Managing Users

Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

Every Web site has users, and part of your job as administrator is to make sure the users of a Web site have the appropriate permissions to the site. To get permissions to the site, users must be added to the site and assigned to a role.

You can add users to your site by using either the command-line tools or HTML Administration pages for your Web site. On the Microsoft® Windows® platform, when you add a user to your site, you can either add the user with his domain account, or you can automatically create machine accounts for each user. On the UNIX platform, the Web site account is automatically created.

When you create accounts for users, you assign passwords to each user. When the user logs onto the site, he can change his password. If he loses or forgets his password, he cannot look it up. However, you can reset his password by using HTML Administration pages or the command line.

Using the command line to manage users

You can assign users to a role from the command line by using the roleusers or userroles operations. The roleusers operation allows you to add or delete multiple users for a given role. The userroles operation allows you to assign a user to one or more roles. These operations both take the command (-c) parameter with the following values: set, add, del, and delall.

With roleusers, you can assign multiple users to a role at one time. For example, to add User1, User2, and User3 to the Author role, you would type:

owsadm.exe -o roleusers c add u  user1,user2,user3 
web /subweb -name Author

Cc768001.rule(en-us,TechNet.10).gif

Note   When adding multiple users, the user names are separated by commas and no spaces: user1,user2,user3.

Cc768001.rule(en-us,TechNet.10).gif

With userroles, you can assign multiple roles to a single user. For example, if you want to assign a user to a standard role, and also to a custom role you created to perform a specific action, you can do so by using the userroles command. To assign the Contributor role ("collab" on the command line) and a custom role named Interns to User1, you would type:

owsadm.exe -o userroles c add u user1 web /subweb
-name Collab,Interns

Cc768001.rule(en-us,TechNet.10).gif

Note   When adding multiple roles, the role names are separated by commas and no spaces: role1,role2,role3.

Cc768001.rule(en-us,TechNet.10).gif

You can use either operation to delete a user from a role. For example, to delete User1 from the Author role, you would type either of the following commands:

owsadm.exe -o roleusers c del u user1 web /subweb -name Author 
owsadm.exe -o userroles c del u user1 web /subweb -name Author 

To delete all users from a role, you use the roleusers command. For example, to delete all users from the Author role, you would type:

owsadm.exe -o roleusers c delall web /subweb -name Author 

To remove a user from all roles he or she is assigned to, you use the userroles command. For example, to remove all roles for User1, you would type:

owsadm.exe -o userroles c delall u user1 web /subweb

Using HTML Administration pages to manage users

You can manage users from the Site Administration page for your Web site. To manage users, you follow the Manage Users link on the Site Administration page to the Manage Users page. By using this page, you can view a list of users, check which role a user is assigned to, add new users, delete users, or assign users to roles.

Cc768001.rule(en-us,TechNet.10).gif

Note   If you do not see the Manage Users option, you are probably in a subweb that uses the user accounts and roles settings of a higher-level Web site of the server or virtual server. To work with accounts and roles, either go to the top-level Web site, or set up unique permissions for this subweb.

Cc768001.rule(en-us,TechNet.10).gif

To view the Site Administration page

  • If you are a server administrator, on the server computer click Start, point to Programs, point to Administrative Tools, and then click Microsoft SharePoint Administrator, and then on the Server Administration page, click the name of the site you want to manage.

  • If you are a site administrator, on your Web site, click Site Settings, and then under Web Administration, click Go to Site Administration.

If you want to view which roles a user is assigned to, you use the Manage Users page.

To view which roles are assigned to a user

  • On the Site Administration page for your web, under Users and Roles, click Manage Users.

    The users of the Web site and the roles they are assigned to are displayed on the Manage Users page.

If you want to change which role a user is assigned to, you can click the user name, and then select a new role.

To change which role a user is assigned to

  1. On the Manage Users page, click the user name you want to change.

  2. In the User Role area, select the roles you want the user to be assigned to.

  3. Click Submit.

You can add new users to your site from the Manage Users page.

To add a new user

  1. On the Manage Users page, click Add a user.

  2. On the Add a User page, in the User area, fill in the information about the user.

    If you are adding a new user, select Add a new user with the following information, and then fill in the user name and password, and then confirm the password.

    If you are adding an existing account, select Add a user or group name (For example, DOMAIN\name), and then fill in the user name. Note that this option is only available on the Windows platform. This option is used to either add an existing user with a domain account to a Web site or subweb, or to add an existing user with a local machine account to a subweb.

  3. In the User Role area, select the roles you want the user to be assigned to.

  4. Click Add User.

You can also delete users from all roles from the Manage Users page. Note that this does not delete the user account, but does remove all rights to the Web site.

To delete a user from all roles

  1. On the Manage Users page, select the check box next to the user you want to delete.

  2. Click Delete selected user(s) from all roles.

Cc768001.rule(en-us,TechNet.10).gif

Note   If your site has user account limits, and you want to delete the user account rather than just remove the user from all roles, you can use the Manage Virtual Server Accounts page in the Site Administration pages for the virtual server. For more information, see Limiting User Accounts.

Cc768001.rule(en-us,TechNet.10).gif

Creating local machine accounts for users on the Windows platform

In addition to adding users to a Web site and controlling which roles they are assigned, you can also use the command line and HTML Administration pages to create local machine accounts for users. So, for example, if you want to add a new user to your Web who does not have an account on your network domain, you can do so by using the users command or the Add a User page. On the UNIX platform, local machine accounts (.htaccess users) are the only type of accounts possible. It is only on the Windows platform that you must choose which type of account to create.

Cc768001.rule(en-us,TechNet.10).gif

Important   Note that creating local machine accounts is the default method for creating accounts on the Windows platform. If you don't want to use local machine accounts, you can turn off local machine accounts by setting the NoMachineGroups property to 1. You must set this property before you extend any virtual servers with Microsoft's SharePoint™ Team Services or Microsoft FrontPage 2002 Server Extensions. For more information about setting properties, see Setting Configuration Properties.

Cc768001.rule(en-us,TechNet.10).gif

If you are using local machine accounts exclusively on the Windows platform, you can set a property to bypass checks for domain accounts whenever you create a new user or invite a member to your site. To specify that you are using local accounts, rather than domain accounts, set the LocalNTAccountsOnly property to 1. Note that when you set LocalNTAccountsOnly to 1, you cannot use domain accounts at all, even if a particular domain account is valid. Use the following syntax to set LocalNTAccountsOnly for a server:

owsadm.exe o setproperty pn LocalNTAccountsOnly pv 1 

Using the command line to create a local machine account

You use the users operation to create a local machine account for a user. The users operation allows you to add the account and set the password for the user. It does not allow you to assign the user to a role. The users operation takes the following parameters: command (add, del, or changepassword), web, username, and port (optional). For example, to add a user account called "localuser" to the virtual server at port 80, you would use the following syntax:

owsadm.exe -o users c add u localuser port 80

Cc768001.rule(en-us,TechNet.10).gif

Note   You can also assign a password when you create a new user account. To do so, use the password parameter with the user operation.

Cc768001.rule(en-us,TechNet.10).gif

After the account has been created, you can then assign the user to a role on your site (either a Web site or subweb). To add the user to your site and assign a role to him or her, you use the userroles operation. The userroles operation adds, deletes, or deletes all roles for a user. The operation takes the following parameters: command (set, add, del, or delall), username, web, name (name of role), and port (optional). For example, to assign the "localuser" account to the Contributor role on a subweb named UserWeb, you would use the following syntax:

owsadm.exe -o userroles c add u localuser web /userweb 
name collab 

If you want to add multiple users to the same role, you can use the roleusers operation. The roleusers operation adds, deletes, or deletes users to a particular role. The operation takes the following parameters: command (set, add, del, or delall), username (single user name or a comma-delimited list of user names), web, name (name of role), and port (optional). For example, to assign the several local users to the Contributor role on a subweb named UserWeb, you would use the following syntax:

owsadm.exe o roleusers c add u localuser1,localuser2,localuser3 
web /userweb name collab

Using HTML Administration pages to create a local machine account

You can add users with local machine accounts from the Site Administration page for your virtual server or subweb. To add a user, you follow the Manage Users link on the Site Administration page to the Manage Users page.

To view the virtual server Site Administration page
  • If you are a server administrator, on the server computer click Start, point to Programs, point to Administrative Tools, click Microsoft SharePoint Administrator, and then on the Server Administration page, click the name of the site you want to manage.

  • If you are a site administrator, on your Web site, click Site Settings, and then under Web Administration, click Go to Site Administration.

To create a local machine account
  1. On the Manage Users page, click Add a user.

  2. On the Add a User page, in the User area, select Add a new user with the following information.

    Note that the Add user or group name (for example, DOMAIN\name) option is used to either add an existing user with a domain account to a Web site or subweb, or to add an existing user with a local machine account to a subweb.

  3. In the User name box, type the user name.

  4. In the Password box, type the password, and then type it again in the Confirm password box.

  5. In the User Role area, select the roles you want the user to be assigned to.

  6. Click Add User.

Resetting user passwords

If a user forgets his or her password, you can reset the password by using HTML Administration pages or the command line. You must have Administrator rights to the server computer to reset a user password.

To reset a user's password on the command line, you use the users operation with the changepassword command. For example, to reset the password for User1 on port 80, you would type:

owsadm.exe o users c changepassword newpassword u User1 p 80

To reset a password by using HTML Administration pages, you use the Server Administration pages.

To reset a user password by using HTML Administration pages

  1. On your server computer, click Start, point to Programs, point to Administrative Tools, and then click Microsoft SharePoint Administrator.

  2. Click Reset user password.

  3. In the Virtual server box, select the virtual server that the user belongs to.

  4. In the Web name box, type the name of the Web site that the user is a member of.

  5. In the User name box, type the user's account name.

  6. In the New password box, type a new password for the user.

  7. In the Confirm new password box, type the new password again.

  8. Click Submit.

For information about creating, editing, or deleting roles, see Managing Roles.

For more information about permissions, see Managing Web Site Permissions.

On the Windows platform, you can set quotas and determine how many new user accounts can be created for each virtual server. For more information about setting quotas, see Limiting User Accounts.

For more information about user roles and security, see Windows Security Model and FrontPage 2002 Server Extensions Security Under UNIX.