microsoft.com Home  
Microsoft
http://www.microsoft.com/office/ork  
Microsoft Office 2000 Resource Kit Home
 Office 2000 and the Web
 Integrating Office 2000 with Your Intranet
 Using Office Server Extensions
Installing Office Server Extensions
Maintaining Office Server Extensions
Administering Security with Office Server Extensions
Advanced Administration of Office Server Extensions
Architecture of Office Server Extensions
 Overview of Tools and Utilities
Glossary
Index
Administering Security with Office Server Extensions

FAQs About Office Server Extensions Security

You can choose several methods to configure security on your Web server. The following frequently asked questions (FAQs) identify specific concerns you might have while you are configuring security settings for your OSE-extended web.



How do I prevent specific users from connecting to my OSE-extended web?

You use authentication to control access to your OSE-extended web. Users are authenticated when they connect to the server; each Web site, virtual directory, folder, and file on your server can have independent authentication settings. However, you typically configure authentication only at the Web site level.

Anonymous access is disabled by default, but if you enable it, any user can connect to the server. To prevent certain users from gaining access to your server, you can enable Basic authentication or Windows NT Challenge/Response authentication.

In addition to authentication, you can configure permissions settings on each OSE-extended web. When you configure permissions, you define which users can browse, author, or administer on that OSE-extended web or subweb. On root webs, you can configure who can collaborate on that OSE-extended web. Users can perform only the tasks you give them permission to perform.

Note   You can configure permissions only if the FrontPage-extended web is located on an NTFS-formatted disk.

Top

How do I allow users to connect only to specific folders and files on my OSE-extended web?

You can enable different authentication methods for each file and folder on your OSE-extended web. By using authentication, you can require users to have a Microsoft Windows NT account to connect to a particular file or folder.

You can also grant or deny access to individual files and folders according to the IP address or domain name of the connecting client computer. For example, you can grant access to a particular client computer so that the user of that computer can access files and folders regardless of the user account logged in. Doing this is convenient when several users share a computer. Also, to protect your data, you can deny access to a computer in the domain competitor.com.

Top

How do I give users different permissions on my OSE-extended web?

To vary user permissions across the content of your OSE-extended web, you can create a subweb of your existing web. A subweb inherits settings from its parent web, but you can change the user security settings of the subweb. In a subweb, you can give users browsing, authoring, and administrating permissions.

To divide content into more independent units, you can create multiple Web sites. Each Web site must have a unique IP address and port pair. Web sites can have unique security settings.

For the most detailed control of the content on your Web server, you can manually configure permissions for each file and folder. You use Windows NT Explorer to configure the access control list (ACL) for each file and folder on your web. An ACL identifies the type of access each user has for a specific file and folder.

Note   You can configure permissions only when the FrontPage-extended web is located on an NTFS-formatted disk.

Top

Can I prevent specific computers from connecting to my Web server?

Yes. Each Web site, virtual directory, folder, and file on your server can have its own list of client computer IP addresses and domain names that are granted or denied access.

Top

Why would I use SSL, and how do I configure it?

Secure Sockets Layer (SSL) encrypts a client/server connection, preventing a network eavesdropper from viewing the information that is passed between the client and server.

Use SSL when your clients are using Basic authentication, because Basic authentication sends user names and passwords between the client and server in an unencrypted and easily decoded format. (Windows NT Challenge/Response authentication encrypts user names and passwords without using SSL.)

To configure SSL, you must first obtain a security certificate for your server from a certificate authority. Use the Key Manager utility in Microsoft Internet Information Server (IIS) to get security certificates. After you have a certificate, users need to specify SSL when they connect to your server from a client application such as a Microsoft Office 2000 application or a Web browser.

Note   SSL client/server connections are established on server IP ports specifically reserved for SSL.

Top

Do users need a Windows NT account to connect to my OSE-extended web?

Yes, unless you enable anonymous access. Anonymous access does not require a Windows NT account, and it allows any user to connect to your OSE-extended web.

Top

Do I need NTFS to secure my OSE-extended web?

No, but without NTFS, you have fewer security options for your OSE-extended web. Without NTFS, security is limited to the various types of authentication and to the grant or deny lists that are based on a user IP address or domain name.

NTFS is a file system that you can use to format hard disks on computers running Windows NT. The NTFS file system provides strong and flexible security for files and folders. You can convert FAT-formatted hard disks to NTFS without any loss of data. NTFS is required if you want to assign users different permissions on a FrontPage-extended web, or on files and folders within a web.

Top

See also

Configuring authentication on your OSE-extended web allows you to restrict and give access to users and allows you to require encrypted client/server communications. For more information about authentication and encryption, see Using Internet Information Server Authentication.


Topic Contents
Previous

Topic Contents   |   Previous   |   Top

  Friday, March 5, 1999
© 1999 Microsoft Corporation. All rights reserved. Terms of use.

License