About WebDAV

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

Web Distributed Authoring and Versioning (WebDAV) extends the HTTP/1.1 protocol to allow clients to publish, lock, and manage resources on the Web.

Integrated into IIS, WebDAV allows clients to do the following:

  • Manipulate resources in a WebDAV publishing directory on your server. For example, users who have been assigned the correct rights can copy and move files around in a WebDAV directory.

  • Modify properties associated with certain resources. For example, a user can write to and retrieve a file's property information.

  • Lock and unlock resources so that multiple users can read a file concurrently. However, only one person can modify the file at a time.

  • Search the content and properties of files in a WebDAV directory.

Setting up a WebDAV publishing directory on your server is as straightforward as setting up a virtual directory through IIS Manager. After you have set up your publishing directory, users who have been assigned the correct rights can publish documents to the server and manipulate files in the directory. Before you can set up a WebDAV directory, you must install Windows XP Professional or a member of the Windows Server 2003 family.

Important

To help minimize the attack surface of the server, IIS 6.0 is not installed on Windows Server 2003 by default. When you first install IIS 6.0, it is locked down -- which means that only request handling for static Web pages is enabled, and only the World Wide Web Publishing Service (WWW service) is installed. None of the features that sit on top of IIS are turned on, including ASP, ASP.NET, CGI scripting, FrontPage® 2002 Server Extensions from Microsoft, and WebDAV publishing. If you do not enable these features, IIS returns a 404 error. You can enable these features through the Web Service Extensions node in IIS Manager. For more information about how to troubleshoot 404 errors and other issues, see Troubleshooting in IIS 6.0.

WebDAV Clients

You can access and publish to a WebDAV directory through one of the following Microsoft products or through any other client that supports the industry standard WebDAV protocol. For the specific procedure on how to access and publish through these Microsoft products, consult the specific product's Help.

  • Windows clients (Windows 2000 and Windows XP): Connect to a WebDAV directory by adding the directory to the list of Network Places and display the contents as if it were part of the same file system on your local computer. Once connected, you can drag and drop files, retrieve and modify file properties, and complete many other file-system tasks. You can also connect using the command-line client (known as WebDAV Redirector). This client allows you to use existing applications across the Web and share files through firewalls and proxy servers.

  • Internet Explorer (versions 5.0 and 6.0): Connect to a WebDAV directory by opening the target directory as a Web folder and complete the same file-system tasks as Windows clients.

  • Microsoft Office products (Office 2000 and Office XP): Create, publish, edit, and save documents directly into a WebDAV directory through any application in Office 2000 or Office XP.

Note

Even if users connect from behind a firewall, they can still publish on a WebDAV directory if they have the correct permissions and if the firewall is configured to allow publishing.

When enabling WebDAV publishing on your intranet, ensure that all WebDAV clients are running the WebClient service.

Procedures

To check the status, or to enable the WebClient service on a WebDAV client machine

  1. From the Start menu, point to Administrative Tools, and click Computer Management.

  2. In the details pane, double-click Services and Applications.

  3. Double-click Services.

  4. Scroll down, right-click WebClient, and click Properties.

  5. In the Startup type list box, click Automatic.

  6. Click Apply.

  7. In the Service status section, click Start.

  8. Click OK.

Searching in WebDAV

Once connected to a WebDAV directory, you can quickly search the files on that directory for content as well as properties. For example, you can search for all files that contain the word table or for all files written by Fred.

Integrated Security

WebDAV is integrated with the Windows Server 2003 family and IIS, which means WebDAV takes advantage of the security features offered by the platform and the Web server, including permissions control and discretionary access control lists (DACLs) in the NTFS file system. For information about IIS security, see Security in IIS 6.0.

Clients with proper user rights can write to a WebDAV directory, so it is vital that you control who accesses your directory. IIS has reinforced Integrated Windows Authentication by building in support for the Kerberos V5 security protocol. (Note that Integrated Windows authentication and Kerberos V5 are not the same thing. Integrated Windows authentication now supports Kerberos V5.) By selecting Integrated Windows authentication, you can make sure that only clients with the correct user rights can access and write to the WebDAV directory on your intranet. For information about how the Kerberos V5 protocol works, see "Kerberos V5 protocol" in Windows Server 2003 family Help.

In addition, IIS supports Digest authentication and Advanced Digest authentication. Created for Windows domain servers, Digest and Advanced Digest authentication offer tighter security for passwords and for transmitting information across the Internet. For information about Digest authentication, see Digest Authentication in IIS 6.0. For information about Advanced Digest authentication, see Advanced Digest Authentication in IIS 6.0.

  • For more information about file and directory security, see "Encrypting File System" in Help and Support Center for Windows 2003. EFS is a new feature in Windows Server 2003 family.