Roux Visser’s SharePoint Blog

29/01/2009

The SharePoint Central Administrator Configurations

Filed under: SharePoint Configuration, SharePoint Guides, SharePoint 2007 — Roux Visser @ 08:57 pm

Once SharePoint has been installed it is time to configure the services and settings for your SharePoint farm, the following post will outline Microsoft Best Practices for doing so.

 Notes

  • If you are prompted for your user name and password, you might need to add the SharePoint Central Administration site to the list of trusted sites and configure user authentication settings in Internet Explorer. Instructions for configuring these settings are provided in the next set of steps.
  • If you see a proxy server error message, you might need to configure your proxy server settings so that local addresses bypass the proxy server. Instructions for configuring this setting are provided later in this section.

Add the SharePoint Central Administration site to the list of trusted sites

  1. In Internet Explorer, on the Tools menu, click Internet Options.
  2. On the Security tab, in the Select a Web content zone to specify its security settings box, click Trusted Sites, and then click Sites.
  3. Clear the Require server verification (https:) for all sites in this zone check box.
  4. In the Add this Web site to the zone box, type the URL for the SharePoint Central Administration site, and then click Add.
  5. Select the Require server verification (https:) for all sites in this zone check box.
  6. Click Close to close the Trusted Sites dialog box.
  7. Click OK to close the Internet Options dialog box.

Configure user authentication settings for trusted sites

  1. In Internet Explorer, on the Tools menu, click Internet Options.
  2. On the Security tab, in the Select a Web content zone to specify its security settings box, click Trusted sites, and then click Custom Level.
  3. In the Settings list box, under User Authentication, click Automatic logon with current username and password.
  4. Click OK twice.

Note: If you do not want to add the SharePoint Central Administration site to the list of trusted sites, but you do not want to be prompted for your user name and password every time you access the SharePoint Central Administration site, you can instead add the SharePoint Central Administration site to the Local intranet zone. If you do this, you must enable the Automatic logon only in Intranet zone user authentication setting instead of the Automatic logon with current username and password user authentication setting. 

Configure 2007 Office SharePoint Server services

After you have installed and configured Office SharePoint Server 2007 on all of your front-end servers, you must configure Office SharePoint Server 2007 services. The services you need to configure depends on your server topology and the server roles you deploy. Use the following guidelines to determine which services you need to configure in your server farm.

  • Search and indexing servers You must start and configure the Office SharePoint Server Search service on at least one of your front-end servers. This service provides search and indexing services. You can start and configure this service on any type of server, including a server that is acting as an application server and provides only Office SharePoint Server 2007 services, a server that is acting as both an application server and a Web server and provides both Office SharePoint Server 2007 services and Web services, or a server that is acting as a Web server and provides only Web services.
  • Web servers The Web server role is implemented by IIS and the Windows SharePoint Services Web Application service. The Windows SharePoint Services Web Application service must be running on any server that acts as a Web server and renders Web content. This service is started by default on servers that you set up using the Web Front End option during Setup. If you set up a server using the Complete option during Setup, and you want that server to act as a Web server and render Web content, then you must start the Windows SharePoint Services Web Application service on that server.



In addition to configuring services on your front-end servers, you must create the Shared Services Provider (SSP). The SSP makes it possible to share the Office SharePoint Server 2007 services across your server farm. You must create the SSP before you can use it in a farm environment; Office SharePoint Server 2007 does not create the SSP by default in a farm environment.

The following procedures step you through the process of configuring Office SharePoint Server 2007 services, creating a Web application for the SSP, creating the SSP, and configuring indexing settings.

 Start and configure the Search service

  1. On the SharePoint Central Administration home page, click the Operations tab on the top navigation bar.
  2. On the Operations page, in Topology and Services, click Servers in farm.
  3. On the Servers in Farm page, click the server on which you want to configure the search service.
  4. Click Start next to Office SharePoint Server Search.
  5. On the Office SharePoint Server Search Settings page, in the Query and Indexing section, make sure that the Use this server for indexing content and Use this server for serving search queries check boxes are selected.
  6. In the Default Catalog Location section, type a path to a physical folder to store the index files, or use the default location that is specified.
  7. In the Contact E-Mail Address section, specify a valid e-mail address.
  8. In the Service Account section, click Configurable, and in User name and Password, type the user name and password for the user account under which you want the Search service to run. The user account must be a member of the Administrators group on the computer that is running the Search service. If you want to use the principle of least privilege and select a unique user account that does not have administrative rights on your front-end servers or on your back-end database servers, see the Known Issues/Readme for Office SharePoint Server 2007 Beta 2. The user name must be in the format DOMAIN\username.
  9. In the Web Front End And Crawling section, do one of the following:
  • If you are configuring the search service on a server that provides Web services and renders Web content, click No dedicated Web front-end computer for crawling
  • If you are configuring the search service on a server that is a standalone search server that does not provide Web services and render Web content, click Use a dedicated web front end computer for crawling, and then, in Select a web front end computer, click the computer you want to use for crawling.
  1. Click Start.

Start the Windows SharePoint Services Web Application service

You must start the Windows SharePoint Services Web Application service on every computer that you want to act as a Web server and was set up using the Complete option during Setup. This service is started by default on servers that were set up using the Web Front End option. To enhance security, you can leave this service turned off on application servers that do not provide Web content to client computers. Also, you do not need to turn this service on to use SharePoint Central Administration on a server.

  1. On the SharePoint Central Administration home page, click the Operations tab on the top navigation bar.
  2. On the Operations page, in Topology and Services, click Servers in farm.
  3. On the Servers in Farm page, click the server on which you want to start the Windows SharePoint Services Web Application service.
  4. Click Start next to Window SharePoint Services Web Application.

Create the Shared Services Provider

  1. On the SharePoint Central Administration home page, click the Application Management tab on the top navigation bar.
  2. On the Application Management page, in the Office SharePoint Server Shared Services section, click Create or configure this farm’s shared services.
  3. On the Manage this Farm’s Shared Services page, click New SSP.

Important: If you have not created a Web application for the SSP administration site, you need to create one before you create the SSP. If you have already created a Web application for the SSP administration site, skip to step 14.

On the New Shared Services Provider page, click Create a new Web application.

  • On the Create New Web Application page, in the IIS Web Site section, click Create a new IIS web site, and do not modify the default settings in this section.
  • In the Security Configuration section, under Authentication provider, select the appropriate option for your environment, and do not modify the default settings in the remainder of this section.
  • In the Load Balanced URL section, do not modify the default settings.
  • In the Application Pool section, click Create new application pool.
  • In Application pool name, enter the name of your application pool or use the default name.
  • Click Configurable, and in User name and Password, type the user name and password for the user account under which you want the application pool to run. The user account does not have to be a member of any particular security group. It is recommended that you use the principle of least privilege and select a unique user account that does not have administrative rights on your front-end servers or on your back-end database servers. You can use the user account that you specified as the Office SharePoint Server 2007 service account; however, if that user account is a member of a security group that has administrative rights on your front-end servers or your back-end database servers, you will not be following the principle of least privilege. The user name must be in the format DOMAIN\username.
  • In the Database Name and Authentication section, verify the database information and make sure that Windows Authentication (recommended)is selected.
  • In the Search Server section, do not modify the default settings.

Click OK. Upon successful creation of the Web application, the New Shared Services Provider page appears.
NOTE: If the SharedServices Provider created successfully but can not be displayed in your web browser then follow these steps to correct this issue:

This issue happens when creating all your sites in the same web application which means they use the same port, these sites are:

  • Shared Service Provider Administration Site (Recommended to be called ‘SSPAdmin’)
  • My Site Host (Recommended to be called ‘MySite’)
  • The Main Intranet (or ‘Portal’) Site (Recommended to be called ‘Intranet’)

It is much simpler if all of these sites are on port 80 in IIS; this means that you do not have to remember to enter the ports all of the time. However having all three sites on port 80 means that each needs their own Host Header (required by IIS to differentiate between sites on the same port). The simplest way to do this is to create new ‘Host (A)’ records in DNS for each of your three sites. These should point to the IP address of your server; to do this follows these steps:

  • Open the DNS Management tool from Administration Tools on your domain controller
  • Navigate to your DNS zone
  • Create new ‘Host (A)’ record
  • Enter the Host header (i.e. ‘SSPAdmin’, ‘MySite’ or ‘Intranet’) for the site and the IP address of your server
  • Click ‘Add Host’ and repeat for each of the three sites

Now the DNS entries are configured, we can continue.

  • In the SSP Name section, in Web Application, select the Web application that you created for the SSP, and do not modify any of the default settings in this section.
  • In the My Site Location section, do not modify any of the default settings.
  • In the SSP Service Credentials section, in User name and Password, type the user name and password for the user account under which you want the SSP to run. The user account does not have to be a member of any particular security group. It is recommended that you use the principle of least privilege and select a unique user account that does not have administrative rights on your front-end servers or on your back-end database servers. You can use the user account that you specified as the Office SharePoint Server 2007 service account; however, if that user account is a member of a security group that has administrative rights on your front-end servers or your back-end database servers, you will not be following the principle of least privilege. The user name must be in the format DOMAIN\username.
  • In the SSP Database section, you can either accept the default settings (recommended), or specify your own settings for the database server, the database name, or the SQL authentication credentials.
  • In the Search Database section, you can either accept the default settings (recommended), or specify your own settings for the search database server, the database name, or the SQL Server authentication credentials.
  • In the Index Server section, in Index Server, click the server on which you configured the Search service.


    Note: If there is no index server listed in the Index Server section, then no server in your farm has been assigned the index server role. To assign the index server role to a server in your farm, follow the instructions in the “Configure the Search service” section earlier in this topic.

  1. In the SSL for Web Services section, click No.
  • Click OK. Upon successful creation of the SSP, the Success page appears.
  • On the Success page, click OK to return to the Manage this Farm’s Core Services page.

Configure indexing settings

  1. On the SharePoint Central Administration home page, click the Application Management tab on the navigation bar.
  2. On the Application Management page, in the Office SharePoint Server Shared Services section, click Create or configure this farm’s shared services.
  3. On the Manage this Farm’s Shared Services page, click SharedServices1.
  4. On the Shared Services Administration page, in Search, click Search Settings.
  5. On the Configure Search Settings page, in the Crawl Settings section, click Default content access account.
  6. In the Default content access account section, in Account, Password, and Confirm Password, type the user name and password for the user account that you want to use to crawl content on your sites. This account must be a domain user account. It is recommended that you use the principle of least privilege and select a unique user account that cannot modify content and does not have administrative rights on your front-end servers or on your back-end database servers. You can use the user account that you specified as the Office SharePoint Server 2007 service account; however, if that user account is a member of a security group that has administrative rights on your front-end servers or your back-end database servers, you will not be following the principle of least privilege. The user account that you specify will be added to the Web application Full Read policy for your farm. The user name must be in the format DOMAIN\username.
  7. Click OK.
  8. In the Crawl Settings section, click Content sources.
  9. On the Manage Content Sources page, click Local Office SharePoint Server sites.
  10. On the Edit Content Source page, in the Crawl Schedules section, under Full Crawl, click Create schedule.
  11. In the Manage Schedules dialog box, configure schedule settings for full crawls of your content, and then click OK.
  12. In the Crawl Schedules section, under Incremental Crawl, click Create schedule.
  13. In the Manage Schedules dialog box, configure schedule settings for incremental crawls of your content, and then click OK.
  14. In the Start Full Crawl section, select the Start full crawl of this content source check box, and then click OK.

SharePoint 2007 Server Setup

Filed under: SharePoint Guides, SharePoint 2007 — Roux Visser @ 07:46 pm

This section outlines the steps taken to install SharePoint 2007 on a pre-prepared Windows 2003 Server.     

Run the Officeserver.exe

  • Run Officeserver.exe, on one of your Web server computers.
  • On the Enter your Product Key page, enter your product key and click Continue.


  1. On the Choose the installation you want page, click Advanced.


  1. On the Server Type tab, do one of the following:

If you are setting up a computer that will act as an application server, or a Web server and an application server, click Complete, and then click Install Now.  

If you are setting up a computer that will act as a Web server only, click Web Front End, and then click Install Now.


  1. When Setup finishes, a dialog box appears telling you that you must complete the configuration of your server. Make sure that the Run the SharePoint Products and Technologies Configuration Wizard now check box is selected.
  2. Click Close to start the configuration wizard. Instructions for completing the wizard are provided in the next set of steps.

SharePoint Products and Technologies Configuration

After Setup finishes, you can use the SharePoint Products and Technologies Configuration Wizard to configure Office SharePoint Server 2007. The SharePoint Products and Technologies Configuration Wizard automates several configuration tasks, including: installing and configuring the configuration database, installing Office SharePoint Server 2007 services, and installing SharePoint Central Administration. Use the following instructions to run the SharePoint Products and Technologies Configuration Wizard.

  1. On the Welcome to SharePoint Products and Technologies page, click Next.


  1. Click Yes in the warning dialog box that appears notifying you that some services might need to be restarted during configuration.
  2. On the Connect to a server farm page, do one of the following:

If this is the first front-end server that you are configuring in your server farm, click No, I want to create a new server farm, and then click Next.

 If you have already configured your first server in your server farm, click Yes, I want to connect to an existing server farm, and then click Next.

 


  1. On the Specify Configuration Database Settings dialog box, in Database server, type the name of the computer that is running SQL Server.
  2. Do one of the following:

If this is the first server that you are configuring in your server farm, type a name for your configuration database in Database name, or use the default database name.  

If you have already configured the first server in your server farm, click Retrieve Database Names, and in Database name click the database name that you created when you configured the first server in your server farm. The default name is SharePoint_Config.


  1. In User name , type the user name of the account used to connect to the computer running SQL Server (be sure to type the user name in the format DOMAIN\username).

    Important: This account is the Office SharePoint Server 2007 service account under which several Office SharePoint Server 2007 services run. The user account that you specify as the Office SharePoint Server 2007 service account must be a domain user account, but it does not need to be a member of any specific security group on your front-end servers or your back-end database servers. However, the user account that you specify must be a member of the following two SQL Server security roles on your back-end database servers: Database Creator and Security Administrator. It is recommended that you follow the principle of least privilege and specify a user account that is not a member of the Administrators group as your Office SharePoint Server 2007 service account.

  2. In Password, type the user’s password, and click Next.
  • Skip the next step if you have already configured first server in your server farm.
  • On the Configure SharePoint Central Administration Web Application page, select the Specify port number check box and type a port number if you want the SharePoint Central Administration Web application to use a specific port, or leave the Specify port number check box unchecked if you do not care which port number the SharePoint Central Administration Web App users.



  1. On the Configure SharePoint Central Administration Web Application dialog box, select NTLM authentication (the default) or Kerberos (depending on the client’s requirements), click Next.
  2. On the Completing the SharePoint Products and Technologies Wizard page, click Next.
  3. On the Configuration Successful page, click Finish.

Deployment for SharePoint 2007

Filed under: SharePoint Guides, SharePoint 2007 — Roux Visser @ 07:04 pm

A server farm typically consists of one or two back-end database servers and one or more front-end servers that provide Web services and Office SharePoint Server 2007 services, such as search, Excel Services, and indexing.

 Hardware and Software requirements

Before you install and configure Office SharePoint Server 2007, make sure your servers have the recommended hardware and software. To deploy a server farm, you need at least one server computer acting as a Web server and an application server, and one server computer acting as a database server. The server computers must meet the following requirements:

Hardware Requirements

  • Front-end Web server and application server computers: a dual-processor computer with processor clock speeds of 2.5-gigahertz (GHz) or higher and a minimum of 2 gigabytes (GB) of RAM.
  • Back-end database server: a dual-processor computer with processor clock speeds of 2.0 GHz or higher and a minimum of 2 GB of RAM.

 Software Requirements

  • Microsoft Windows Server 2003 (Standard, Enterprise, Datacenter, or Web Edition) with Service Pack 1 (SP1)
  • Microsoft .Net Framework 2.0
  • Microsoft .Net Framework 3.0
  • The Web server and application server computers must be configured as Web servers running Microsoft Internet Information Services (IIS) in IIS 6.0 worker process isolation mode.
  • Each of the computers must be using the NTFS file system. Windows Server 2003 includes a conversion utility (Convert.exe) that you can use to convert an existing file allocation table (FAT) volume to NTFS without losing data.

SQL Server Preparation

Back-End Database Server

The back-end database server computer must be running Microsoft SQL Server 2005 or Microsoft SQL Server 2000 with Service Pack 3 (SP3) or later. It is assumed that you have installed and configured the database program on the back-end server computer. You do not need to set up or create specific databases for Office SharePoint Server 2007. The Office SharePoint Server 2007 Setup program will create the necessary databases when you install and configure Office SharePoint Server 2007.

In addition to these requirements, if you are using SQL Server 2005, you need to configure area settings. Use the following procedure to do this.

 Configure Surface area settings in SQL Server 2005

  1. Click Start, point to All Programs, point to Microsoft SQL Server 2005, point to Configuration Tools, and then click SQL Server Surface Area Configuration.
  2. In the SQL Server Surface Area Configuration dialog box, click Surface Area Configuration for Services and Connections.
  3. In the tree, open your instance of SQL Server, open Database Engine, and then click Remote Connections.
  4. Click Local and Remote Connections, click Using both TCP/IP and named pipes, and then click OK.

Security Account requirements for SQL

To install Office SharePoint Server 2007 in a server farm environment, at-least 2 accounts are required:

  • A user account that you can use to install Office SharePoint Server 2007 and run the SharePoint Products and Technologies Configuration Wizard. This account must be:
  • A domain user account.
  • A member of the Administrators group on each of your front-end servers.
  • A member of the SQL Server Logins, which grants login access to your SQL Server instance.
  • A member of the SQL Server Database Creator server role, which grants permission to create and alter databases.
  • A member of the SQL Server Security Administrators server role, which grants permission to manage server logins.


A unique domain user account that you can specify as the Office SharePoint Server 2007 service account. This user account is used to access your SharePoint configuration database. It also acts as the application pool identity for the SharePoint Central Administration application pool and it is the account under which the Windows SharePoint Services Timer service runs. The SharePoint Products and Technologies Configuration Wizard adds this account to the SQL Server Logins, the SQL Server Database Creator server role, and the SQL Server Security Administrators server role. It is recommended that you follow the principle of least privilege and do not make this user account a member of any particular security group on your front-end servers or your back-end servers.

Security Account requirements for SharePoint

The Service Accounts for Creating a Web Application are:

  • SPApppool needs to be member of the Domain Users, IIS_WGP, WSS_WPG Group
  • SPContent needs to be a member of the Domain Users Group
  • SPDatabse needs to be a member of the Domain Users IIS_WGP, WSS_ADMIN_WPG Group
  • SSPSearch needs to be a member of the Domain Users and WSS_WPG Group

The Service Accounts required for SharePoint Installation are:

  • SPInstall needs to be a member of the Administrators and WSS_ADMIN_WPG Group
  • SPSite(for site creation and administration) needs to be member of the Administrators and WSS_ADMIN_WPG Group


The Service Account required for SQL is:

  • SQLService needs to be a member of the Domain Users Group


    The Service Account required for Single-Sign On is:

  • SSOService needs to be a member of the Administrators Group, IIS_WPG, WSS_WPG and WSS_ADMIN_WPG

  • EntApp needs to be a member of the Administrators Group, IIS_WPG, WSS_WPG and WSS_ADMIN_WPG


    •  

Server Roles for a MOSS Environment

Filed under: SharePoint Configuration, SharePoint Guides, SharePoint 2007 — Roux Visser @ 06:53 pm

Application Server – Configure a Web Server

Before you install and configure Office SharePoint Server 2007, you must install and configure the required software on each of your front-end servers. This includes installing and configuring IIS so your front-end servers act as Web servers, installing Windows .NET Framework 2.0, enabling ASP.NET 2.0, and installing Windows Workflow Foundation Runtime Components Beta 2.2 (build 3807.7).

 Install and configure IIS

IIS is not installed or enabled by default in Windows Server 2003. To make your server a Web server, you must install and enable IIS, and you must make sure that IIS is running in IIS 6.0 worker process isolation mode.

  • Click Start, point to All Programs, point to Administrative Tools, and then click Configure Your Server Wizard.
  • On the Welcome to the Configure Your Server Wizard page, click Next.
  • On the Preliminary Steps page, click Next.
  • On the Server Role page, click Application server (IIS, ASP.NET), and then click Next.
  • On the Application Server Options page, click Next.
  • On the Summary of Selections page, click Next.
  • Click Finish.
  • Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
  • In the IIS Manager tree, click the plus sign ( ) next to the server name, and then right-click the Web Sites folder and select Properties.
  • In the Web Sites Properties dialog box, click the Service tab.
  • In the Isolation mode section, clear the Run WWW service in IIS 5.0 isolation mode check box, and then click OK.

Note: The Run WWW in IIS 5.0 isolation mode check box is only selected if you have upgraded to IIS 6.0 on Windows Server 2003 from IIS 5.0 on Microsoft Windows 2000. New installations of IIS 6.0 use IIS 6.0 worker process isolation mode by default.

Powered by WordPress