Introducing the Administration Tools for Windows SharePoint Services

Microsoft Windows SharePoint Services includes tools to help you manage the Web sites you create. You can manage Windows SharePoint Services locally by using Central Administration pages (which are created during installation) or by using the stsadm.exe command-line interface. Remote administration requires using the Central Administration HTML pages.

 Note   When the Central Administration virtual server and site is created, it is assigned a random port number between 1023 and 32767. To access the Central Administration site remotely, you must know this port number. You can use the stsadm.exe command line utility to view or change the administration port number.

HTML Administration Pages

Windows SharePoint Services includes HTML Administration pages to help manage your Web sites and servers. You can use these forms on the local computer or from a remote computer connected to either the Internet (Internet: The worldwide collection of networks and gateways that use the TCP/IP suite of protocols to communicate with one another. If you have access to the Internet, you can retrieve information from millions of sources.) or intranet. You must have the proper administrator rights (rights: File-level and folder-level permissions that allow access to a Web site.) to use HTML Administration pages.

For Windows SharePoint Services, there are two types of administration pages:

  • Central Administration pages
  • Site Administration and Site Settings pages

Central Administration Pages

The Central Administration pages allow you to manage settings for your server farm (server farm: A centralized grouping of network servers maintained by an enterprise or, often, an Internet service provider (ISP). A server farm provides a network with load balancing, scalability, and fault tolerance.), Web server (Web server: A computer that hosts Web pages and responds to requests from browsers. Also known as an HTTP server, a Web server stores files whose URLs begin with http://.), and virtual servers (virtual server: A virtual computer that resides on an HTTP server but appears to the user as a separate HTTP server. Several virtual servers can reside on one computer. Each virtual server can have its own domain name and IP address.). These pages are created during Windows SharePoint Services setup. By default, a newly created virtual server inherits settings from defaults set on the Central Administration pages. You can change these default settings and specify what settings to use for each extended virtual server. You must be either a member of the local administrators group (local administrators group: The group of users who have permission to perform administration tasks on the local server computer. The permissions for this group are set by using the administration tools for the operating system.) for the server computer or a member of the SharePoint administrators group to be able to use the Central Administration pages. For more information about the SharePoint administrators group, see Managing the SharePoint Administration Group.

Accessing SharePoint Central Administration Locally

To access to the Central Administration pages on the local computer, click Start point to Administrative Tools, and then click SharePoint Central Administration.

Accessing SharePoint Central Administration remotely

From the browser on a remote computer, type the Uniform Resource Locator (URL) (Uniform Resource Locator (URL): An address that specifies a protocol (such as HTTP or FTP) and a location of an object, document, World Wide Web page, or other destination on the Internet or an intranet. Example: http://www.microsoft.com/.) and port number, where server_name is the name of your front-end Web server and port is the port number of your central administration site. For example, http://server_name:port.

 Note   If you will be managing Windows SharePoint Services remotely over the Internet you should consider using SSL encryption.

Site Administration and Site Settings Pages

In addition to the Central Administration pages, which control settings for each server and virtual server, there are administration pages that control settings for each Web site. You can perform some administrative actions from the Site Settings page, and you can link from there to the Site Administration page. You must have administrator rights to the Web site to perform administrative actions on the Site Settings and Site Administration pages.

From the Site Settings and Site Administration pages, you can perform tasks such as:

  • Manage users and site groups.

You can add or remove users, edit site groups (site group: A custom security group that applies to a specific Web site. Users are assigned to site groups to grant them rights on a SharePoint site.), and change a user's site group membership. For more information, see Managing Users and Cross-Site Groups and Managing Site Groups and Permissions.

  • Create or delete subsites.

You can add a subsites (subsite: A complete Web site stored in a named subdirectory of the top-level Web site. Each subsite can have administration, authoring, and browsing permissions that are independent from the top-level Web site and other subsites.) or manage the existing subsites to your Web site. For more information, see Creating Sites and Subsites.

  • Change anonymous access.

If anonymous access is available for the virtual server that contains your Web site, you can control whether or not it is enabled for your Web site. For more information, see Managing Site Groups and Permissions.

  • Change regional settings.

You can change the locale, time zone, sort order, and time format to use for your Web site. For more information, see Language Considerations.

  • Manage Web discussions and alerts.

You can view all Web discussion (Web discussion: Comments that users attach to Web pages and documents. Known as Web discussions to differentiate from discussion boards. Requires a Web server that is running SharePoint Team Services or Windows SharePoint Services.) and user alerts for your Web site and delete any that are no longer needed. For more information, see Managing Web Discussions and Managing Alerts.

Note that if you are managing a subsite, the administration tasks available on the Site Administration page for the subsite are a subset of those available for top-level Web site (top-level Web site: The default, top-level site provided by a Web server or virtual server. To gain access to the top-level Web site, you supply the URL of the server without specifying a page name or subsite.).

The Site Settings and Site Administration pages are stored in the _layouts directory of the Web site. You can navigate to the Site Settings pages by using any of the following methods:

  • In your Web site, to get to Site Settings, click Site Settings. To get to Site Administration, on the Site Settings page, click Go to Site Administration.
  • In Microsoft Office FrontPage 2003, on the Tools menu, click Server, and then click Administration Home to get to Site Settings.
  • In Microsoft Internet Explorer, type the URL to the pages.

The path to the Site Settings page looks like this: http://websiteurl/_layouts/lcid/settings.aspx, where lcid refers to the locale ID (LCID) (locale ID (LCID): A 32-bit value defined by Microsoft Windows that identifies a particular language. The LCID consists of a language ID, a sort ID, and reserved bits. For example, the LCID for U.S. English is 1033, and the LCID for Japanese is 1041.). For example, for U.S. English, the lcid is 1033. The path to the Site Administration page in U.S. English looks like this: http://websiteurl/_layouts/1033/webadmin.aspx.

Command-Line Administration

Windows SharePoint Services includes Stsadm.exe for command-line administration of Windows SharePoint Services servers and sites. For 32-bit versions of Windows Server 2003, the stsadm.exe utility is located at the following path: %drive%\program files\common files\microsoft shared\web server extensions\60\bin. For x64-based versions of Windows Server 2003, the stsadm.exe utility is located at the following path: %drive%\program files (x86)\common files\microsoft shared\web server extensions\60\bin. You must be an administrator on the local computer to use the Stsadm.exe tool. (The remote command-line tool for SharePoint Team Services from Microsoft, Owsrmadm.exe, is not available.)

The Stsadm.exe tool provides a method for performing the Windows SharePoint Services administration tasks at the command line or using batch files or scripts. The stsadm.exe provides access to operations not available using the HTML administration pages, such as changing the administration port. The command-line tool has a more streamlined interface than HTML Administration pages, and allows you to perform the same tasks. There are certain operations and certain parameters which are only available using the stsadm.exe command line utility.

Operations available only from the command line:

addalternatedomain enumalternatedomains getadminport
addwppack enumroles getproperty
addzoneurl enumsites migrateuser
createsiteinnewdb enumsubwebs recalculatestorageused
deletealternatedomain enumtemplates setadminport
deletewppack enumusers setproperty
deletezoneurl enumwppacks
enumzoneurls

Parameters available only from the command line:

-force -overwrite -ssl
-globalinstall -propertyname
-hh -propertyvalue
-newname -servicename

 Note   For a complete list of the operations you can perform by using the command-line tool, see Command-Line Operations.

The Command-Line Tool Is Not Interactive

Stsadm.exe is not an interactive tool. With Stsadm.exe, you type the operation and parameters all at once. You will not be prompted to fill in missing parameters while the operation is running. If a required parameter is missing, the operation fails, and you must type the operation and parameters again.

This behavior allows better flexibility for batching commands, since the tools do not prompt you for information after you have submitted a command. If you want a more interactive tool, try using the administrative object model or HTML Administration pages.

Using the Command-Line Tool

The command-line tool provides access to the complete set of Windows SharePoint Services operations. You can use the stsadm.exe command-line utility from the command line or with batch files or scripts. Stsadm.exe must be run on the server computer itself.

To use the Stsadm.exe tool, you must be a member of the local Administrators group on the server computer. When you invoke Stsadm.exe, you supply an operation and a set of command-line parameters in the form:

-operation OperationName -parameter value

 Note   If a value you need to use with the command line tool includes a space or a character that is treated as special by the command-line interface, such as an ampersand (&), you can enclose the string in quotation marks ("). For example, if the URL to a site is http://my site, you can enter the URL as "http://my site".

Most parameters for the command line also have a short form that you can use instead of the full parameter name. For example, the following command sets the configuration database (configuration database: The Microsoft SQL Server or MSDE database that contains the configuration information that applies across all servers in a deployment of Windows SharePoint Services, such as virtual server information.) to use Server1_collab on Server1 and specifies the database user name and password to connect with:

stsadm.exe -o setconfigdb -connect -ds Server1 -dn Server1_collab 
-du User1 -dp password

The following table explains the command and parameters from this example. For detailed information about each command-line operation and related parameters, see Command-Line Operations and Command-Line Parameters.

Command or parameter Definition
-o setconfigdb Creates a connection between Windows SharePoint Services and a configuration database.
-connect Specifies that there is an existing configuration database to use.
-ds Server1 Specifies the server name that contains the database to use.
-dn Server1_collab Specifies the database name to use on that server.
-du User1 Specifies an administrator user name for the database.
-dp password Specifies the password for the user.

Managing Windows SharePoint Services Remotely

When you install Windows SharePoint Services, the Central Administration pages are installed to an administration port. You use these pages on the administration port to manage your server remotely. You can open Central Administration pages from any client computer, provided you know the administration port number and log on by using an account that is a member of the Administrators group on the server. You can use the Site Administration pages by using an account that is a member of a site group with the Manage Web Site right for that site.

To help secure HTML Administration pages for Windows SharePoint Services, be sure to follow the security precautions discussed in this topic.

About Remote Administration and Security

When you manage a server remotely, a wider community of users is given greater access from the Internet to that Web server, which creates a security risk. In an unsecured server, an unauthorized person could gain access to Web sites based upon Windows SharePoint Services on your server and modify Web site settings —even delete Web sites. To help prevent such tampering during remote administration and authoring, the following precautions are recommended:

  • Require the use of a non-standard HTTP port for accessing the Central Administration pages.

This precaution makes it much more difficult for malicious users to guess the URL of HTML Administration pages or the remote administration programs. When you install Windows SharePoint Services on the Microsoft Windows platform, a random non-standard administration port (administration port: The Internet Information Services (IIS) virtual server and port used for SharePoint Central Administration.) is automatically used for the SharePoint Central Administration pages.

 Note   You can use Stsadm.exe to retrieve or change this administration port number. Do not use Internet Information Services to change the administration port, because that can break the shortcut to SharePoint Central Administration pages from the Start menu.

  • Use IP address mask restrictions to prevent unauthorized computers from gaining access to the administration port.

If you are exposing the administration virtual server externally to allow remote administration, use secure connections, and require users to have strong passwords that are frequently updated. Typically, any IP addresses that are not part of the corporate or data center domain are denied access. For more information, see the Internet Information Services (IIS) (Internet Information Services (IIS): Software services from Microsoft that support Web site creation, configuration, and management, along with other Internet functions.) 6.0 Help system.

  • Configure the administration virtual server to require secure connections

In IIS, configure the administration virtual server to use a Secure Socket Layer (SSL). For more information, see Configuring Authentication.

Using HTML Administration Pages Remotely

When you install Windows SharePoint Services, the Central Administration pages are installed to an administration port. You use these pages on the administration port to manage your server remotely. You can open Central Administration pages from any client computer, provided you log on by using an account that has administrator access rights to the server. You can open the Site Administration pages by using an account that has administrator rights to the Web site.

If you have chosen to use Secure Sockets Layer (SSL) on your administration port, you must use the HTTPS protocol to navigate to the pages. For more information about configuring SSL, see Configuring Authentication.

Connect to the administration port by using the HTTPS protocol

For example, https://sample.microsoft.com:1439.

After you connect to the remote HTML Administration pages, you can perform any of the administration tasks as if you were connected locally.

Changing the Administration Port

You can change the administration port for your server to a port that is easy to remember or that is a standard installation port number for your organization. To change the administration port, use the setadminport operation. The setadminport operation takes the port parameter (specifying the new port number).

Changing the administration port can only be done from the command line. You must use the Stsadm.exe tool on the server computer itself to change the administration port. To change the administration port, use the following syntax:

Stsadm.exe –o –setadminport –port <port>

 Note   If you are using SSL for your administration port, be sure to use the -ssl parameter with the preceding command-line syntax to ensure that the links in HTML Administration work properly. For more information, see Configuring Authentication.

Setting Configuration Properties

You can configure several features of Windows SharePoint Services by setting the values of configuration properties. For example, you can set a property to:

  • Specify whether a secondary contact name is needed when creating sites with Self-Service Site Creation.
  • Specify SMTP server settings.
  • Specify whether alerts are enabled for a virtual server.

Many properties are included as options in HTML Administration pages for your server or virtual server (virtual server: A virtual computer that resides on an HTTP server but appears to the user as a separate HTTP server. Several virtual servers can reside on one computer. Each virtual server can have its own domain name and IP address.). Properties can also be set from the command line or by using the object model. For a complete list of the properties you can set from the command line, see Command–Line Properties.

Most properties have a default value that is used at site creation time if no other value is specified. These default values are not enforced in any way, and can be overwritten by changing the value in the HTML Administration pages or on the command line. Default values are a starting point, they are not enforced or secured.

Using the Command Line to Set Properties

You can set configuration property (configuration property: A property that allows an administrator to control Windows SharePoint Services settings.) by using the command-line tool Stsadm.exe and the following operations: GetProperty and SetProperty. With these operations, you can query for or set property values directly from the command line. Because the properties are available through the command-line tools, you can set configuration properties and perform other operations by using a batch file.

When you get or set a property, you must specify the level of the Web server (Web server: A computer that hosts Web pages and responds to requests from browsers. Also known as an HTTP server, a Web server stores files whose URLs begin with http://.) to which the property applies: server or virtual server. You specify the level you want for the property in the syntax of the command. The following table lists the parameters to use to specify the level of a property.

Parameter Scope
<none> Gets or sets the property per server. The property applies to all virtual servers, sites, and subsites on the server computer.
-url Gets or sets the property by virtual server. The property applies to sites and subsites on a single virtual server.

Setting a Property

When you set a property, you must specify the property as a string, although some properties are interpreted numerically. You must also specify the propertyname (-pn) parameter and the propertyvalue (-pv) parameter when you set a property. In the following example, the alerts-enabled property is set for the virtual server at http://servername:

Stsadm.exe –o setproperty –pn alerts-enabled –pv true -url http://servername

The alerts-enabled property specifies whether alerts are turned on or off for a virtual server.

Querying for a Property

You can retrieve the current state of a property by using the GetProperty operation. You specify the propertyname, and the propertyvalue is returned. For example, to see what the alerts-enabled property is currently set to for the virtual server at http://servername, you type:

Stsadm.exe –o getproperty –pn alerts-enabled -url http://servername

Properties and HTML Administration

Most properties that can be set from the command line are also available as options in HTML Administration pages. For example, the alerts-enabled property can be set by turning alerts on or off on the Virtual Server General Settings page. If you are mainly using HTML Administration pages to perform your administration tasks, most properties are set for you when you select options on those pages.

Related Topics

For a complete list of the operations you can perform by using the command-line tools, see Command-Line Operations.

For a complete list of the properties that you can set, see Command-Line Properties.

For a complete list of the parameters you can use with operations and properties, see Command-Line Parameters.

 
 
Applies to:
Deployment Center 2003