If you are an IT Pro or a developer, you’ll find Sysinternals utilities to help you manage, troubleshoot and diagnose your Windows systems and applications.
File and Disk Utilities, Security Utilities, Networking Utilities and others.
Go to -> http://technet.microsoft.com/es-mx/sysinternals/default(en-us).aspx
Monday, April 21, 2008
Setting up a SFTP Server on Windows
I recently had to create an SFTP server on our work development system, and after doing a fair bit of Googling on the topic found a good solution. The solution is a combination of research done at differnt sites. It is this solution that I am sharing in hopes that it will help someone else.
This tutorial will help you turn your Windows based system into a SecureFTP server.
Background
Secure Shell (SSH) is a program that lets you log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels. When using ssh, the entire login session, including transmission of password, is encrypted and therefore is very secure.
You may have noticed that many webhosts allow ssh access. This means that you can login to their webserver and execute many UNIX commands (the ones they allow you access to) on your account. Not only can you connect to other computers that provide SSH access, but you can also allow others to connect to your computer using SSH.
To take this one step further, you can also turn your Windows PC into a Secure FTP (SFTP) server. SFTP is a program that uses SSH to transfer files. Unlike standard FTP, it encrypts both commands and data, preventing passwords and sensitive information from being transmitted in clear text over the Internet. It is similar to FTP, but because it uses a different protocol, you must use a FTP client that supports SFTP (more about that later).
Installing SSH on Windows
Most UNIX based systems (Linux and OSX) come with SSH preinstalled, so connecting to a remote host is very easy. However, if you run a Windows system, you need to download some additional software to make the SSH programs available to you. Fortunately a free open-source project called SSHWindows, provides a nice Windows installer that will setup the SSH client and Server on your system.
Your first step will be to download the Binary Installer Release from SSHWindows. Once downloaded, run the installer and be sure to install both the client and server components.
Configure the SSH Server
In this next step, I have summarized the information that is included with the readme.txt that is included with SSHWindows (it can be found in c:\program files\openssh\docs)
Your first configuration step is to set up the passwd file. You will need to set up the passwd file before any logins can take place.
Passwd creation is relatively easy and can be done using two programs that are included with SSHWindows – mkgroup and mkpasswd. Both of these programs are located in the c:\program files\openssh\bin directory.
To begin creating the group and passwd files, open a command prompt window and navigate to the c:\program files\openssh directory.
You must first create a group file. To add all local groups on your computer to the group file, type the command as shown below:
mkgroup -l >> ..\etc\group
You will now need to create a passwd file. Any users in the passwd file will be able to log on with SSH. For this reason, it is recommended that you add users individually with the -u switch. To add a user to the passwd file type the command shown below:
mkpasswd -l -u username >> ..\etc\passwd
NOTE: the username specified above must be an existing windows login account.
Creating Home Directories for you Users
In the passwd file, you will notice that the user’s home directory is set as /home/username, with username being the name of the account. In the default install, the /home directory is set to the default profile directory for all users. This is usually c:\documents and settings.
If you want to change this location you will need to edit the passwd file. The passwd file is in plain text and can be edited in Notepad or any text editor. The last two entries for each user are safe to edit by hand. The second to last entry (/home/username) can be replaced with any other directory to act as that user’s home directory. It’s worth noting that when you run SSH on windows, you are actually running SSH in a scaled down version of cygwin, which is a Unix emulator for Windows. So, if you will be placing the user somewhere outside the default directory for their Windows profile, you will need to use the cygdrive notation.
To access any folder on any drive letter, add /cygdrive/DRIVELETTER/ at the beginning of the folder path. As an example, to access the winnt\system32 directory on the *c:* drive you would use the path:
*/cygdrive/c/winnt/system32*
Connecting to your SFTP Server
To connect to your new SFTP server, you will need to download an FTP client that supports SFTP. I use Filezilla which is a nice free FTP and SFTP client. You might also try WinSCP which is another free SFTP client.
To test if your server is running, create a new connection in your client and specify SFTP as the server type, 22 as the port, and localhost or 127.0.0.1 as the server name. You will also need to provide the user account and password for any account that you added to your passwd file. Now connect to the server. If all went well, you should see a directory listing where you pointed the home folder to. If not, there are a couple of things to check. Make sure your Windows firewall is set to allow traffic over port 22 and finally double check your passwd file to make sure that the account you added is actually there.
Security
Because SSH allows access to only Windows user accounts, you can restrict access based upon NTFS file permissions. As such, SFTP does not provide for chroot jails (a Unix method for locking a user to his/her home directory). Simply lock down your filesystem for that user, and SFTP will respect that.
Summary
In the end, setting up an SFTP server turned out to be a very effortless task. With a couple of open source programs and a couple of command-line commands, you can up and running in no time at all!
Help:
http://pigtail.net/LRP/printsrv/cygwin-sshd.html
This tutorial will help you turn your Windows based system into a SecureFTP server.
Background
Secure Shell (SSH) is a program that lets you log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels. When using ssh, the entire login session, including transmission of password, is encrypted and therefore is very secure.
You may have noticed that many webhosts allow ssh access. This means that you can login to their webserver and execute many UNIX commands (the ones they allow you access to) on your account. Not only can you connect to other computers that provide SSH access, but you can also allow others to connect to your computer using SSH.
To take this one step further, you can also turn your Windows PC into a Secure FTP (SFTP) server. SFTP is a program that uses SSH to transfer files. Unlike standard FTP, it encrypts both commands and data, preventing passwords and sensitive information from being transmitted in clear text over the Internet. It is similar to FTP, but because it uses a different protocol, you must use a FTP client that supports SFTP (more about that later).
Installing SSH on Windows
Most UNIX based systems (Linux and OSX) come with SSH preinstalled, so connecting to a remote host is very easy. However, if you run a Windows system, you need to download some additional software to make the SSH programs available to you. Fortunately a free open-source project called SSHWindows, provides a nice Windows installer that will setup the SSH client and Server on your system.
Your first step will be to download the Binary Installer Release from SSHWindows. Once downloaded, run the installer and be sure to install both the client and server components.
Configure the SSH Server
In this next step, I have summarized the information that is included with the readme.txt that is included with SSHWindows (it can be found in c:\program files\openssh\docs)
Your first configuration step is to set up the passwd file. You will need to set up the passwd file before any logins can take place.
Passwd creation is relatively easy and can be done using two programs that are included with SSHWindows – mkgroup and mkpasswd. Both of these programs are located in the c:\program files\openssh\bin directory.
To begin creating the group and passwd files, open a command prompt window and navigate to the c:\program files\openssh directory.
You must first create a group file. To add all local groups on your computer to the group file, type the command as shown below:
mkgroup -l >> ..\etc\group
You will now need to create a passwd file. Any users in the passwd file will be able to log on with SSH. For this reason, it is recommended that you add users individually with the -u switch. To add a user to the passwd file type the command shown below:
mkpasswd -l -u username >> ..\etc\passwd
NOTE: the username specified above must be an existing windows login account.
Creating Home Directories for you Users
In the passwd file, you will notice that the user’s home directory is set as /home/username, with username being the name of the account. In the default install, the /home directory is set to the default profile directory for all users. This is usually c:\documents and settings.
If you want to change this location you will need to edit the passwd file. The passwd file is in plain text and can be edited in Notepad or any text editor. The last two entries for each user are safe to edit by hand. The second to last entry (/home/username) can be replaced with any other directory to act as that user’s home directory. It’s worth noting that when you run SSH on windows, you are actually running SSH in a scaled down version of cygwin, which is a Unix emulator for Windows. So, if you will be placing the user somewhere outside the default directory for their Windows profile, you will need to use the cygdrive notation.
To access any folder on any drive letter, add /cygdrive/DRIVELETTER/ at the beginning of the folder path. As an example, to access the winnt\system32 directory on the *c:* drive you would use the path:
*/cygdrive/c/winnt/system32*
Connecting to your SFTP Server
To connect to your new SFTP server, you will need to download an FTP client that supports SFTP. I use Filezilla which is a nice free FTP and SFTP client. You might also try WinSCP which is another free SFTP client.
To test if your server is running, create a new connection in your client and specify SFTP as the server type, 22 as the port, and localhost or 127.0.0.1 as the server name. You will also need to provide the user account and password for any account that you added to your passwd file. Now connect to the server. If all went well, you should see a directory listing where you pointed the home folder to. If not, there are a couple of things to check. Make sure your Windows firewall is set to allow traffic over port 22 and finally double check your passwd file to make sure that the account you added is actually there.
Security
Because SSH allows access to only Windows user accounts, you can restrict access based upon NTFS file permissions. As such, SFTP does not provide for chroot jails (a Unix method for locking a user to his/her home directory). Simply lock down your filesystem for that user, and SFTP will respect that.
Summary
In the end, setting up an SFTP server turned out to be a very effortless task. With a couple of open source programs and a couple of command-line commands, you can up and running in no time at all!
Help:
http://pigtail.net/LRP/printsrv/cygwin-sshd.html
How to change the listening port for Remote Desktop
This article describes how to change the port that Remote Desktop listens on.
Note: The Remote Desktop Connection Client for the Mac supports only port 3389. 3389 is the default port.
Warning!!! If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Use Registry Editor at your own risk.
1. Start Registry Editor.
2. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber
3. On the Edit menu, click Modify, and then click Decimal.
4. Type the new port number, and then click OK.
5. Quit Registry Editor.
Note: When you try to connect to this computer by using the Remote Desktop connection, you must type the new port.
You can open Remote Desktop Client using mstsc.exe on Run field.
Example: 192.168.1.1:3303
Note: The Remote Desktop Connection Client for the Mac supports only port 3389. 3389 is the default port.
Warning!!! If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Use Registry Editor at your own risk.
1. Start Registry Editor.
2. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber
3. On the Edit menu, click Modify, and then click Decimal.
4. Type the new port number, and then click OK.
5. Quit Registry Editor.
Note: When you try to connect to this computer by using the Remote Desktop connection, you must type the new port.
You can open Remote Desktop Client using mstsc.exe on Run field.
Example: 192.168.1.1:3303
Create a custom list form for a SharePoint list
SharePoint has always been good for basic business forms. A custom SharePoint list can be configured to collect any type of data and SharePoint automatically generates the forms for adding new items, editing items and viewing items. In SharePoint 2007, the workflow capabilities make SharePoint lists an even more attractive foundation for basic business forms.
In order to manage the data you collect from the form submitters, you will often have a few extra columns (e.g. status, notes, etc.) that you don't want the user to fill in when submitting the form. Using SharePoint Designer you can create a customised version of the form for adding new items that does not have your extra management columns on it.
1. Open your site in SharePoint Designer.
2. Browse to your list and open the 'NewForm.aspx' web form.
3. Go File > Save As... and give the form a new name such as 'NewForm2.aspx'.
4. Delete the default List Form Web Part from the page.
5 .Go Insert > SharePoint Controls > Custom List Form.
6. In the List or Document Library Form dialog, select the appropriate list, content type and type of form.
7. Click OK and a new Data Form Web Part is added with controls representing all the fields from the list (in my environment all the controls show "Error Rendering Control" but this does not affect the final result).
8. In the newly added Data Form Web Part, delete the rows containing fields not to be shown to the user (ensure that fields being removed are not required fields without default values as this would prevent the user from submitting the form).
9. At this point, you can do other customisation such as rearranging the fields if you wish.
10. Save the site.
To give users access to your new form, publish a link to the NewForm2.aspx page:
1. Open the site in SharePoint Designer.
2. Right click the list in the Folder List and select Properties.
3. Go to the Supporting Files tab.
4. Use the Browse button to enter the path to your new Edit item form.
In order to manage the data you collect from the form submitters, you will often have a few extra columns (e.g. status, notes, etc.) that you don't want the user to fill in when submitting the form. Using SharePoint Designer you can create a customised version of the form for adding new items that does not have your extra management columns on it.
1. Open your site in SharePoint Designer.
2. Browse to your list and open the 'NewForm.aspx' web form.
3. Go File > Save As... and give the form a new name such as 'NewForm2.aspx'.
4. Delete the default List Form Web Part from the page.
5 .Go Insert > SharePoint Controls > Custom List Form.
6. In the List or Document Library Form dialog, select the appropriate list, content type and type of form.
7. Click OK and a new Data Form Web Part is added with controls representing all the fields from the list (in my environment all the controls show "Error Rendering Control" but this does not affect the final result).
8. In the newly added Data Form Web Part, delete the rows containing fields not to be shown to the user (ensure that fields being removed are not required fields without default values as this would prevent the user from submitting the form).
9. At this point, you can do other customisation such as rearranging the fields if you wish.
10. Save the site.
To give users access to your new form, publish a link to the NewForm2.aspx page:
1. Open the site in SharePoint Designer.
2. Right click the list in the Folder List and select Properties.
3. Go to the Supporting Files tab.
4. Use the Browse button to enter the path to your new Edit item form.
How to reset the caroot password ARCserve
1. Open a command prompt on the server where you want to change/reset the caroot password.
2. In the command prompt browse to the drive where you have ARCServe installed (e.g. C:\Program Files\CA\...)
3. Once in the ARCServe folder type in the following: cstop
4. This will stop the ARCServe services that are running.
5. When all services are stopped open the Windows Explorer and browse to the folder:
C:\Program Files\CA\BrightStor ARCserve Backup\Data\Discovery
Here you will find a folder that has the name of your server.
6. Rename this folder.
7. Back in the command prompt type in the following: cstart
8. This will start the ARCServe services that were stopped in item 4.
9. Still in the command prompt type in the following:
Authsetup/p "password" where “password” is what you want the new password to be.
10.Close the command prompt and try to open ARCServe with the new password.
2. In the command prompt browse to the drive where you have ARCServe installed (e.g. C:\Program Files\CA\...)
3. Once in the ARCServe folder type in the following: cstop
4. This will stop the ARCServe services that are running.
5. When all services are stopped open the Windows Explorer and browse to the folder:
C:\Program Files\CA\BrightStor ARCserve Backup\Data\Discovery
Here you will find a folder that has the name of your server.
6. Rename this folder.
7. Back in the command prompt type in the following: cstart
8. This will start the ARCServe services that were stopped in item 4.
9. Still in the command prompt type in the following:
Authsetup/p "password" where “password” is what you want the new password to be.
10.Close the command prompt and try to open ARCServe with the new password.
Installation WSS 3.0
This document will walk you through an WSS 3.0 installation.
Start by creating the following users in an OU in AD
Required Users and Groups
Group/Name
Account
Description
MOSS
SPAdmins
Group
The SharePoint administrators security
WSS/MOSS
SPConfigAcct
Account
The account used to connect to the configuration database, run the administration application pool, and run the timer service
WSS/MOSS
SPContentPool
Account
The account used for the site collection application pool
WSS/MOSS
SPSearchAcct
Account
The account used to perform searches
WSS/MOSS
SPCrawlAcct
Account
The account used to crawl and index Content
WSS/MOSS
SPSharedServicesPool
Account
The account used for the Shared Services application pool
WSS/MOSS
SPSharedServicesAcct
Account
The account under which Shared Services run
MOSS Only
This guide assumes that you installed Windows 2003 Server and that you have completed Windows Update.
You can follow the steps in this section if you do not plan on deploying MOSS. If you are going to deploy MOSS, you can skip this section and move on to the MOSS deployment.MOSS 2007 Installation.aspx
Add the Application Server Role
You need ASP.NET to run WSS 3.0. In this section, you will install .NET Framework 2.0, but first you need to configure your server to run the Application Server role.
Follow these steps to configure the server:
1. From the Manage Your Server applet, select the right-facing arrow to add or remove a role to the server.
2. On the Preliminary Steps screen, click the Next button.
3. On the Server Role screen, select Application Server (IIS, ASP.NET) from the list of available roles and click the Next button.
4. On the Application Server Options screen, leave both boxes unchecked and click the Next button.
5. On the Summary of Selections screen, click the Next button.
Installing the .NET Framework 2.0
.NET Framework 2.0 is required to run WSS 3.0. Access and download the framework using Windows Update (If Windows Update hasn't been run).
Follow these steps to install the .NET Framework 2.0:
1. Launch the Microsoft .NET Framework Version 2.0 Redistributable Package DOTNETFX.EXE.
2. Follow the simple steps in the wizard to complete the installation.
3. When the installation completes, select Start Administrative Tools Internet Information Services (IIS) Manager.
4. In the IIS Manager applet, click the Web Service Extensions folder.
5. Select ASP.NET 2.0.50727 from the list of extensions and click the Allow button.
Installing the .NET Framework 3.0
WSS 3.0 requires the .NET Framework 3.0 for workflow support. You can access and download the framework using Windows Update. The installation is straightforward and requires no special considerations.
Installing WSS Software
Installing WSS on the server requires installation and then configuration. The installation is straightforward and only requires a few steps through a wizard interface. Configuration is performed after the software is installed.
Follow these steps to install Windows SharePoint Services:
1. Run SETUP.EXE for WSS v3.
2. On the License Agreement screen, accept the agreement and click the Continue button.
3. On the next screen, click the Advanced button.
4. On the Server Type tab, select the Web Front End option.
5. Click the Install Now button.
6. When the installation is complete, check the box to run the Configuration Wizard and to configure WSS:
1. On the welcome screen, click the Next button.
2. In the warning dialog, click the Yes button to acknowledge that the listed services will be stopped.
3. On the Connect to a Server Farm screen, select No, I Want to Create a New Server Farm and click the Next button.
4. On the Configuration Database Settings screen, enter NameOfServer in the Database Server field.
5. Enter WSS_Config in the Database Name field.
6. Enter DOMAIN\SPConfigAcct in the Username field.
7. Enter the password for the SPConfigAcct in the Password field.
8. Click the Next button.
9. On the Configure SharePoint Central Administration Web Application, select either NTLM or Kerberos as the authentication provider and click the Next button.
If you choose to use Kerberos authentication, further steps will be necessary to configure the authentication provider. Do not use Kerberos authentication if you do not have the ability to access and modify Active Directory.
On the completion screen, click the Next button to apply the configuration settings.
11. After closing the configuration wizard, the Central Administration site will open automatically.
If prompted with a login dialog, enter the administrator credentials.
12. When prompted, add the Central Administration site to the list of trusted sites.
13. After the Central Administration site opens, close it until you have finished configuring security.
Turning Off Internet Explorer Enhanced Security
Windows Server 2003 installs Internet Explorer with Enhanced Security activated. Although this is a good default setting for production machines, it can and will prevent content from being rendered in SharePoint. You’ll want to disable Enhanced Security in the development environment to make sure you have complete access to administrative functions.
Follow these steps to disable Internet Explorer Enhanced Security:
1. Select Start Control Panel Add or Remove Programs.
2. Click the Add/Remove Windows Components button on the Add/Remove Programs screen.
3. Uncheck the Internet Explorer Enhanced Security Configuration box.
4. Click the Next button.
Adding WSS to the List of Trusted Sites
You may find that when you access WSS sites that you are prompted for a username and password.
You can eliminate this behavior by adding the”WSS_SERVERNAME” server to the list of trusted sites or the Local Intranet zone. In either case, you should also ensure that the browser settings are configured to automatically log the user on to the site.
Follow these steps to add the server to the list of trusted sites:
1. In the Internet Explorer, select Tools Internet Options.
2. On the Security tab, click the Trusted Sites icon.
3. Click the Sites button.
4. Clear the box titled Require Server Verification (https) for All Sites in this Zone.
5. Verify that http://”WSS_ServerName” is in the Websites list. If not, add it to the list.
6. Click the Close button.
7. Click the Custom Level button.
8. In the Settings list, under User Authentication, select Automatic Logon with Current
Username and Password.
9. Click the OK button.
10. Click the OK button to close the options dialog
Configuring Kerberos Authentication
If you selected to use Kerberos as the authentication provider, you must perform additional configuration steps. The steps involve the definition of a Service Principal Name (SPN) for the application pool account. The SPN is used to authenticate the server to the client.
Follow these steps to configure Kerberos authentication:
1. Log in to the domain controller as a domain administrator.
2. Select Start Administrative Tools Active Directory Users and Computers.
3. In the Active Directory Users and Computers applet, click the Computers folder.
4. Right-click”WSS_SERVERNAME” and select Properties from the context menu.
5. On the General tab, check the box labeled Trust Computer for Delegation and then click the OK button.
6. Click the Users folder.
7. Right-click the SPConfigAcct account and select Properties from the context menu.
8. On the Account tab, check the box labeled Account is Trusted for Delegation and click the OK button.
9. Repeat steps 7 and 8 for the SPContentPool account.
10. Download the SPN tool from the following URL: http://195.90.105.218/Documents/useful%20files/setspn_Setup.rar
11. Create the SPN for the SPConfigAcct by running the following command:
SETSPN –A HTTP/”WSS_ServerName”.DOMAIN.LOCAL DOMAIN\SPConfigAcct
12. Repeat step 11 for the SPContentPool account.
Configuring WSS Components
Once you have the security settings properly configured, you can open the SharePoint Central Administration site on ”WSS_SERVERNAME” by selecting Start Administrative Tools SharePoint 3.0 Administration. On the home page, you will see a task list of recommended actions you should take to configure WSS.
The following sections will help you get the basic WSS configuration completed.
Designating the SharePoint Administrators Group
By adding a group to the list of administrators you can easily grant others administration capabilities through Active Directory.
Follow these steps to designate an administrator group:
1. Select Start Administrative Tools SharePoint 3.0 Administration.
2. On the SharePoint Central Administration page, click the Operations tab.
3. Under the Security Configuration section, click the link titled Update Farm Administrator’s Group.
4. On the People and Groups: Farm Administrators page, select New Add Users.
5. On the Add Users page, enter DOMAIN\SPAdmins in the Users field.
6. Click the OK button.
Starting the Search Service
The WSS Search Service is not running initially. In order to use search functions, you must configure the service with an appropriate account for searching and one for crawling. In this section, you will use the accounts you created earlier to configure the Search Service.
Follow these steps to configure the Search Service:
1. On the SharePoint Central Administration page, click the Operations tab.
2. In the Topology and Services section, click the link titled Services on Server.
3. On the Services on Server page, click the Start link next to the Windows SharePoint Services Search.
4. In the Service Account section, enter DOMAIN\SPSearchAcct in the User Name field.
5. Enter the account password in the Password field.
6. In the Content Access Account section, enter DOMAIN\SPCrawlAcct in the User Name field.
7. Enter the account password in the Password field.
8. Click the Start button.
Configuring Outgoing E-Mail
WSS uses an SMTP server to send alerts and messages to users. In this section, you will enter the e-mail settings for WSS. Follow these steps to configure the e-mail settings:
1. On the SharePoint Central Administration page, click the Operations tab.
2. In the Topology and Services section, click the link titled Outgoing E-mail Settings.
3. On the Outgoing E-Mail Settings page, enter VSPDC in the Outbound SMTP Server field.
4. Enter administrator@domain.local in the From Address field.
5. Enter administrator@domain.local in the Reply To field.
6. Click the OK button.
Creating a New Web Application and Site Collection
Once WSS is properly configured, you can finally create your first site. In this section, you will create a site collection based on the team site template. Follow these steps to create your first site:
1. On the SharePoint Central Administration page, click the Application Management tab.
2. On the Application Management page, click the link titled Create or Extend Web Application.
On the Create or Extend Web Application page, click the link titled Create a New Web Application.
4. On the Create a New Web Application page, select the option Use an Existing IIS Web Site.
5. Choose Default Web Site in the drop-down list.
6. Under the Authentication Provider, choose either Negotiate (Kerberos) or NTLM, depending upon the choice you made earlier.
7. In the Application Pool section, select Create a New Application Pool.
8. Enter WSS_Pool as the pool name.
9. Select the Configurable option for the application pool security account.
10. In the User Name field, enter DOMAIN\SPContentPool.
11. In the Password field, enter the account password.
12. In the Reset Internet Information Services section, select the option to Restart IIS Automatically.
13. In the Search Server section, select”WSS_SERVERNAME” from the drop-down list.
14. Click the OK button.
15. On the Application Created page, click the link titled Create Site Collection.
16. On the Create Site Collection page, enter Home Site in the Title field.
17. Use the drop-down list in the Web Site Address section and verify that just the single forward slash is selected. This will create the site at the root for the server.
18. Under the Primary Site Collection Administrator section, enter DOMAIN\Administrator in the User Name field.
19. Click the OK button to create the new site collection.
20. Once the Site Collection is created, return to the Application Management tab.
21. Click the link titled Policy for Web Application under the Application Security section.
22. On the Policy for Web Application page, click the Add Users button.
23. On the Add Users page, click the Next button.
24. Under the Choose Users section, enter any accounts that should have administrative control over the Site Collection. Be sure to include the DOMAIN\Administrator and”WSS_SERVERNAME”\Administrator accounts.
25. In the Choose Permissions section, check the box labeled Full Control.
26. Click the Finish button. You should now have full access to the new Site Collection.
Start by creating the following users in an OU in AD
Required Users and Groups
Group/Name
Account
Description
MOSS
SPAdmins
Group
The SharePoint administrators security
WSS/MOSS
SPConfigAcct
Account
The account used to connect to the configuration database, run the administration application pool, and run the timer service
WSS/MOSS
SPContentPool
Account
The account used for the site collection application pool
WSS/MOSS
SPSearchAcct
Account
The account used to perform searches
WSS/MOSS
SPCrawlAcct
Account
The account used to crawl and index Content
WSS/MOSS
SPSharedServicesPool
Account
The account used for the Shared Services application pool
WSS/MOSS
SPSharedServicesAcct
Account
The account under which Shared Services run
MOSS Only
This guide assumes that you installed Windows 2003 Server and that you have completed Windows Update.
You can follow the steps in this section if you do not plan on deploying MOSS. If you are going to deploy MOSS, you can skip this section and move on to the MOSS deployment.MOSS 2007 Installation.aspx
Add the Application Server Role
You need ASP.NET to run WSS 3.0. In this section, you will install .NET Framework 2.0, but first you need to configure your server to run the Application Server role.
Follow these steps to configure the server:
1. From the Manage Your Server applet, select the right-facing arrow to add or remove a role to the server.
2. On the Preliminary Steps screen, click the Next button.
3. On the Server Role screen, select Application Server (IIS, ASP.NET) from the list of available roles and click the Next button.
4. On the Application Server Options screen, leave both boxes unchecked and click the Next button.
5. On the Summary of Selections screen, click the Next button.
Installing the .NET Framework 2.0
.NET Framework 2.0 is required to run WSS 3.0. Access and download the framework using Windows Update (If Windows Update hasn't been run).
Follow these steps to install the .NET Framework 2.0:
1. Launch the Microsoft .NET Framework Version 2.0 Redistributable Package DOTNETFX.EXE.
2. Follow the simple steps in the wizard to complete the installation.
3. When the installation completes, select Start Administrative Tools Internet Information Services (IIS) Manager.
4. In the IIS Manager applet, click the Web Service Extensions folder.
5. Select ASP.NET 2.0.50727 from the list of extensions and click the Allow button.
Installing the .NET Framework 3.0
WSS 3.0 requires the .NET Framework 3.0 for workflow support. You can access and download the framework using Windows Update. The installation is straightforward and requires no special considerations.
Installing WSS Software
Installing WSS on the server requires installation and then configuration. The installation is straightforward and only requires a few steps through a wizard interface. Configuration is performed after the software is installed.
Follow these steps to install Windows SharePoint Services:
1. Run SETUP.EXE for WSS v3.
2. On the License Agreement screen, accept the agreement and click the Continue button.
3. On the next screen, click the Advanced button.
4. On the Server Type tab, select the Web Front End option.
5. Click the Install Now button.
6. When the installation is complete, check the box to run the Configuration Wizard and to configure WSS:
1. On the welcome screen, click the Next button.
2. In the warning dialog, click the Yes button to acknowledge that the listed services will be stopped.
3. On the Connect to a Server Farm screen, select No, I Want to Create a New Server Farm and click the Next button.
4. On the Configuration Database Settings screen, enter NameOfServer in the Database Server field.
5. Enter WSS_Config in the Database Name field.
6. Enter DOMAIN\SPConfigAcct in the Username field.
7. Enter the password for the SPConfigAcct in the Password field.
8. Click the Next button.
9. On the Configure SharePoint Central Administration Web Application, select either NTLM or Kerberos as the authentication provider and click the Next button.
If you choose to use Kerberos authentication, further steps will be necessary to configure the authentication provider. Do not use Kerberos authentication if you do not have the ability to access and modify Active Directory.
On the completion screen, click the Next button to apply the configuration settings.
11. After closing the configuration wizard, the Central Administration site will open automatically.
If prompted with a login dialog, enter the administrator credentials.
12. When prompted, add the Central Administration site to the list of trusted sites.
13. After the Central Administration site opens, close it until you have finished configuring security.
Turning Off Internet Explorer Enhanced Security
Windows Server 2003 installs Internet Explorer with Enhanced Security activated. Although this is a good default setting for production machines, it can and will prevent content from being rendered in SharePoint. You’ll want to disable Enhanced Security in the development environment to make sure you have complete access to administrative functions.
Follow these steps to disable Internet Explorer Enhanced Security:
1. Select Start Control Panel Add or Remove Programs.
2. Click the Add/Remove Windows Components button on the Add/Remove Programs screen.
3. Uncheck the Internet Explorer Enhanced Security Configuration box.
4. Click the Next button.
Adding WSS to the List of Trusted Sites
You may find that when you access WSS sites that you are prompted for a username and password.
You can eliminate this behavior by adding the”WSS_SERVERNAME” server to the list of trusted sites or the Local Intranet zone. In either case, you should also ensure that the browser settings are configured to automatically log the user on to the site.
Follow these steps to add the server to the list of trusted sites:
1. In the Internet Explorer, select Tools Internet Options.
2. On the Security tab, click the Trusted Sites icon.
3. Click the Sites button.
4. Clear the box titled Require Server Verification (https) for All Sites in this Zone.
5. Verify that http://”WSS_ServerName” is in the Websites list. If not, add it to the list.
6. Click the Close button.
7. Click the Custom Level button.
8. In the Settings list, under User Authentication, select Automatic Logon with Current
Username and Password.
9. Click the OK button.
10. Click the OK button to close the options dialog
Configuring Kerberos Authentication
If you selected to use Kerberos as the authentication provider, you must perform additional configuration steps. The steps involve the definition of a Service Principal Name (SPN) for the application pool account. The SPN is used to authenticate the server to the client.
Follow these steps to configure Kerberos authentication:
1. Log in to the domain controller as a domain administrator.
2. Select Start Administrative Tools Active Directory Users and Computers.
3. In the Active Directory Users and Computers applet, click the Computers folder.
4. Right-click”WSS_SERVERNAME” and select Properties from the context menu.
5. On the General tab, check the box labeled Trust Computer for Delegation and then click the OK button.
6. Click the Users folder.
7. Right-click the SPConfigAcct account and select Properties from the context menu.
8. On the Account tab, check the box labeled Account is Trusted for Delegation and click the OK button.
9. Repeat steps 7 and 8 for the SPContentPool account.
10. Download the SPN tool from the following URL: http://195.90.105.218/Documents/useful%20files/setspn_Setup.rar
11. Create the SPN for the SPConfigAcct by running the following command:
SETSPN –A HTTP/”WSS_ServerName”.DOMAIN.LOCAL DOMAIN\SPConfigAcct
12. Repeat step 11 for the SPContentPool account.
Configuring WSS Components
Once you have the security settings properly configured, you can open the SharePoint Central Administration site on ”WSS_SERVERNAME” by selecting Start Administrative Tools SharePoint 3.0 Administration. On the home page, you will see a task list of recommended actions you should take to configure WSS.
The following sections will help you get the basic WSS configuration completed.
Designating the SharePoint Administrators Group
By adding a group to the list of administrators you can easily grant others administration capabilities through Active Directory.
Follow these steps to designate an administrator group:
1. Select Start Administrative Tools SharePoint 3.0 Administration.
2. On the SharePoint Central Administration page, click the Operations tab.
3. Under the Security Configuration section, click the link titled Update Farm Administrator’s Group.
4. On the People and Groups: Farm Administrators page, select New Add Users.
5. On the Add Users page, enter DOMAIN\SPAdmins in the Users field.
6. Click the OK button.
Starting the Search Service
The WSS Search Service is not running initially. In order to use search functions, you must configure the service with an appropriate account for searching and one for crawling. In this section, you will use the accounts you created earlier to configure the Search Service.
Follow these steps to configure the Search Service:
1. On the SharePoint Central Administration page, click the Operations tab.
2. In the Topology and Services section, click the link titled Services on Server.
3. On the Services on Server page, click the Start link next to the Windows SharePoint Services Search.
4. In the Service Account section, enter DOMAIN\SPSearchAcct in the User Name field.
5. Enter the account password in the Password field.
6. In the Content Access Account section, enter DOMAIN\SPCrawlAcct in the User Name field.
7. Enter the account password in the Password field.
8. Click the Start button.
Configuring Outgoing E-Mail
WSS uses an SMTP server to send alerts and messages to users. In this section, you will enter the e-mail settings for WSS. Follow these steps to configure the e-mail settings:
1. On the SharePoint Central Administration page, click the Operations tab.
2. In the Topology and Services section, click the link titled Outgoing E-mail Settings.
3. On the Outgoing E-Mail Settings page, enter VSPDC in the Outbound SMTP Server field.
4. Enter administrator@domain.local in the From Address field.
5. Enter administrator@domain.local in the Reply To field.
6. Click the OK button.
Creating a New Web Application and Site Collection
Once WSS is properly configured, you can finally create your first site. In this section, you will create a site collection based on the team site template. Follow these steps to create your first site:
1. On the SharePoint Central Administration page, click the Application Management tab.
2. On the Application Management page, click the link titled Create or Extend Web Application.
On the Create or Extend Web Application page, click the link titled Create a New Web Application.
4. On the Create a New Web Application page, select the option Use an Existing IIS Web Site.
5. Choose Default Web Site in the drop-down list.
6. Under the Authentication Provider, choose either Negotiate (Kerberos) or NTLM, depending upon the choice you made earlier.
7. In the Application Pool section, select Create a New Application Pool.
8. Enter WSS_Pool as the pool name.
9. Select the Configurable option for the application pool security account.
10. In the User Name field, enter DOMAIN\SPContentPool.
11. In the Password field, enter the account password.
12. In the Reset Internet Information Services section, select the option to Restart IIS Automatically.
13. In the Search Server section, select”WSS_SERVERNAME” from the drop-down list.
14. Click the OK button.
15. On the Application Created page, click the link titled Create Site Collection.
16. On the Create Site Collection page, enter Home Site in the Title field.
17. Use the drop-down list in the Web Site Address section and verify that just the single forward slash is selected. This will create the site at the root for the server.
18. Under the Primary Site Collection Administrator section, enter DOMAIN\Administrator in the User Name field.
19. Click the OK button to create the new site collection.
20. Once the Site Collection is created, return to the Application Management tab.
21. Click the link titled Policy for Web Application under the Application Security section.
22. On the Policy for Web Application page, click the Add Users button.
23. On the Add Users page, click the Next button.
24. Under the Choose Users section, enter any accounts that should have administrative control over the Site Collection. Be sure to include the DOMAIN\Administrator and”WSS_SERVERNAME”\Administrator accounts.
25. In the Choose Permissions section, check the box labeled Full Control.
26. Click the Finish button. You should now have full access to the new Site Collection.
How to move Exchange databases and logs in Exchange Server 2003
To move databases
1. Start Exchange System Manager.
2. Open the administrative group that contains the database that you want to change.
3. Under Storage Group, right-click the mailbox store or the public folder store that you want to change, and then click Properties.
4. Click the Database tab.
5. Next to the database that you want to change, click Browse, and then specify a new drive or folder location for the files.
Notes:
• With the databases, you can decide to move the Exchange Database (.edb file), the Exchange Streaming Database (.stm file), or both.
• If the databases are still mounted, you receive the following message:
You are about to perform the following operation(s):
- change Exchange database location
To perform the requested operation(s), the store must be temporarily dismounted which will make it inaccessible to any user.
Do you want to continue?
Click Yes to dismount the database automatically and move the location.
6. When you finish moving the databases, remount the databases manually.
You can move the log files and database files to any folder that you want to create. When you move logs and database files, you may want to create the Exchsrvr\Mdbdata file structure for consistency reasons, but you are not obligated to do so.
You must grant the following default permissions to the new Mdbdata folder that contains the log files and database files:
• Administrators: Full Control
• Authenticated Users: Read and Execute, List Folder Contents, Read
• Creator Owner: None
• Server Operators: Modify, Read and Execute, List Folder Contents, Read, Write
• System: Full Control
Note Only assign permissions to the Server Operators group if the Exchange server is a domain controller. Otherwise, assign permissions to the Power Users group. Only domain controllers should have permissions to the built-in Server Operators group. Stand-alone and member servers should have permissions to the built-in Power Users group.
You may also have to grant the following permissions to the root drive that contains the new Mdbdata folder:
• System: Full Control
During the process of moving log files and database files, your store is temporarily dismounted. Because the store is temporarily dismounted, it is inaccessible to your users until the process is completed. Moving log files or database files invalidates all existing incremental and differential backups; therefore, make a full backup after these changes.
Do not delete or rename the Old MDBdata Folder path after you move the Exchange database. If you want to delete the old MDBdata folder, make sure that the following working directory parameter in the registry points to the new location:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem
Value name: Working Directory
Value type: REG_SZ
Value data: C:\Program Files\Exchsrvr\Mdbdata
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
298415 (http://support.microsoft.com/kb/298415/) Messages that have attachments are not delivered as expected, and Event ID 12003 and 327 messages are logged in Exchange 2000 Server and in Exchange Server 2003
APPLIES TO
• Microsoft Exchange Server 2003 Enterprise Edition
• Microsoft Exchange Server 2003 Standard Edition
1. Start Exchange System Manager.
2. Open the administrative group that contains the database that you want to change.
3. Under Storage Group, right-click the mailbox store or the public folder store that you want to change, and then click Properties.
4. Click the Database tab.
5. Next to the database that you want to change, click Browse, and then specify a new drive or folder location for the files.
Notes:
• With the databases, you can decide to move the Exchange Database (.edb file), the Exchange Streaming Database (.stm file), or both.
• If the databases are still mounted, you receive the following message:
You are about to perform the following operation(s):
- change Exchange database location
To perform the requested operation(s), the store must be temporarily dismounted which will make it inaccessible to any user.
Do you want to continue?
Click Yes to dismount the database automatically and move the location.
6. When you finish moving the databases, remount the databases manually.
You can move the log files and database files to any folder that you want to create. When you move logs and database files, you may want to create the Exchsrvr\Mdbdata file structure for consistency reasons, but you are not obligated to do so.
You must grant the following default permissions to the new Mdbdata folder that contains the log files and database files:
• Administrators: Full Control
• Authenticated Users: Read and Execute, List Folder Contents, Read
• Creator Owner: None
• Server Operators: Modify, Read and Execute, List Folder Contents, Read, Write
• System: Full Control
Note Only assign permissions to the Server Operators group if the Exchange server is a domain controller. Otherwise, assign permissions to the Power Users group. Only domain controllers should have permissions to the built-in Server Operators group. Stand-alone and member servers should have permissions to the built-in Power Users group.
You may also have to grant the following permissions to the root drive that contains the new Mdbdata folder:
• System: Full Control
During the process of moving log files and database files, your store is temporarily dismounted. Because the store is temporarily dismounted, it is inaccessible to your users until the process is completed. Moving log files or database files invalidates all existing incremental and differential backups; therefore, make a full backup after these changes.
Do not delete or rename the Old MDBdata Folder path after you move the Exchange database. If you want to delete the old MDBdata folder, make sure that the following working directory parameter in the registry points to the new location:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem
Value name: Working Directory
Value type: REG_SZ
Value data: C:\Program Files\Exchsrvr\Mdbdata
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
298415 (http://support.microsoft.com/kb/298415/) Messages that have attachments are not delivered as expected, and Event ID 12003 and 327 messages are logged in Exchange 2000 Server and in Exchange Server 2003
APPLIES TO
• Microsoft Exchange Server 2003 Enterprise Edition
• Microsoft Exchange Server 2003 Standard Edition
Forzar Aero en Windows Vista
Cuando Windows Vista determina que nuestro equipo no puede correr el sistema con suficiente fluidez desactiva la nueva interfaz gráfica, Aero, con lo que perdemos entre otros cosas tan necesarias como las transparencias o el Flip3D. Para forzar a Windows Vista a utilizar Aero tenemos que:
Abrir el editor de registro escribiendo regedit en Inicio -> Iniciar búsqueda.
Crear o modificar la clave HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM\Composition estableciendo el valor a 1 (Valor de DWORD de 32 bits)
Crear o modificar la clave HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM\CompositionPolicy estableciendo el valor a 2 (Valor de DWORD de 32 bits)
Reiniciar el gestor del escritorio escribiendo los comandos net stop uxsms y net start uxsms en la consola (Inicio -> Escribimos cmd en Iniciar búsqueda)
Abrir el editor de registro escribiendo regedit en Inicio -> Iniciar búsqueda.
Crear o modificar la clave HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM\Composition estableciendo el valor a 1 (Valor de DWORD de 32 bits)
Crear o modificar la clave HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM\CompositionPolicy estableciendo el valor a 2 (Valor de DWORD de 32 bits)
Reiniciar el gestor del escritorio escribiendo los comandos net stop uxsms y net start uxsms en la consola (Inicio -> Escribimos cmd en Iniciar búsqueda)
Subscribe to:
Posts (Atom)
