Introducing the Administration Tools for Windows SharePoint Services 2.0

Microsoft Windows SharePoint Services includes tools to help you manage the Web sites you create. You can manage Windows SharePoint Services locally by using Central Administration pages (which are created during installation) or by using the stsadm.exe command-line interface. Remote administration requires using the Central Administration HTML pages.

Note

When the Central Administration virtual server and site is created, it is assigned a random port number between 1023 and 32767. To access the Central Administration site remotely, you must know this port number. You can use the stsadm.exe command line utility to view or change the administration port number.

HTML Administration Pages

Windows SharePoint Services includes HTML Administration pages to help manage your Web sites and servers. You can use these forms on the local computer or from a remote computer connected to either the Internet or intranet. You must have the proper administrator rights to use HTML Administration pages.

For Windows SharePoint Services, there are two types of administration pages:

  • Central Administration pages

  • Site Administration and Site Settings pages

Central Administration Pages

The Central Administration pages allow you to manage settings for your server farm, Web server, and virtual servers. These pages are created during Windows SharePoint Services setup. By default, a newly created virtual server inherits settings from defaults set on the Central Administration pages. You can change these default settings and specify what settings to use for each extended virtual server. You must be either a member of the local administrators group for the server computer or a member of the SharePoint administrators group to be able to use the Central Administration pages. For more information about the SharePoint administrators group, see Managing the Windows SharePoint Services 2.0 Administration Group.

Accessing SharePoint Central Administration Locally

To access to the Central Administration pages on the local computer, click Start point to Administrative Tools, and then click SharePoint Central Administration.

Accessing SharePoint Central Administration remotely

From the browser on a remote computer, type the Uniform Resource Locator (URL) and port number, where server_name is the name of your front-end Web server and port is the port number of your central administration site. For example, https://server_name:port.

Note

If you will be managing Windows SharePoint Services remotely over the Internet you should consider using SSL encryption.

Site Administration and Site Settings Pages

In addition to the Central Administration pages, which control settings for each server and virtual server, there are administration pages that control settings for each Web site. You can perform some administrative actions from the Site Settings page, and you can link from there to the Site Administration page. You must have administrator rights to the Web site to perform administrative actions on the Site Settings and Site Administration pages.

From the Site Settings and Site Administration pages, you can perform tasks such as:

Note that if you are managing a subsite, the administration tasks available on the Site Administration page for the subsite are a subset of those available for top-level Web site.

The Site Settings and Site Administration pages are stored in the _layouts directory of the Web site. You can navigate to the Site Settings pages by using any of the following methods:

  • In your Web site, to get to Site Settings, click Site Settings. To get to Site Administration, on the Site Settings page, click Go to Site Administration.

  • In Microsoft Office FrontPage 2003, on the Tools menu, click Server, and then click Administration Home to get to Site Settings.

  • In Microsoft Internet Explorer, type the URL to the pages. The path to the Site Settings page looks like this: https://websiteurl/_layouts/ lcid /settings.aspx, where lcid refers to the locale ID (LCID). For example, for U.S. English, the lcid is 1033. The path to the Site Administration page in U.S. English looks like this: https://websiteurl/_layouts/1033/webadmin.aspx.

Command-Line Administration

Windows SharePoint Services includes Stsadm.exe for command-line administration of Windows SharePoint Services servers and sites. For 32-bit versions of Windows Server 2003, the stsadm.exe utility is located at the following path: %drive%\program files\common files\microsoft shared\web server extensions\60\bin. For x64-based versions of Windows Server 2003, the stsadm.exe utility is located at the following path: %drive%\program files (x86)\common files\microsoft shared\web server extensions\60\bin. You must be an administrator on the local computer to use the Stsadm.exe tool. (The remote command-line tool for SharePoint Team Services from Microsoft, Owsrmadm.exe, is not available.)

The Stsadm.exe tool provides a method for performing the Windows SharePoint Services administration tasks at the command line or using batch files or scripts. The stsadm.exe provides access to operations not available using the HTML administration pages, such as changing the administration port. The command-line tool has a more streamlined interface than HTML Administration pages, and allows you to perform the same tasks. There are certain operations and certain parameters which are only available using the stsadm.exe command line utility.

Operations available only from the command line:

addalternatedomain

Enumalternatedomains

getadminport

Addwppack

Enumroles

getproperty

Addzoneurl

Enumsites

migrateuser

createsiteinnewdb

Enumsubwebs

recalculatestorageused

deletealternatedomain

Enumtemplates

setadminport

Deletewppack

Enumusers

setproperty

Deletezoneurl

Enumwppacks

Enumzoneurls

Parameters available only from the command line:

-force

-overwrite

-ssl

-globalinstall

-propertyname

-hh

-propertyvalue

-newname

-servicename

Note

For a complete list of the operations you can perform by using the command-line tool, see Command-Line Operations (Windows SharePoint Services 2.0).

The Command-Line Tool Is Not Interactive

Stsadm.exe is not an interactive tool. With Stsadm.exe, you type the operation and parameters all at once. You will not be prompted to fill in missing parameters while the operation is running. If a required parameter is missing, the operation fails, and you must type the operation and parameters again.

This behavior allows better flexibility for batching commands, since the tools do not prompt you for information after you have submitted a command. If you want a more interactive tool, try using the administrative object model or HTML Administration pages.

Using the Command-Line Tool

The command-line tool provides access to the complete set of Windows SharePoint Services operations. You can use the stsadm.exe command-line utility from the command line or with batch files or scripts. Stsadm.exe must be run on the server computer itself.

To use the Stsadm.exe tool, you must be a member of the local Administrators group on the server computer. When you invoke Stsadm.exe, you supply an operation and a set of command-line parameters in the form:

-operation OperationName -parameter value

Note

If a value you need to use with the command line tool includes a space or a character that is treated as special by the command-line interface, such as an ampersand (&), you can enclose the string in quotation marks ("). For example, if the URL to a site is https://my site, you can enter the URL as "https://my site".

Most parameters for the command line also have a short form that you can use instead of the full parameter name. For example, the following command sets the configuration database to use Server1_collab on Server1 and specifies the database user name and password to connect with:

stsadm.exe -o setconfigdb -connect -ds Server1 -dn Server1_collab
-du User1 -dp password

The following table explains the command and parameters from this example. For detailed information about each command-line operation and related parameters, see Command-Line Operations (Windows SharePoint Services 2.0) and Command-Line Parameters (Windows SharePoint Services 2.0).

Command or parameter Definition

-o setconfigdb

Creates a connection between Windows SharePoint Services and a configuration database.

-connect

Specifies that there is an existing configuration database to use.

-ds Server1

Specifies the server name that contains the database to use.

-dn Server1_collab

Specifies the database name to use on that server.

-du User1

Specifies an administrator user name for the database.

-dp password

Specifies the password for the user.

Managing Windows SharePoint Services Remotely

When you install Windows SharePoint Services, the Central Administration pages are installed to an administration port. You use these pages on the administration port to manage your server remotely. You can open Central Administration pages from any client computer, provided you know the administration port number and log on by using an account that is a member of the Administrators group on the server. You can use the Site Administration pages by using an account that is a member of a site group with the Manage Web Site right for that site.

To help secure HTML Administration pages for Windows SharePoint Services, be sure to follow the security precautions discussed in this topic.

About Remote Administration and Security

When you manage a server remotely, a wider community of users is given greater access from the Internet to that Web server, which creates a security risk. In an unsecured server, an unauthorized person could gain access to Web sites based upon Windows SharePoint Services on your server and modify Web site settings — even delete Web sites. To help prevent such tampering during remote administration and authoring, the following precautions are recommended:

  • Require the use of a non-standard HTTP port for accessing the Central Administration pages. This precaution makes it much more difficult for malicious users to guess the URL of HTML Administration pages or the remote administration programs. When you install Windows SharePoint Services on the Microsoft Windows platform, a random non-standard administration port is automatically used for the SharePoint Central Administration pages.

    Note

    You can use Stsadm.exe to retrieve or change this administration port number. Do not use Internet Information Services to change the administration port, because that can break the shortcut to SharePoint Central Administration pages from the Start menu.

  • Use IP address mask restrictions to prevent unauthorized computers from gaining access to the administration port. If you are exposing the administration virtual server externally to allow remote administration, use secure connections, and require users to have strong passwords that are frequently updated. Typically, any IP addresses that are not part of the corporate or data center domain are denied access. For more information, see the Internet Information Services (IIS) 6.0 Help system.

  • Configure the administration virtual server to require secure connections In IIS, configure the administration virtual server to use a Secure Socket Layer (SSL). For more information, see Configuring Authentication (Windows SharePoint Services 2.0).

Using HTML Administration Pages Remotely

When you install Windows SharePoint Services, the Central Administration pages are installed to an administration port. You use these pages on the administration port to manage your server remotely. You can open Central Administration pages from any client computer, provided you log on by using an account that has administrator access rights to the server. You can open the Site Administration pages by using an account that has administrator rights to the Web site.

If you have chosen to use Secure Sockets Layer (SSL) on your administration port, you must use the HTTPS protocol to navigate to the pages. For more information about configuring SSL, see Configuring Authentication (Windows SharePoint Services 2.0).

Connect to the administration port by using the HTTPS protocol

  • In the Address box of your browser, use the HTTPS protocol and type the Web address to your server's administration pages, including the server port number. For example, https://sample.microsoft.com:1439.

After you connect to the remote HTML Administration pages, you can perform any of the administration tasks as if you were connected locally.

Changing the Administration Port

You can change the administration port for your server to a port that is easy to remember or that is a standard installation port number for your organization. To change the administration port, use the setadminport operation. The setadminport operation takes the port parameter (specifying the new port number).

Changing the administration port can only be done from the command line. You must use the Stsadm.exe tool on the server computer itself to change the administration port. To change the administration port, use the following syntax:

Stsadm.exe –o –setadminport –port <port>

Note

If you are using SSL for your administration port, be sure to use the -ssl parameter with the preceding command-line syntax to ensure that the links in HTML Administration work properly. For more information, see Configuring Authentication (Windows SharePoint Services 2.0).

Setting Configuration Properties

You can configure several features of Windows SharePoint Services by setting the values of configuration properties. For example, you can set a property to:

  • Specify whether a secondary contact name is needed when creating sites with Self-Service Site Creation.

  • Specify SMTP server settings.

  • Specify whether alerts are enabled for a virtual server.

Many properties are included as options in HTML Administration pages for your server or virtual server. Properties can also be set from the command line or by using the object model. For a complete list of the properties you can set from the command line, see Command-Line Properties (Windows SharePoint Services 2.0).

Most properties have a default value that is used at site creation time if no other value is specified. These default values are not enforced in any way, and can be overwritten by changing the value in the HTML Administration pages or on the command line. Default values are a starting point, they are not enforced or secured.

Using the Command Line to Set Properties

You can set configuration property by using the command-line tool Stsadm.exe and the following operations: GetProperty and SetProperty. With these operations, you can query for or set property values directly from the command line. Because the properties are available through the command-line tools, you can set configuration properties and perform other operations by using a batch file.

When you get or set a property, you must specify the level of the Web server to which the property applies: server or virtual server. You specify the level you want for the property in the syntax of the command. The following table lists the parameters to use to specify the level of a property.

Parameter Scope

<none>

Gets or sets the property per server. The property applies to all virtual servers, sites, and subsites on the server computer.

-url

Gets or sets the property by virtual server. The property applies to sites and subsites on a single virtual server.

Setting a Property

When you set a property, you must specify the property as a string, although some properties are interpreted numerically. You must also specify the propertyname ( -pn ) parameter and the propertyvalue ( -pv ) parameter when you set a property. In the following example, the alerts-enabled property is set for the virtual server at https://servername:

Stsadm.exe –o setproperty –pn alerts-enabled –pv true -url https://servername

The alerts-enabled property specifies whether alerts are turned on or off for a virtual server.

Querying for a Property

You can retrieve the current state of a property by using the GetProperty operation. You specify the propertyname, and the propertyvalue is returned. For example, to see what the alerts-enabled property is currently set to for the virtual server at https://servername, you type:

Stsadm.exe –o getproperty –pn alerts-enabled -url https://servername

Properties and HTML Administration

Most properties that can be set from the command line are also available as options in HTML Administration pages. For example, the alerts-enabled property can be set by turning alerts on or off on the Virtual Server General Settings page. If you are mainly using HTML Administration pages to perform your administration tasks, most properties are set for you when you select options on those pages.

See Also

Concepts

Command-Line Operations (Windows SharePoint Services 2.0)
Command-Line Properties (Windows SharePoint Services 2.0)
Command-Line Parameters (Windows SharePoint Services 2.0)