting Id="SERVERROLE" Value="WFE"/> <Setting Id="USINGUIINSTALLMODE" Value="0"/> <Display Level="none" CompletionNotice="no" /> </Configuration> Run Setup with a Config. Press ENTER.Example The following example shows the configuration for setting up a farm in silent mode (SetupFarmSilent).xml file in a text editor to include the elements that you want with the appropriate settings for those elements.xml. 2. change to the root directory to locate the setup. <Logging Type="off" | "standard"(default) | "verbose" Path="path" Template="file name. To control the installation.xml file. Do not use a general-purpose XML editor such as Microsoft Office Word 2007.xml file at a command prompt 1.exe file. Run Setup with the selected Config. For example. Then run setup /config<path and file name> to specify that Setup runs and uses the options that you set in the Config. Setup is now complete. setup /config<path and file name> Note: You can select one of the example configuration files. or customize your own configuration file.xml You can also customize your own configuration file. and then press ENTER: setup /config Files\SetupFarmSilent\config. On the drive on which Windows SharePoint Services 3. first edit the Config. a typical configuration option includes adding a location for a log file. microsoft.com/en-us/library/cc288033. change to the following directory: %COMMONPROGRAMFILES%\Microsoft shared\Web server extensions\12\Bin.microsoft.For more information about the options available for customizing the configuration file. see Config. The Psconfig commandline tool installs the SharePoint Central Administration Web site on the first server in the farm.aspx).0 on a stand-alone server.0 is installed on a stand-alone server or on a farm.com/en-us/library/cc287749. Therefore. and then press ENTER: stsadm -cmd setup The Psconfig command-line tool describes the configuration steps as they occur and notes the successful completion of configuration. For more information about the command-line options for Setup.aspx).microsoft.exe command-line reference (https://technet.0 on a stand-alone server by using the Stsadm command-line tool 1.xml reference (https://technet.com/en-us/library/cc263093. this is the final step in a command-line installation. On the drive on which SharePoint Products and Technologies is installed. The following procedure describes how to configure Windows SharePoint Services 3.0 is a server from which you want to run the Central Administration Web site. Type the following command. 3. we recommend that the first server on which you install Windows SharePoint Services 3. Configure the server by using the Psconfig command-line tool You use the Psconfig command-line tool to configure Windows SharePoint Services 3. 85 . The tool is located at %COMMONPROGRAMFILES%\Microsoft shared\Web server extensions\12\Bin. 2.0 on a stand-alone server In stand-alone server deployments that use least-privilege administration. For more information about the Psconfig command-line tool and its operations and parameters.aspx). Configure Windows SharePoint Services 3.0 on a farm In server farm deployments that use least-privilege administration. Configure Windows SharePoint Services 3. see Command-line reference for the SharePoint Products and Technologies Configuration Wizard (https://technet. see Setup. For a stand-alone server installation. you can run the Psconfig command-line tool with the setup command. Log on by using the Setup user account that you created and configured previously. you use the Psconfig command-line tool to create a new farm or connect to an existing farm. The configuration options are different depending whether Windows SharePoint Services 3.0 after Setup has completed. Configure Windows SharePoint Services 3. Configure Windows SharePoint Services 3. Log on by using the Setup user account that you created and configured previously. Register services in the server farm: psconfig-cmd services -install Note: After installing services. Note: Use the domain and user account information for the server farm account that you previously created and configured. 2. If you are using Windows authentication. Install the Help collection: psconfig-cmd helpcollections -installall 5. Create the configuration database: psconfig-cmd configdb -create -server<database server name>-database<database name> [ -dbuser<domain\user name>-dbpassword<password>] -user<domain\user name> -password<password> -addomain<domain name>-adorgunit<org unit> -admincontentdatabase<Central Administration Web application content database name> Note: The dbuser and dbpassword parameters are only used in deployments that use SQL Server authentication. 4.com/en-us/library/cc288507. b. 3.aspx). you must start and configure Windows SharePoint Services Search by using the Stsadm command-line tool: a. these parameters are not necessary. see Spsearch: Stsadm operation (https://technet.0 on a farm by using the Psconfig commandline tool 1. Perform resource security enforcement: psconfig-cmd secureresources 6.microsoft. On the drive on which SharePoint Products and Technologies is installed. change to the following directory: %COMMONPROGRAMFILES%\Microsoft shared\Web server extensions\12\Bin. Provision the services of the farm: psconfig -cmd services –provision: 86 .The following procedure describes how to configure the first server in the farm. stsadm-o spsearch -action start -farmserviceaccount <domain\user name> -farmservicepassword<password> [-database name<content database name>][database server<server instance>][-search server<search server name>] For more information. Perform additional configuration tasks After you have installed Windows SharePoint Services 3. To connect to an existing configuration database and join the server to an existing server farm. Install shared application data: psconfig -cmd applicationcontent –install The Central Administration Web site has now been created. Note: If any of these commands fail.7. and can be identified by a file name starting with “PSC” and the . run the configdb command with the -connect parameter instead of the –create parameter. Use the psconfig -cmd adminvs -provision –port<port>-windowsauthprovider onlyusentlm command if you want to provision the SharePoint Central Administration Web application on additional servers.0 on all of the farm servers before you start to create sites. we recommend that you perform the following administrative tasks: • • • • • Χονφιγυρε ινχοµινγ ε−µαιλ σεττινγσ Χονφιγυρε ουτγοινγ ε−µαιλ σεττινγσ Configure workflow settings Χονφιγυρε διαγνοστιχ λογγινγ σεττινγσ Configure antivirus settings 87 . which reduces the risk if the server that is running the SharePoint Central Administration Web application fails. However. look in the post-Setup configuration log files. psconfig -cmd configdb -connect –server<server name>-database<database name> Note: Omit the –admincontentdatabase command because you have already included this command when you created the configuration database. we recommend that you first perform some additional configuration tasks. you must use the Stsadm command-line tool to create a Web application. before you create a Web application and a site collection.log extension. The log files are available at %COMMONPROGRAMFILES%\Microsoft shared\Web server extensions\12\Logs. To successfully complete command-line installation on a server farm.0. and a site collection for the farm. Provision the SharePoint Central Administration Web application: psconfig -cmd adminvs -provision -port<port> -windowsauthprovider onlyusentlm 9. Register all features: psconfig-cmd installfeatures 8. We recommend that you install and configure Windows SharePoint Services 3. you might also have to extend a Web application to another IIS Web site. Create a Web application and a site collection by using the Stsadm command-line tool 1. 2. and then press ENTER: stsadm -o extendvs -url <URL name> -ownerlogin <domain\user name> -owneremail <e-mail address> [-exclusivelyusentlm] [-ownername<display name>] [-databaseuser<database user name>] [-databaseserver <database server name>] [-databasename <new content database name>] [-databasepassword<database password>] [-lcid<language>] [-sitetemplate<site template>] [-description] [-sethostheader] [-apidname <application pool name>] [-apidtype {configurableID | NetworkService}] [-apidlogin <domain\user name>] [-apidpwd <application pool password>] 88 .Create a Web application and a site collection by using the Stsadm command-line tool After you create and configure Windows SharePoint Services 3. you must be a member of the Administrators group on the local computer. change to the following directory: %COMMONPROGRAMFILES%\Microsoft shared\Web server extensions\12\Bin. Important: To run the Stsadm command-line tool. This action exposes the same content to different sets of users by using an additional IIS Web site to host the same content. you must use the Stsadm command-line tool to create a Web application and a site collection. Type the following command. you also create a new database and define the authentication method that is used to connect to the database.0 on a farm. When you create a new Web application. If you are in an extranet environment where you want different users to access content by using different domains. On the drive on which SharePoint Products and Technologies is installed. A Web application is composed of an Internet Information Services (IIS) site together with a unique application pool. com/en-us/library/cc288609. For more information.microsoft.0 (while browsing to the home page of a Windows SharePoint Services 3. For more information about the available LCID values. 89 . for example).com>sitetemplate STS#0 -exclusivelyusentlm -databaseserver <database server name> -databasename <content database name> -apidname <application pool name> -apidtype {configurableID | NetworkService}-apidlogin<domain\user name> -apidpwd <password> If you do not specify the template to use. After creating sites. you can use either the extendvs or createsite operation.0 before the problem occurred.com/en-us/library/cc287873.aspx) and Createsiteinnewdb: Stsadm operation (https://technet. The createsite operation creates a site collection at a specific URL with a specified user a site collection owner and site collection administrator.aspx). If you want to create additional Web applications or site collections by using the Stsadm command-line tool. If you want to create a new content database together with the new site. see Plan alternate access mappings (http://technet.0 to map Web requests to the correct Web applications and sites. Alternate access mappings direct users to the correct URLs during their interaction with Windows SharePoint Services 3. see Stsadm command-line tool (https://technet. The extendvs operation extends a Web application and creates a new content database. you might want to configure alternate access mappings. stsadm -o extendvs -url http://intranet -ownerlogin <domain\user name> -owneremail <[email protected]/en-us/library/cc288051. and they enable Windows SharePoint Services 3. Configure the trace log The trace log can be useful for analyzing problems that might occur. Example The following command creates a Web application and a site collection with the URL http://intranet that uses the corporate team site template. You can use events that are written to the trace log to determine what configuration changes were made in Windows SharePoint Services 3.aspx) and Extendvs: Stsadm operation (https://technet.com/enus/library/cc287992.For more information.microsoft.aspx).microsoft. see Createsite: Stsadm operation (https://technet. For more information.0 to serve the correct content back to the user. site owners can choose the template when they first browse to the site.aspx ).0 Web site.microsoft. use the createsiteinnewdb operation.microsoft.com/enus/library/cc288981. see List of Locale ID (LCID) Values as Assigned by Microsoft (http://go. Alternate access mappings enable Windows SharePoint Services 3.com/fwlink/? LinkId=63028&clcid=0x409). Note: The createsite operation does not create a new content database.microsoft. If you do not specify an LCID. the language of the server is used for the top-level site collection. The extendvs operation also enables you to specify the language of the site collection by using the Locale ID (LCID) parameter. Store these log files for some time in a safe location that will not be overwritten. You can use the Diagnostic Logging page in Central Administration to configure the maximum number of trace log files to maintain. 96 log files * 30 minutes of events per file = 2880 minutes or two days of events. we recommend that you configure the trace log to save seven days of events. each one containing 30 minutes of events. This means that trace log files that contain events that are older than two days are deleted. You can also specify where the log files are written or accept the default path. 96 log files are kept. Because problems related to configuration changes are not always immediately discovered. When you are using the Windows SharePoint Services Search service. and how long (in minutes) to capture events to each log file. By default. 90 .0 saves two days of events in the trace log files. Trace log files can help you troubleshoot issues related to configuration changes of the Windows SharePoint Services Search service.By default. we recommend that you save all trace log files that the system creates on any day that you make any configuration changes. We recommend that you store log files on a hard disk drive partition that is used to store log files only. Windows SharePoint Services 3. 0 in a server farm environment 91 . Deploy Windows SharePoint Services 3.II. 0 for a server farm environment 92 .A. Install Windows SharePoint Services 3. and one or more servers running Internet Information Services (IIS) and Windows SharePoint Services 3. Planning your deployment can help you to gather the information you need and to make important decisions before beginning to deploy. Note: There is no direct upgrade from a stand-alone installation to a farm installation.0 technology.0 is more complex than a stand-alone deployment.0 or from previous releases of Windows SharePoint Services. or if you want the scalability of a multi-tier topology. see Upgrading to Windows SharePoint Services 3. and two or more servers providing search services.0 application. several loadbalanced front-end Web servers running IIS and Windows SharePoint Services 3. A server farm typically consists of a database server running either Microsoft SQL Server 2005 or Microsoft SQL Server 2000 with the most recent service pack. It does not cover upgrading from previous releases of Windows SharePoint Services 3. For information about planning.0 on a stand-alone computer. see Planning and architecture for Windows SharePoint Services 3. and can include many servers or as few as two servers. Because a server farm deployment of Windows SharePoint Services 3. For more information about upgrading from a previous release of Windows SharePoint Services. the front-end servers are configured as Web servers.Chapter overview: Install Windows SharePoint Services 3. In this configuration. Note: This article does not cover installing Windows SharePoint Services 3.0 for a server farm environment Important: This article discusses how to do a clean installation of Windows SharePoint Services 3. You can deploy Windows SharePoint Services 3. we recommend that you plan your deployment. if you want the best possible performance. The Web server role provides Web content and services such as search. A server farm consists of one or more servers dedicated to running the Windows SharePoint Services 3.0. For more information. A large server farm typically consists of two or more clustered database servers.0 in a server farm environment if you are hosting a large number of sites.0. see Install Windows SharePoint Services 3. 93 .0 in a server farm environment.0 on a single computer as a stand-alone installation. Suggested topologies Server farm environments can encompass a wide range of topologies.0. Note: We recommend that you read the Known Issues/Readme documentation before you install Windows SharePoint Services 3.0 and a Japanese version of Windows SharePoint Services 3. If you uninstall a previous version of Windows SharePoint Services 3. For information about these accounts. For example.0 on a domain controller. • All the instances of Windows SharePoint Services 3. see Plan for administrative and service accounts. Setup might fail to create the configuration database and the installation will fail.0. Phase 1: Deploy and configure the server infrastructure Deploying and configuring the server infrastructure consists of the following steps: • • • • Preparing the database server. • • Running the SharePoint Products and Technologies Configuration Wizard. you cannot have both an English version of Windows SharePoint Services 3. see Deploy language packs (Windows SharePoint Services 3.0 in the farm must be in the same language.0.0 on the same drive on all loadbalanced front-end Web servers. • You must install Windows SharePoint Services 3. and deploying and configuring SharePoint site collections and sites. Overview of the deployment process The deployment process consists of two phases: deploying and configuring the server infrastructure. Verifying that the servers meet hardware and software requirements.0 in the same farm. • Installing available language template packs on front-end Web servers (optional). you must provide credentials for several different accounts.0 on a clean installation of the Microsoft Windows Server 2003 operating system with the most recent service pack.0). Installing Windows SharePoint Services 3. • You must install Windows SharePoint Services 3. Starting the Windows SharePoint Services Search service. 94 . Running Setup on all servers you want to be in the farm. For more information about installing language template packs.0 in a server farm environment. and then install Windows SharePoint Services 3. Preinstalling the databases (optional).Before you begin deployment This section provides information about actions that you must perform before you begin deployment. • To deploy Windows SharePoint Services 3.0 on a domain controller requires additional configuration steps that are not discussed in this article. Phase 2: Deploy and configure SharePoint site collections and sites Deploying and configuring SharePoint site collections and sites consists of the following steps: • • Creating the site collections. Creating the sites. For more information about creating site collections and sites, see Deploy and configure SharePoint sites. 95 Prepare the database servers In this article: • • • SQL Server and database collation Required accounts Preinstall databases (optional) Before installing Windows SharePoint Services 3.0, you must prepare the database server. The database server must be running Microsoft SQL Server 2005 or Microsoft SQL Server 2000 with the most recent service pack. The Windows SharePoint Services 3.0 Setup program automatically creates the necessary databases when you install and configure Windows SharePoint Services 3.0. Optionally, you can preinstall the required databases if your IT environment or policies require this. For more information about prerequisites, see Determine hardware and software requirements. If you are using SQL Server 2005, you must also change the surface area settings. Configure surface area settings in SQL Server 2005 1. Click Start, point to All Programs, point to Microsoft SQL Server 2005, point to Configuration Tools, and then click SQL Server Surface Area Configuration. 2. In the SQL Server 2005 Surface Area Configuration dialog box, click Surface Area Configuration for Services and Connections. 3. In the tree view, expand the node for your instance of SQL Server, expand the Database Engine node, and then click Remote Connections. 4. Select Local and Remote Connections, select Using both TCP/IP and named pipes, and then click OK. SQL Server and database collation The SQL Server collation must be configured for case-insensitive. The SQL Server database collation must be configured for case-insensitive, accent-sensitive, Kana-sensitive, and widthsensitive. This is to ensure file name uniqueness consistent with the Windows operating system. For more information about collations, see "Selecting a SQL Collation" or "Collation Settings in Setup" in SQL Server Books Online. Required accounts The following table describes the accounts that are used to configure Microsoft SQL Server and to install Windows SharePoint Services 3.0. For more information about the required accounts, including specific privileges required for these accounts, see Plan for administrative and service accounts (http://technet.microsoft.com/en-us/library/cc288210.aspx ). 96 Account Purpose Setup user account Farm search service account The account that is used to run Setup on each server. The service account for the Windows SharePoint Services Search service. There is only one instance of this service in the server farm. Used to access content databases associated with the Web application. Application pool process account Preinstall databases (optional) In many IT environments, database creation and management are handled by the database administrator (DBA). Security and other policies might require that the DBA create the databases required by Windows SharePoint Services 3.0. For more information about preinstalling databases, including detailed procedures that describe how the DBA can create these databases, see Deploy using DBA-created databases. 97 Prepare the front-end Web servers In this article: • • Install the Microsoft .NET Framework version 3.0 Enable ASP.NET 2.0 Before you install and configure Windows SharePoint Services 3.0, be sure that your servers have the recommended hardware and software. To deploy a server farm, you need at least one server acting as a Web server and an application server, and one server acting as a database server. For more information about these requirements, see Determine hardware and software requirements (http://technet.microsoft.com/en-us/library/cc288751.aspx). Install the Microsoft .NET Framework version 3.0 Go to the Microsoft Download Center Web site (http://go.microsoft.com/fwlink/? LinkID=72322&clcid=0x409), and on the Microsoft .NET Framework 3.0 Redistributable Package page, follow the instructions for downloading and installing the .NET Framework version 3.0. There are separate downloads for x86-based computers and x64-based computers; be sure to download and install the appropriate version for your computer. The .NET Framework version 3.0 download contains the Windows Workflow Foundation technology, which is required by workflow features. Enable ASP.NET 2.0 You must enable ASP.NET 2.0 on all servers. Enable ASP.NET 2.0 1. Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager. 2. In the IIS Manager tree, click the plus sign (+) next to the server name, and then click the Web Service Extensions folder. 3. In the details pane, click ASP.NET v2.0.50727, and then click Allow. 98 we recommend that the first server on which you install Windows 99 . and creating the Central Administration Web site. After Setup finishes. see Deploy a simple farm on the Windows Server 2008 operating system. After preparing your database and the servers in your farm. Run Setup on the first server We recommend that you install and configure Windows SharePoint Services 3.0.Install Windows SharePoint Services 3. and configuring the farm.0 services and create sites. such as additional load-balanced Web servers. and Windows SharePoint Services 3.0 are different.0 and run the SharePoint Products and Technologies configuration wizard In this article: • • Run Setup on the first server Start the Windows SharePoint Services Search service This information applies to Microsoft Windows Server 2003. installing Windows SharePoint Services 3.0 on the first server. Adding servers to the farm can be done at any time to add redundancy.0 components on the server. The SharePoint Products and Technologies Configuration Wizard automates several configuration tasks. Setting up the first server involves two steps: installing the Windows SharePoint Services 3. including installing and configuring the configuration database. When you install Windows SharePoint Services 3. the Microsoft .0 services. For more information. Any additional servers that you add must be joined to this farm. Note: We recommend that you run Setup on all the servers that will be in the farm before you configure the farm. You must have Microsoft SQL Server 2005 database software running on at least one back-end database server before you install Windows SharePoint Services 3. Therefore. you can use the SharePoint Products and Technologies Configuration Wizard to configure Windows SharePoint Services 3.0 on all of your farm servers before you configure Windows SharePoint Services 3.NET Framework version 3.0. you establish the farm.0 on your farm servers. If you are in a Windows Server® 2008 environment. run Setup and then run the SharePoint Products and Technologies Configuration Wizard on all your farm servers. the steps to install and configure Internet Information Services (IIS). Note: Setup installs the Central Administration Web site on the first server on which you run Setup. The Basic option is for stand-alone installations. select the Feedback tab and select the option you want. 2. Use the following instructions to run the SharePoint Products and Technologies Configuration Wizard. type the name of the computer that is running SQL Server. The Stand-alone option is for standalone installations. The configuration wizard automates several configuration tasks. click No. 6. to participate in the Customer Experience Improvement Program. and creating the Central Administration Web site. On the Welcome to SharePoint Products and Technologies page. Click Close to start the configuration wizard. 5. To learn more about the program. Run the SharePoint Products and Technologies Configuration Wizard After Setup finishes.SharePoint Services 3. Run the SharePoint Products and Technologies Configuration Wizard 1. In the dialog box that notifies you that some services might need to be restarted during configuration. a dialog box appears that prompts you to complete the configuration of your server. select the I accept the terms of this agreement check box. Optionally. 5. click Install Now. 3. 2. click Next.0. and then type the location name or Browse to the location. and then click Next. Type a name for your configuration database in the Database name box. click Yes. When you have chosen the correct options. including installing and configuring the configuration database.0 at a custom location. 8. you can use the SharePoint Products and Technologies Configuration Wizard to configure Windows SharePoint Services 3. 7. click the link. Optionally. in the Database server box. On the Read the Microsoft Software License Terms page. On the Server Type tab. 4. installing Windows SharePoint Services 3. or use the default database name. select the Data Location tab. click Web Front End.0 be a server from which you want to run the Central Administration Web site. click Advanced. The default name is "SharePoint_Config". and then click Continue. When Setup finishes. to install Windows SharePoint Services 3. On the Choose the installation you want page. You must have an Internet connection to view the program information. Instructions for completing the wizard are provided in the next set of steps. 100 . Run Setup on the first server 1. In the Specify Configuration Database Settings dialog box.0 services. Be sure that the Run the SharePoint Products and Technologies Configuration Wizard now check box is selected. 3. On the Connect to a server farm page. 4. review the terms. I want to create a new server farm. Because this account does not require a high level privilege. use the default setting (NTLM). Note: In most cases. and then configure user authentication settings in Internet Explorer. you might need to add the SharePoint Central Administration Web site to the list of trusted sites. type a port number if you want the SharePoint Central Administration Web application to use a specific port. and it is the account under which the Windows® SharePoint Services Timer service runs. select the Specify port number check box. and then click Next. do one of the following: • If you want to use NTLM authentication (the default). Use Negotiate (Kerberos) only if Kerberos authentication is supported in your environment. and then click Next. 10. Note: If you are prompted for your user name and password. In the Configure SharePoint Central Administration Web Application dialog box. click Next. • If you want to use Kerberos authentication. On the Configuration Successful page. The user account that you specify for this service account must be a domain user account. the SQL Server Database Creator server role. The SharePoint Products and Technologies Configuration Wizard adds this account to the SQL Server Logins. For more information. On the Completing the SharePoint Products and Technologies Configuration Wizard page. 11. It also acts as the application pool identity for the SharePoint Central Administration application pool. click Finish. Instructions for 101 . and the SQL Server Security Administrators server role. and specify a user account that is not a member of the Administrators group on your Web servers or your back-end servers. The SharePoint Central Administration Web site home page opens. click Next. see How to configure a Windows SharePoint Services virtual server to use Kerberos authentication and how to switch from Kerberos authentication back to NTLM authentication (http://go. (Be sure to type the user name in the format DOMAIN\username. In the User name box. or leave the Specify port number check box cleared if you do not care which port number the SharePoint Central Administration Web application uses. 9. To do this. type the user's password. you must be a member of the Domain Admins group. click Negotiate (Kerberos). On the Configure SharePoint Central Administration Web Application page. type the user name of the server farm account.6. we recommend that you follow the principle of least privilege.com/fwlink/?LinkID=76570&clcid=0x409 ).) Important This account is the server farm account and it is used to access your configuration database. 8. In the Password box. Using the Negotiate (Kerberos) option requires you to configure a Service Principal Name (SPN) for the domain user account. 7.microsoft. 3. 6. type the URL for the SharePoint Central Administration Web site. Clear the Require server verification (https:) for all sites in this zone check box. Add the SharePoint Central Administration Web site to the list of trusted sites 1. 4. Click Close to close the Trusted sites dialog box. 7. Type the port number of the proxy server in the Port box. In Internet Explorer. you might need to configure your proxy server settings so that local addresses bypass the proxy server. and then click Sites. Click OK to close the Internet Options dialog box. Important: If you uninstall Windows SharePoint Services 3. click Trusted sites. In the Add this Web site to the zone box. click Internet Options. Type the address of the proxy server in the Address box. 3.0 on your farm servers. 2. Click OK to close the Local Area Network (LAN) Settings dialog box.0 services and create sites. select the Use a proxy server for your LAN check box. 5. Add servers to the farm We recommend that you install and configure Windows SharePoint Services 3. on the Tools menu. click LAN Settings. Configure proxy server settings to bypass the proxy server for local addresses 1. and then click Add. in the Select a Web content zone to specify its security settings box.configuring these settings are provided in the next set of steps. On the Connections tab. 5. Instructions for configuring this setting are provided later in this section. on the Tools menu. 9. In the Automatic configuration section. 2. 6.0 from the first server on which you installed it. 102 . click Internet Options. In the Proxy Server section. your farm might experience problems. 8. In Internet Explorer.0 on all of your farm servers before you configure Windows SharePoint Services 3. Click OK to close the Internet Options dialog box. Select the Bypass proxy server for local addresses check box. On the Security tab. Note: If a proxy server error message appears. You must have SQL Server 2005 running on at least one back-end database server before you install Windows SharePoint Services 3. in the Local Area Network (LAN) settings area. clear the Automatically detect settings check box. 4. click Next. The Stand-alone option is for standalone installations. and then type the location name or Browse to the location.0 at a custom location. including installing and configuring the configuration database. 6. and then from the Database name list. You must have an Internet connection to view the program information. click Web Front End. On the Server Type tab. 6. select the I accept the terms of this agreement check box. In the dialog box that notifies you that some services might need to be restarted during configuration. 8. On the Choose the installation you want page. Click Close to start the configuration wizard. 3. 2. in the Database server box. The configuration wizard automates several configuration tasks. Use the following instructions to run the SharePoint Products and Technologies Configuration Wizard. Optionally. When Setup finishes. and installing Windows SharePoint Services 3. click Install Now. type the user name of the account used to connect to the computer running SQL Server. 4. click Yes. and then click Continue. a dialog box appears that prompts you to complete the configuration of your server. select the Feedback tab and select the option you want. select the database name that you created when you configured the first server in your server farm. to install Windows SharePoint Services 3. Be sure that the Run the SharePoint Products and Technologies Configuration Wizard now check box is selected. (Be sure to type the user name in the format DOMAIN\username.0 services. In the User name box. 3.) This must be the same user account you used when you configured 103 . On the Connect to a server farm page. click Yes. 2.0. I want to connect to an existing server farm. click Advanced. 5. When you have chosen the correct options. type the name of the computer that is running SQL Server. review the terms.Run Setup on additional servers 1. to participate in the Customer Experience Improvement Program. In the Specify Configuration Database Settings dialog box. select the Data Location tab. click the link. Click Retrieve Database Names. Run the SharePoint Products and Technologies Configuration Wizard 1. On the Read the Microsoft Software License Terms page. use the SharePoint Products and Technologies Configuration Wizard to configure Windows SharePoint Services 3. On the Welcome to SharePoint Products and Technologies page. Optionally. 7. Run the SharePoint Products and Technologies Configuration Wizard on additional servers After Setup finishes. To learn more about the program. Instructions for completing the wizard are provided in the next set of steps. and then click Next. 5. 4. The Basic option is for stand-alone installations. In the Content Access Account section. 7. either accept the default settings. 7.the first server. specify the user name and password for the user account that the Search service will use to search over content. click Start. click Finish. 5. 3. 8. 4. 2. On the Configure Windows SharePoint Services Search Service Settings page. specify the user name and password for the user account under which the Search service will run. On the Configuration Successful page. click the Operations tab on the top link bar. or specify the schedule that you want the Search service to use when searching over content. Start the Windows SharePoint Services Search service 1. In the Password box. click the server on which you want to start the Windows SharePoint Services Search service. type the user's password. click Servers in farm. If you do not enter credentials. You must start it on at least one of your servers. in the Topology and Services section. On the Servers in Farm page. 104 . click Next. On the SharePoint Central Administration home page. This account must have read access to all the content you want it to search over. 8. After you have configured all the settings. In the Indexing Schedule section. On the Operations page. in the Service Account section. 6. and then click Next. Next to Windows SharePoint Services Search. Start the Windows SharePoint Services Search service You must start the Windows SharePoint Services Search service on every computer that you want to search over content. 9. On the Completing the SharePoint Products and Technologies Configuration Wizard page. the same account used for the Search service will be used. click Start. the text that appears on the site or the site collection is displayed in the site template's language. on your front-end Web servers. the site's 105 .0.0. once you choose a language-specific site template for a site or a site collection. About language IDs and language packs When site owners or site collection administrators create sites or site collections. Word breakers and stemmers are automatically installed on your front-end Web servers by Setup. which contain language-specific site templates.Deploy language packs (Windows SharePoint Services 3. they can choose a language for the each site or site collection The language they choose represents the language identifier (ID). Word breakers and stemmers enable you to efficiently and effectively search across content on SharePoint sites and site collections in multiple languages without requiring separate installations of Windows SharePoint Services 3. the site or site collection will always display content in the language of the original site template. Language packs are typically used in multinational deployments where a single server farm supports people in different locations or in situations where sites and Web pages must be duplicated in one or more languages.com/downloads/details.microsoft. and the language ID determines the language that is used to display text and interpret text that is put on the site or site collection.aspx?FamilyID=36ee1bf0-652c-4e38-b247f29b3eefa048&DisplayLang=en).0) In this article: • • • About language IDs and language packs Preparing your front-end Web servers for language packs Installing language packs on your front-end Web servers Language packs enable site owners and site collection administrators to create SharePoint sites and site collections in multiple languages without requiring separate installations of Windows SharePoint Services 3.0. you must uninstall all language packs before you uninstall Windows SharePoint Services 3. at "Windows SharePoint Services 3. Important: If you are uninstalling Windows SharePoint Services 3. For example. You install language packs.0.0 from the Microsoft Download site.0 Language Pack" (http://www. Note: You cannot change an existing site. site collection. when a site administrator chooses to create a site in French. You can install language lacks for Windows SharePoint Services 3. or Web page from one language to another by applying different language-specific site templates. When an administrator creates a site or a site collection based on a language-specific site template. toolbars, navigation bars, lists, and column headings appear in French. Likewise, if a site administrator chooses to create a site in Arabic, the site's toolbars, navigation bars, lists, and column headings appear in Arabic, and the default left-to-right orientation of the site changes to a right-to-left orientation to properly display Arabic text. The list of available languages that a site administrator can use to create a site or site collection is generated by the language packs that are installed on your front-end Web servers. By default, sites and site collections are created in the language in which Windows SharePoint Services 3.0 was installed. For example, if you install the Spanish version of Windows SharePoint Services 3.0, the default language for sites, site collections, and Web pages is Spanish. If a site administrator needs to create sites, site collections or Web pages in a language other than the default Windows SharePoint Services 3.0 language, you must install the language pack for that language on your front-end Web servers. For example, if you are running the French version of Windows SharePoint Services 3.0, and a site administrator wants to create sites in French, English, and Spanish, you must install the English and Spanish language packs on your front-end Web servers. Note: By default, when a site administrator creates a new Web page within a site, the Web page uses the site's language ID to display text. Language packs for Windows SharePoint Services 3.0 are not bundled into multilingual installation packages. You must install a specific language pack for each language that you want to support. Also, language packs must be installed on each of your front-end Web servers to ensure that each Web server can render content in the specified language. The following table lists the language packs that are available for Windows SharePoint Services 3.0. Language Country/Region Language ID German English Japanese Germany United States Japan 1031 1033 1041 Although a site administrator specifies a language ID for a site, some user interface elements such as error messages, notifications, and dialog boxes do not display in the language that was specified. This is because Windows SharePoint Services 3.0 relies on several supporting technologies — for example, the Microsoft .NET Framework, Microsoft Windows Workflow Foundation, Microsoft ASP.NET, and Microsoft SQL Server 2005 — some of which are localized into only a limited number of languages. If a user interface element is generated by any of the supporting technologies that is not localized into the language that the site administrator specified for the site, the user interface element appears in English. For example, if a site administrator creates a site in Hebrew, and the.NET Framework component displays a notification message, the notification message will not display in Hebrew because the .NET Framework is not localized into Hebrew. This situation can occur when sites are created in any language except the following: Chinese, French, German, Italian, Japanese, Korean, and Spanish. 106 In some cases, some text might originate from the original installation language, which can create a mixed-language experience. This type of mixed-language experience is typically seen only by content creators or site administrators and is not seen by site users. Preparing your front-end Web servers for language packs Before you install language packs on your front-end Web servers, you must do the following: • • Install the necessary language files on your front-end Web servers. Install Windows SharePoint Services 3.0 on each of your front-end Web servers. • Run the SharePoint Products and Technologies Configuration Wizard on each of your front-end Web servers. Language files are used by the operating system and provide support for displaying and entering text in multiple languages. Language files include: • • • • • • • Keyboard files Input Method Editors (IMEs) TrueType font files Bitmap font files Code page conversion tables National Language Support (.nls) files Script engines for rendering complex scripts Most language files are installed by default on the Microsoft Windows Server 2003 operating system. However, you must install supplemental language files for East Asian languages and languages that use complex script or require right-to-left orientations. The East Asian languages include Chinese, Japanese, and Korean; the complex script and right-to-left oriented languages include Arabic, Armenian, Georgian, Hebrew, the Indic languages, Thai, and Vietnamese. Instructions for installing these supplemental language files are provided in the following procedure. We recommend that you install these language files only if you need them. The East Asian files require about 230 megabytes of hard disk space. The complex script and right-to-left languages do not use much disk space, but installing either set of files might reduce performance when entering text. Note: You must be a member of the Administrators group on the computer to install these language files. After the language files are installed, the languages are available to all users of the computer. Note: You will need your Windows Server 2003 product disc to perform this procedure, or you will need to know the location of a shared folder that contains your operating system installation files. 107 Note: You must restart your computer after you install supplemental language files. Install additional language files 1. On your front-end Web server, click Start, point to Settings and then Control Panel, and then click Regional and Language Options. 2. In the Regional and Language Options dialog box, on the Languages tab, in the Supplemental Language Support section, select one or both of the following checkboxes: • • Install files for complex script and right-to-left languages Install files for East Asian languages 3. Click OK in the dialog box that alerts you that additional disk space is required for the files. 4. Click OK to install the additional language files. 5. When prompted, insert your Windows Server 2003 product disc or provide the location of your Windows Server 2003 installation files. 6. When prompted to restart your computer, click Yes. After you install the necessary language files on your front-end servers, you need to install Windows SharePoint Services 3.0 and run the SharePoint Products and Technologies Configuration Wizard. The wizard creates and configures the configuration database and performs other configuration tasks that must be done before you install language packs. For more information about installing Windows SharePoint Services 3.0 and running the SharePoint Products and Technologies Configuration Wizard, see Deploy in a simple server farm and Install Windows SharePoint Services 3.0 on a stand-alone computer. Installing language packs on your front-end Web servers After you install the necessary language files on your front-end servers, you can install your language packs. Language packs are available as individual downloads (one download for each supported language). If you have a server farm environment, and you are installing language packs to support multiple languages, you must install the language packs on each of your frontend Web servers. Important: The language pack installs in its native language, for example the Russian language pack executable file is localized into Russian. The procedure provided below is for the English language pack. Install a language pack 1. Run setup.exe. 2. On the Read the Microsoft Software License Terms page, review the terms, select 108 the I accept the terms of this agreement check box, and then click Continue. 3. The setup wizard runs and installs the language pack. 4. Rerun the SharePoint Products and Technologies Configuration Wizard, using the default settings. If you do not run the SharePoint Products and Technologies Configuration Wizard after you install a language pack, the language pack will not be installed properly. Rerun the SharePoint Products and Technologies Configuration Wizard 1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Products and Technologies Configuration Wizard. 2. On the Welcome to SharePoint Products and Technologies page, click Next. 3. Click Yes in the dialog box that alerts you that some services might need to be restarted during configuration. 4. On the Modify server farm settings page, click Do not disconnect from this server farm, and then click Next. 5. If the Modify SharePoint Central Administration Web Administration Settings page appears, do not modify any of the default settings, and then click Next. 6. On the Completing the SharePoint Products and Technologies Configuration Wizard page, click Next. 7. On the Configuration Successful page, click Finish. When you install language packs, the language-specific site templates are installed in the \Program Files\Common Files\Microsoft Shared\web server extensions\12\template\ number directory, where number is the Language ID for the language that you are installing. For example, the US English language pack installs to the \Program Files\Common Files\Microsoft Shared\web server extensions\12\template\1033 directory. After you install a language pack, site owners and site collection administrators can create sites and site collections based on the language-specific site templates by specifying a language when they are creating a new SharePoint site or site collection. Uninstalling language packs If you no longer need to support a language for which you have installed a language pack, you can remove the language pack by using Add/Remove Programs in Control Panel. Removing a language pack removes the language-specific site templates from your computer. All sites that were created with those language-specific site templates will no longer work (the URL will produce a HTTP 500 - Internal server error page). Reinstalling the language pack will make the site functional. Note: You cannot remove the language pack for the version of Windows SharePoint Services 3.0 that you have installed on your server. For example, if you are running the Japanese version of Windows SharePoint Services 3.0, you cannot uninstall the Japanese language support for Windows SharePoint Services 3.0. 109 B. Perform additional configuration tasks 110 . Chapter overview: Perform additional configuration tasks After the initial installation and configuration of Windows SharePoint Services 3.0, you can configure several additional settings. The configuration of additional settings is optional, but many key features are not available unless these settings are configured. Configure additional administrative settings To take full advantage of the administrative features and capabilities of Windows SharePoint Services 3.0, perform the following optional administrative tasks by using SharePoint Central Administration: • Configure incoming e-mail settings You can configure incoming e-mail settings so that SharePoint sites accept and archive incoming e-mail. You can also configure incoming email settings so that SharePoint sites can archive e-mail discussions as they happen, save emailed documents, and show e-mailed meetings on site calendars. In addition, you can configure the SharePoint Directory Management Service to provide support for e-mail distribution list creation and management. For more information, see Configure incoming email settings. • Configure outgoing e-mail settings You can configure outgoing e-mail settings so that your Simple Mail Transfer Protocol (SMTP) server sends e-mail alerts to site users and notifications to site administrators. You can configure both the "From" e-mail address and the "Reply" e-mail address that appear in outgoing alerts. You can also configure outgoing e-mail settings for all Web applications or for only one Web application. For more information, see Configure outgoing e-mail settings and Configure outgoing e-mail settings for a specific Web application. • Create SharePoint sites When Setup finishes, you have a single Web application that hosts a single SharePoint site. If your site design requires multiple sites or multiple Web applications, you can create more SharePoint sites and Web applications. For more information, see Deploy and configure SharePoint sites. • Configure workflow settings You can configure workflow settings to enable end users to create their own workflows by using code pre-generated by administrators. You can also configure whether internal users without site access can receive workflow alerts, and whether external users can participate in workflows by receiving copies of documents by e-mail. For more information, see Configure workflow settings. • Configure diagnostic logging settings You can configure several diagnostic logging settings to help with troubleshooting. These include enabling and configuring trace logs, event messages, user-mode error messages, and Customer Experience Improvement Program events. For more information, see Configure diagnostic logging settings. • Configure antivirus settings You can configure several antivirus settings if you have an antivirus program that is designed for Windows SharePoint Services 3.0. Antivirus settings 111 allow you to control whether documents are scanned on upload or on download, and whether users can download infected documents. You can also specify how long you want the antivirus program to run before it times out, and you can specify how many execution threads the antivirus program can use on the server. For more information, see Configure anti-virus settings. You can use the following procedure to configure optional administrative settings using SharePoint Central Administration. Configure administrative settings using SharePoint Central Administration 1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint 3.0 Central Administration. 2. On the SharePoint Central Administration home page, under Administrative Tasks, click the administrative task that you want to perform. 3. On the Administrative Tasks page, next to Action, click the task. 112 Configure incoming e-mail settings • • • • • • • Install and configure the SMTP service Configure Active Directory Configure permissions to the e-mail drop folder Configure DNS Manager Configure attachments from Outlook 2003 Configure incoming e-mail settings Configure incoming e-mail on SharePoint sites Use this procedure to configure the incoming e-mail settings for Windows SharePoint Services 3.0. The features of Windows SharePoint Services 3.0 that use incoming e-mail are not available until these settings are configured. Before you configure incoming e-mail settings in Windows SharePoint Services 3.0, confirm that: • You have read the topic Plan incoming e-mail ( http://technet.microsoft.com/enus/library/cc288433.aspx). • One or more servers in your server farm are running the Internet Information Services (IIS) Simple Mail Transfer Protocol (SMTP) service, or you know the name of another server that is running the SMTP service. This server must be configured to accept relayed e-mail from the mail server for the domain. • One or more servers in your server farm are running the Microsoft SharePoint Directory Management Service, or you know the name of another server that is running the SharePoint Directory Management Web Service. • The application pool account for the SharePoint Central Administration Web site has the Create, delete, and manage user accounts right to the container in the Active Directory directory service. • The application pool account for Central Administration, the logon account for the Windows SharePoint Services Timer service, and the application pool accounts for your Web applications have the correct permissions to the e-mail drop folder. • The domain controller running Active Directory has a Mail Exchanger (MX) entry in DNS Manager for the mail server that you plan to use for incoming e-mail. Note: All of these configuration steps are described in detail in the following sections. Install and configure the SMTP service Incoming e-mail for Windows SharePoint Services 3.0 uses the SMTP service. The SMTP service can be either installed on one or more servers in the farm, or administrators can provide an e-mail drop folder for e-mail forwarded from the service on another server. The drop folder option is not 113 recommended because administrators of the other server can affect the availability of incoming email by changing the configuration of SMTP, and because this requires the additional step of configuring permissions to the e-mail drop folder. If a drop folder is not used, the SMTP service must be installed on each server that is used to receive and process incoming e-mail. Typically, this includes every front-end Web server in the farm. Start the Windows SharePoint Services Web Application service Each server that is running the SMTP service must also be running the Windows SharePoint Services Web Application service. These servers are called front-end Web servers. In many cases, this service will have already been configured. Important: Membership in the Administrators group of the Central Administration site is required to complete this procedure. Start the Windows SharePoint Services Web Application service 1. On the top navigation bar, click Operations. 2. On the Operations page, in the Topology and Services section, click Services on server. 3. On the Services on Server page, find Windows SharePoint Services Web Application in the list of services, and click Start. Install the SMTP service The SMTP service is a component of IIS. It must be installed on every front-end Web server in the farm that you want to configure for incoming e-mail. Important: Membership in the Administrators group on the local computer is required to complete this procedure. Install the SMTP service 1. In Control Panel, click Add or Remove Programs. 2. In Add or Remove Programs, click Add/Remove Windows Components. 3. In the Windows Components Wizard, in the Components box, click Application Server, and then click the Details button. 4. In the Application Server dialog box, in the Subcomponents of Application Server box, click Internet Information Services (IIS), and then click the Details button. 5. In the Internet Information Services (IIS) dialog box, select the SMTP Service check box. 6. Click OK to return to the Application Server dialog box. 114 You can decide to accept relayed e-mail from all servers except those you specifically exclude. verify that Anonymous access is selected. point to Administrative Tools. Click OK. 9. On the Access tab. Under Select which computer may relay through this virtual server . To enable relaying from any server. Click Next. On the Access tab. you can block e-mail from all servers except those you specifically include. and then click Properties. 10. c.7. 2. click Authentication. 11. click Finish. 8. 9. Click Start. 5. under Select which computer may relay through this virtual server. or in groups by subnet or domain. select All except the list below. you must configure the service to accept relayed e-mail from the mail server for the domain. In IIS Manager. Click OK to return to the main page of the Windows Components Wizard. To accept relaying from one or more specific servers. 115 . point to All Programs. on the Completing the Windows Components Wizard page. b. Click Add. You can include servers individually. expand the server name that contains the SMTP server that you want to configure. and then click Internet Information Services (IIS) Manager. 8. Right-click the SMTP virtual server that you want to configure. Configure the SMTP service After installing the SMTP service. under Select acceptable authentication methods for this resource. under Access control. Click OK to close the Relay Restrictions dialog box. under Relay restrictions. In the Authentication dialog box. follow these steps: a. Important: Membership in the Administrators group on the local computer is required to complete this procedure. select Only the list below. Click OK to close the Properties dialog box. Click OK to close the Computer dialog box. 6. click Relay. and then add servers one at a time by IP address. or in groups by using a subnet or domain. 4. When Windows has finished installing the SMTP service. Alternatively. 3. 7. Configure the SMTP service 1. 2. point to Control Panel. To use the Microsoft SharePoint Directory Management Service on a farm or server. The Microsoft SharePoint Directory Management Service can be installed on a server in the farm. these applications might run on multiple servers in the same domain. Important: Membership in the Domain Administrators group or delegated authority for domain administration is required to complete this procedure. You must then delegate additional rights to the Central Administration application pool account. you must configure the Central Administration application pool identity account to have the Create. users can create and manage distribution groups from SharePoint sites. delete.0 domain uses the Windows SharePoint Services 3. or you can use a remote Microsoft SharePoint Directory Management Service. administrators of Exchange mail servers can add an SMTP connector so that all mail sent to the Windows SharePoint Services 3. The following procedures are performed on a domain controller that runs Microsoft Windows Server 2003 SP1 (with DNS Manager) and Microsoft Exchange Server 2003 SP1. You must also select which distribution group requests from SharePoint lists require approval. An Active Directory administrator must set up the organizational unit (OU) and delegate the Create. delete. right-click the folder for the second-level domain that contains your server farm. If you enable the Microsoft SharePoint Directory Management Service. In Active Directory Users and Computers. and then click Organizational Unit. For more information about SMTP connectors. such as the Address Book. The preferred way to do this is by delegating the right to the Central Administration application pool identity account. and then click Active Directory Users and Computers. see the Help documentation for Exchange Server. Configure Active Directory Incoming e-mail uses the Microsoft SharePoint Directory Management Service to connect SharePoint sites to the directory services used by your organization. If the application pool account for Central Administration is different from the application pool account for the Web application of the list or site that is enabled for e-mail. In some deployments. point to New. Create an organizational unit in Active Directory 1.0 servers that are running the SMTP service. SharePoint lists that use e-mail can then be found in directory services. 116 .0 servers that are running the SMTP service. In these scenarios. and manage user accounts right to the container that you specify in Active Directory. point to Administrative Tools. The advantage of using the Microsoft SharePoint Directory Management Service on a remote farm is that you do not have to delegate rights to the organizational unit for multiple farm service accounts.Add an SMTP connector in Exchange Server In some scenarios. and manage user accounts right to the container. mail from Microsoft Exchange Server computers might not be automatically relayed to the Windows SharePoint Services 3. you must use the application pool account for the Web application when completing the following procedures. Click Start. and then click Next. and then click OK. 5. under Allow. Click Add. Important: Membership in the Domain Administrators group or the Enterprise Administrators group in Active Directory. and manage user accounts check box. and then click Properties. 4. In the Permission Entries section.3. Delegate right to the application pool account 1. 4. click Finish to exit the wizard. find the organizational unit that you just created. and then click Delegate control. Click OK to close the Permissions dialog box. complete the following procedure. 117 . and manage user accounts right to the container. Domain Administrators group. click Add. 2. click the View menu. On the Welcome page of the Delegation of Control Wizard. delete. Add permissions for the application pool account 1. click Next. Click OK. and then click Advanced. we recommend that you delegate the Create. In Active Directory Users and Computers. Right-click the organizational unit. click OK. After creating the organization unit. is required to complete this procedure. click the Security tab. or delegated authority for administration. and then click Advanced Features. 6. On the Users or Groups page of the Delegation of Control Wizard. On the last page of the Delegation of Control Wizard. Type the name of the organizational unit. 7. In the Properties dialog box. select the Create. 6. 5. delete. or delegated authority for administration. select the Modify permissions check box. On the Users and Groups page. is required to complete this procedure. 8. If you must add permissions for the application pool identity account directly. Right-click the organizational unit that you just created. and then type the name of the application pool identity account for the Web application. and Groups dialog box. 3. In the Permissions section. 7. In Active Directory Users and Computers. On the Tasks to Delegate page of the Delegation of Control Wizard. click Next. In the Select Users. double-click the application pool identity account. and then type the name of the application pool identity account that the Web application uses. 2. Important: Membership in the Account Operators group. or the Enterprise Administrators group in Active Directory. 3. Computers. 8. Select This folder. The procedures for delegating those rights are explained in the previous section. 2. After this delegation is complete. administrators can enable incoming email. is required to complete this procedure. Administrators must delegate full control of the organizational unit to the Central Administration application pool account. Delegate full control of the organizational unit to the Central Administration application pool account 1.asmx. and then type the name of the application pool account for Central Administration. 3. 5. In the Delegation of Control wizard. and creation of new objects in this folder. and then click Next. click Next.9. Right-click the organizational unit. If you decide instead to use the remote Microsoft SharePoint Directory Management Service. you must know the URL for the Web service. Click OK. select Create a custom task to delegate. 118 . or delegated authority for administration. you must delegate additional rights to the Central Administration application pool account. existing objects in this folder. Click Next. then you cannot enable incoming email for the list or site. If you do not delegate these rights. Configure Active Directory under atypical circumstances If you are using the Directory Management Service and the Central Administration application pool uses a different account from the Web application for the list or site on which you want to enable incoming e-mail. you must delegate rights to the application pool account for the Web application. This URL is typically in the following format: http://server:adminport/_vti_bin/SharePointEmailWS. Note: Before you delegate the following rights to the Central Administration application pool account for the organizational unit. Click Add. Click OK to close the Properties dialog box. On the Tasks to Delegate page of the Delegation of Control wizard. and then click Next. 4. To delegate full control of the organizational unit to the Central Administration application pool account Important: Membership in the Domain Administrators group or the Enterprise Administrators group in Active Directory. and then click Delegate control. 6. 7. Click OK to close the Active Directory Users and Computers plug-in. 10. select Create all Child Objects and Delete all Child Objects. To add the Delete Subtree permission for the Central Administration application pool account To enable administrators to disable incoming e-mail on a list. In the Permissions section. 2. see the Help documentation for Active Directory. click the Security tab. Click OK to close the Properties dialog box. 4. Right-click the organizational unit and then click Properties. click Finish to exit the wizard. Click OK to close the Active Directory Users and Computers plug-in. you must ensure that certain accounts have the correct permissions to the e-mail drop folder. you must add the Delete Subtree permission for the Central Administration application pool account. Important: Membership in the Account Operators group. 119 . In the Permissions section. and then click Advanced Features. under Allow. In Active Directory Users and Computers. Configure permissions to the e-mail drop folder When incoming e-mail settings are set to advanced mode. 7. you must restart Internet Information Services (IIS) for the farm. In the Permission Entries section. 9. Click OK to close the Permissions dialog box. click the View menu. On the last page of the Delegation of Control wizard. In the Properties dialog box. is required to complete this procedure. select Delete Subtree. Add the Delete Subtree permission for the Central Administration application pool account 1. After adding the permission. double-click the Central Administration application pool account. 8. Click Next. 5. Domain Administrators group. or the Enterprise Administrators group in Active Directory. Delegating full control of the organizational unit to the Central Administration application pool account enables administrators to enable e-mail for a list. or delegated authority for administration. 6.8. and then click Advanced. Administrators cannot disable email for the list or document library after delegating full control because the Central Administration account tries to delete the contact from the entire organizational unit rather than deleting the contact from the list. 3. 10. For more information about Active Directory. and Read permissions. It 120 . and then click OK. has Full Control permission. under the Group or user names box. If the application pool account for the Web application does not have the required permissions. Click OK. Computers. which includes the application pool accounts for Web applications. permissions are added for two worker process groups: • WSS_Admin_WPG. Note: This account is listed on the Log On tab of the Properties dialog box for the service in the Services console. Configure e-mail drop folder permissions for the application pool account for a Web application If your deployment uses different application pool accounts for Central Administration and one or more Web applications for front-end Web servers. these groups might not be configured automatically for the e-mail drop folder. if Central Administration is running as the Network Service account. when you configure incoming e-mail settings and select an e-mail drop folder. each application account must have permissions to the e-mail drop folder. In the Permissions for User or Group box. In most cases. 5. type the name of the logon account for the Windows SharePoint Services Timer service. 2. select the Allow check box. 4. and then click the Security tab. For example. In some cases.Configure e-mail drop folder permissions for the logon account for the Windows SharePoint Services Timer service Ensure that the logon account for the Windows SharePoint Services Timer service has the Modify permission on the e-mail drop folder. e-mail enabled document libraries will receive duplicate e-mail messages. On the Security tab. 3. right-click the drop folder. e-mail will not be delivered to document libraries on that Web application. List Folder Contents. next to Modify. If the logon account for the service does not have the Modify permission. Important: Membership in the Administrators group on the local computer that contains the e-mail drop folder is required to complete this procedure. click the Add button. In Windows Explorer. Configure e-mail drop folder permissions 1. has Read & Execute. which includes the application pool account for Central Administration and the logon account for the Windows SharePoint Services Timer service. the groups or accounts needed for incoming e-mail will not be added when the e-mail drop folder is created. in the Enter objects to select box. click Properties. In the Select Users. or Groups dialog box. • WSS_WPG. click the Add button. select the Allow check box. In DNS Manager. 4. If the groups have not been added automatically. 121 . In the Fully qualified domain name (FQDN) of mail server text box. Click OK. In the Permissions for User or Group box. Configure DNS Manager Incoming mail requires a Mail Exchanger (MX) resource record to be added in DNS Manager for the host or subdomain running Windows SharePoint Services 3. and then click OK. 4. This is distinct from any existing MX records in the domain. Configure e-mail drop folder permissions 1. Important: Membership in the Administrators group on the local computer that contains the e-mail drop folder is required to complete this procedure. type the name of the worker process group or application pool account for the Web application. 3. 3. Important: Membership in the Administrators group on the local computer is required to complete this procedure. right-click the drop folder. select the forward lookup zone for the domain that contains the subdomain for Windows SharePoint Services 3.is a good idea to check whether these groups have been added automatically to the e-mail drop folder. and then click the Security tab. type the host or subdomain name for Windows SharePoint Services 3.com. In the Host or domain text box. On the Security tab. next to Modify. In the Select Users. Note: This account is listed on the Identity tab of the Properties dialog box for the application pool in IIS. in the Enter objects to select box. Click OK. Add a Mail Exchanger (MX) resource record for the subdomain 1.0. 2.0. 2. In Windows Explorer. This is typically in the format subdomain. Computers. under the Group or user names box.0. you can add them or add the specific accounts that are required. click Properties. type the fully qualified domain name for the server that is running Windows SharePoint Services 3. or Groups dialog box. 5. Right-click the zone and then click New Mail Exchanger.0. 5.domain. The server name must match the fully qualified domain name in the MX entry for the mail server in DNS Manager. in the Topology and Services section. This procedure configures the settings that are used for incoming e-mail. If you select Advanced. Access is configured in the properties for the organizational unit in Active Directory. type the name of the container in the format OU=ContainerName. type the name of the SMTP mail server. Configure incoming e-mail settings Before you can enable incoming e-mail on the server that is running Windows SharePoint Services 3. On the top navigation bar. 2. Attachments from Outlook 2003 that use different encoding will not be listed. In the SMTP mail server for incoming mail box. in the Directory Management Service section. but e-mail messages that contain attachments will be listed. If you want to connect to the SharePoint Directory Management Service. in the Enable Incoming E-Mail section. In the Active Directory container where new distribution groups and contacts will be created box. a. Important: Membership in the Administrators group of the Central Administration site is required to complete this procedure. b. DC=com. and com is the top-level domain. or you must know the name of other servers that are running these services. On the Operations page. on the Incoming E-mail Settings page. Select either the Automatic or the Advanced settings mode. click Yes.0. domain is the second-level domain. where ContainerName is the name of the organizational unit in Active Directory. You can also configure options for safe e-mail servers and the incoming e-mail display address. If you want to enable sites on this server to receive e-mail. 4. click Incoming email settings. DC=domain. and manage user accounts task for the container. 3. To accept only messages from authenticated users. click Yes. 5. you must have configured the SMTP service on front-end Web servers in the farm and the Active Directory and DNS Manager on the domain controller. delete. click Operations.Configure attachments from Outlook 2003 Attachments to messages sent from Microsoft Outlook 2003 must be encoded in UUEncode or Binhex format to appear separately in e-mail enabled document libraries. Configure incoming e-mail settings 1. click Yes for Accept 122 . you can specify a drop folder instead of using an SMTP server. Note: The Central Administration application pool account must be delegated the Create. c. In the Safe E-Mail Servers section. In the SMTP mail server for incoming mail box. 9. Click OK. Under Distribution group request approval settings. click Yes for Allow creation of distribution groups from SharePoint sites. click No. 10. To allow creation of distribution groups from SharePoint sites. e. 123 . click Yes for Accept messages from authenticated users only. To allow creation of distribution groups from SharePoint sites. In the E-mail Drop Folder section. In the Directory Management Service URL box. 11. In the Incoming E-Mail Server Display Address section. in the E-mail drop folder box. If you want to use a remote SharePoint Directory Management Web Service. click No. The server name must match the fully qualified domain name in the MX entry for the mail server in DNS Manager on the domain server. d. Otherwise.messages from authenticated users only. If you do not want to use the Microsoft SharePoint Directory Management Service. click Yes for Allow creation of distribution groups from SharePoint sites. mail. type the URL of the Microsoft SharePoint Directory Management Service that you want to use. type the name of the SMTP mail server. type the IP addresses (one per line) of the e-mail servers that you want to specify as safe in the corresponding box.com) in the E-mail server display address box. a. This option is available only if you selected advanced mode. select Use remote. b. 8. 7. To accept messages from authenticated users only. click No. Actions include the following: • • • • Create new distribution group Change distribution group e-mail address Change distribution group title and description Delete distribution group 6. type the name of the folder in which Microsoft Windows SharePoint Services polls for incoming e-mail from the SMTP service. Otherwise.fabrikam. click No. Use this setting together with the Microsoft SharePoint Directory Management Service to provide an e-mail server address that is more user-friendly. click No. select one of the following options: • Accept mail from all e-mail servers • Accept mail from these safe e-mail servers. Otherwise. Tip: You can specify the e-mail server address that is displayed when users create an incoming e-mail address for a list or group. d. select the actions that will require approval. If you select this option. type a display name for the e-mail server (for example. Otherwise. c. The Active Directory administrator can add more e-mail addresses for each contact.aspx ) 124 . and must be managed by the administrator of Active Directory. For more information about how to manage contacts in Active Directory. Alternatively. For more information about e-mail enabled document libraries.0. see the Help documentation for site administrators. For more information about how to manage Exchange Server. the Exchange Server can be configured by adding a new Exchange Server Global recipient policy to automatically add external addresses that use the second-level domain name and not the subdomain or host for Windows SharePoint Services 3. see the Help documentation for Exchange Server. site administrators can configure e-mail enabled lists and document libraries.Configuring incoming e-mail on SharePoint sites After configuring incoming e-mail settings. see the Help documentation for Active Directory.0. See Also • Plan incoming e-mail (http://technet. Contact addresses created for these document libraries appear automatically in Active Directory Users and Computers under the organizational unit for Windows SharePoint Services 3.microsoft.com/en-us/library/cc288433. the SMTP server must have Internet access if you want the ability to send messages to external e-mail addresses. In Control Panel. click Application Server. 2. In Add or Remove Programs. In the Windows Components Wizard. in the Subcomponents of Application Server box. 3. on the Completing the 125 . The SMTP server that you use can be a server in the farm. or another server. and then click the Details button. click Add or Remove Programs. Click OK to return to the Application Server dialog box. Important: Membership in the Administrators group on the local computer is required to complete this procedure. When Windows has finished installing the SMTP service. After determining which SMTP server to use. In the Internet Information Services (IIS) dialog box. click Add/Remove Windows Components. Install and configure the SMTP service Before you can enable outgoing e-mail. the SMTP server must be configured to allow anonymous access and to allow e-mail messages to be relayed. 4. you must install the Internet Information Services (IIS) Simple Mail Transfer Protocol (SMTP) service. Additionally. Install the SMTP service 1.Configure outgoing e-mail settings In this article: • • Install and configure the SMTP service Configure outgoing e-mail settings Use this procedure to configure the default outgoing e-mail settings for all Web applications. You can override the default outgoing e-mail settings for specific Web applications by using the procedure that is described in Configure outgoing e-mail settings for a specific Web application. and then click the Details button. select the SMTP Service check box. Install the SMTP service The SMTP service is a component of IIS. 9. in the Components box. In the Application Server dialog box. or it must be able to relay authenticated e-mail to a server that has Internet access. Click OK to return to the main page of the Windows Components Wizard. 7. 5. 8. 6. click Internet Information Services (IIS). Click Next. under Select which computer may relay through this virtual server. or in groups by using a subnet or domain. follow these steps: a. Right-click the SMTP virtual server that you want to configure. point to Administrative Tools. select All except the list below. c. under Select acceptable authentication methods for this resource. Under Select which computer may relay through this virtual server . b. 126 . It is important to limit this possibility by carefully configuring your mail servers to help protect against spam. you increase the possibility that the SMTP server will be used to relay unsolicited commercial e-mail (spam). On the Access tab.Windows Components Wizard page. verify that Anonymous access is selected. point to All Programs. Alternatively. under Access control. click Finish. 7. Configure the SMTP service After installing the SMTP service. 4. To enable relaying from any server. 9. 6. 8. Configure the SMTP service 1. Click OK. 2. 10. 3. configure the service to accept relayed e-mail from servers in your farm. or in groups by subnet or domain. expand the server name that contains the SMTP server that you want to configure. Click Start. and then add servers one at a time by IP address. You can include servers individually. and then click Properties. and then click Internet Information Services (IIS) Manager. you can block e-mail from all servers except those you specifically include. under Relay restrictions. Click OK to close the Computer dialog box. 5. click Authentication. To accept relaying from one or more specific servers. In the Authentication dialog box. Click OK to close the Properties dialog box. In IIS Manager. Click Add. and preventing relaying from all other servers. 11. click Relay. select Only the list below. One way that you can do this is by limiting relaying to a specific list of servers or domain. On the Access tab. Click OK to close the Relay Restrictions dialog box. By enabling both anonymous access and e-mail relaying. Important: Membership in the Administrators group on the local computer is required to complete this procedure. You can decide to accept relayed e-mail from all servers except those you specifically exclude. 5. in the Mail Settings section. On the top navigation bar of the SharePoint Central Administration Web site. 6. 4.com/en-us/library/cc287948. type the SMTP server name for outgoing e-mail (for example.com) in the Outbound SMTP server box. 3. In the From address box. click Outgoing email settings. Configure outgoing e-mail settings 1. For information about how to perform this procedure using the Stsadm command-line tool. type the e-mail friendly address as you want it to appear to e-mail recipients. In the Character set menu. On the Operations page. select the character set that is appropriate for your language. Click OK. in the Topology and Services section.microsoft. mail. In the Reply-to address box. type the e-mail address to which you want e-mail recipients to reply.aspx) 127 .example. see Email. On the Outgoing E-Mail Settings page.Configure outgoing e-mail settings Important: Membership in the Farm Administrators group of the Central Administration site is required to complete this procedure. 2. See Also • Plan outgoing e-mail (http://technet. click Operations. 7. The SMTP server that you use can be a server in the farm. 2. Important: Membership in the Administrators group on the local computer is required to complete this procedure. In the Application Server dialog box. in the Components box. 128 . select the SMTP Service check box. Install the SMTP service The SMTP service is a component of IIS. Install and configure the SMTP service Before you can enable outgoing e-mail. you must install the Internet Information Services (IIS) Simple Mail Transfer Protocol (SMTP) service. Install the SMTP service 1. In the Windows Components Wizard. 6. Click Next. 7. 3. the SMTP server must be configured to allow anonymous access and to allow e-mail messages to be relayed. In Control Panel. and then click the Details button. click Internet Information Services (IIS). In Add or Remove Programs. or it must be able to relay authenticated e-mail to a server that has Internet access.Configure outgoing e-mail settings for a specific Web application In this article: • • Install and configure the SMTP service Configure outgoing e-mail settings Use this procedure to configure the outgoing e-mail settings for a specific Web application. 4. the SMTP server must have Internet access if you want the ability to send messages to external e-mail addresses. Click OK to return to the Application Server dialog box. Additionally. in the Subcomponents of Application Server box. 8. click Add/Remove Windows Components. click Application Server. In the Internet Information Services (IIS) dialog box. Click OK to return to the main page of the Windows Components Wizard. or another server. After determining which SMTP server to use. click Add or Remove Programs. and then click the Details button. you must first configure the default outgoing e-mail settings for all Web applications by using the procedure described in Configure outgoing e-mail settings. Before using this procedure. 5. under Select which computer may relay through this virtual server. click Finish. In the Authentication dialog box. under Access control. you can block e-mail from all servers except those you specifically include. verify that Anonymous access is selected. under Select acceptable authentication methods for this resource. and preventing relaying from all other servers. Right-click the SMTP virtual server that you want to configure. In IIS Manager. To enable relaying from any server. 4. 9. and then add servers one at a time by IP address. expand the server name that contains the SMTP server that you want to configure. click Authentication. 8. Configure the SMTP service 1. 6. On the Access tab. point to Administrative Tools. you increase the possibility that the SMTP server will be used to relay unsolicited commercial e-mail (spam). on the Completing the Windows Components Wizard page. One way that you can do this is by limiting relaying to a specific list of servers or domain. select Only the list below. Click OK.9. or in groups by subnet or domain. click Relay. and then click Properties. To accept relaying from one or more specific servers. Click Add. 129 . configure the service to accept relayed e-mail from servers in your farm. follow these steps: a. It is important to limit this possibility by carefully configuring your mail servers to help protect against spam. You can decide to accept relayed e-mail from all servers except those you specifically exclude. Click Start. and then click Internet Information Services (IIS) Manager. or in groups by using a subnet or domain. When Windows has finished installing the SMTP service. under Relay restrictions. Under Select which computer may relay through this virtual server . 2. You can include servers individually. Configure the SMTP service After installing the SMTP service. b. 5. select All except the list below. 10. 7. point to All Programs. By enabling both anonymous access and e-mail relaying. On the Access tab. Click OK to close the Relay Restrictions dialog box. Alternatively. Important: Membership in the Administrators group on the local computer is required to complete this procedure. Click OK to close the Computer dialog box. 3. c. type the SMTP server name for outgoing e-mail (for example. type the e-mail friendly address as you want it to appear to e-mail recipients. type the e-mail address to which you want e-mail recipients to reply.fabrikam. On the Web Application E-Mail Settings page. 4. 2. 5.com) in the Outbound SMTP server box. 6. select a Web application by using the Web Application menu in the Web Application section. type mail. On the top navigation bar of the SharePoint Central Administration Web site.com/en-us/library/cc287948. click Web application outgoing e-mail settings. Configure outgoing e-mail settings 1. Click OK to close the Properties dialog box. On the Character set menu.microsoft.11. In the From address box. Configure outgoing e-mail settings Important: Membership in the Farm Administrators group of the Central Administration site is required to complete this procedure. click the character set that is appropriate for your language. In the Mail Settings section. See Also • Plan outgoing e-mail (http://technet.aspx) 130 . 7. 3. in the SharePoint Web Application Management section. click Application Management. 8. Click OK. In the Reply-to address box. On the Application Management page. the current Web application is displayed in the Web Application menu. On the top navigation bar. In the User-Defined Workflows section. click Change Web Application. Under Allow external users to participate in workflow by sending them a copy 131 . workflows that include those users will not generate alerts for those users. select Yes if you want to enable userdefined workflows. select No. in the Workflow Management section. and then select a new Web application on the Select Web Application page. Configuring workflow settings Note: Membership in the Administrators group of the Central Administration site is required to complete this procedure. You can choose to allow external users to participate in workflows by sending copies of documents to those users by e-mail. 5. On the Workflow Settings page.Configure workflow settings Use this procedure to configure the workflow settings for Windows SharePoint Services 3. Users attempting to complete the task by using the link in the alert will be directed to the Request Permissions page. click Workflow settings. Workflow settings are configured at the Web application level. To configure the settings for a different Web application. workflows can include users who do not have site access. 3. where they can request access to the site. Configure workflow settings 1. You can also choose to limit workflow creation to site administrators. By default. select Yes if you want internal users without site access to be sent an e-mail alert when a task is assigned to them. or select No if you do not want to enable user-defined workflows. In the Workflow Task Notifications section. click Application Management. in the Web Application section. enabling you to configure different settings for different Web applications. under Alert internal users who do not have site access when they are assigned a workflow task . 2.0. you must first select the Web application to configure. On the Application Management page. 6. 4. If you do not enable alerts for internal users without site access. By default. external users cannot participate in workflows. When you configure workflow settings. If you do not want internal users without site access to be sent an e-mail alert when a task is assigned to them. Site administrators can create workflows from the Site Settings page for the site or site collection. end users can create their own workflows by using code already deployed by an administrator. and external users included in workflows will not be alerted. By default. Users without site access who attempt to complete the task assigned to them will be directed to the Error: Access Denied page. Click OK.of the document. select Yes if you want documents to be sent to external users by email when those users are part of the workflow but they do not have access permissions to the documents. the list item properties are displayed in a table as part of the e-mail message. 7. Note: If the object in the workflow is not a document but a list item. For information about how to perform this procedure using the Stsadm command-line tool. select No. 132 . If you do not want documents to be sent to external users who do not have access permissions. see Workflow management: Stsadm properties. the IP address is used only to generate aggregate statistics. Error reports will be sent by using encryption technology to a database with limited access. which can be used to identify your license. and the Digital Product ID. Microsoft and its partners actively use these reports to improve the reliability of your software. see the Customer Experience Improvement Program privacy statement (http://go. file or path names. however. Although this information.0. You can also indicate whether or not to provide Microsoft with continuous improvement and Dr. could potentially be used to determine your identity. if present. the operating system version and computer hardware in use. The IP address of your computer is also sent because you are connecting to an online service to send error reports. You can configure how diagnostic events are logged according to their criticality. Error reports Error reports are created when your system encounters hardware or software problems. and you can set how long to capture events to a single log file. anonymous information about your server will be sent to Microsoft to help us improve SharePoint® Products and Technologies. Customer Experience Improvement Program The Customer Experience Improvement Program (CEIP) is designed to improve the quality. and will not be used for marketing purposes. However.microsoft. and performance of Microsoft® products and technologies. reliability.com/fwlink/?LinkID=84784&clcid=0x409 ). Additionally. the information will not be used in this way. and email addresses. error reports could contain data from log files. 133 . Watson event data.Configure diagnostic logging settings In this article: • • • • Customer Experience Improvement Program Error reports Event throttling Configuring diagnostic logging settings Use this procedure to configure the diagnostic logging settings for Windows SharePoint Services 3. Error reports include the following: information regarding the condition of the server when the problem occurs. The data that Microsoft collects will be used only to fix problems and to improve software and services. you can set the maximum number of log files that can be maintained. IP addresses. such as user names. Microsoft does not intentionally collect any personal information. URLs. For more information. With your permission. Business Data. and Excel Calculation Services For the selected category. Selected event categories include: • All • Categories defined by product.For more information. You can configure event throttling settings to control how many events are recorded in each log. Forms Services. Information Policy Management. Events that are equally critical to or more critical than the selected event will be recorded in each log. This changes the computer's error reporting behavior to automatically send reports to Microsoft without prompting users when they log on. and Workflow • SharePoint Services and other services such as the Load Balancer Service • Shared services such as all Office Server Shared Services. The list entries are sorted in order from most-critical to least-critical. Base your decision on your organization's policies about sharing the information collected by error reports. E-Mail. Categories of events can be defined by individual services or by groupings of related events. To provide more control in event throttling. User Profiles. see the Microsoft Error Reporting Service privacy statement (http://go. such as Office SharePoint Server 2007 and Microsoft Office Project Server 2007 • Administrative functions such as Administration. or for any single category of events. Two options are available for error reports: • You can choose to periodically download a file from Microsoft that can help identify system problems based on the error reports that you provide to Microsoft. If you want to provide error reports to Microsoft and its partners. and the potential impact of error collection on users and administrators. Event throttling You can configure the diagnostic options for event logging. based on different services and features of SharePoint Products and Technologies. Backup and Recovery. Records Center. according to the criticality of the events. Site Management.com/fwlink/?LinkId=85028&clcid=0x409 ). you can decide to throttle events for all events. Content Deployment.microsoft. and Setup and Upgrade • Feature areas such as Document Management. select the least-critical event to record. Information Rights Management. select the option to collect error reports. The levels of events for the Windows event log include: • • • • None Error Warning Audit Failure 134 . • You can change the error collection policy to silently send all reports. Several categories of events are available. for both the Windows event log and the trace log. Publishing. Events can be logged in either the Windows® event log or the trace log. Site Directory. under Error reporting. 2. On the Diagnostic Logging page. 3.• • • • • • • • Audit Success Information None Unexpected Monitorable High Medium Verbose The levels of events for the trace log include: For more information about the Windows event log or the trace log. under Sign Up for the Customer Experience Improvement Program. Configuring diagnostic logging settings Note: Membership in the Administrators group of the Central Administration site is required to complete this procedure. in the Logging and Reporting section. select one of the following options: • Yes. • Ignore errors and don't collect information. 4. In the Error Reports section. This changes the computer's error reporting behavior to automatically send reports to Microsoft without prompting users when they log on. click Operations. select a category of 135 . On the top navigation bar. On the Operations page. If you select Yes. in the Select a category menu. Configure diagnostic logging settings 1. see the Windows documentation. • No. • Change this computer's error collection policy to silently send all reports . I don't wish to participate. select one of the following: • Collect error reports. I am willing to participate anonymously in the Customer Experience Improvement Program (Recommended). in the Customer Experience Improvement Program section. In the Event Throttling section. you can also select or clear two options to control how error reports are collected: • Periodically download a file that can help identify system problems . click Diagnostic logging. If you select this option. users can decide whether they want to report Customer Experience Improvement Program events to Microsoft. 5. events: a. In the Number of log files text box. The location must exist on all servers in the farm. select the leastcritical event to report to the trace log for the selected category. In the Number of minutes to use a log file text box. In the Trace Log section. type the local path to use for the trace log on all servers in the farm. 6. b. In the Least critical event to report to the event log menu. in the Path text box. b. see Listlogginglevels and Setlogginglevels. Click OK. select the leastcritical event to report to the event log for the selected category. a. type the maximum number of files that you want to maintain. 136 . For information about how to perform this procedure using the Stsadm command-line tool. 7. In the Least critical event to report to the trace log menu. type the number of minutes to use each log file. On the Antivirus page. in the Security Configuration section. On the top navigation bar. 2. Click OK. • Scan documents on download: Select this setting to scan downloaded documents.aspx) 137 . see Antivirus: Stsadm properties (http://technet.0.Configure anti-virus settings Use this procedure to configure the antivirus settings for Windows SharePoint Services 3. click Antivirus. do not select this option. • Attempt to clean infected documents: Select this setting to automatically clean infected documents that were discovered during scanning. do not select this option. such as troubleshooting a virus infection on your system. Administrative credentials Membership in the Administrators group of the Central Administration site is required to complete this procedure. • Allow users to download infected documents: If this option is selected. This helps prevent users from downloading infected documents by warning them about infected files. unless the option to allow users to download infected documents is not selected. On the Operations page. Unless you have a specific reason to download infected documents. For information about how to perform this procedure using the Stsadm command-line tool. select one or all of the following: • • • • Scan documents on upload Scan documents on download Allow users to download infected documents Attempt to clean infected documents 4. in the Antivirus Settings section. This helps prevent users with infected documents from distributing them to other users.com/enus/library/cc288097. You can configure four antivirus settings: • Scan documents on upload: Select this setting to scan uploaded documents. you must install antivirus software on every front-end Web server in the server farm. Configure antivirus settings 1. users can download infected documents. 3. In a server farm.microsoft. click Operations. You can activate antivirus measures only after installing a compatible antivirus scanner. Users can still choose to download infected files. In most cases. 138 .Run the Best Practices Analyzer Tool You can run the Best Practices Analyzer tool to check for common issues and best security practices. The tool generates a report that can help you optimize the configuration of your system.0 (http://go. click Microsoft Best Practices Analyzer for Windows SharePoint Services 3. The tool can be run locally or from a server that is not attached to the server farm.com/fwlink/?LinkID=83335&clcid=0x409 ).microsoft. To download the tool. NET 2.0 authentication mechanism to use. you must plan and implement a credential management system and determine where to store user credentials. For more information about ASP. ASP. you need an environment that supports user accounts that can be authenticated by a trusted authority. The authentication application tries to validate the credentials against an authentication authority. or in a Non-Active Directory LDAP directory service (such as NDS). or you can design your environment to validate user credentials against other data stores. If you use an authentication provider other than Windows. Web site authentication helps establish that a user who is trying to access Web site resources can be verified as an authenticated entity. the operating system performs user credential management tasks. or any other directory that has an ASP. Windows SharePoint Services 3. The membership provider specifies the type of data store you are going to use. such as forms authentication. such as user name and password.NET 2. a lightweight directory access protocol (LDAP) directory. An authentication application obtains credentials from a user who is requesting Web site access. If the credentials are valid.0 membership provider uses a SQL Server database. such as a Microsoft SQL Server database. The authentication providers are used to authenticate against user and group credentials that are stored in Active Directory. see 139 . the user who submitted the credentials is considered to be an authenticated identity.NET membership providers.Configure authentication In this article: • • • • Χονφιγυρε διγεστ αυτηεντιχατιον Χονφιγυρε φορµσ−βασεδ αυτηεντιχατιον Χονφιγυρε Ωεβ ΣΣΟ αυτηεντιχατιον βψ υσινγ Α∆ΦΣ Configure anonymous access Authentication is the process of validating client identity. Credentials can be various forms of identification. usually by means of a designated authority.0 membership provider.NET 2.0 authentication for is built on the ASP. • If you use a Windows authentication mechanism. in a SQL Server database. The default ASP.NET authentication model and includes three authentication providers: • • • Windows authentication provider Forms authentication provider Web SSO authentication provider You can use the Active Directory directory service for authentication. Windows SharePoint Services authentication To determine the most appropriate Windows SharePoint Services 3.0 includes a SQL Server membership provider. consider the following issues: • To use a Windows authentication mechanism. microsoft. Digest authentication uses a challenge/response protocol that requires the authentication requestor to present valid credentials in response to a challenge from the server.org). The MD5 Message-Digest Algorithm is described in detail in Internet Engineering Task Force (IETF) RFC 1321 (http://www. • Basic authentication Basic authentication requires previously assigned Windows account credentials for user access. To use basic authentication. By default. you should enable Secure Sockets Layer (SSL) encryption. note the following requirements: • The user and IIS server must be members of. This provides an additional layer of security. Internet Information Services (IIS) creates the IUSR_computername account to authenticate anonymous users in response to a request for Web content. where computername is the name of the server that is running IIS.ietf. • You must install the IISSuba. • The domain must use a Microsoft Windows Server 2003 domain controller. You can reset anonymous user access to use any valid Windows account. If the server is a domain controller. User credentials are sent as an MD5 message digest in which the original user name and password cannot be deciphered. the same domain. • Users must have a valid Windows user account stored in Active Directory on the domain controller. but with increased security. the client has to supply an MD5 message digest in a response that contains a shared secret password string. the IUSR_computername account is defined for the domain. This file is copied automatically during Windows Server 2003 Setup.com/fwlink/? LinkId=87014&clcid=0x409). The IUSR_computername account. Because user credentials are not encrypted for network transmission. but are sent over the network in plaintext. To authenticate against the server. Basic authentication enables a Web browser to provide credentials when making a request during an HTTP transaction. • Digest authentication Digest authentication provides the same functionality as basic authentication. using basic authentication over an unsecured HTTP connection is not recommended. To use digest authentication. because IIS rejects anonymous access requests before they can ever be processed if anonymous access is disabled. Windows authentication provider The Windows authentication provider supports the following authentication methods: • Anonymous authentication Anonymous authentication enables users to find resources in the public areas of Web sites without having to provide authentication credentials. or trusted by.NET Application to Use Membership (http://go. 140 . the IUSR_computername account is on the local server.dll file on the domain controller.Configuring an ASP. anonymous access is disabled when you create a new Web application. gives the user access to resources anonymously under the context of the IUSR account. In a stand-alone environment. User credentials are encrypted instead of being sent over the network in plaintext. where the user must provide valid credentials and submit the form. in a database such as a SQL Server database. Active Directory Federation Services (ADFS) supports Web SSO. Forms authentication enables user authentication based on validation of credential input from a logon form. because it supports secure communication across network boundaries. Unauthenticated requests are redirected to a logon page. Web single sign-on (SSO) authentication provider Web SSO is also referred to as federated authentication or delegate authentication. Web SSO authentication supports secure communication across network boundaries by enabling users who have been authenticated in one organization to access Web applications in another organization. the system issues a cookie that contains a key for reestablishing the identity for subsequent requests. NTLM is a secure protocol that supports user credential encryption and transmission over a network.• Integrated Windows authentication using NTLM This method is for Windows servers that are not running Active Directory on a domain controller. 141 . or Sun ONE. see Configure Web SSO authentication by using ADFS. two organizations can create a federation trust relationship that enables users in one organization to access Web-based applications that are controlled by another organization. If the request can be authenticated. SSO is an authentication method that enables access to multiple secure resources after a single successful authentication of user credentials. or in an LDAP data store such as Novell eDirectory. There are several different implementations of SSO authentication. In an ADFS scenario. For information about using ADFS to configure Web SSO authentication. Novell Directory Services (NDS). NTLM is used in mixed Windows 2000 Active Directory domain environments that must authenticate Windows NT systems. NTLM is the authentication protocol that is used in Windows NT Server and in Windows 2000 Server workgroup environments. NTLM is based on encrypting user names and passwords before sending the user names and passwords over the network. and in many Active Directory deployments. Forms authentication provider The forms authentication provider supports authentication against credentials stored in Active Directory. Configure digest authentication In this article: • • • About digest authentication Enable digest authentication for a zone of a Web application Configure IIS to enable digest authentication About digest authentication Basic authentication requires previously assigned Windows account credentials for user access.0 or Internet Explorer 7. • You must install the IISSuba. Digest authentication uses a challenge/response protocol that requires the authentication requestor to present valid credentials in response to a challenge from the server. To use basic authentication.0. Because user credentials are not encrypted for network transmission.ietf. User credentials are encrypted instead of being sent over the network in plaintext. User credentials are sent as an MD5 message digest in which the original user name and password cannot be deciphered. For information about this hotfix. Windows SharePoint Services 3.0 does not support digest authentication on Windows Server 2003 with SP1 or earlier. Basic authentication enables a Web browser to provide credentials when making a request during an HTTP transaction. For access to RFC 1321. note the following requirements: • The user and IIS server must be members of.org.0: Access Denied (http://go. 142 . see http://www. but with increased security. The MD5 Message-Digest Algorithm is described in detail in RFC 1321.com/fwlink/?LinkId=92784&clcid=0x409 ). you must install the IIS hotfix described in Knowledge Base article 932729. • Users must have a valid Windows user account stored in Active Directory on the domain controller. or trusted by. This file is copied automatically during Windows Server 2003 Setup. see FIX: Error message when you try to access a Web site that is hosted on IIS 6. the same domain.dll file on the domain controller. To use digest authentication. the client has to supply an MD5 message digest in a response that contains a shared secret password string. • The domain must use a Microsoft Windows Server 2003 domain controller. using basic authentication over an unsecured HTTP connection is not recommended. Digest authentication provides the same functionality as basic authentication. • To enable digest authentication to work with browsers other than Microsoft Internet Explorer 6. you should enable Secure Sockets Layer (SSL) encryption.microsoft. To authenticate against the server. but are sent over the network in plaintext. • You must install Windows Server 2003 with SP2 or later. Custom is the zone used for administrators. click the zone of the Web application on which you want to enable digest authentication. Enable digest authentication for a zone of a Web application 1. Within each Web application. Intranet is the zone used for internal employees. click the Web application that you want to configure.Enable digest authentication for a zone of a Web application Use the following procedures to enable digest authentication for a zone of a Web application. click Application Management. 6. On the Edit Authentication page. The zones that are configured for the selected Web application are listed on the Authentication Providers page. click Authentication providers. 4. 2. 5. in the IIS Authentication section. you can categorize different classes of users into one of the following five zones: • • • • • Internet is the zone used for customers. If the listed Web application is not the one that you want to configure. From Administrative Tools. 7. click Internet Information Services to start the IIS Management Console. right-click the IIS Web site that 143 . Configure IIS to enable digest authentication 1. On the Central Administration home page. Configure IIS to enable digest authentication Use the following procedures to configure IIS to enable digest authentication. and then click Save. in the Application Security section. open the SharePoint Central Administration Web site application. On the Authentication Providers page. Extranet is the zone used for partners. make sure the Web application that is listed in the Web Application box (under Site Actions) is the one that you want to configure. In the Select Web Application dialog box. At this point use the IIS Management Console to configure IIS to enable digest authentication. 2. clear the Integrated Windows authentication and Basic authentication check boxes. On the Application Management page. Under the Web Sites node on the console tree. click the drop-down arrow to the right of the Web Application drop-down list box and select Change Web Application. Default is the zone used for remote employees. 3. From Administrative Tools on the Start menu. On the Authentication Providers page. click the Edit button. In the Anonymous access and authentication control section. 3. 7. select Digest authentication for Windows domain servers. Select the appropriate realm and click OK. click the Select button. and then click Properties. Click Yes. A dialog box is displayed informing you that digest authentication only works with Active Directory domain accounts. 5. 144 . click OK.corresponds to the Web application zone on which you want to configure digest authentication. At this point. 4. On the Web Site Properties page. and asking you if you want to continue. In the Authenticated access section of the Authentication Methods dialog box. In the Realm section of the of the Authentication Methods dialog box. your Web site is configured to use digest authentication. On the other open dialog boxes. 6. click the Directory Security tab. The forms-based authentication provider supports authentication against credentials stored in one of the following: • • • The Active Directory directory service A database An LDAP data store To enable forms-based authentication for a Windows SharePoint Services 3. Forms-based authentication enables user authentication based on validation of credential input from a logon form. perform the following procedures. in a database such as a SQL Server database. in the SharePoint Web Application Management section. the system issues a cookie that contains a key for reestablishing the identity for subsequent requests. On the Application Management page. Providers are modules that contain the code necessary to authenticate the credentials of a requestor Authentication for Windows SharePoint Services 3. or Sun ONE. or in a Lightweight Directory Access Protocol (LDAP) data store such as Novell eDirectory. click Create or extend Web application.NET authentication model and includes three authentication providers: • • • Windows authentication provider Forms-based authentication provider Web Single Sign-On (SSO) authentication provider In addition. where the user must provide valid credentials and submit the form. 2.Configure forms-based authentication In this article: • • About forms-based authentication Configure forms-based authentication across multiple zones Windows SharePoint Services 3. ASP.0 authentication is performed by an authentication mechanism that is supported by one of the available authentication providers. On the home page of the SharePoint Central Administration Web site. Novell Directory Services (NDS).NET supports the use of pluggable authentication providers.0 Web site and add users to the user account database. About forms-based authentication The forms-based authentication provider supports authentication against credentials stored in Active Directory. 145 .0 is built on the ASP. click Application Management. which means that you can write an authentication provider to support any credential store that you want to use. Unauthenticated requests are redirected to a logon page. If the request can be authenticated. Create a new site 1. enter the user name (in the form domain\username) for the user who will be the site collection administrator. click a template in the Select a quota template list. in the Select a template list. under URL. At this point. On the Create New Web Application page. Use the following procedure to create a site collection. click the Web application in which you want to create the site collection. select Yes under Allow Anonymous. In the Primary Site Collection Administrator section. Then. you must also type the site name to use in the URL of your site. On the Create Site Collection page. in the SharePoint Site Management section. Use the following procedure to configure a formsbased authentication provider. 2. on the Select Web Application page. click Create a new Web application. 8. If it is not. 10. If you want to identify a user as the secondary owner of the new top-level Web site (recommended). select the path to use for your URL. click Change Web Application on the Web Application menu. you have created a new site placeholder. in the Secondary Site Collection Administrator section. On the Application Management page. The paths available for the URL option are taken from the list of managed paths that have been defined as wildcard inclusions. On the top link bar. Click OK. In the Title and Description section. verify that the Web application in which you want to create the site collection is selected. in the Web Application section. In the Web Site Address section. Also. On the Create or Extend Web Application page. At this point. you have created a site collection. In the Template Selection section. 7. 4. 6. in the Security Configuration section. type the title and description for the site collection. Note: If you select a wildcard inclusion path. Create a site collection 1. If you are using quotas to limit resource use for site collections.3. Use the default entries to complete the new Web application creation procedure and click OK. click Create site collection. enter the user name for the secondary administrator of the site collection. select the template that you want to use for the top-level site in the site collection. 146 . in the Quota Template section. 5. 9. make sure NTLM is selected under Authentication provider. 3. 5. click Application Management. 4. in the Application Security section. 3. On the Application Management page. 2. 4. in the Anonymous Access section. click Web application list. click the zone name for the authentication provider whose settings you want to configure. under Enable Client Integration. On the Edit Authentication page. it is disabled at all levels within the Web application. On the Authentication Providers page. client integration is disabled by default. anonymous access can still be denied at the site collection level or at the site level. On the Web Application List page. The membership provider must also be added to the Web. This option will not work correctly with some types of formsbased authentication. and then click Save. in the Authentication Type section. in the SharePoint Web Application Management section. click Authentication providers. On the Application Management page. documents can only be opened in a Web browser. type the name of the membership provider that you want to use.Configure a forms-based authentication provider 1. clear the Enable anonymous access check box. make sure No is selected. Note: If you enable anonymous access here. • If you select Yes. To disable anonymous access for all sites within the Web application. Notes For forms-based authentication. 8. in the Membership provider name box. However. If you need to explicitly grant anonymous access to a site collection.config file for the IIS Web application that hosts SharePoint content on each Web server. In the Client Integration section.config file for the IIS Web application that hosts Central Administration. select Forms. features that start client applications according to document types will be disabled. select the Enable anonymous access check box for all sites within the Web application. if you disable anonymous access here. On the home page of the SharePoint Central Administration Web site. click Application Management. 147 . When client integration is disabled. Note: If the Web application is going to support forms-based authentication. In the Membership Provider Name section. However. Users will have to download documents and then upload them after they make changes. links to client applications are not visible and documents cannot be opened in client applications. 6. 7. 5. double-click the new Web application that you created in the previous procedure. features that start client applications according to document types will be enabled. the membership provider must be correctly configured in the Web. • If you select No. you can configure a maximum idle session time-out value to force reauthentication if a user is idle for a prolonged period of time during a session.users can download documents. This is especially important in a scenario where users are connecting from public computers or kiosks. where you would not want user credentials to be cached. You might be able to use many client integration features with forms-based authentication. To enable search across content authenticated using a custom authentication mechanism.0 crawler will fail. If you plan to use client integration with forms-based authentication.0 crawler polls a zone that is configured to support Kerberos authentication. Configure forms-based authentication across multiple zones Implementing forms-based authentication can interfere with search functionality. Client integration is disabled by default when you use forms-based authentication. Also. the system first checks the cookie to see whether the user has already been authenticated. and is valid only during the current session. you must have the Default zone configured to support NTLM authentication. Users are required to reauthenticate if they close the browser. If the user has not selected the Remember me? box on the logon page. the credential information is not cached on the client computer. we do not provide support and there are no product changes to address these issues. 148 . edit them in client applications locally. However. if published workarounds are inadequate. the Windows SharePoint Services 3. log off from a session. This is because client integration does not natively support forms-based authentication. and then upload them to the site.0 crawler polls zones in the following order: • • • • • Default zone Intranet zone Internet zone Custom zone Extranet zone Note: If you use forms-based authentication and the Windows SharePoint Services 3. or navigate to another Web site. or if you find unexpected issues using workarounds. On subsequent requests. the system issues a cookie that identifies the user. The Windows SharePoint Services 3. so the user does not have to supply credentials again. After a user provides credentials. and there are workarounds available to implement varying levels of client integration functionality with forms-based authentication. Product Support can provide commercially reasonable support to help you troubleshoot published workarounds. you must fully test any available solutions or workarounds to determine if the performance and functionality are acceptable in your environment. see Plan for authentication (http://technet.config file to use the same provider for each zone.aspx).0 does not allow a Web application to work with the same provider name across multiple zones. 149 . however.Windows SharePoint Services 3.microsoft. You can configure the Web. For additional information on authentication mechanisms and samples for configuring formsbased authentication with multiple providers.com/en-us/library/cc288627. the name of the provider has to be unique for each zone. aspx?familyId=062F7382-A82F-4428-9BBDA103B9F27654&displayLang=en). ADFS relies on 302 redirects to authenticate end users. you should become familiar with the following resources: • Microsoft SharePoint Products and Technologies Team Blog entry about configuring multiple authentication providers (http://blogs. However. The server names and examples used in this article are based on this step-by-step guide.com/downloads/thankyou. you do not have to implement all the steps 150 . With Active Directory Federation Services (ADFS).com/sharepoint/archive/2006/08/16/configuring-multiple-authenticationproviders-for-sharepoint-2007. ADFS also establishes a trust relationship between the two companies and a seamless one-time logon experience for end users.aspx).msdn. people in one company can access servers hosted by a different company by using their existing Active Directory accounts. In this environment.0. • Step-by-Step Guide for Active Directory Federation Services (http://www. Before you begin Before you use ADFS to configure Web SSO authentication for your extranet Web application.Configure Web SSO authentication by using ADFS In this article: • • • • • • • About federated authentication systems Before you begin Configuring your extranet Web application to use Web SSO authentication Allowing users access to your extranet Web site Working with the People Picker Working with E-mail and UPN claims Working with groups and organizational claims About federated authentication systems Windows SharePoint Services 3.0 provides support for federated authentication scenarios where the authentication system is not local to the computer that hosts Windows SharePoint Services 3. a new server named Trey-SharePoint is joined to the Trey Research forest. Federated authentication systems are also known as Web single sign-on (SSO) systems. Users are issued an authentication token (cookie) after they are authenticated.microsoft. which describes setting up ADFS in a small lab environment. because this article describes how to configure Windows SharePoint Services 3. Follow the steps in the step-by-step guide to configure your ADFS infrastructure.0 in a claims-aware application mode. this Web application will be configured to use Windows authentication. Configuring your extranet Web application to use Web SSO authentication 1. In this example.0. Extend the Web application that you created in step 2 in another zone. 151 . ADFS requires that sites be configured to use SSL. Give the site a host header name that you will configure in DNS for your extranet users to resolve against. Windows SharePoint Services 3. which in this example is ADFS.0. Add a host header. Change the zone to Extranet. and then create a new Web application. 2. the name is extranet.net.microsoft. In the example used in this article.0. For more information.for building Windows NT token agent applications that are described in the step-by-step guide. By default.0 on a Windows Server 2003 R2-based computer that is running ADFS and Microsoft Windows SharePoint Services 3.0 validates the users against the provider. and it will be the entry point through which your intranet users will access the site. Install the Web Agent for Claims Aware Applications. This script file is contained in the file (SetupSharePointADFS.treyresearch. Install Windows SharePoint Services 3. Important: The setup process has been captured in a VBScript file that you can use to configure Windows SharePoint Services 3. d.0 to use ADFS for authentication. Therefore. and then do the following: a. Download and install the hot fix for ADFS described in The role provider and the membership provider cannot be called from Windows SharePoint Services 3.com/fwlink/?LinkId=113894&clcid=0x409 ). b.0 (http://support. see the blog page A script to configure SharePoint to use ADFS for authentication (http://go.zip) and is available on the Microsoft SharePoint Products and Technologies blog. Note: When you use the People Picker to add users to Windows SharePoint Services 3. Click Use Secure Sockets Layer (SSL). you should configure the Federation Server before you configure Windows SharePoint Services 3. On the Application Management page in the SharePoint Central Administration Web site.com/kb/920764/en-us). the site is named http://trey-moss. click Create or Extend Web Application. listed in the Attachments section. 3. This is the DNS name by which the site will be known to users in the extranet. c. click Extend an existing Web Application. 4.microsoft. configure all the services and servers in the farm. This hot fix will be included in Windows Server 2003 Service Pack 2 (SP2). and change the port number to 443. click Web Single Sign On. you will be adding it to the name element of the <roleManager> section in the web. The next step is to assign permissions to users so that they can access this site. Make sure that this SSL certificate is issued to extranet. On the Alternate Access Mappings (AAM) page. On the Application Management page of your farm’s Central Administration site. g. Your extranet Web application is now configured to use Web SSO. Internet Information Services (IIS) will automatically use port 443 because you specified the port number in the previous step. because this is the name that clients will use when they access the sites. Complete the rest of the steps on the page to finish extending the Web application. However. Add an SSL certificate to the Extranet Web Site in IIS. click Authentication Providers. verify that the URLs resemble the following table. h.treyresearch. f. at this point. type SingleSignOnMembershipProvider2 Make a note of this value.config files that you will edit later in this procedure. Click Save. type SingleSignOnRoleProvider2 Make a note of this value. b. delete the text string :443. the site will be inaccessible because no one has permissions to it. In the Authentication Type section.net.e. f. you will be adding it to the name element of the <membership> section in the web. click the Windows link for the Extranet zone. Click Change in the upper-right corner of the page. and then select the Web application on which you want to enable Web SSO. 152 . In the list of two zones that are mapped for this Web application (both of which should say Windows).treyresearch. 5. In the Load Balanced URL box. c. 7. e. In the Role manager name box. d.net 6.treyresearch.net Default Extranet http://trey-moss https://extranet. Internal URL Zone Public URL for Zone http://trey-moss https://extranet.config files you will edit later in this procedure. Make sure the Enable Client Integration setting is set to No. In the Membership provider name box. Configure the Authentication provider for the extranet zone on your Web application to use Web SSO by doing the following: a. This setting is required for the site to allow access using only claims.0.PartialTrust. Version=1. the People Picker on the default zone site that is using Windows authentication is able to know about the ADFS providers and. Allowing users access to your extranet Web site 1.Note: After selecting WebSSO as the Authentication Provider.Security. can resolve the ADFS claims.asmx" /> </providers> </membership> <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider"> <providers> <remove name="AspNetSqlRoleProvider" /> <add name="SingleSignOnRoleProvider2" type="System.0. Change the value for fs-server to reflect your resource Federation Server (adfsresource.Security. When this entry is added to web. therefore. Navigate to the Web site on the default zone that uses Windows authentication as an administrator of the site.SingleSignOn.0. 4. Anonymous Authentication will be automatically enabled for the SharePoint site in IIS (no user action is required).Web. Version=1.0. 2.SingleSignOnMembershipProvide r2.Web.0.SingleSignOnRoleProvider2. PublicKeyToken=31bf3856ad364e35" fs="https://fsserver/adfs/fs/federationserverservice. Grant ADFS claims access to the site by doing the following: a.Security.treyresearch.SingleSignOn.web> node.Security. Culture=neutral. System.asmx" /> </providers> </roleManager> 3.Web. PublicKeyToken=31bf3856ad364e35" fs="https://fsserver/adfs/fs/federationserverservice.config file for the Web site on the default zone that is using Windows authentication.net). Ensure that you entered the correct membership provider and the role manager names on the Central Administration Authentication Providers page.config. Culture=neutral. Add the following entry anywhere in the <system. Use a text editor to open the web. <membership> <providers> <add name="SingleSignOnMembershipProvider2" type="System. System.PartialTrust.SingleSignOn. 153 .SingleSignOn.Web. This enables you to grant permissions to the ADFS claims on your Web site.0. Web. then SharePoint will use UPN to verify against the MembershipProvider. Click the Site Actions menu.Security.Web.SingleSignOn.0.SingleSignOn.Security.Web.0. Therefore.0.WebSsoConfigurationHandler.config file. and then any user who accesses the SharePoint site by using this group claim will have Contributor access to the site. Add the following entry anywhere under the <system. d.Web.SingleSignOn. Add the claim name Adatum Contributers to the Sharepoint site as you would a Windows user or group.Web. System. specify their e-mail address or User Principal Name in the Users/Groups section. Custom=null" /> Note: The ADFS authentication module should always be specified after the Sharepoint SPRequest module in the <httpModules> node of the web. Culture=neutral.0. System.0. type the name of the claim you want the SharePoint site to use in the Users/Groups section.0. Version=1. f. Use the text editor of your choice to open the web.Web. and then click Add Users.WebSsoAuthenticationModule. Custom=null" /> </sectionGroup> 6. <membership defaultProvider="SingleSignOnMembershipProvider2"> <providers> <add name="SingleSignOnMembershipProvider2" type="System. See “Working with UPN and e-mail Claims” for more information. g. c. Click New.SingleSignOn. e. System. point to Site Settings.0.0. PublicKeyToken=31bf3856ad364e35. Version=1.SingleSignOn. You can assign this claim Home Members [Contribute].PartialTrust.b.0. It is safest to add it as the last entry in that section.config file for the extranet site. if you want to use e-mail. <sectionGroup name="system. 5. Click OK. create an organizational group claim named Adatum Contributers on the Federation Server.web"> <section name="websso" type="System. To add a user claim.Security.Security. To add a group claim. you will have to disable the UPN claim in your federation server. Culture=neutral.SingleSignOnMembershipProvide r2.Security. If both UPN and e-mail claims are sent from the federation server. 7. Add the following entry to the <httpModules> node <add name="Identity Federation Services Application Authentication Module" type="System. and add the following entry in the <configSections> node. For example. Culture=neutral.SingleSignOn. PublicKeyToken=31bf3856ad364e35. PublicKeyToken=31bf3856ad364e35" /> 154 . and then click Advanced Permissions. Version=1. Select the appropriate permission level or SharePoint group.Security.web> node. it makes the most sense that 155 .Web.asmx</fs> <isSharePoint /> </websso> Note: Change the value for fs-server to your Federation Server computer. PublicKeyToken=31bf3856ad364e35" /> </providers> </roleManager> <websso> <authenticationrequired /> <auditlevel>55</auditlevel> <urls> <returnurl>https://your_application</returnurl> </urls> <fs>https://fs-server/adfs/fs/federationserverservice. Browse to the https://extranet.net Web site as an ADFS user who has permissions to the extranet web site.treyresearch.SingleSignOn.Web. but it is best not to use that method for the following reasons: • Granting rights by policy is a very coarse operation.SingleSignOnRoleProvider2. It allows the user (or group) to have the same set of rights in every Web site.</providers> </membership> <roleManager enabled="true" defaultProvider="SingleSignOnRoleProvider2"> <providers> <add name="SingleSignOnRoleProvider2" type="System. in every site collection on the whole Web application. 8. Culture=neutral.0. and change the value of your_application to reflect the URL of your extranet Web application. About using Central Administration You can also use Central Adminstration policy to grant rights to ADFS users. Because only the farm administrators have access to the Central Administration site.Security.0.Security. it is very likely that the internal users will be responsible for granting access to sites and content.SingleSignOn.PartialTrust. in this particular scenario. we can grant access to ADFS users without using this method.0. Version=1. It should be used very judiciously. System. • After the sites are being used in an extranet environment. you might want to add a new user to the extranet site by using the stsadm.SingleSignOn. PublicKeyToken=31bf3856ad364e35" fs="https://fsserver/adfs/fs/federationserverservice.exe is located (%programfiles%\Common Files\Microsoft Shared Debug\Web Server Extensions\12\BIN). it will.exe –o adduser command.PartialTrust.SingleSignOnRoleProvider2. If you have a Web SSO Role provider role named Readers.Security. System.Web.0.PartialTrust. and you type Read in the People Picker search dialog box. In this scenario.exe will not be able to resolve the ADFS claims by default.asmx" /> </providers> 156 . all from one site.Web. Windows groups. System. create a new config file by doing the following: • Create a new file named stsadm. you just cannot perform wildcard searching by using the Role provider.Web. we configured our site that uses Windows authentication in a way that allows users of that site to select other Windows users. Culture=neutral.web> <membership defaultProvider="SingleSignOnMembershipProvider2"> <providers> <add name="SingleSignOnMembershipProvider2" type="System.Security.0. Command-line executable files like stsadm.SingleSignOn. PublicKeyToken=31bf3856ad364e35" fs="https://fsserver/adfs/fs/federationserverservice.Web. Culture=neutral.config in the same directory where stsadm. Version=1. If you type Readers.SingleSignOn.0. and ADFS claims. This is not a bug. • As you extend Web applications by using different providers.asmx" /> </providers> </membership> <roleManager enabled="true" defaultProvider="SingleSignOnRoleProvider2"> <providers> <add name="SingleSignOnRoleProvider2" type="System.SingleSignOn. you can configure one or more of them to be able to find users and groups from various providers that you are using on that Web application. Add the following entry in the stsadm.exe.Security. Working with the People Picker The People Picker cannot perform wildcard searches for searching roles.0.SingleSignOnMembershipProvide r2.Security. Version=1. For example.0.config file: <configuration> <system. it will not find your claim.internal users can add ADFS claims from the default zone site that is using Windows authentication.0. To enable Stsadm (or other executable file) to resolve users.exe. In the claims list on the right.web> </configuration> Note: Change the value of fs-server to your resource Federation Server (adfsresource. the SharePoint groups the user belongs to. 4. From Administrative Tools on your Federation Server. perform the following procedure. rights can be assigned to Active Directory groups by adding them to a SharePoint group or directly to a permission level . Note: You can also open the ADFS snap-in by typing ADFS. In the claims list on the right. and select Enable or Disable. This is because the membership provider is e-mail based.MSC in the Run dialog box. Because of this complexity in configuring UPN claims. The level of permissions a given user has on a site is calculated based on the Active Directory groups the user is a member of. e-mail is the recommended user claim setting for membership authentication. when configuring the Office SharePoint Server 2007. Select your Windows SharePoint Services 3. right-click UPN.treyresearch. Office SharePoint Server 2007 will use UPN to perform user claim verification.0 application node (your application should already be added to the list of nodes).0. and select Enable or Disable. be careful about which user claim you enter. and any permission levels that the user has been directlyadded to. Therefore. 157 . Working with groups and organizational group claims In Windows SharePoint Services 3. Working with E-mail and UPN claims To configure whether or not the Federation Server is enabled to send e-mail or UPN claims to Windows SharePoint Services 3. 3. Note: If both UPN and E-mail are enabled. 2.net). open the ADFS snap-in.</roleManager> </system.0. Also note that the UPN claim will only work consistently if the UPN suffixes and the e-mail suffixes that are accepted by the Federation Server are identical. Configure E-mail and UPN claims on a Federation Server 1. right-click E-mail. a. Right-click the Active Directory account store. and then map to outgoing claim adatum-trey-contributors. you need to edit the web.config file and add <getGroupClaims /> to the <FederationServerConfiguration> node inside the <System. and then associate it with the Trey SharePoint Readers Active Directory group. you must create a set of organizational group claims in ADFS. instead. For group claims to work with the latest version of ADFS. Select the Trey SharePoint Readers organizational group claim. b. Open the web. it resolves membership by using organizational group claims. Create an Active Directory group named Trey SharePoint Readers. Right-click the Trey Research Account Partner. start ADFS.0.web> </configuration> In the Adatum (Account Forest). 3. 5.When you use ADFS as a role provider in Windows SharePoint Services 3.Web> node. 7. There is no way for the Web SSO provider to directly resolve an Active Directory group. and then map to outgoing claim adatumtrey-readers.0. the process is different. On the Trey Research side. Add Alansh to the Readers group and Adamcar to the Contributors group. 4. Create an Active Directory group named Trey SharePoint Contributors. and then click New Group Claim Extraction. and then associate the Trey SharePoint Contributors group claim with the Trey SharePoint Contributors Active Directory group. Repeat step 6. and then do the following: 158 . and they must match exactly. When you use ADFS with Windows SharePoint Services 3.config file for the ADFS application in IIS on your ADFS server. Select the Trey SharePoint Reader claim.MSC. do the following: 1. as shown in the following example.web> <FederationServerConfiguration> <getGroupClaims /> </FederationServerConfiguration> </system. Select the Trey SharePoint Contributor claim. Create an organizational group claim named Trey SharePoint Contributors. 6. Create an organizational group claim named Trey SharePoint Readers. b. Note: The claim mapping names must be agreed on between the organizations. <configuration> <system. You can then associate multiple Active Directory groups with an ADFS organizational group claim. and then create the outgoing claim mappings: a. 2. and then map it to the incoming claim name adatum-trey-contributors. type Adatum SharePoint Readers In the Give Permission section. 3. click the Members group for your site. and then click People and Groups. 159 . Select Adatum SharePoint Readers. Click the address book icon next to the Users/Groups box. select SharePoint group home Visitors [Readers]. Create incoming group mappings for your claims: a.1. Browse to the http://trey-moss site on the Trey Research side as the site administrator. 5. 4. Create an organizational group claim named Adatum SharePoint Contributors. and then click Add Users on the toolbar. 2. and then click Enable on both the Reader and Contributor claims. point to Site Settings. and then map it to the incoming claim name adatum-trey-readers. Right-click the Windows SharePoint Services 3.0 Web application. Click the Site Actions menu. Create an organizational group claim named Adatum SharePoint Readers. 3. select SharePoint group home Members [Contribute]. and then click Incoming Group Claim Mapping. In the Find box. Right-click the Adatum account partner. type Adatum SharePoint Contributors In the Give Permission section. 6. c. If it is not already selected. 4. In the Find box in the People Picker dialog box. 2. Click New. Select Adatum SharePoint Contributors. b. and then do the following: 1. In a stand-alone environment. Within each Web application.Configure anonymous access In this article: • • • • About anonymous access Enable anonymous access for a zone Enable anonymous access for individual sites Enable anonymous access for individual lists Anonymous access enables users to find resources in the public areas of Web sites without having to provide authentication credentials. Default is the zone used for remote employees. • • • • Intranet is the zone used for internal employees. If the server is a domain controller. You can reset anonymous user access to use any valid Windows account. virtual or physical directories. The IUSR_ computername account. anonymous access is disabled by Windows SharePoint Services 3.0 if anonymous access is disabled. gives the user access to resources anonymously under the context of the IUSR account. where computername is the name of the server that is running IIS. you can categorize different classes of users into one of the following five zones: • Internet is the zone used for customers. Enable anonymous access for a zone Use the following procedures to enable anonymous access for a zone of a Web application. Extranet is the zone used for partners. the IUSR_computername account is on the local server. Typically.0 when you create a new Web application. 160 . the Internet zone is the only zone you would configure for anonymous access. Custom is the zone used for administrators. the IUSR_computername account is defined for the domain. This provides an additional layer of security because IIS rejects anonymous access requests before they can ever be processed by Windows SharePoint Services 3. Note You can set up different anonymous accounts for different Web sites. and files. About anonymous access Internet Information Services (IIS) creates the IUSR_ computername account to authenticate anonymous users in response to a request for Web content. By default. Important: Membership in the Farm Administrators SharePoint group is the minimum required to complete this procedure. 7. On the Authentication Providers page. on the Settings menu. Enable anonymous access for a zone of a Web application 1. click Application Management. In the Select Web Application dialog box. and then click Save. 4. open the SharePoint Central Administration Web site application. On the Site Actions menu. in the Application Security section. in the Anonymous Access section. • Nothing Select this option if you want to prevent anonymous access from being 161 . • Lists and libraries Select this option if you want to limit anonymous access to only the lists and libraries on your site. If the listed Web application is not the one that you want to configure. On the Application Management page. click the Web application that you want to configure. click Site Settings. Enable anonymous access for individual sites 1. click Anonymous Access. 6. click the zone of the Web application on which you want to enable anonymous access. On the Site Settings page. click Authentication providers. On the Authentication Providers page. select Enable Anonymous Access. click Advanced Permissions. 3. make sure the Web application that is listed in the Web Application box (under Site Actions) is the one that you want to configure. 3. 5. click the drop-down arrow to the right of the Web Application drop-down list box and select Change Web Application. the Web application zone has been enabled for anonymous access. The settings for anonymous access lists three options: • Entire Web site Select this option if you want to enable anonymous access for the entire Web site. 2. in the Users and Permissions section. The zones that are configured for the selected Web application are listed on the Authentication Providers page. On the Permissions page. From Administrative Tools. Enable anonymous access for individual sites Now you need to enable anonymous access for individual sites in the site collection. 2. At this point. On the Central Administration home page. Go to the site on which you want to enable anonymous access and click the Site Actions menu. On the Edit Authentication page. 4. click Anonymous Access. on the Actions menu. A dialog box is displayed informing you that you are about to create unique permissions for this list. 2. 162 . in the left navigation pane. Click the list on which you want to enable anonymous access. click Permissions for this list. and then click OK. Enable anonymous access for individual lists 1. You can control whether users have anonymous access to other lists. At this point. At this point. the home page. click List Settings. 7. On the Permissions page. in the Permissions and Management section. 6. click Edit Permissions. 5. enable anonymous access for individual lists. Go to the home page of your Web site and. 4. Enable anonymous access for individual lists If you select Lists and libraries. Click OK. On the Customize List page. click View All Site Content. On the Settings menu.used on your site. Select permissions for users who have anonymous access to the list. 3. Click OK. your site is configured for anonymous access based on the options that you have selected. users have anonymous access to the list you have configured. On the Settings menu. 5. or other pages on this site. 0 includes functionality to create and manage reports.microsoft.0 with Microsoft SQL Server 2005 Service Pack 2 (SP2) database software. an end user can view and manage SSRS reports completely from within a Windows SharePoint Services environment. The following white papers are available to help you understand how SSRS and the SharePoint Products and Technologies can be integrated to provide additional business intelligence capabilities: • 2007 Microsoft Office System Business Intelligence Integration (http://go.com/fwlink/?LinkId=98664) Provides detailed information about configuring SSRS in SharePoint Integration Mode. when you integrate Windows SharePoint Services 3.com/fwlink/?LinkId=98657) Provides an overview of integrating SQL Server 2005 with the business intelligence features available in the SharePoint Products and Technologies. For example.SQL Server Reporting Services integration with SharePoint Products and Technologies: white paper Windows SharePoint Services 3. • Microsoft SQL Server Reporting Services (SSRS) Installation/Configuration Guide for SharePoint Integration Mode (http://go. you can use SQL Server 2005 Reporting Services (SSRS) to create richer reporting experiences. However.microsoft. 163 . Deploy and configure SharePoint sites 164 .C. you can add users and grant them access to the site. This article helps you configure the quota templates you want to use for any site collections you create. • Πρεπαρε το χραωλ ηοστ−ναµεδ σιτεσ τηατ υσε Βασιχ αυτηεντιχατιον If you are using host-named sites with Basic authentication. • Αδδ σιτε χοντεντ After you have created your site collection. This article helps you add users to a site collection. you can create a site collection. see Plan process for creating sites [Windows SharePoint Services]. 165 . A default zone is automatically created when you create a Web application. Although the settings can be configured at any time. In this chapter: • Χρεατε ορ εξτενδ Ωεβ αππλιχατιονσ SharePoint sites are hosted by Web applications. This article helps you configure host-named sites for search crawls.Chapter overview: Deploy and configure SharePoint sites After you have installed Windows SharePoint Services 3. This article provides links to information that can help you add content to your sites. • Πρεπαρε το χραωλ ηοστ−ναµεδ σιτεσ τηατ υσε φορµσ αυτηεντιχατιον If you are using host-named sites with forms authentication. This article covers how to create a Web application. For more information about choosing a method to use for site creation. and each zone can have a different authentication method. • Χρεατε σιτε χολλεχτιονσ After you have configured the settings that the previous articles describe. you need to configure Self-Service Site Management for the Web application. you are ready to begin creating SharePoint sites. it is useful to configure alternate access mapping before you create your SharePoint sites. so you must create one or more Web applications before you can create any sites. you need to configure additional settings for search. • Εναβλε αχχεσσ φορ ενδ υσερσ After you have created your site. This article helps you configure alternate access mapping for a Web application. you can configure access via the HTTP protocol for internal users and via the HTTPS protocol for external users). • Χονφιγυρε αλτερνατε αχχεσσ µαππινγ Alternate access mapping enables you to assign different URLs to the same site (for example. you can begin adding site content. Alternate access mapping settings are configured per zone at the Web application level. If you want to allow users to create their own sites. This article helps you configure any additional zones you need. This article helps you configure host-named sites for search crawls. This article helps you create a site collection from Central Administration and assign primary and secondary owners. you need to configure additional settings for search. or how to extend a Web application to host the same content as another Web application. • Χρεατε θυοτα τεµπλατεσ Quota templates enable you to set a limit on how large a site collection can become.0 and performed the other configuration tasks for your servers. • Χρεατε ζονεσ φορ Ωεβ αππλιχατιονσ Each Web application can have as many as five zones. 4. To choose to create a new Web site. If you are using an existing Web site. type the port number you want to use to access the Web application. In the Port box. d. in the SharePoint Web Application Management section.Create or extend Web applications Before you can create a site or a site collection. and type the name of the Web site in the Description box. This action exposes the same content to different sets of users by using an additional IIS Web site to host the same content. On the Create New Web Application page. and specify the Web site on which to install your new Web application by selecting it from the drop-down menu. A Web application is comprised of an Internet Information Services (IIS) site with a unique application pool. on the Application Management page. On the Create or Extend Web Application page. b. this field is populated with the current port number. If you are creating a new Web site. In the Host Header box. click Create or extend Web application. If you are using an existing Web site. select Create a new IIS Web site. In the Security Configuration section. If you are creating a new Web site. this field is populated with a suggested port number. type the URL you want to use to access the Web application. This is an optional field. To choose to use an existing Web site. In the Path box. this field is populated with a suggested path. in the IIS Web Site section. e. In the SharePoint Central Administration Web site. In this article: • • Create a new Web application Extend an existing Web application Create a new Web application Create a new Web application 1. you might also need to extend a Web application to another IIS Web site. select Use an existing Web site. you can configure the settings for your new Web application. you must first create a Web application. If you are in an extranet environment where you want different users to access content by using different domains. type the path to the site directory on the server. in the Adding a SharePoint Web Application section. 3. a. click Create a new Web application. c. When you create a new Web application. you also create a new database and define the authentication method used to connect to the database. this field is populated with the current path. 2. configure authentication and encryption for 166 . aspx). this enables anonymous access to the Web site by using the computer-specific anonymous access account (that is. see Extend an existing Web application later in this article. choose Yes or No. In the Application Pool section.aspx ). a. and cannot be changed from this page. Then select the application pool you want to use from the drop-down menu. select Predefined to use an existing application pool security account. b. c. Note: To enable Kerberos authentication. IUSR_<computername>). select Use existing application pool. select Yes or No.microsoft. choose whether to use an existing application pool or create a new application pool for this Web application. This URL domain will be used in all links shown on pages within the Web application. If you choose to allow anonymous access.aspx). see Plan authentication methods (http://technet. select Create a new application pool. and then select the 167 . site owners can configure how anonymous access is used within their sites. see Choose which security groups to use (http://technet.microsoft. To create a new application pool. a. For more information about authentication methods. To use an existing application pool. or keep the default name. The Zone box is automatically set to Default for a new Web application. For more information about using SSL. 5.com/en-us/library/cc288488. In the Allow Anonymous section. Important: If you use SSL. you must add the appropriate certificate on each server by using IIS administration tools. you must configure SSL by requesting and installing an SSL certificate. type the name of the new application pool. Note: If you want users to be able to access any site content anonymously.com/enus/library/cc288475. b. In the Use Secure Sockets Layer (SSL) section. For more information about anonymous access. In the Authentication Provider section. By default. c. you must enable anonymous access for the entire Web application. choose either Negotiate (Kerberos) or NTLM. you must perform additional configuration.microsoft. Then later. see Plan for secure communication within a server farm (http://technet. To change the zone for a Web application. In the Load Balanced URL section. In the Application pool name box. In the Select a security account for this application pool section. If you choose to enable SSL for the Web site.com/en-us/library/cc288957. type the URL for the domain name for all sites that users will access in this Web application. the box is populated with the current server name and port.your Web application. 6. type the user name of the account you want to use. • If you want to use Windows authentication. This is typically used for extranet deployments where different 168 . and type the password for the account in the Password box. choose the database server. 8. Type the name of the database. you must wait until the IIS Web site is created on all servers and then run iisreset /noforce on each Web server. The new IIS site is not usable until that action is completed. and then type the password in the Password box.You can also use the default entry. d. In the Database Name and Authentication section. and authentication method for your new Web application. 7. In the Account box. type the name of the account you want the Web application to use to authenticate to the SQL Server database. The choices are unavailable if your farm only contains a single server. leave this option selected. Click OK to create the new Web application. select SQL authentication. Extend an existing Web application You can extend an existing Web application if you need to have separate IIS Web sites that expose the same content to users. • If you want to use SQL authentication. or use the default entry. database name. Database Name Database Authentication 9. Item Action Database Server Type the name of the database server and Microsoft SQL Server instance you want to use in the format <SERVERNAME\instance>. Select Configurable to use an account that is not currently being used as a security account for an existing application pool. choose whether to allow Windows SharePoint Services to restart IIS on other farm servers. In the Reset Internet Information Services section. Choose whether to use Windows authentication (recommended) or SQL authentication.security account from the drop-down menu. If this option is not selected and you have more than one server in the farm. In the User name box. or click Cancel to cancel the process and return to the Application Management page. The local server must be restarted manually for the process to finish. com/en-us/library/cc288957. click Extend an existing Web application. click Create or extend Web application. in the Web Application section. Port. For more information about authentication methods. 4. Note: To enable Kerberos authentication. you can select Use an existing IIS Web site to use a Web site that has already been created.com/enus/library/cc288475. in the IIS Web Site section. In the Authentication Provider section. If you choose to allow anonymous access. you must perform additional configuration. select Yes or No.users access content by using different domains. in the Adding a SharePoint Web Application section. Important: If you use SSL. a. On the Select Web Application page. You can choose to use the default entries or type the information you want in the boxes. 2. you must add the appropriate certificate on each server by 169 . On the Extend Web Application to Another IIS Web Site page. Note: If you want users to be able to access any site content anonymously. see Plan authentication methods (http://technet. c. in the SharePoint Web Application Management section. click the Web application you want to extend. site owners can configure how anonymous access is used within their sites. In the Use Secure Sockets Layer (SSL) section.microsoft. In the Security Configuration section. configure authentication and encryption for the extended Web application. Then later. click the Web application link and then click Change Web application. In the Allow Anonymous section. This option reuses the content database from an existing Web application. In the SharePoint Central Administration Web site. If you choose to enable SSL for the Web site. on the Application Management page. IUSR_<computername>). b. see Choose which security groups to use (http://technet.aspx). The Description. or you can choose to leave Create a new IIS Web site selected. you must enable anonymous access for the entire Web application. On the Create or Extend Web Application page. choose Yes or No. 5.aspx ). you must configure SSL by requesting and installing an SSL certificate. 6. On the Extend Web Application to Another IIS Web Site page.microsoft. and Path boxes are populated for either choice. this enables anonymous access to the Web site by using the computer-specific anonymous access account (that is. For more information about anonymous access. choose either Negotiate (Kerberos) or NTLM. Extend an existing Web application 1. 3. By default. 7. You can choose Intranet. 8. Custom.aspx). or Extranet. 9. see Plan for secure communication within a server farm (http://technet. Click OK to extend the Web application.microsoft. select the zone for the extended Web application from the drop-down menu. 170 . In the Load Balanced URL section. under Zone. the text box is populated with the current server name and port. Internet. In the Load Balanced URL section. For more information about using SSL. see Extendvs. or click Cancel to cancel the process and return to the Application Management page.using IIS administration tools. For information about how to perform this procedure using the Stsadm command-line tool. This URL domain will be used in all links shown on pages within the Web application. type the URL for the domain name for all sites that users will access in this Web application.com/en-us/library/cc288488. and that URL is what appears in the links on the pages. 5. On the Alternate Access Mappings page. click Alternate access mappings. click Change alternate access mapping collection on the Alternate Access Mapping Collection menu. extranet. see Plan alternate access mappings (http://technet. Edit or delete an internal URL Note: You cannot delete the last internal URL for the default zone. click Add Internal URLs. intranet. On the Operations page.Configure alternate access mapping Each Web application can be associated with a collection of mappings between internal and public URLs. Each Web application supports five collections of mappings per URL. In the Alternate Access Mapping Collection section. 3. click Operations. 2. Add an internal URL 1.aspx). 6. Many internal URLs can be associated with a single public URL in multi-server farms (for example. links on the pages returned to the user have the public URL for that zone.fabrikam. For more information. when a load balancer routes requests to specific IP addresses to various servers in the load-balancing cluster). Both internal and public URLs consist of the protocol and domain portion of the full URL (for example.microsoft. 4. In the Zone list.fabrikam. type the new internal URL (for example. For information about how to perform this procedure using the Stsadm command-line tool. On the Select an Alternate Access Mapping Collection page. click a mapping collection. in the URL protocol.microsoft.com/en-us/library/cc288609.com). then choose one.aspx). click the zone for the internal URL. On the top navigation bar. in the Global Configuration section. see Addalternatedomain: Stsadm operations ( http://technet. 171 . 2.com/enus/library/cc287762. https://www. and custom). A public URL is what users type to get to the SharePoint site. Internal URLs are in the URL requests that are sent to the SharePoint site. Click Save. https://www. host and port box.com). In the Add internal URL section. Manage alternate access mappings 1. Internet. the five collections correspond to five zones (default. When the Web application receives a request for an internal URL in a particular zone. If the mapping collection that you want to modify is not specified. Click Delete to delete the internal URL. To do so. you may add new URLs or edit existing URLs in any of the following text boxes: • • • • • Default Intranet Extranet Internet Custom 5. and a zone for that URL. click Edit Public URLs. • Click Cancel to discard your changes and return to the Alternate Access Mappings page. then choose one. type a unique name. click Map to External Resource. modify the URL in the URL protocol. click the zone for the internal URL. 5. In the Alternate Access Mapping Collection section. 4. In the Public URLs section. For information about how to perform this procedure using the Stsadm command-line tool. Do one of the following: • Click Save to save your changes. In the Zone list.com/enus/library/cc287725. If the mapping collection that you want to modify is not specified. initial URL. 2. On the Alternate Access Mappings page.) 1. you must supply a unique name. 172 .aspx). click a mapping collection. see Deletealternatedomain: Stsadm operation (http://technet. 4. In the Edit internal URL section. 2. 2. (The URL must be unique to the farm. On the Select an Alternate Access Mapping Collection page. 3. Click Save.1. Map to an external resource You can also define mappings for resources outside internal Web applications. On the Create External Resource Mapping page. 1. click Change alternate access mapping collection on the Alternate Access Mapping Collection menu. in the Resource Name box. 3. On the Alternate Access Mappings page.microsoft. host and port box. Edit public URLs Note: There must always be a public URL for the default zone. click the internal URL that you want to edit or delete. On the Alternate Access Mappings page. 4. 173 . type the initial URL.3. In the URL protocol. Click Save. host and port box. Refer to your planning architecture documents and worksheets to determine which zones you need to create and what authentication method should be associated with each zone. see Plan authentication methods (http://technet. you can view the zones that have been created for your farm. For information about how to perform this procedure using the Stsadm command-line tool. point to All Programs.microsoft. On the Central Administration home page. each Web application is displayed with its associated zone.Create zones for Web applications If your solution architecture includes Web applications with more than one zone. and then click SharePoint 3. Follow the "Extend an existing Web application" procedure in Create or extend Web applications to create a new zone. 3. See Also • • • Create or extend Web applications Configure alternate access mapping Plan authentication methods (http://technet. use the guidance in this article to create additional zones. On the Operations page. The new zone is created when you select a zone in step 8 of the procedure and extend the Web application. see Enumalternatedomains. in the Global Configuration section.microsoft. View existing zones On the Alternate Access Mappings page.aspx). click Alternate access mappings. 2. You can change the authentication provider for a zone on the Authentication Providers page.com/enus/library/cc288475. then point to Microsoft Office Server.0 Central Administration. On the Alternate Access Mappings page.com/en-us/library/cc288475. Create a new zone You can create a new zone by extending an existing Web application. For more information.aspx) 174 . 1. Click the Start button. click Operations. set the values you want to apply to the template. the new storage limits you defined in the template will apply to any site collection that uses that quota template. the storage limit applies to the sum of the content sizes for the top-level site and all subsites within the site collection. click the Limit site storage to a maximum of check box and type the storage limit in megabytes into the text box. 5. Click the Start button. 3. You can also modify existing quota templates. If you want to restrict the amount of data that can be stored. 6. You can create a quota template that can be applied to any site collection in the farm. In the Storage Limit Values section. and then click SharePoint 3. 175 . On the Central Administration home page. When a quota template is modified. 4. a. In other words. the storage limit applies to the site collection as a whole. On the Application Management page. This allows you to modify storage limits for multiple site collections without having to change settings for each site collection individually. click Application Management. On the Quota Templates page. • If you want to base your new template on an existing quota template. point to All Programs. in the Template Name section. click the Template to start from down arrow and select the desired template from the dropdown menu. Note: When you apply a quota template to a site collection. in the SharePoint Site Management section. 2.Create quota templates In this article: • • • Create a new quota template Edit an existing quota template Delete a quota template A quota template consists of storage limit values that specify how much data can be stored in a site collection and the storage size that triggers an e-mail alert to the site collection administrator when that size is reached. then point to Microsoft Office Server. click Quota templates. select Create a new quota template. Create a new quota template Create a new quota template 1. Type the name of the new template in the New template name box.0 Central Administration. 176 .0 Central Administration. Delete a quota template Delete a quota template 1.b. Click the Start button. 4. set the values you want to apply to the template. point to All Programs. Click OK on the dialog box that appears to delete the quota template. 7. In the Storage Limit Values section. click Quota templates. On the Application Management page. in the SharePoint Site Management section. 2. 2. then point to Microsoft Office Server. click Application Management. Click the Start button. 5. click the Template to modify down arrow and select the template you want to delete from the drop-down menu. If you want to restrict the amount of data that can be stored. Click the Delete button. 6. click Quota templates. or click Cancel to cancel the operation and return to the Application Management page. point to All Programs. click the Send warning E-mail when site storage reaches check box and type the threshold in megabytes into the text box. click the Send warning E-mail when site storage reaches check box and type the threshold in megabytes into the text box. click the Limit site storage to a maximum of check box and type the storage limit in megabytes into the text box. 3. On the Central Administration home page.0 Central Administration. a. and then click SharePoint 3. Edit an existing quota template Edit an existing quota template 1. Click OK to modify the quota template. click Application Management. 5. 4. If you want an e-mail to be sent to the site collection administrator when a certain storage threshold is reached. then point to Microsoft Office Server. or click Cancel to cancel the operation and return to the Application Management page. On the Application Management page. If you want an e-mail to be sent to the site collection administrator when a certain storage threshold is reached. 3. On the Central Administration home page. In the Template Name section. Click OK to create the new quota template. and then click SharePoint 3. click the Template to modify down arrow and select the template you want to edit from the drop-down menu. b. In the Template Name section. 6. in the SharePoint Site Management section. 2. click Application Management. On the top navigation bar. 6. 5. if the Web application in which you want to create the site collection is not selected. In the Web Site Address section. Select the appropriate template for your scenario. On the Create Site Collection page. type the title and description for the site collection. In the Template Selection section. see Define managed paths in the Central Administration Help system. 4. select the template that you want to use for the top-level site in the site collection. select the path to use for your URL (such as an included path like /sites/ or the root directory. in the Web Application section. in the Select a template list. Click OK. in the Secondary Site Collection Administrator section. click a template in the Select a quota template list. 7. you must also type the site name to use in your site's URL. in the SharePoint Site Management section. 10. click Create site collection. such as: team site for a team collaboration Web site. 177 . click the Web application in which you want to create the site collection. in the Quota Template section. If you select a wildcard inclusion path. 9. under URL. If you are using quotas to limit resource use for site collections. and then on the Select Web Application page. In the Primary Site Collection Administrator section. Note: The paths available for the URL option are taken from the list of managed paths that have been defined as wildcard inclusions.Create site collections When you create a site collection. /). If you want to identify a user as the secondary owner of the new top-level Web site (recommended). On the Application Management page. such as /sites/. Create a site collection 1. enter the user name for the secondary administrator of the site collection. enter the user name (in the form DOMAIN\username) for the user who will be the site collection administrator. In the Title and Description section. 8. For more information about managed paths. click Change Web Application on the Web Application menu. see Createsite. or Blog for a blog site. you also create the top-level site within that site collection. For information about how to perform this procedure using the Stsadm command-line tool. 3. and a different static IP address from the intranet-facing DNS server. This article describes how to create a solution in Windows SharePoint Services 3.Prepare to crawl host-named sites that use Basic authentication In this article: • • • Solution prerequisites High-level solution overview Deploy the solution When configuring a Web application to use host-named sites. sometimes called the crawler. • Direct requests from intranet users and the crawler directly to the Intranet zone. Solution prerequisites The procedures included in this solution require the following types of administrators: • • • • Domain Name System (DNS) administrator Server administrator Farm administrator Two DNS servers: one Internet-facing DNS server. Web hosters typically use Basic authentication for the default zone. These two IP addresses must be associated with the same site name. cannot crawl host-named Web sites that are deployed in the usual way for the following reasons: • The crawler cannot authenticate using Basic authentication. • Host-named sites do not enable the index component of the search server to authenticate by using another zone in the polling order. • Direct requests from end-users to the default zone. see the “Authentication requirements for crawling content” section in Plan authentication methods [Windows SharePoint Services]. The components of the solution are to: • Create two zones for your Web application. Other requirements include: • Two static IP addresses: one from the Internet-facing DNS server.0 so the crawler can crawl your host-named sites. This solution assumes the following: 178 . which you configure for NTLM authentication. which is configured for Basic authentication. For more information about how polling order works with non-host-named sites. The index component of the search server. and one intranet-facing DNS server. • A server administrator either configures separate network interface cards (NICs) on all front-end Web servers in the server farm with both static IP addresses or adds both static IP addresses to one NIC. The intranet-facing DNS server resolves this same URL to an IP address that is mapped to the Intranet zone of your Web application. Windows SharePoint Services 3. which is associated with a particular zone of a particular Web application. • • The search server that you will use for your Web application is running. High-level solution overview The following figure shows a high-level overview of this solution. This is the zone that intranet users and the crawler use to access the site using NTLM authentication. This is the zone end-users use to access the site using Basic authentication. This is typically referred to as a split DNS environment. Each DNS server maps the same host name to a different static IP address. You do not have another Web application using port 80. A server administrator can use IIS Manager to map a static IP address directly to an IIS Web site. This mapping is possible because when a new zone is created by extending the Web application. 179 . The Internetfacing DNS server resolves the URL of the host-named site to the default zone of your Web application. Note: Although it is possible to implement this solution by using a different port (as long as both zones use the same port). port 80 is typically used so end-users do not see a port number in the URL of their host-named site. This solution requires two DNS servers.0 creates an Internet Information Services (IIS) Web site for that zone. On the top link bar of the Central Administration home page. 1. and remove the IIS host header that was assigned to this site in step 3.0 Central Administration. and then click SharePoint 3. • Map the static IP address from the intranet-facing DNS server to the IIS Web site associated with the Intranet zone (that is. 3. The farm administrator can grant permissions to the Web application and the site collection administrator can grant permissions to the site collection. the zone that uses NTLM authentication) of your Web application. point to All Programs. configure the following settings for your new Web application. Create Web application 1. in the IIS Web Site section.High-level steps The following list describes the high-level steps for this solution. On the Create or Extend Web Application page. specifies the host header name. 4. The farm administrator uses the Central Administration Web site to create a Web application on port 80 without a host header assigned to it. 2. The DNS administrator maps the site name to the static IP addresses in DNS. in the SharePoint Web Application Management section. The farm administrator configures the default zone of this Web application to use Basic authentication. 5. Note: You must use the Stsadm command-line utility to specify the URL that you want for your host header-based site collection. 6. click Create a new Web application. On the Application Management page. Click Start. 7. point to Administrative Tools. click Application Management. click Create or extend Web application. Deploy the solution Use the following procedures in the order listed to deploy the solution described earlier in this article. 180 . The server administrator uses IIS Manager to perform the following actions: • Map the static IP address from the Internet-facing DNS server to the IIS Web site that is associated with the default zone (that is. and then specifies NTLM authentication on the intranet zone. 2. The farm administrator extends the Web application. the zone that uses Basic authentication) of your Web application. On the Create New Web Application page. in the Adding a SharePoint Web Application section. 5. The server administrator creates a host header-based site collection by using the Stsadm command-line utility. 3. 4. 3. On the Application Management page. in the SharePoint Web Application Management section.a. If you are creating a new application pool. b. Extend the Web application Use the following procedure to extend the Web application to create a new zone that uses NTLM authentication. Create a new IIS web site. type 80. 3. type cmd. Perform the following procedure on all front-end Web servers in the server farm. or accept the default setting. Click Start and then click Run. 3. click Application Management. click Default. in the Open box. in the Zone column. type the following command. Create new application pool. Perform the following procedure to configure the Web application to use Basic authentication. 2. 5. Accept the default setting. 181 . 6. Click Save. 2. Click OK. In the Application Pool section. Close the command prompt window. In the Search Server section. click Authentication providers. click Create or extend Web application. Ensure that the Host Header box is blank. 2. specify the security account to use for the new application pool. 8. and then click OK. c. In the Run dialog box. in the Adding a SharePoint Web Application section. Restart IIS 1. select Basic authentication (password is sent in clear text). Extend the Web application 1. Configure the default zone to use Basic authentication 1. in the Application Security section. At the command prompt. and then type a name for the Web site in the Description box. and then press ENTER: iisreset /noforce 4. On the Central Administration home page. select the search server that you want to use to index this Web application from the Select Windows SharePoint Services search server list. In the IIS Authentication Settings section. click Extend an existing Web application. 7. On the Create or Extend Web Application page. On the Central Administration home page. On the Application Management page. 4. select Use existing application pool. In the Port box. click Application Management. On the Authentication Providers page. This is the Web application you created earlier in this article. In a later step. the administrator for the intranet-facing DNS server must map this same site name to a different static IP address. 6. in the Open box. 5. In the Load Balanced URL section. 3. Restart IIS 1. select the Web application you want to extend. Click OK. Even though this host name is removed in a later procedure. In the Security Configuration section. and then click OK. On the Extend Web Application to Another IIS Web Site page. in the Web Application section. the server administrator maps this static IP address to the IIS Web site that is configured to use the default zone used by the Web application. In the Description box. Additionally. type a host header name. type cmd. type 80. 182 . In the Host Header box. the server administrator will map this static IP address to the IIS Web site that is configured to use the Intranet zone used by the Web application. select the zone you want to use. on the Web Application menu. Click Start and then click Run. 8. this host name is used by the crawler to access the Web application on the Intranet zone. On the Select Web Application page. Close the command prompt window. b. At the command prompt. type a description for the new site. c. In the IIS Web Site section. Intranet. 7. Map site names to static IP addresses in DNS Host-named sites enable farm administrators to choose the name they want to use in the URL for their sites. In the Port box. Perform the following procedure on all front-end Web servers in the server farm. this DNS administrator must also map the host header name that the farm administrator used when extending the Web application to this static IP address. Note that the name (that is. click Change Web Application. Likewise. type the following command.4. and then press ENTER: iisreset /noforce 4. In a later step. ensure that NTLM is selected.) Note: The intranet-facing DNS server must be able to resolve this load-balanced URL to the static IP address that you assign to the Web site that you configure to use NTLM authentication. do the following: a. 2. The administrator for the Internet-facing DNS server must map the site name chosen by the farm administrator to the appropriate static IP address. In the Run dialog box. (in this example. the URL) must be a unique name on the domain. 9. and then click Properties. 3. type the following command. 8. This is the host header name you assigned to the site that you configured for NTLM authentication. In the Add/Edit Web Site Identification dialog box. 12. and then press ENTER: stsadm. Close IIS Manager. Map the static IP addresses to the Web sites 1. on the Web Site tab. and then click OK. 5. 4. In the console tree.exe -o createsite -url http://<HostNamedSiteAddress> -ownerlogin 183 . Click OK to close the Advanced Web Site Identification dialog box. Click OK to close the Properties dialog box. 11. in the Multiple identities for this Web site section. make a note of the host header name. type cmd. 7. in the Web site identification section. in the Web site identification section. select the IP address that you want to map to the customer-facing Web site. 2. Browse to the following folder: systemdrive:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN where systemdrive is the drive on which Windows SharePoint Services 3. In the Properties dialog box. select the row containing the host header name you configured for the Web site that is using NTLM authentication. In the console tree. Use the following procedure to create a site collection for your Web application. In the Properties dialog box. on the Web Site tab. select the IP address that you want to map to the Web site that is using NTLM authentication from the IP address list. Click OK to close the Properties dialog box. expand Web Sites. in the IP address list. expand the local computer node. In the Host Header value box. 13. In the Advanced Web Site Identification dialog box. In the Host Header value box. right-click the Web site you configured for NTLM authentication. right-click the Web site you configured for Basic authentication. click Advanced. Click Start and then click Run.0 is installed. 10.The following procedure must be performed by a server administrator on each front-end Web server in the server farm. 6. and then click OK. In the command window. point to Administrative Tools. in the Open box. In the Run dialog box. Click Start. Create a site collection for the Web application 1. point to All Programs. 3. 4. 2. and then click Properties. and then click Edit. You must be a server administrator to perform the following steps. You will need to use this name in the next procedure. delete the host header name. 9. and then click Internet Information Services (IIS) Manager. 184 . If you want to manage security at the Web application level.com WebApplicationUrl Grant user permissions Before users can access the sites on the Web application you have created. E-mail address of the site collection owner. Variable Description HostNamedSiteAddress URL chosen by the farm administrator for users to access the top-level site of the site collection. For information about using a policy to grant users permissions. site collection administrators can add users to the appropriate SharePoint groups. see "Manage permissions through policy" in the Help system.<DomainName\UserName> -owneremail <username@example. a farm administrator can create a policy to grant permissions to the Web application. see Chapter overview: Plan site and content security [Windows SharePoint Services]. You can find this URL on the Web Application List page in Central Administration. Alternatively. you must grant those users the appropriate permissions to your sites. For more information about managing permissions at the site collection and lower levels. DomainName\UserName username@example. Primary owner of the host header-based site collection. if you want to manage permissions at the site collection level and at lower levels.com> -hostheaderwebapplicationurl http://<WebApplicationUrl> The following table describes the variables used in step 4 of the previous procedure. The DNS administrator maps this name to the IP address used to access the Default zone of your Web application. URL of the default zone of the Web application. • Direct requests from intranet users and the crawler directly to the Intranet zone.Prepare to crawl host-named sites that use forms authentication In this article: • • • Solution prerequisites High-level solution overview Deploy the solution When configuring a Web application to use host-named sites. This article describes how to create a solution in Windows SharePoint Services 3. which is configured for forms authentication. sometimes called the crawler. Solution prerequisites The procedures included in this solution require the following types of administrators: • • • • Domain Name System (DNS) administrator Server administrator Farm administrator Two DNS servers: one Internet-facing DNS server and one intranet-facing DNS server. These two IP addresses must be associated with the same site name. The components of the solution are to: • Create two zones for your Web application.0 so the crawler can crawl your host-named sites. For more information about how polling order works with non-host-named sites. Other requirements include: • Two static IP addresses: one from the Internet-facing DNS server and a different static IP address from the intranet-facing DNS server. • Host-named sites do not enable the index component of the search server to authenticate by using another zone in the polling order. • Direct requests from end-users to the default zone. The index component of the search server. Web hosters typically use forms authentication for the default zone. This solution assumes the following: 185 . see the “Authentication requirements for crawling content” section in Plan authentication methods [Windows SharePoint Services]. cannot crawl host-named Web sites that are deployed in the usual way for the following reasons: • The crawler cannot authenticate using forms authentication. which you configure for NTLM authentication. The Internetfacing DNS server resolves the URL of the host-named site to the default zone of your Web application. Note that forms authentication can be implemented using several different authentication providers. This is the zone end-users use to access the site using forms authentication. This solution requires two DNS servers.0 creates an Internet Information Services (IIS) Web site for that 186 . The intranet-facing DNS server resolves this same URL to an IP address that is mapped to the Intranet zone of your Web application. This mapping is possible because when a new zone is created by extending the Web application. port 80 is typically used so end-users don’t see a port number in the URL of their host-named site. This is the zone intranet users and the crawler use to access the site using NTLM authentication. • • The search server that you will use for your Web application is running. Windows SharePoint Services 3. High-level solution overview The following figure shows a high-level overview of this solution.• A server administrator will either configure separate network interface cards (NICs) on all front-end Web servers in the server farm with both static IP addresses or will add both static IP addresses to one NIC. You do not have another Web application using port 80. The authentication provider you use with your implementation of forms authentication determines where user accounts are stored. • You have already implemented forms authentication in your environment. Note: Although it is possible to implement this solution by using a different port (as long as both zones use the same port). Each DNS server maps the same host name to a different static IP address. This is typically referred to as a split DNS environment. 5. point to Administrative Tools. and then specifies NTLM authentication on the Intranet zone. Create a Web application 1. 6. 2. 2. Deploy the solution Use the following procedures in the order listed to deploy the solution described earlier in this article.config to enable the Stsadm command-line utility to determine how to find the authentication provider you want to use with forms authentication. A server administrator can use IIS Manager to map a static IP address directly to an IIS Web site. The server administrator creates a host header-based site collection by using the Stsadm command-line utility. point to All Programs. 4. 9. On the top link bar of the Central Administration home page. The server administrator creates a file named stsadm. The farm administrator configures the default zone of this Web application to use forms authentication.0 Central Administration. the zone using NTLM authentication) of your Web application and removes the IIS host header that was assigned to this site in step 5.zone. the zone using forms authentication) of your Web application. The server administrator uses IIS Manager to do the following: • Map the static IP address from the Internet-facing DNS server to the IIS Web site associated with the default zone (that is. specifies the host header name. Click Start. The farm administrator extends the Web application. High-level steps The following list describes the high-level steps for this solution. 3. 8. click Application 187 .config files to specify the name of the authentication provider used with forms authentication. Note: You must use the Stsadm command-line utility to specify the URL you want for your host header-based site collection. The farm administrator uses the Central Administration Web site to create a Web application on port 80 without a host header assigned to it.exe. 1. and then click SharePoint 3. which is associated with a particular zone of a particular Web application. The server administrator adds a custom XML element to the appropriate Web. The farm administrator can grant permissions to the Web application and the site collection administrator can grant permissions to the site collection. • Map the static IP address from the intranet-facing DNS server to the IIS Web site associated with the Intranet zone (that is. 7. The DNS administrator maps the site name to the static IP addresses in DNS. Perform the following procedure on all front-end Web servers in the server farm. On the Authentication Providers page. click Authentication providers. select Forms. In the Search Server section. click Default. 3. On the Create New Web Application page. in the Role manager name box. in the Application Security section. b. in the Adding a SharePoint Web Application section. in the Open box. If you are creating a new application pool. On the Application Management page. type cmd. in the SharePoint Web Application Management section. type the name of your membership provider. Ensure that the Host Header box is blank. 6. Optionally. On the Create or Extend Web Application page. type 80. in the Role Manager Name section. 5. click Create or extend Web application. 7. click Application Management. in the IIS Web Site section. a. In the Port box. 5. 7. select Use existing application pool. In the Application Pool section. 8. Click Start and then click Run. 188 . In the Membership Provider Name section. Click OK. 3. Restart IIS 1. Create new application pool. and then click OK. type the name of your role manager. select the search server that you want to use to index this Web application from the Select Windows SharePoint Services search server list.Management. Configure the default zone to use forms authentication 1. In the command window. type the following command. 4. in the Membership provider name box. in the Zone column. Close the command prompt window. or accept the default setting. c. Perform the following procedure to configure the Web application to use forms authentication. 4. On the Central Administration home page. On the Edit Authentication page. and then press ENTER : iisreset /noforce 4. Accept the default setting. 2. Create a new IIS web site. specify the security account to use for the new application pool. 2. 6. 3. On the Application Management page. and then type a name for the Web site in the Description box. configure the following settings for your new Web application. In the Run dialog box. Click Save. click Create a new Web application. in the Authentication Type section. Click Start. 7. You must be a member of the Administrators group to perform the following procedure.config file. and then click OK. 9. 4. After you have constructed the required XML element. Log on to a server in your server farm that is running the Windows SharePoint Services Web Application service. Insert your custom XML element named <connectionStrings> immediately after the </configSections> element. On each server in your server farm running the Central Administration service. 3. Note: Farm administrators can use the Services on Server page in Central Administration to determine which servers are running these services. Add the custom XML element to servers running the Windows SharePoint Services Web Application service 1. 8. and then click Run. For more information about constructing this required XML element. right-click web.config file for the Central Administration site. and then open the file using an ASCII text editor.config file of the IIS Web site associated with the default zone for your Web application. expand the local computer node. This XML element must specify the name of the authentication provider and optionally other information about the authentication provider your organization uses with forms authentication.config files The server administrator must add an XML element to the Web. In the Name column. add the required XML element to the Web. 5. and then click Explore. you must insert them inside the <system. 189 . If you are inserting the optional <membership> or <roleManager> elements.config file for the default zone of the Web application created earlier in this article and to the Web.web> element. Repeat steps 1 through 7 on any additional server in your farm running the Windows SharePoint Services Web Application service. you must add it to the appropriate Web. Save and close the Web. Note that the contents of this XML element (and even the name of the element itself) will differ from one organization to another. select Open. such as Notepad.Add configuration settings to the applicable Web. Right-click the Web site associated with the default zone of the Web application you created earlier. add the required XML element to the Web. in the console tree.config. In the Run dialog box. 2. On each server in the farm running the Windows SharePoint Services Web Application service. 6. and then expand Web Sites.config files on the appropriate servers in your server farm. type inetmgr.config file of the Central Administration site. In IIS Manager. see Authentication samples [Windows SharePoint Services]. This file enables the Stsadm command-line utility to determine how to find the authentication provider you want to use. 190 .exe. such as Notepad.config files in the preceding step after the <configuration> tag. in the console tree. Right-click the Central administration Web site. 2. and then expand Web Sites. and then click Explore.config file to the following folder on each server in the farm from which a farm administrator might use the stsadm. Copy the stsadm. If this occurs.web> </configuration> 2. Insert your custom XML element named <connectionStrings> immediately after the </configSections> element. remove the .config.exe. This site is named SharePoint Central Administration v3.config. Log on to a server in your server farm that is running the Central Administration service.web> element. In the Run dialog box.exe. 4. 9.web> </system. expand the local computer node. and add the following text: <?xml version="1. Insert the same custom XML element named <connectionStrings> that you added to your Web. In IIS Manager. Click Start. 6. and then open the file using an ASCII text editor. Save and close the Web. right-click web. If you are using custom <membership> or <roleManager> elements.config files. and then click OK. 7. 5.web> element. Create the stsadm. Save the file and name it stsadm. If you are using custom <membership> or <roleManager> elements.config file 1. click Open. Use the following procedure to create a file named stsadm.0" encoding="UTF-8" standalone="yes"?> <configuration> <system.exe.Add the custom XML element to servers running the Central Administration service 1. such as Notepad. by default. 3. you must insert them inside the <system. you must insert them inside the <system.config file. Repeat steps 1 through 7 on any additional server in your farm running the Central Administration service. Open an ASCII text editor.txt extension before proceeding to the next step. In the Name column. This file must contain the same XML element that you added to the Web. type inetmgr. You must ensure that the text editor you are using does not add the . 3.txt extension to the filename.exe utility: systemdrive:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN We recommend that you copy this file to each server in the server farm. and then click Run. 6. 5. 8. 4.config. click Application Management. Map site names to static IP addresses in DNS Host-named sites enable farm administrators to choose the name they want to use in the URL for their sites. select the zone you want to use (in this example. ensure that NTLM is selected. Close the command prompt window. b. in the Adding a SharePoint Web Application section. the URL) must be a unique name on the domain. type a description for the new site. In the Port box. type cmd. In the Host Header box. 7. Note that the name (that is. 8.Extend the Web application Use the following procedure to extend the Web application to create a new zone that uses NTLM authentication. 6. in the SharePoint Web Application Management section. 4.) Note: The intranet-facing DNS server must be able to resolve this load-balanced URL to the static IP address that you assign to the Web site that you configure to use NTLM authentication. 2. In the Run dialog box. On the Create or Extend Web Application page. click Create or extend Web application. Click Start. and then click Run. Intranet. select the Web application you want to extend from list. 5. Extend the Web application 1. On the Extend Web Application to Another IIS Web Site page. 3. type a host header name. 9. In the IIS Web Site section. Click OK. On the Select Web Application page. in the Web Application section. In the Description box. On the Application Management page. on the Web Application menu. 3. and then click OK. c. Perform the following procedure on all front-end Web servers in the server farm. In the Security Configuration section. iisreset /noforce 4. On the Central Administration home page. do the following: a. Restart IIS 1. type 80. in the Open box. In the Load Balanced URL section. click Extend an existing Web application. At the command prompt. click Change Web Application. type the following and then press ENTER. 2. The administrator for the Internet-facing DNS must map the site name chosen by the farm 191 . Use the following procedure to create a site collection for your Web application. In a later step. 8. In the Host Header value box. make a note of the host header name. 192 . the administrator for the intranet-facing DNS must map this same site name to a different static IP address. In the Advanced Web Site Identification dialog box. select the IP address you want to map to the Web site that is using NTLM authentication from the IP address list. Click OK to close the Advanced Web Site Identification dialog box. 2. point to Administrative Tools. Additionally. Close IIS Manager. on the Web Site tab. in the Multiple identities for this Web site section. Click Start. Click OK to close the Properties dialog box. this DNS administrator must also map the host header name that the farm administrator used when extending the Web application to this static IP address. and then click Internet Information Services (IIS) Manager. the server administrator maps this static IP address to the IIS Web site that is configured to use the default zone used by the Web application. 11. in the Web site identification section. this host name is used by the crawler to access the Web application on the Intranet zone. In the console tree. Likewise. right-click the Web site you configured for forms authentication and then click Properties. point to All Programs. 10. 12. right-click the Web site you configured for NTLM authentication and then click Properties. in the Web site identification section. This is the host header name you assigned to the site that you configured for NTLM authentication. 13. Even though this host name is removed in a later procedure. In the Properties dialog box. 5. In the Add/Edit Web Site Identification dialog box. 4. 6. select the IP address that you want to map to the customer-facing Web site from the IP address list. In the Host Header value box.administrator to the appropriate static IP address. 3. Click OK to close the Properties dialog box. expand Web Sites. 7. click Advanced. The following procedure must be done by a server administrator on each front-end Web server in the server farm. select the row containing the host header name you configured for the Web site that is using NTLM authentication and then click Edit. expand the local computer node. Map the static IP addresses to the Web sites 1. the server administrator will map this static IP address to the IIS Web site that is configured to use the Intranet zone used by the Web application. In the Properties dialog box. You must be a server administrator to perform the following steps. You will need to use this name in the next procedure. delete the host header name and then click OK. In a later step. In the console tree. on the Web Site tab. 9. see "Manage permissions through policy" in the Help system. and then click OK. You can find this address on the Web Application List page in Central Administration. 2. Click Start and then click Run. Variable Description HostNamedSiteAddress URL chosen by the farm administrator for users to access the top-level site of the site collection. 4. site collection administrators can add users to the appropriate SharePoint groups. For more information about managing permissions at the site collection and lower levels.Create a site collection for the Web application 1. Alternatively. and then press ENTER: stsadm. Browse to the following folder: systemdrive:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN where systemdrive is the drive on which Windows SharePoint Services 3. For information about using a policy to grant users permissions. The DNS administrator maps this name to the IP address used to access the Default zone of your Web application. see Chapter overview: Plan site and content security [Windows SharePoint Services]. type cmd. In the Run dialog box. 3.com WebApplicationUrl Grant user permissions Before users can access the sites on the Web application you have created.0 is installed.com> -hostheaderwebapplicationurl http://<WebApplicationUrl> The following table describes the variables used in step 4 of the previous procedure.exe -o createsite -url http://<HostNamedSiteAddress> -ownerlogin <ProviderName:UserName> -owneremail <username@example. if you want to manage permissions at the site collection level and at lower levels. If you want to manage security at the Web application level. 193 . In the command window. in the Open box. E-mail address of the site collection owner. you must grant those users the appropriate permissions to your sites. a farm administrator can create a policy to grant permissions to the Web application. type the following command. Primary owner of the host header based site collection. ProviderName:UserName username@example. URL on the default zone of the Web application. 194 . Follow the steps in Enable access for end users to give Web site designers permissions to the site. Migrate content from another site when you are working with: Allow users to add content directly when you are working with: • A collaboration site in which the site owner can create the lists and libraries that are needed. and the overall information architecture for the site. • A blog site in which the blog owner can set up the structure for the blog. including: Depending on your scenario. For more information about planning for these elements. you may find particular methods more appropriate. you can then optionally grant access to authors to contribute content before you grant access to the other users in your organization or before you make the site available to the public on the Internet. see Planning and architecture for Windows SharePoint Services 3. Use Web site designers to design and add content When you create a public-facing site or a larger intranet site. site design (master pages plus . When they have completed their work. Allowing users to add content directly. and then grant site members access so that they can begin contributing content. • A wiki site in which the wiki site owner can grant access to users and the users can start creating topics in the wiki. such as site navigation. and then start creating posts. Web site owners and designers must plan and implement many elements.Add site content In this article: • • • • • • Use Web site designers to design and add content Migrate content from another site Allow users to add content directly Using Web site designers to design and add content. Use Web site designers to design and add content when you are working with: • • • A public-facing Internet site A large intranet site A site or set of sites that is being reorganized.css files). Migrating content from another site. There are several methods that you can use to add content to sites.0 technology. com/en-us/library/cc287920. For more information about using the Content Migration object model. library. You can use: • The Export and Import operations for the Stsadm command-line tool to migrate site collections or subsites.microsoft. or list item). Follow the steps in Enable access for end users to give your end users permissions to the site.aspx) • The Content Migration object model to programmatically move content at any level in the site (Web site. you can use several methods to migrate the content. For more information about adding content to sites. see the following resources: • • Export: Stsadm operation (http://technet. file.aspx ) Import: Stsadm operation (http://technet.0.microsoft. Allow users to add content directly If you want your site owners to begin adding content directly to a site. users can begin adding content.microsoft. 195 . folder.Migrate content from another site If you are reorganizing an existing site and need to migrate content to a different site collection. see "Content Migration Overview" in the Windows SharePoint Services 3. After you grant permissions. For more information about using Stsadm operations. see the Help system for Windows SharePoint Services 3.com/en-us/library/cc288940. you can immediately grant them access and allow them to control the site's organization and design.0 Software Development Kit (http://go. list.com/fwlink/?LinkId=86999&clcid=0x409 ). or item.com/enus/library/cc288404. these steps are performed in the site collection itself. click Site collection administrators.Enable access for end users In this article: • • Add site collection administrators Add site owners or other users After you create your site collection and populate it with content. this information is presented in the Deployment Guide because it is truly the final stage of deployment — the stage when the site collection is made available for end users. On the Site Settings page.microsoft. you decide whether to allow anonymous access for site collections on that Web application. This article does not cover how to enable anonymous access. document. When you create a Web application.com/enus/library/cc288081. you can add site collection administrators by using Central Administration and by using the Site Settings page in the site collection. This article helps you configure administrative and user permissions for a site collection. Note: This procedure uses the Central Administration Web site. see Plan site security (http://technet.com/enus/library/cc288957. but are performed by site collection administrators or site owners.microsoft. If the user name you supplied was not that for the actual administrator for the site collection — for example.com/en-us/library/cc287752. folder.microsoft. these actions are not performed by farm administrators. For more information about anonymous access.aspx) • Plan authentication settings for Web applications ( http://technet. but you can also add a site collection administrator from the top-level site in the site collection by using the Site Settings page for the top-level site. in the Users and Permissions section. (However. Add site collection administrators When you created the site collection. In most cases.aspx) • Choose which security groups to use (http://technet.) Nonetheless. not in Central Administration.aspx) • "Enable anonymous access" in the Central Administration Help system. see the following resources: • Chapter overview: Plan environment-specific security (http://technet. you can do so by using the following procedure. For more information about assigning permissions for different securable objects within a site collection. Moreover. library. you are ready to grant access to end users. list.aspx). Note that you can also configure permissions for the following securable objects within a site collection: site. you were required to supply the user name for at least one site collection administrator. if you did not know who was going to be actual administrator and you used your own user name — or if you need to change or add a user name for a site collection administrator.microsoft. 196 . On the Application Management page. enter the user name of the user to whom you want to assign that role. On the Site Settings page. on the Site Collection menu in the Site Collection section. If the selected site is not the site for which you want to manage administrators. we recommend that you use groups. site members. On the site home page. Click OK. Set up Members. Note: The SiteName Owners group has the Full Control permission level on the site. select a group for each set of users that you want to change. or other groups. select Create a new group to assign a custom group to a set of users. Alternatively. click Application Management.aspx ). see Determine permission levels and groups to use (http://technet. On the People and Groups page. On the People and Groups: All Groups page. click People And Groups. click Change Site Collection. on the Settings menu. you must set up groups before you can add any users to groups. 2. 4.Add a site collection administrator 1. Add site owners or other users If you have not yet set up any groups for this site or site collection. on the Site Collection Administrators page. In Central Administration. click Site collection administrators. click Site Settings. 197 .microsoft. In either the Primary site collection administrator box or the Secondary site collection administrator box. so you can add users to that group to give them administrative access for that site. without setting up groups. For more information about groups and permission levels. site owners. This procedure helps you set up the default groups. but you can also create additional groups. 3. on the Site Actions menu. • In the Select Site Collection dialog box. Visitors. click Set Up Groups. use the following procedure. 2. in the SharePoint Site Management section. (You can also add users individually. 5. you can add users and grant them permissions by using the following procedure. 3. select the site for which you want to manage administrators.) To specify which group to assign to site visitors. 5. • Click OK.com/en-us/library/cc287625. On the Set Up Groups for this Site page. click Groups. but if you want to manage users efficiently. After you have configured groups for the site. and Owners groups for a site 1. on the top link bar. 4. on the Quick Launch. 0. 6. We recommend that you use groups as much as possible to efficiently manage site access. click Add Users. click People And Groups. However. For more information about managing users and groups. or browse to find users from Active Directory directory service. see "Manage SharePoint groups" in the Help system for Windows SharePoint Services 3.Add users to groups 1. Note: In rare cases. 2. assigning individual permissions to many users can quickly become difficult and time-consuming to manage. on the Quick Launch. type the account names that you want to add. 5. Click the name of the group to which you want to add users. In the Give Permission section. on the New menu. you might want to give individual permissions to a user by clicking Give users permission directly. 8. On the site home page. On the People and Groups page. Click OK. click Groups. be sure that Add users to a SharePoint group is selected and that the correct group is displayed. On the Add Users page. 198 . On the Site Settings page. On the People and Groups: Group name page. click Site Settings. 7. 3. on the Site Actions menu. 4. Install application templates 199 .III. Log on to the SharePoint site as a member of the Owners group.0 are separated into two groups. If you want to save more than one application template. Download the template you want to install to your computer. 2. • Server admin templates were created as site definitions. In the Site Collection Administration section.0 that are available for download at the SharePoint Products and Technologies Web site (http://go. Log on to the SharePoint site as a member of the Owners group. 8. They require administrator permissions on the server to install.0 site. and then click Open. click Site templates. • Site admin templates are custom templates that are easy for any SharePoint site administrator to install into the template gallery.stp file.exe file to extract the files. 200 .Installing application templates for Windows SharePoint Services 3. Double-click the . Install a template 1. 5. enabling tighter integration and enhanced functionality with the Windows SharePoint Services 3. Create a site 1. 7.com/fwlink/?LinkId=85166&clcid=0x409 ). 3.0 Microsoft has created 40 application templates for Windows SharePoint Services 3. you might not be at a top-level site. 6. Click OK. click Site Settings. Application templates for Windows SharePoint Services 3. On the Site Actions menu. site admin templates and server admin templates. Site Admin Templates Note: To install or remove a site admin template. If you don’t see Site templates in the Galleries section.0 platform. click Go to top-level site administration. click Upload Multiple Files. click Site Settings. Browse to the <template_name>. Click Upload to save an application template to this SharePoint site. In the Galleries section.microsoft. 2. 4. you must be a member of the Owners SharePoint group (or another SharePoint group with Full Control permissions) on the Windows SharePoint Services 3. On the Site Actions menu. Click the template to use for the new site. If you have already installed this solution. you must first install the Application Template Core solution (http://go. 3. 6. Open a Command Prompt window. and then click Edit. point to 201 .com/fwlink/?LinkId=85162&clcid=0x409 ). point to All Programs. Download the Application Template Core solution to the server. In the list of site templates. 3. 4. 2. Before installing a server admin template. Install and remove server admin templates by using the Stsadm command-line tool at %PROGRAMFILES%\common files\microsoft shared\web server extensions\12\bin. 4. In the Galleries section. 5. 6. In the Template Selection section.microsoft. On the New SharePoint Site page. 5. In the Site Administration section. Any site admin application templates that have been uploaded will be listed here. click Site templates. Log on to the top-level SharePoint site as a member of the Owners group. fill in the information about your new site.exe file to extract the files.3. click the Custom tab. The application template is now unavailable to SharePoint sites and it has been removed from the SharePoint site template gallery. click Start. Note: To open a Command Prompt window. The following procedure will not remove any sites that were already created by using the template. Confirm that this is the application template to remove. Double-click the . Server Admin Templates Note: To install or remove a server admin template." Install the Application Template Core solution 1. Click OK to confirm the deletion. On the Site Actions menu.0. It will only prevent users from creating new sites based on the template. skip to "Install a template. Remove a template 1. Click Create. you must be a member of the Owners SharePoint group (or another group with Full Control permissions) on the SharePoint site and be a member of the Administrators group on the server running Windows SharePoint Services 3. click Sites and workspaces. and then click Create. 7. click Site Settings. and then click Delete Item. find the application template to remove. 2. wsp -allowgacdeployment. and then check the status of your solutions. click Solution management. type stsadm -help deploysolution. In the Site Administration section. Type stsadm -o addsolution -filename <file_path>\ApplicationTemplateCore. type stsadm -help deploysolution. click Site Settings. and then press ENTER. open the Central Administration site for the server. 7.wsp -allowgacdeployment. On the New SharePoint Site page. and then press ENTER. and then press ENTER.wsp. click Sites and workspaces. 5. For more information about available attributes.exe file to extract the files. where <file_path> is the location you extracted the Application Template Core files to. 202 . Type stsadm -o copyappbincontent. 5. and then press ENTER. and then click Command Prompt.wsp. In the Template Selection section.0 configuration. To check the deployment status. For more information about available attributes. Create a site 1. Download the template you want to install to the server. from the command line. 4. click the Application Templates tab. Install a template 1.wsp is the . 5. 2. 6. fill in the information about your new site. run iisreset. and then press ENTER. 6. in the Global Configuration section. Note: Additional attributes may be required based on your Windows SharePoint Services 3. At the command prompt. Note: Additional attributes may be required based on your Windows SharePoint Services 3. 2. Log on to the SharePoint site as a member of the Owners group. 4. 3. On the Site Actions menu.wsp file for your template. type stsadm -o addsolution -filename <file_path>\<template_name>. and then press ENTER. Type stsadm -o deploysolution -name ApplicationTemplateCore. Type stsadm -o deploysolution -name <template_name>. Click Create.0 configuration. After all the solutions are marked Globally Deployed. where <file_path> is the location you extracted the template files to and <template_name>. 4. 3. and then.Accessories. Double-click the . and then press ENTER. 6. Any server admin application templates that have been uploaded will be listed here. Click the Operations tab. It will only prevent users from creating new sites based on the template.0 as a member of the Administrators group on the server. and then press ENTER. • To remove a solution from the server. Note: Additional attributes may be required based on your Windows SharePoint Services 3. 203 .0 configuration. at the command prompt.0 configuration. The Application Template Core solution must remain installed and deployed for other server admin templates to be installed. Note: Additional attributes may be required based on your Windows SharePoint Services 3.7. and then click Create. type stsadm -help deletesolution. Do one or both of the following: • To remove a solution from the list of templates for new sites. type stsadm -o deletesolution -name <template_name>.wsp. type stsadm -help retractsolution. and then press ENTER. Remove a template 1.wsp. and then press ENTER. 2. and then press ENTER. at the command prompt. Log on to the server running Windows SharePoint Services 3. For more information about available attributes. type stsadm -o retractsolution -name <template_name>. The following procedure will not remove any sites that were already created by using the template. For more information about available attributes. Click the template to use for the new site. IV. Deploy software updates and upgrade to a new operating system 204 . Note: In this article. from stand-alone server deployments to very large server farms. you can use the Microsoft Update (http://go.com/fwlink/? LinkId=90953&clcid=0x409) Web site to install the software updates.com/fwlink/?LinkId=121946&clcid=0x409 ). The typical process for installing software updates consists of copying the files to a computer and then running either the SharePoint Products and Technologies Configuration Wizard or the Psconfig command-line tool to upgrade the databases. feature pack. if you have Automatic Updates enabled. This presentation provides valuable information about the different types of software updates that Microsoft releases for Windows SharePoint Services and Microsoft Office SharePoint Server. we use the term software update as a general term for all update types. given by Daniel Winter at the SharePoint Products and Technologies conference in March. If you chose Basic installation (single server with Microsoft SQL Server Desktop Engine) when you installed your Web server running Windows SharePoint Services 3. Using Service Pack 1 for Windows SharePoint Services 3. In this case. security update. you do not need to follow the process and procedures in this topic.0 and Microsoft Office SharePoint Server 2007 as examples. validating the upgrade.0 In this article: • • • • • • • Before you begin Overview of installation sequence Perform installation steps Verify installation Add new servers to a server farm Update language template packs Known issues To help you better understand the update deployment process we have posted the Presentation: Understanding and deploying hotfixes. update.microsoft. public updates. If you do not have Automatic Updates enabled. deploying the upgrade. your computers are updated automatically. 205 . or hotfix used to improve or fix this software product.0.microsoft. 2008. update rollup. critical update. including any service pack.Deploy software updates for Windows SharePoint Services 3. Viewing the presentation is highly recommended prior to reading further in this topic and deploying an update. and troubleshooting the upgrade. We recommend that you follow the process and procedures in this topic for most deployment scenarios. Daniel Winter provides detailed information about pre-upgrade steps. and service packs (http://go. For any deployment other than single server. the SharePoint Products and Technologies Configuration Wizard will not prompt for user input or display any notifications. Before you begin This section provides an overview of what you must do before you install a software update.0 and. such as Web servers in a server farm. only public software updates. If you are installing on Web servers running Windows SharePoint Services 3. You should communicate the proposed schedule to the users and the key people involved with the Web sites hosted on the Web servers running Windows SharePoint Services 3. and user authoring during the upgrade could result in the front-end and back-end servers having different content. The reason for doing this is that the software update could make schema changes to the SQL Server database. The software update will not be installed automatically. In this scenario. all user requests to the Web servers with a failed software update installation will return the error: Server error: http://go. even if Automatic Updates is enabled on your Web servers. If you attempt to install the software update and the installation fails. You must remove the Web servers running Windows SharePoint Services 3. you must update all the Web servers running Windows SharePoint Services 3.0 in your server farm. you must visit the Microsoft download center to download and then install the software update.0 in a server farm. the file versions on that Web server and the databases in that server farm are different from the file versions on the other Web servers. they receive a Page cannot be found (404) error.com/fwlink? LinkID=96177. such as operating system fixes or security patches can be installed from the Microsoft Update Web site.Note: Typically. use a registry editor to verify the value in the following key: HKLM\Software\Microsoft\Shared Tools\Web server extensions\12. the Web server displays content as expected. and even 206 .0 to the same software update version. if necessary.microsoft. when users request resources from a Web server that does not have the software update installed.0 from service for the duration of the software update installation. Once the software update installation is successful. We recommend that you schedule the installation of the software update for a time that causes the least amount of disruption for your users. If the software update versions are not the same on all of the Web servers running Windows SharePoint Services 3. This mismatch prevents the server farm from working correctly. After the software update is installed. and you cannot use the Windows Update Web site to initiate the software update installation.0\WSS\SERVERROLE In server farm deployments. after the software update is installed on the first Web server in the server farm. adjust the schedule. the SharePoint Products and Technologies Configuration Wizard runs automatically to update the databases for SharePoint Products and Technologies. The software update checks the registry and blocks automatic installation on any Web server that does not contain the value singleserver in the SERVERROLE key. If you need to determine whether to manually download and install the software update. 0: "Upgrade has encountered one or more lists that were not updated by Prescan. For more information about a resolution for when the content database contains one or more orphaned objects. Pre-upgrade preparation Before you install a software update. you can continue installing the software update. You must reapply any site-template customizations after you install the software update.com/fwlink/? LinkId=105755). Note: If you manually stop the World Wide Web Publishing service. • Before you start the backup you should clean up your environment by performing the following steps. • Stop the World Wide Web publishing service (W3SVC) on all front-end Web servers to disconnect all the users from the server farm. • You selected the in-place upgrade option in the SharePoint Products and Technologies Configuration Wizard.microsoft. and the other Web servers have not been updated. To make sure that the installation can succeed. 207 . After you have verified that no upgrade items are listed on the Timer Job Status page. When the software update has been installed on all of the Web servers in the server farm. The upgrade jobs that appear on the Timer Job Status page result from the following operations: • Sites that are in the process of being upgraded. To ensure that none of the upgrade processes are running. In server farms with multiple front-end Web servers. you must either fix the relationship or drop the orphans before you begin the software update installation. and your customizations in those files will be lost. if you used an upgrade method—either in-place or gradual—and upgrade jobs are still in progress. see the Microsoft Knowledge Base article titled Error message when you try to upgrade Windows SharePoint Services 2. you must view the Timer Job Status page on the SharePoint Central Administration Web site. • If you customized a predefined site template by directly modifying the site template files— something we do not recommend doing—the software update installation may overwrite some of the files that you modified. you must manually start it at the end of the installation. When you first installed Windows SharePoint Services on the Web servers in your server farm. If you see any upgrade jobs listed. we recommend the following: • If there are orphaned objects in the content databases—orphans are items that do not have any parent or child relationships—the software update installation will fail. if you allow users to connect after the files and databases have been updated on one Web server.0 to Windows SharePoint Services 3.valid requests result in errors. you must allow the upgrade to finish before you install the software update. users will not be able to browse the Web sites. the software update installation might fail.exe and must exit" (http://go. results are returned to users as expected. see Performance recommendations for storage planning and monitoring (http://go. the customization should be managed using a robust build process or script that allows the customizations to be applied to a new computer.aspx). • Front-end Web server: If you have customized the front-end Web server. or are unsure of the extent of the customizations to your Web applications.com/fwlink/?LinkID=105890&clcid=0x409 ) • Back up the server farm before you start the software update installation. front-end Web servers.com/fwlink/?LinkID=102795&clcid=0x409 ). If you are using SQL Server. 208 . you should load-balance your site collections across multiple databases. tempdb volumes. • If any of your databases contain more than the number of site collections recommended in the Information Architecture Recommendations of the download White paper: Performance recommendations for storage planning and monitoring. so that your transaction log is truncated. Use the simple recovery model so that your transaction log is truncated. Note: Ideally. see How to defragment Windows SharePoint Services 3. • Make sure that you follow the recommendations concerning SQL Server page-fill factor and other storage planning best practices before you begin the upgrade.microsoft. • Make sure that there is adequate hard drive space in your database files volumes. and Windows temporary folder on the servers running SQL Server.microsoft.0 databases and SharePoint Server 2007 databases (http://go. we recommend that you make a backup image of your front-end Web server. Make sure you have a backup of any solution packages that you have deployed on your front-end Web servers.• Defragment all of the SQL Server database indexes. use the simple recovery model. • Single sign-on (SSO) database: Perform a full backup operation with SQL Server to back up the SSO database. but if you plan for extra storage you should not encounter issues due to space limitations. so that your transaction log is truncated. The upgrade operation writes the progress of various steps into an upgrade log that can take up disk space. • Content databases: Perform a full backup operation with either Stsadm or SQL Server to back up all content databases. use the simple recovery model. If you are using SQL Server.com/enus/library/cc512723. For more information about storage best practices. and application servers. For more information.microsoft. • Follow the best practices for content database sizing before you perform any upgrade operations. For more information. You should create a backup of search and all databases. see Move all databases (http://technet. We recommend that you follow these guidelines: • Configuration database and Central Administration content database : You must back up your databases by using SQL Server tools after you have stopped your farm. if you are customizing front-end Web computers. Service Pack 1 would be sp1. you must obtain the updated version of that hotfix to address specific issues in your environment by contacting Microsoft Customer Support Services (http://go. • Member of the Administrators group on the server running SQL Server or be granted the fixed database role db_owner to all SharePoint Products and Technologies databases. It is a best practice to verify that you can restore the databases. see Prepare to back up Windows SharePoint Services 3.0 with Service Pack 1. see Microsoft Knowledge Base article 941422 (http://go.com/fwlink/? LinkId=105233). see Shrinking the Transaction Log (http://go. The pattern for the software update naming convention is productnamerrr-kby-xnn-fullfilelang. 209 . we recommend that you perform the additional step of detaching the content databases. For more information about the software updates in Windows SharePoint Services 3.com/fwlink/?LinkId=99201).If you experience an unrecoverable failure during upgrade. You would need to manually apply any customizations to your front-end Web server. where: • • productname is a short identifier for the name of the released product. In order to minimize the downtime. For more information. rrr is a description of the release. After you have backed up all of your databases. For example. Note: We recommend that you back up the server farm after you have verified that the software update installation succeeded.microsoft. you may have to restore your server from the backup image you created.0 Post Service Pack 1 rollup. you will find that installing a software update with the content databases attached is not practical in terms of downtime. see Microsoft Knowledge Base article 942388 (http://go. • If you have previously installed a hotfix. For more information about the software updates in Windows SharePoint Services 3.com/fwlink/? LinkId=105672&clcid=0x409).microsoft. Note: All Web servers running Windows SharePoint Services in the server farm must be running Windows SharePoint Services 3.0 technology. making the logs as empty as possible. and the problem that it addresses is not fixed in this widely available software update.microsoft.0.com/fwlink/?LinkId=102044&clcid=0x409 ).microsoft. • To deploy software updates in a server farm you must be logged in to the Web server or application server as a domain account that also has the following permissions: • Member of the Administrators group on the Web server computer. • You must download the correct software update file for your hardware and language. • In server farms that have a large number of sites.exe. For more information about how to perform backups. use the SQL Server DBCC shrinkfile command to free unused log space. rather than attempt to upgrade the database. in the Perform installation steps section. 210 .S. see Download details: Windows SharePoint Services 3. the file name for the Windows SharePoint Services 3. For example. The files from the software update must be installed on all the Web servers in the server farm by running the software update installation on each Web server up to the point where the dialog box with the following message is displayed: You must run Setup to install new binary files for every server in your server farm. the SharePoint Products and Technologies Configuration Wizard does not automatically start.0 Service Pack 1 (SP1) file.microsoft.S. For specific information. Note: If you started the installation in silent mode. buildto-build upgrade.com/fwlink/? LinkID=91024&clcid=0x409). 3. For more information. before you follow the procedures in this section. so that when you run the SharePoint Products and Technologies Configuration Wizard on the subsequent front-end Web servers.exe. U. for the rest of the server farm. run Setup and the configuration wizard on the other servers now. To continue the upgrade. English and for x86-based hardware. the front-end servers can simply connect to the updated database. Perform installation steps Important: Make sure you are aware of the prerequisites. Overview of installation sequence The following approach updates the database from one server that hosts the Central Administration Web site. For example. you need to force the upgrade by either manually starting the wizard or running the psconfig command with arguments to force an in-place. and then return to this server and click OK to continue. using the /q switch. Complete the software update. follow the "To force a software update" procedure. as outlined earlier in this document. You must update the Web servers in your server farm in the following order: 1. 2.0 Service Pack 1 (SP1) (http://go. • • nn is a number indicating the hardware architecture. either x86 or x64. in U. is wssv3sp1-kb936988-x86-fullfile-en-us. English is en-us. one Web server at a time. lang is the language of the software update. If you have multiple servers in your server farm.• y is a number that corresponds to the Knowledge Base article about the software update. Note: This installation sequence ensures that you can avoid database locking issues. and to download the appropriate file. Complete the software update by clicking OK in the dialog box on one Web server that hosts the Central Administration Web site (front-end Web server) for the server farm. see Microsoft Knowledge Base article 278845: How to Connect to and Shadow the Console Session with Windows Server 2003 Terminal Services (http://go.You must install the software update on each Web server running Windows SharePoint Services 3. Note: For information about how to use console sessions. In many IT environments.0 to the point that the files are copied to all Web servers in the server farm. you can complete the installation on each of the other Web servers.com/fwlink/?LinkID=86818&clcid=0x409 ).microsoft.0 in an environment in which DBAs create and manage databases. Finish updating the remaining servers in the server farm. You should return to one Web server to complete the installation. These changes are only required for installing the update and then running the SharePoint Products and Technologies Configuration Wizard to complete the upgrade. The following procedure provides the steps to: • • • Make all software update files available on all servers in your server farm. After the installation has been completed on the Web server that you selected. and authorization: • Member of the Administrators group on the Web server computer. Install the software update This section includes all of the procedures required to install a software update successfully in any size server farm. If you are in a large server farm. • Granted the fixed database role db_owner to all SharePoint Products and Technologies databases. roles. Security policies and other policies in your organization might require that DBAs create the databases needed by Windows SharePoint Services 3.com/fwlink/?LinkId=98317). Note: You must perform steps 1 though 6 from the following procedure on every Web server in the server farm before you complete the installation on any one Web server.0. you should read the "Large-farm optimization" section later in this document. we recommend that you add the account for the SharePoint Central Administration v3 application pool identity to the Administrators group on each of the local Web servers and application servers and then log on by using that account. database administrators (DBAs) create and manage databases. 211 . Complete the update on one front-end Web server. see Deploy using DBA-created databases (http://go. Note: For information about how to deploy Windows SharePoint Services 3. You can install the software update by logging on to the server directly or by connecting through a Terminal Services console session. If you use a different account to install the software update. it must be a domain account with the following memberships.microsoft. To ensure that you have the correct permissions to install the software update and run the SharePoint Products and Technologies Configuration Wizard. use one Web server that hosts the Central Administration Web site to finalize the installation. leave each server with the following dialog box displayed: You must run Setup to install new binary files for every server in your server farm. do not click OK. After you have finished updating one Web server that hosts the Central Administration Web site. When the dialog box from the previous step is displayed on all Web servers in the server farm. Disconnect users from the server farm by stopping the World Wide Web Publishing service (W3SVC) on all Web servers. click Start. 5. Note: If the wizard does not start automatically. Instead. 11. 12. by clicking OK in the dialog box. 2. If you have multiple servers in your server farm. point to Administrative Tools. 3. 212 . When the dialog box about installation in a server farm appears. click Next. you should follow the procedures in the "Verify installation" section on this one Web server to ensure that the software update installation was successful. 10.To install a software update 1. 8. 4. At the end of the software update installation.0 software update for all servers in your server farm. click Yes. In the dialog box that notifies you that some services might need to be restarted during configuration. 6. 9. point to All Programs. click Finish. click OK. Continue updating the remaining computers in the server farm. 7. the SharePoint Products and Technologies Configuration Wizard starts. and then return to this server and click OK to continue. On the Configuration Successful page. Note: It is important that the SharePoint Products and Technologies Configuration Wizard perform the configuration procedures on only one computer at a time. one at a time. On the SharePoint Products and Technologies Configuration Wizard Welcome page. On the Completing the SharePoint Products and Technologies Configuration Wizard page. Note: This manual step is done as a precaution to ensure that the service is fully stopped. Download and install the appropriate Windows SharePoint Services 3. and then click SharePoint Products and Technologies Configuration Wizard. click Next. run Setup and the configuration wizard on the other servers now. On the server you selected in the previous step. Repeat steps 4 and 5 for every content database you want to attach. You must perform the following procedure on all indexers and query servers in your server farm if either of the following conditions is true: • • You are running in a least-privileges scenario. To attach the content database from the command line • To attach the database. point to Administrative Tools. Enter the information for the content database you detached earlier. in the SharePoint Web Application Management section. and then click SharePoint 3. Note: If you did not follow the "To detach content databases" procedure. When the software update installation and configuration is complete on all the Web servers in the server farm. To start the search service 1. 3. On the Application Management page. If you did not configure additional computers specifically to upgrade the content databases. This procedure attaches and initiates an upgrade of the content database. you will need to follow the "To attach the content database from the command line" procedure. The account that you are using for the search service is either: • • Not an Administrator on the local computer. you can skip the "To attach the content database" procedures. enter the following command: stsadm -o addcontentdb -url <http://backupservername:port> -databasename <ContentDBName> -databaseserver <NewPrincipalServer> If you did configure additional computers specifically to upgrade the content databases. click Content databases. Not a member of the server farm administrator account. click Add a content database. 5. On the Central Administration site. click Application Management. To attach the content database 1. Click Start. 6. you can use the following procedure to attach the content database to the updated computers. Open a Command Prompt window and navigate to %COMMONPROGRAMFILES 213 . you must use one of the following procedures to attach the content database after the software update installation is complete.13.0 Central Administration. depending on if you configured additional computers to upgrade the content databases. 2. make the Web servers available to users by manually starting the World Wide Web Publishing service on each server on which you manually stopped the service. 4. If you completed the "To detach content databases" procedure. On the Manage Content Databases page. point to All Programs. you can configure additional computers as Web servers running Windows SharePoint Services 3. For the best performance with the upgrade operations.0 with SP1 in a singlecomputer server farm. In the scenario where you have a large number of sites or many Web servers. we recommend that you perform the additional step of detaching the content databases. Log on to each computer. To detach content databases 1. we recommend four to five Web servers. you do not need to follow this procedure. the content database is upgraded automatically. you need to use the -databaseserver parameter to specify the database server name. Run the following operation from the command line: stsadm -o deletecontentdb -url http://computername -databasename In this operation. you should use four or five front-end Web servers per database server. that is returned in the list from the previous step and run the following command: stsadm -o spsearch -action start Large-farm optimization In very large server farms. Note: Unless you are dealing with a very large server farm. installing a software update with the content databases attached is not practical in terms of downtime. This will result in certain pages not displaying correctly. and 214 . You can only attach one content database to the server farm at a time. -url specifies the Web application from which the content databases will be detached and -databasename specifies the name of content database to be detached. If the alternate access mappings are not identical.%\Microsoft Shared\web server extensions\12\bin. the content databases may be upgraded with the wrong URLs within their site content. You must configure alternate access mappings on these temporary front-end Web servers to match the original servers. either locally or through a remote connection. To identify the computers that are running an instance of the online Windows SharePoint Services search service. Note: If your database server is on a separate server. If you want to streamline the upgrade process even further. After you upgrade your server farm. 2. you must attach the content databases back to the server farm. because when you attach the databases to the upgraded server farm. open a command prompt and change directories to %COMMONPROGRAMFILES%\Microsoft Shared\Web server extensions\12\Bin. run the following command: stsadm -o spsearch -action list 3. to minimize the downtime required to upgrade. 2. To detach a content database using Stsadm. Because a full crawl recrawls all content. Notes • If you detach and reattach a content database. 215 . you should verify that the installation was successful by reviewing the upgrade log file (Upgrade. Search continues crawling based on the regular schedule defined by crawl rules. change to the following directory: %COMMONPROGRAMFILES%\Microsoft Shared\Web server extensions\12\LOGS 2.0. Default change log retention behavior when using built-in tools is as follows: • When a database ID and change log are retained.aspx). the installation was successful. to perform a parallel upgrade of the content databases. When a change log is not retained. Use a text editor to open the Upgrade. full crawls can take significantly more time to complete than incremental crawls. regardless of whether that content has been previously crawled. At this point. Root object = SPFarm=<Name of Configuration Database>. Search performs a full crawl during the next scheduled crawl. as described in the following procedure. Search. recursive = True. Verify installation After you install a software update. Scroll to the date on which you installed the software update.microsoft. 0 errors and 0 warnings encountered.log file.microsoft.com/enus/library/cc512723. Then. • If you are running the Infrastructure Update for Windows SharePoint Services 3. In Windows Explorer. If you find these entries. the identifier (ID) of each content database is retained when you restore or reattach the database by using built-in tools. the content databases are ready for service. 3.aspx) and Back up and restore the farm (http://technet. 4.log). The limiting factor for this method is that you cannot simultaneously update more than one content database for each Web application—even if you use multiple computers.com/en-us/library/cc287896. or visually scan. be aware that the next time the content within that content database is crawled a full crawl will occur. see Move all databases (http://technet. To view the upgrade log file 1. for the following entries: Finished upgrading SPFarm Name=<Name of Configuration Database> In-place upgrade session finishes. you should remove any content databases from the previous version and then back up the server farm. and attach them back to the original server farm. use these Web servers to upgrade the content databases while they are detached from the original server farm. After you detach the upgraded content databases from the temporary Web server. even if an incremental crawl has been requested.you must contact Microsoft Product Services to correct this problem. • For more information. run the following command: msiexec /p <PatchPackage> /l*vx %temp%\patch. is the same account used by the SharePoint Central Administration v3 application pool account —is configured with credentials that do not have permission to access the LOGS folder in %COMMONPROGRAMFILES%\Microsoft Shared\Web server extensions\12\.log is stored in the temporary storage folder of the account that is running the SharePoint Timer service. In addition to the previous procedure.4518 August 24. through the Upgrade. verify that the update was successful by using the SharePoint Central Administration Web site to view the version number on the Servers in Farm page. in the Topology and Services section. Use one of the following methods to open the Servers in Farm page: • On the Central Administration home page.6036 216 .com/fwlink/?LinkID=99206). verify the version number of each server in the farm to verify that each one has been updated to the new binary version. next to Version. click Servers in farm. including verbose output and detailed debugging information. To write all available logging information. To enable logging for Windows Installer.log file for the following terms: • • fail error After you identify and resolve the blocking issues. on the Operations page. In some configurations. The following Windows SharePoint Services 3. use the "To force a software update" procedure later in this section.aspx Where ServerName is the name of the server. click Operations. If you do not find the entries from the previous step. view the following Web page: http://ServerName:Port/_admin/FarmServers. part of the Upgrade. To view the Servers in Farm page 1.0.log.0. Note: You can enable Windows Installer logging before you start the software update installation again. 2.log Where PatchPackage is the path to the software update file. 2007 hotfix package 12. see Microsoft Knowledge Base article 99206: How to enable Windows Installer logging (http://go. and Port is the port that is configured for the Central Administration Web site.microsoft. Then. You can find the log file in the temporary file location with the file name msi*.5. the SharePoint Timer Service (OWStimer) account—which.0 version numbers are correct: • • Release 12.0. If this is the case. On the Servers in Farm page. • From Internet Explorer. or visually scanning. to the log files for the software update installation. by default. you can identify specific issues that may have contributed to the failure by searching.0. 0 You can also verify that the software update installation was successful by using SQL Query Analyzer to examine the SQL Server schema. To identify and resolve the blocking issues.6039 Service Pack 1 12. You can examine the version number of certain files in %COMMONPROGRAMFILES %\Microsoft Shared\Web server extensions\12\ISAPI The following Windows SharePoint Services 3.1016 October public update 12. the software update installation did not complete successfully.0.6300 If the version number matches the version number for the software update. To perform advanced installation verification 1.6219 Post Service Pack 1 rollup 12.0.0. To verify through direct examination of the SQL schema • This SQL Server query can be run on any SharePoint Products and Technologies database to track all the upgrades run on the database in the GUID 00000000-0000- 217 .0.4518.For more information about the software updates in the August hotfix. If the version number is not correct.0. use the following procedure to verify version numbers on certain files and verify certain keys in the registry.0. You should use the following procedure to determine if the SharePoint Products and Technologies Configuration Wizard was run after the software update. Note: The SSP databases could have different version numbers and the SSO databases do not have a versions table.6300 Infrastructure Update 12.0. • • • October public update 12.0.0.6219 Post Service Pack 1 rollup 12.6318 2. see Microsoft Knowledge Base article 941422: Description of the Windows SharePoint Services 3.com/fwlink/?LinkId=102044&clcid=0x409 ). If you need to investigate the success of the software update installation in more depth. Although the version of the DLL files and the registry are updated during the first part of an upgrade—when the files are being copied—the SQL Server schema is only upgraded after the SharePoint Products and Technologies Configuration Wizard is run. you have succeeded in updating the server.0 owssvr.6039 Service Pack 1 12.0.0 hotfix package (http://go.microsoft.0.0.dll version numbers are correct: • • • • • Release 12.0. follow the "To view the upgrade log file" procedure earlier in this article.0.0. Verify that the value is correct in the Version key in the following location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\12. For more information. If the installation did not succeed.com/fwlink/?LinkId=105802&clcid=0x409 ) You can create an installation source location that already contains the software updates that match those installed on your server farm by using the updates folder. Note: You can enable Windows Installer logging before you start the software update installation again.0000-0000-000000000000: SELECT * FROM Versions The highest value that maps to the GUID above should equal the current version of the product. When you use this installation source to add new servers to your server farm. For Service Pack 1 the version should include 6211. or you can use the following procedure to complete the configuration from the command line. see Microsoft Knowledge Base article 99206: How to enable Windows Installer logging (http://go.com/fwlink/?LinkId=105656&clcid=0x409 ) • X64: Windows SharePoint Services 3. we recommend that you use an installation source that has the software update files included.0).microsoft.0 x64 with Service Pack 1 (http://go.microsoft. To build a server to join an existing farm 1.0 with SP1 as an updated version at the following location: • X86: Windows SharePoint Services 3. To force a software update 1. you can run the SharePoint Products and Technologies Configuration Wizard again.com/fwlink/?LinkID=99206). but you have not created an updated installation source. Install the product without any software updates and do not run the SharePoint Products and Technologies Configuration Wizard.0 with Service Pack 1 (http://go. Type the following command: psconfig –cmd upgrade –inplace b2b –wait –force Add new servers to a server farm If you need to build a new server to join an existing server farm.microsoft. you must use the following procedure. For information. see the topic Create an installation source that includes software updates (Windows SharePoint Services 3. 218 . Open a Command Prompt window and change to the following directory: %COMMONPROGRAMFILES%\Microsoft shared\Web server extensions\12\Bin 2. the software update is already applied to the new server and the version of the new server matches the rest of the servers in your server farm. If you need to build a new server to join an existing server farm. You can download Windows SharePoint Services 3. 2. Install the product without any software updates and do not run the SharePoint Products and Technologies Configuration Wizard. Install the software update and do not allow the SharePoint Products and Technologies Configuration Wizard to run. you must either modify the registry or use the command line to force the configuration to complete successfully. 2.Note: By not running the SharePoint Products and Technologies Configuration Wizard you do not define the location for the configuration database by creating the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Web server extensions\12. 3. Use a registry editor to modify the setup type to a clean install. Open a Command Prompt window and run the following command: 219 .com/en-us/library/cc263093.aspx). Note: For more information about using Psconfig. 4. Run the SharePoint Products and Technologies Configuration Wizard at the prompt. 3. If you do not follow this process and you do run the SharePoint Products and Technologies Configuration Wizard after you install the released product. the SharePoint Products and Technologies Configuration Wizard reads the ConfigDB registry key and the SharePoint Products and Technologies Configuration Wizard displays: Exception: System.InvalidOperationException: Operation is not valid due to the current state of the object. To force an install after a failed configuration (command line) 1. Run SharePoint Products and Technologies Configuration Wizard to connect to your server farm.0\WSS\SETUPTYPE=CLEAN_INSTALL 3. Install the software update and do not run the SharePoint Products and Technologies Configuration Wizard.0\Secure\ConfigDB .microsoft. Install the software update. 2. Run SharePoint Products and Technologies Configuration Wizard to perform a disconnect operation. Use registry editor to modify the contents of the ConfigDB registry key and then run the SharePoint Products and Technologies Configuration Wizard. Use the Psconfig command-line tool. To force an install after a failed configuration by modifying the registry 1. To address this problem. see Command-line reference for the SharePoint Products and Technologies Configuration Wizard (http://technet. Change the registry key to the following: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Web server extensions\12. you can download updated language template packs through the Microsoft Download Center. see the topic Create an installation source that includes software updates (Windows SharePoint Services 3. you must install updated language template packs. we recommend that you browse to the Microsoft Update or Windows Update Web sites to detect the language template packs installed on your front-end Web server.config could not be modified because the path could not be located in the file system. and you update the Web server and then run the SharePoint Products and Technologies Configuration Wizard.config file.SharePoint. However. An updated language template pack is installed for each language template pack that is currently installed.PostSetupConfiguration. you must manually copy the Web. You must run the SharePoint Products and Technologies Configuration Wizard after updated language template packs have been installed for each currently installed language template pack. Additional exception information: Failed to upgrade SharePoint Products and Technologies.PostSetupConfigurationTaskException was thrown. To install the language template packs.0)0). This error occurs when the SharePoint Products and Technologies Configuration Wizard cannot locate or modify the Web. To resolve the issue. Error: Failed to upgrade SharePoint Products and Technologies If you add a new Web server to an existing server farm that does not have any Web applications.log file found in %COMMONPROGRAMFILES%\Microsoft Shared\Web server extensions\12\Logs contains the following error: The access control list on %COMMONPROGRAMFILES%\Microsoft Shared\Web server extensions\12\template\layouts\Web. The Upgrade. you might receive the following error message: An exception of type Microsoft.config file from %COMMONPROGRAMFILES%\Microsoft Shared\Web server extensions\12\Config to %COMMONPROGRAMFILES%\Microsoft Shared\Web server extensions\12\Template\Layouts. To create an installation location that you can use to install the language template packs with software updates already applied. 220 .psconfig -cmd configdb -connect -server <SQLServerName> -database SharePoint_Config_<dbname> -user <domainusername> -password <password> -cmd helpcollections -installall -cmd secureresources -cmd services -install -cmd installfeatures -cmd applicationcontent –install Update language template packs For each language template pack installed on a server that renders content. Known issues This section describes common errors you might encounter and what you need to do to fix them. Queries that normally take less than 5 seconds will be very slow. you must use the default location for the SUpdateLocation parameter. The new maximum disk space requirement on a query server or index server is increased to 2. This is a known issue and you can safely ignore this error message. Setup stops responding when you use an alternate location for the Updates folder When you are using the updates folder and specify an alternate location for the updates folder by modifying the SUpdateLocation parameter in the Config. If you want to use the updates folder. return an error.xml file Setup will stop responding and an error dialog box will appear. Error: Unknown SQL Exception 15363 The following error in the Event Viewer application log might appear after you install a software update: Source: Windows SharePoint Services Category: Database Event ID: 5586 Type: Error Description: Unknown SQL Exception 15363 occurred. Additional error information from SQL server is included below. Foxit PDF IFilter must be reinstalled after installing software update If you installed the Foxit PDF IFilter on your search server. Error: The search request is unable to connect to the search service After you install Service Pack 1 (SP1). You must reinstall the IFilter.After the Web.config file is in the Layouts folder.85 times the physical size of the index. This is a known limitation in the product. This error occurs when the role WSS_Content_Application_Pools already exists in the current database. and you will see the service error The search request is unable to connect to the search service . If adequate disk space is not available. more disk space is required for your query server or index server. the IFilter does not work after you install a software update. this change increases the disk space required to perform a master merge. This issue occurs because the method used to merge indexes has been modified to significantly improve performance and reduce server downtime. 221 . a maximum of 2 times the physical size of the index was required. you can run the SharePoint Products and Technologies Configuration Wizard again. However. Previously. your query servers will slow down or stop. or timeout. microsoft.com/fwlink/?LinkID=88900) 222 . see Microsoft Knowledge Base article 941678: The SharePoint Products and Technologies Configuration Wizard does not finish successfully on a computer that also has GroupBoard Workspace 2007 installed (http://go. To resolve this issue. you can use the following command from the %COMMONPROGRAMFILES %\Microsoft Shared\Web server extensions\12\Bin directory: psconfig -cmd upgrade -inplace b2b -wait –force The GroupBoard product team has developed a software update to enable you to install the Windows SharePoint Services 3.0.0.com/fwlink/? LinkId=102051&clcid=0x409).0 Service Pack 1 installation will not succeed if the following issues apply: • Software updates for GroupBoard Workspace 2007 that were released before Service Pack 1 were not installed on your Web servers running Windows SharePoint Services 3. To manually run the SharePoint Products and Technologies Configuration Wizard from the command line.GroupBoard Workspace 2007 and software update failures The Windows SharePoint Services 3. See Also • Windows SharePoint Services TechCenter (http://go. For more information.0 software update. Please upgrade this SharePoint application server before attempting to access this object. • GroupBoard Workspace 2007 is installed on your Web servers running Windows SharePoint Services 3. you can review the upgrade log file for the following error message: [SPManager] [ERROR] [2/5/2008 4:36:23 PM]: The specified SPContentDatabase Name=SharePoint_AdminContent_913f064d-579e-4029-9522-ec21ecc6f0c1 Parent=SPDatabaseServiceInstance Name=Microsoft##SSEE has been upgraded to a newer version of SharePoint. follow one these processes: • Apply the GroupBoard Workspace 2007 patch. install the Windows SharePoint Services 3. install the Windows SharePoint Services 3. To verify that this issue was the reason that the software update installation failed. and then run the SharePoint Products and Technologies Configuration Wizard. run the SharePoint Products and Technologies Configuration Wizard.0 software update with GroupBoard installed. and then reinstall GroupBoard Workspace 2007. • Remove GroupBoard Workspace 2007.microsoft.0 software update. along with software updates that match those installed on your server farm (also known as a slipstreamed installation source). This means that. all your Web servers must have the same software update version applied. critical update. before you add a new Web server to an existing server farm. Note: You must use the default location for the updates folder. Extract the software update files. Setup stops responding. feature pack. including any service pack. To use the updates folder 1. 2.0) In server farm deployments. for example. Copy the files from the released version source media for the product to a folder that you can use as an installation point for the servers in your server farm.Create an installation source that includes software updates (Windows SharePoint Services 3. 3. this new Web server must have the same software updates as the rest of the Web servers in your server farm. Note: In this article. update. To accomplish this. we recommend that you follow the procedures in this topic to create an installation source that contains a copy of the released version of the software. for x86 systems: wssv3sp1-kb936988-x86-fullfile-en-us. we use the term software update as a general term for all update types.0 released version. you must add software updates to the updates folder of the released version of the software. update rollup. If you use the SupdateLocation="path-list" property to specify a different location. 223 . or hotfix used to improve or fix this software product. Download the appropriate software update package. the new Web server will have the same software update version as the rest of the Web servers in your server farm. by using this command: <package> /extract:<path> The /extract switch prompts you to provide a folder name for the files.exe /extract:<C:\WSS>\Updates <C:\WSS> is the location to which you copied the files that you extracted from the Windows SharePoint Services 3. When you run Setup from this updated installation source. security update. Use the updates folder To create an installation source. 5. Copy these extracted files to the updates folder.com/fwlink/?LinkId=105656&clcid=0x409 ) • X64: Windows SharePoint Services 3. or you can create an image of this source that you can burn to a CD-ROM. and then run the SharePoint Products and Technologies Configuration Wizard to complete the configuration. You can now use this location as an installation point. Download the updated language template pack package for the released product. Copy the files that you extracted from the Windows SharePoint Services 3. To install the language template pack with the software update already applied. As an alternative to creating an updated installation source. 3.microsoft. in the subfolder in which you stored the files for the released product in step 3. the source is updated and is ready to use.0 with Service Pack 1 (SP1) as an updated version at the following location: • X86: Windows SharePoint Services 3. 224 .com/fwlink/?LinkId=105802&clcid=0x409 ) Language template packs Use the following procedure to create an installation location that you can use to install the language template packs with software updates already applied.0 x64 with Service Pack 1: (http://go.0 software update package to the updates folder you created in the previous step. Note: If you extracted the software update files to a location to which you had previously copied the source for a released version. Copy the extracted files to a folder that you can use as an installation point for the servers in your server farm. 2. Extract the files from the language template pack package. run Setup from this location. 7. To use the updates folder with language template packs 1. 4. You can now use this location as an installation point.0 with Service Pack 1: (http://go. Extract the files from the updated language template pack package.microsoft.4. you can download Windows SharePoint Services 3. or you can create an image of this source that you can burn to a CD-ROM. Download the language template pack package for the released product. 5. 6. such as Windows SharePoint Services. and you are planning to upgrade to Windows Server 2008. Windows Internal Database SP1 is installed.microsoft. and to download the service pack for either x86 or x64 architecture. you must install Windows Internal Database SP2 before you begin the Windows Server 2008 installation. You will need to address any installation issues on the computer running Windows Server 2003 before preparing Windows SharePoint Services 3.0 is installed.Upgrading to Windows Server 2008 for Windows SharePoint Services 3. FrontPage 2002 Server Extensions from Microsoft are installed.com/fwlink/?LinkId=108178&clcid=0x409 ) Stop the Search service If the Windows SharePoint Services Search service (Spsearch) is running while you are installing Windows Server 2008. see the following links: • Update for Windows Internal Database x86 (WYukon SP2 x86) (http://go.0 installation that uses Windows Internal Database (MICROSOFT##SSEE) as the default back-end database. Install Windows Internal Database SP2 If this is a basic or stand-alone Windows SharePoint Services 3. To avoid this. 225 . Windows SharePoint Services 3. For more information about Windows Internal Database SP2. Before you begin Address any installation issues The Windows Server 2008 installer will block the upgrade if any one of the following applies to the computer running Windows Server 2003: • • • • Windows SharePoint Services 2.microsoft.0 SP1 is not installed. Active Directory Rights Management Services. you should perform the following procedure. Windows Server Update Services.0 with SP1 If you have Windows SharePoint Services 3. Windows Internal Database uses SQL Server technology as a relational data store for Windows roles and features only. use the procedures in this article to prepare Windows SharePoint Services 3.0 for the upgrade. the search index might become corrupt.com/fwlink/?LinkId=108177&clcid=0x409 ) • Update for Windows Internal Database x64 (WYukon SP2 x64) (http://go.0 with Service Pack 1 (SP1) installed on a computer running Windows Server 2003.0 for the upgrade. and Windows System Resources Manager. UDDI Services. For more information about installing Windows Server 2008. Open a command prompt window.0. Install Windows Server 2008 You can now proceed with the Windows Server 2008 installation. click Start. To configure Windows SharePoint Services on Windows Server 2008 1.To stop the Windows SharePoint Services Search service 1. When Setup prompts you to choose an action. click Control Panel. 2. see the "Reset the Windows SharePoint Services Search service index" section in this article. 2. select Windows SharePoint Services 3. If Least User Access (LUA) is enabled on this computer. you can follow either of the following steps: • Turn off LUA and then repeat the instructions in this step. In Windows Server 2008. Stop the Windows SharePoint Services Search service by running the following command: net stop spsearch The message The Windows SharePoint Services Search service was stopped successfully is displayed. and then click Change. Run the SharePoint Products and Technologies Configuration Wizard.0. 226 . see the Windows Server 2008 Technical Library (http://go. Note: The search index might be corrupt if the SharePoint Products and Technologies Configuration Wizard cannot start or if the wizard seems to be stalled while trying to start the Windows SharePoint Services Search service after the upgrade. choose Repair. open Programs and Features. Perform a binary repair. Perform post-installation procedures After the Windows Server 2008 installation is complete.microsoft.exe from an installation point (where you have extracted the SP1 files to the Updates folder). For more information. Change the Startup type for the Windows SharePoint Services Search service to disabled by running the following command: sc config spsearch start=disabled The message [SC] ChangeServiceConfig SUCCESS is displayed.com/fwlink/?LinkId=106547&clcid=0x409 ). you must perform a binary repair to configure Windows SharePoint Services 3. 3. • Run Setup. Run the command: stsadm -o grantiis7permission The following messages confirm the changes: Granting permission to SPTimerV3 service to read from IIS 7. and then click Run as administrator. when you open Programs and Features to repair Windows SharePoint Services 3.0. Operation completed successfully.0. 2. Configure Windows Server Backup If you want to use Windows Server Backup with Windows SharePoint Services 3. 3. 227 . Change directory to %COMMONPROGRAMFILES%\Microsoft Shared\Web server extensions\12\BIN.com/fwlink/?LinkId=106802).0 or language template packs. make sure LUA is disabled. Open an elevated command prompt window. you must configure certain registry keys. Log on to the computer with a domain account that is a member of the Administrators group on the local computer. Before running repair. Click Start. you will not be able to run the repair operation if LUA is enabled (the default setting). you must grant the Windows SharePoint Services Timer (SPTimerV3) service permission to read from Internet Information Services (IIS) 7. If you do not configure these registry keys. Known issues Repair not allowed when Least User Access is enabled After the Windows Server 2008 installation is complete. click Accessories. Operations that use the timer job to query for IIS Web site properties could fail.0 1.0 or above. For information about configuring the registry keys for Windows Server Backup. 4.0. see the "Configure Windows Server Backup" topic in Install a stand-alone server on Windows Server 2008 (Windows SharePoint Services) (http://go.microsoft.0 as a stand-alone installation or if you installed it on a Web server in a server farm but the farm account is not an administrator on the computer.If you installed Windows SharePoint Services 3. Web application creation could fail in server farms with more than one Web application. Examples of symptoms that you might experience if the SPTimerV3 service does not have the appropriate permissions include: • • • Future installations of software updates might fail. Windows Server Backup will not work properly with Windows SharePoint Services 3. To grant the SPTimerV3 service permission to read from IIS 7. right-click Command Prompt. point to All Programs. at a minimum.ldf).mdf'. 228 . Run the following command for each Windows SharePoint Services 3. install Windows Internal Database SP2 and then use the following procedure to make sure your sites and the Search service work properly. To fix sites and the search function after upgrade 1.Fixing problems after upgrading without Windows Internal Database Service Pack 2 The Windows Server 2008 installer will block the upgrade if you have Windows Internal Database SP1 installed. but because sqlcmd requires Microsoft SQL Server Native Client. select the Windows Internal Database check box. these databases: configdb.ldf' Go Note: You should see. and searchdb. A potential problem is that.0 database (*. we recommend that you download the entire Feature Pack for Microsoft SQL Server 2005 (http://go. @filename2 = <drive:\path\Data>\<dbname>_log. To install Windows Internal Database.2005\MSSQL\Data EXEC sp_attach_db @dbname = '<dbname>'.mdf) and log file (*_log. all files will be in the following folder: %Windows%\SYSMSI\SSEE\MSSQL. If this is the situation. 5. admin contentdb. By default. click Features.com/fwlink/? LinkId=70728). Use the Microsoft SQL Server 2005 Command Line Query Utility (sqlcmd) to start the Windows Internal Database: sqlcmd -S \\. contentdb. the user removes Windows Internal Database SP1. open Server Manager.0 services: • • • • Windows SharePoint Services Timer Windows SharePoint Services Administration Windows SharePoint Services Tracing Windows SharePoint Services Search 2.com/fwlink/?LinkId=81183). included with Windows Server 2008.\pipe\mssql$microsoft##ssee\sql\query -E Note: The sqlcmd utility is a free download. after the upgrade is blocked. click Add Features.microsoft. but does not install Windows Internal Database SP2. For more information about the sqlcmd utility. and then click Install to complete the Add Features Wizard.microsoft. see sqlcmd Utility (http://go. Open a command prompt window and restart IIS with the following command: restartiis 3. @filename1 = '<drive:\path\Data>\<dbname>. and Windows Server 2008 installed successfully after Windows Internal Database SP1 was removed. Stop all Windows SharePoint Services 3. 4. point to Administrative Tools. 7. you must restart it by running the following command: stsadm -o spsearch -action start -databaseserver %_be% -databasename wsssearch 8. you might need to reset the search index for the Windows SharePoint Services Search service by performing the following procedure. Reset the Windows SharePoint Services Search service index If you did not stop the Windows SharePoint Services Search service while the upgrade was running. the wizard could have corrupted the search index.0. Notes If the Windows SharePoint Services Search service was running before you started this step. c. 3. to perform a binary repair. In the list of services. Right-click Windows Internal Database (MICROSOFT##SSEE). Click Start. Open SharePoint Central Administration. If you completed a binary repair in the "Perform post-installation procedures" section you can skip this step. Restart the Windows Internal Database service: a.6. In this case. 2. Click Start. Start the following Windows SharePoint Services 3. Note: If you ran the SharePoint Products and Technologies Configuration Wizard while the Windows SharePoint Services Search service was running.0 Central Administration.0 services: • • • Windows SharePoint Services Timer Windows SharePoint Services Administration Windows SharePoint Services Tracing Note: Make sure you do not start the Windows SharePoint Services Search service. click Start. click Stop to stop the Windows SharePoint Services Search service. click Services on server. 9. and then click Start. b. and then click Stop. Run the SharePoint Products and Technologies Configuration Wizard to configure Windows SharePoint Services 3. right-click Windows Internal Database (MICROSOFT##SSEE). 229 . you should follow the "To reset a corrupt Windows SharePoint Services Search service index" procedure in this article. select Windows SharePoint Services 3. point to Administrative Tools. and then click Services. and then click Change. click Control Panel. click Programs and Features. Otherwise. On the Operations tab. and then click SharePoint 3. To reset the Windows SharePoint Services Search service index 1.0. In the list of services. Scroll down and click Start. scroll to the Search Database section and rename the Database Name. On the Windows SharePoint Services Search service settings page. In the warning dialog box.4. If the SharePoint Products and Technologies Configuration Wizard cannot start the Spsearch service. and then click SharePoint 3. you must use the following procedure. 5. On the Services on Server page. Close the SharePoint Products and Technologies Configuration Wizard manually: a. Wait for the operation to complete. 6. because the service will not respond to a stop request from Central Administration. click Services on server. 6. Wait for the operation to complete. b. then the search index might be corrupt. point to Administrative Tools. 8. On the Services on Server page. Select Psconfig. 5. To reset a corrupt Windows SharePoint Services Search service index 1. In this situation. open a command prompt window and enter the command: stsadm -o spsearch -action stop 3. and then click End Process. you can use Central Administration to open the Operations Web page and the Services on Server Web page. 2. click OK. and then click the Process tab. Open Central Administration. 7. 230 . On the Operations tab. However. Start the SharePoint Products and Technologies Configuration Wizard. Open Task Manager. Click Start. The Windows SharePoint Services Search service settings page opens. To stop the Spsearch service. click Start to start Windows SharePoint Services Search. On the Windows SharePoint Services Search service settings page. 4. and then you will see that the status for Spsearch is starting. Scroll down and click Start. scroll to the Search Database section and rename the Database Name. click Start to start Windows SharePoint Services Search. Wait for the operation to complete. The Windows SharePoint Services Search service settings page opens.0 Central Administration.
Copyright © 2024 DOKUMEN.SITE Inc.