| Author |
Message |
Dan Marth
Guest
|
 Posted:
Sun Jan 16, 2005 3:10 am Post subject:
Using Sharepoint as an Extranet? |
|
|
Can this be done? I already have an Intranet Sharepoint server setup but our
vendors and affiliates can't access it without us giving them a network
account. If the users don't have a network account..........what other
authentication could I use so the site is not completely public?
Thanks in advance,
Dan |
|
| Back to top |
|
 |
Jim Buyens
Guest
|
| Posted:
Sun Jan 16, 2005 4:01 am Post subject:
RE: Using Sharepoint as an Extranet? |
|
|
Install the external copy of WSS in Active Directory Account Creation mode.
With this mode in effect, whenever a site administrator grants access to a
username that doesn't exist, WSS creates an account with the given name in a
predesignated Active Directory OU. This maks it easier to identify the
external visitors and strip away the privileges you don't want them to have.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Dan Marth" wrote:
| Quote: | Can this be done? I already have an Intranet Sharepoint server setup but our
vendors and affiliates can't access it without us giving them a network
account. If the users don't have a network account..........what other
authentication could I use so the site is not completely public?
Thanks in advance,
Dan
|
|
|
| Back to top |
|
|
Dan Marth
Guest
|
| Posted:
Mon Jan 17, 2005 7:33 am Post subject:
Re: Using Sharepoint as an Extranet? |
|
|
So, is it true to say that the only authentication mode is using a Windows
AD account?
"Jim Buyens" <news@interlacken.com> wrote in message
news:88CC7ABC-2DC6-4359-A72F-500D83656B78@microsoft.com...
| Quote: | Install the external copy of WSS in Active Directory Account Creation
mode.
With this mode in effect, whenever a site administrator grants access to a
username that doesn't exist, WSS creates an account with the given name in
a
predesignated Active Directory OU. This maks it easier to identify the
external visitors and strip away the privileges you don't want them to
have.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Dan Marth" wrote:
Can this be done? I already have an Intranet Sharepoint server setup but
our
vendors and affiliates can't access it without us giving them a network
account. If the users don't have a network account..........what other
authentication could I use so the site is not completely public?
Thanks in advance,
Dan
|
|
|
| Back to top |
|
|
Jim Buyens
Guest
|
| Posted:
Mon Jan 17, 2005 11:59 am Post subject:
Re: Using Sharepoint as an Extranet? |
|
|
Yes. The accounts don't have to permit domain logins, but they do need to be
in Active Directory.
One approach that might be useful on an Extranet is to set up a new domain
for this purpose only, and to locate it entirely within a DMZ.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Dan Marth" wrote:
| Quote: | So, is it true to say that the only authentication mode is using a Windows
AD account?
"Jim Buyens" <news@interlacken.com> wrote in message
news:88CC7ABC-2DC6-4359-A72F-500D83656B78@microsoft.com...
Install the external copy of WSS in Active Directory Account Creation
mode.
With this mode in effect, whenever a site administrator grants access to a
username that doesn't exist, WSS creates an account with the given name in
a
predesignated Active Directory OU. This maks it easier to identify the
external visitors and strip away the privileges you don't want them to
have.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Dan Marth" wrote:
Can this be done? I already have an Intranet Sharepoint server setup but
our
vendors and affiliates can't access it without us giving them a network
account. If the users don't have a network account..........what other
authentication could I use so the site is not completely public?
Thanks in advance,
Dan
|
|
|
| Back to top |
|
|
Jim Buyens
Guest
|
| Posted:
Mon Jan 17, 2005 6:15 pm Post subject:
Re: Using Sharepoint as an Extranet? |
|
|
First, make sure you installed the SharePoint server as directed at:
http://www.microsoft.com/resources/documentation/wss/2/all/adminguide/en-us/stsc05.mspx
You can bypass the instructions that pertain to Scalable Hosting Mode (also
called Host Header Mode) if you like. This is a mode where, for performance
reasons, you support multiple host names by having WSS (rather than IIS)
filter on the HTTP host header.
Then, you create the user accounts in WSS by typing their names into the
normal WSS screens, such as Site Settings, Manage Users, Add Users. If the
account doesn't exist, WSS will add it to the OU you designated during setup.
(Note that the WSS application pool account will need permission to do this.)
To restrict the privileges of accounts created this way, you would generally
use group policy.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Dan Marth" wrote:
| Quote: | Jim,
I just tried setting up a test user and went to the account tab, then "logon
hours" and clicked the radio button for "logon denied". I then granted
access to a sharepoint site and tried to login. I tried 3 times and got the
same error everytime, "The Local Security Authority cannot be contacted". I
then tried it with "logon permitted" and didn't get the error, I was able to
access the site. Did I goto the wrong place to disable domain logon?
Thanks,
Dan
"Dan Marth" <danmarth@earthlink.net> wrote in message
news:e$bOaKJ$EHA.2568@TK2MSFTNGP11.phx.gbl...
Thanks for all the help!
I think setting up the user in a predesignated OU and not permitting
domain
logins on that OU is the way I will go.
Thanks again,
Dan
"Jim Buyens" <news@interlacken.com> wrote in message
news:3837BC81-DE62-4632-ABCE-91FD980EFDC0@microsoft.com...
Yes. The accounts don't have to permit domain logins, but they do need
to
be
in Active Directory.
One approach that might be useful on an Extranet is to set up a new
domain
for this purpose only, and to locate it entirely within a DMZ.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Dan Marth" wrote:
So, is it true to say that the only authentication mode is using a
Windows
AD account?
"Jim Buyens" <news@interlacken.com> wrote in message
news:88CC7ABC-2DC6-4359-A72F-500D83656B78@microsoft.com...
Install the external copy of WSS in Active Directory Account
Creation
mode.
With this mode in effect, whenever a site administrator grants
access
to a
username that doesn't exist, WSS creates an account with the given
name in
a
predesignated Active Directory OU. This maks it easier to identify
the
external visitors and strip away the privileges you don't want them
to
have.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Dan Marth" wrote:
Can this be done? I already have an Intranet Sharepoint server
setup
but
our
vendors and affiliates can't access it without us giving them a
network
account. If the users don't have a network account..........what
other
authentication could I use so the site is not completely public?
Thanks in advance,
Dan
|
|
|
| Back to top |
|
|
Dan Marth
Guest
|
| Posted:
Mon Jan 17, 2005 6:15 pm Post subject:
Re: Using Sharepoint as an Extranet? |
|
|
Jim,
I just tried setting up a test user and went to the account tab, then "logon
hours" and clicked the radio button for "logon denied". I then granted
access to a sharepoint site and tried to login. I tried 3 times and got the
same error everytime, "The Local Security Authority cannot be contacted". I
then tried it with "logon permitted" and didn't get the error, I was able to
access the site. Did I goto the wrong place to disable domain logon?
Thanks,
Dan
"Dan Marth" <danmarth@earthlink.net> wrote in message
news:e$bOaKJ$EHA.2568@TK2MSFTNGP11.phx.gbl...
| Quote: | Thanks for all the help!
I think setting up the user in a predesignated OU and not permitting
domain
logins on that OU is the way I will go.
Thanks again,
Dan
"Jim Buyens" <news@interlacken.com> wrote in message
news:3837BC81-DE62-4632-ABCE-91FD980EFDC0@microsoft.com...
Yes. The accounts don't have to permit domain logins, but they do need
to
be
in Active Directory.
One approach that might be useful on an Extranet is to set up a new
domain
for this purpose only, and to locate it entirely within a DMZ.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Dan Marth" wrote:
So, is it true to say that the only authentication mode is using a
Windows
AD account?
"Jim Buyens" <news@interlacken.com> wrote in message
news:88CC7ABC-2DC6-4359-A72F-500D83656B78@microsoft.com...
Install the external copy of WSS in Active Directory Account
Creation
mode.
With this mode in effect, whenever a site administrator grants
access
to a
username that doesn't exist, WSS creates an account with the given
name in
a
predesignated Active Directory OU. This maks it easier to identify
the
external visitors and strip away the privileges you don't want them
to
have.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Dan Marth" wrote:
Can this be done? I already have an Intranet Sharepoint server
setup
but
our
vendors and affiliates can't access it without us giving them a
network
account. If the users don't have a network account..........what
other
authentication could I use so the site is not completely public?
Thanks in advance,
Dan
|
|
|
| Back to top |
|
|
Dan Marth
Guest
|
| Posted:
Mon Jan 17, 2005 6:15 pm Post subject:
Re: Using Sharepoint as an Extranet? |
|
|
Thanks for all the help!
I think setting up the user in a predesignated OU and not permitting domain
logins on that OU is the way I will go.
Thanks again,
Dan
"Jim Buyens" <news@interlacken.com> wrote in message
news:3837BC81-DE62-4632-ABCE-91FD980EFDC0@microsoft.com...
| Quote: | Yes. The accounts don't have to permit domain logins, but they do need to
be
in Active Directory.
One approach that might be useful on an Extranet is to set up a new domain
for this purpose only, and to locate it entirely within a DMZ.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Dan Marth" wrote:
So, is it true to say that the only authentication mode is using a
Windows
AD account?
"Jim Buyens" <news@interlacken.com> wrote in message
news:88CC7ABC-2DC6-4359-A72F-500D83656B78@microsoft.com...
Install the external copy of WSS in Active Directory Account Creation
mode.
With this mode in effect, whenever a site administrator grants access
to a
username that doesn't exist, WSS creates an account with the given
name in
a
predesignated Active Directory OU. This maks it easier to identify the
external visitors and strip away the privileges you don't want them to
have.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Dan Marth" wrote:
Can this be done? I already have an Intranet Sharepoint server setup
but
our
vendors and affiliates can't access it without us giving them a
network
account. If the users don't have a network account..........what
other
authentication could I use so the site is not completely public?
Thanks in advance,
Dan
|
|
|
| Back to top |
|
|
Daniel Larson (www.portal
Guest
|
| Posted:
Tue Jan 18, 2005 4:57 am Post subject:
RE: Using Sharepoint as an Extranet? |
|
|
You can use custom authentication without Windows accounts... but you lose
the collaboration support of things like document libraries, etc. I have
implemented several extranet applications doing just that... including the
soon to be launched www.portalbuilder.org.
Daniel Larson
http://www.portalbuilder.org
"Dan Marth" wrote:
| Quote: | Can this be done? I already have an Intranet Sharepoint server setup but our
vendors and affiliates can't access it without us giving them a network
account. If the users don't have a network account..........what other
authentication could I use so the site is not completely public?
Thanks in advance,
Dan
|
|
|
| Back to top |
|
|
Justin Mosier
Guest
|
| Posted:
Wed Jan 19, 2005 3:16 am Post subject:
Re: Using Sharepoint as an Extranet? |
|
|
Jim,
Where does the WSS administrator setup a password for the users that are
automatically created in AD? As I step through the screens (Site Settings,
Manage Users, Add Users) I don't see a place to specify a password.
BTW, this discussion is very timely for my group. We just setup WSS as an
extranet last week using local user authentication (not tied to Active
Directory). I was resigned to creating local user accounts on the box
whenever new users are needed (for clients, contractors, etc), but after
reading this discussion it sounds like I can get rid of that maintenance
task and let site administrators add users as needed without IT involvement.
I hope I'm understanding all this correctly.
We already use Sharepoint on our Intranet and love it!
Thanks!
Justin
"Jim Buyens" <news@interlacken.com> wrote in message
news:B228E2D1-EC20-494E-AAFF-A6531E063A20@microsoft.com...
| Quote: | First, make sure you installed the SharePoint server as directed at:
http://www.microsoft.com/resources/documentation/wss/2/all/adminguide/en-us/stsc05.mspx
You can bypass the instructions that pertain to Scalable Hosting Mode
(also
called Host Header Mode) if you like. This is a mode where, for
performance
reasons, you support multiple host names by having WSS (rather than IIS)
filter on the HTTP host header.
Then, you create the user accounts in WSS by typing their names into the
normal WSS screens, such as Site Settings, Manage Users, Add Users. If the
account doesn't exist, WSS will add it to the OU you designated during
setup.
(Note that the WSS application pool account will need permission to do
this.)
To restrict the privileges of accounts created this way, you would
generally
use group policy.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Dan Marth" wrote:
Jim,
I just tried setting up a test user and went to the account tab, then
"logon
hours" and clicked the radio button for "logon denied". I then granted
access to a sharepoint site and tried to login. I tried 3 times and got
the
same error everytime, "The Local Security Authority cannot be contacted".
I
then tried it with "logon permitted" and didn't get the error, I was able
to
access the site. Did I goto the wrong place to disable domain logon?
Thanks,
Dan
"Dan Marth" <danmarth@earthlink.net> wrote in message
news:e$bOaKJ$EHA.2568@TK2MSFTNGP11.phx.gbl...
Thanks for all the help!
I think setting up the user in a predesignated OU and not permitting
domain
logins on that OU is the way I will go.
Thanks again,
Dan
"Jim Buyens" <news@interlacken.com> wrote in message
news:3837BC81-DE62-4632-ABCE-91FD980EFDC0@microsoft.com...
Yes. The accounts don't have to permit domain logins, but they do
need
to
be
in Active Directory.
One approach that might be useful on an Extranet is to set up a new
domain
for this purpose only, and to locate it entirely within a DMZ.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Dan Marth" wrote:
So, is it true to say that the only authentication mode is using a
Windows
AD account?
"Jim Buyens" <news@interlacken.com> wrote in message
news:88CC7ABC-2DC6-4359-A72F-500D83656B78@microsoft.com...
Install the external copy of WSS in Active Directory Account
Creation
mode.
With this mode in effect, whenever a site administrator grants
access
to a
username that doesn't exist, WSS creates an account with the
given
name in
a
predesignated Active Directory OU. This maks it easier to
identify
the
external visitors and strip away the privileges you don't want
them
to
have.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Dan Marth" wrote:
Can this be done? I already have an Intranet Sharepoint server
setup
but
our
vendors and affiliates can't access it without us giving them a
network
account. If the users don't have a network
account..........what
other
authentication could I use so the site is not completely
public?
Thanks in advance,
Dan
|
|
|
| Back to top |
|
|
Jim Buyens
Guest
|
| Posted:
Wed Jan 19, 2005 6:47 am Post subject:
Re: Using Sharepoint as an Extranet? |
|
|
"Justin Mosier" wrote:
| Quote: | Jim,
Where does the WSS administrator setup a password for the users that are
automatically created in AD? As I step through the screens (Site Settings,
Manage Users, Add Users) I don't see a place to specify a password.
|
WSS choses a random password and e-mails it to the user. The user can then
change it after they log in the first time.
| Quote: | BTW, this discussion is very timely for my group. We just setup WSS as an
extranet last week using local user authentication (not tied to Active
Directory). I was resigned to creating local user accounts on the box
whenever new users are needed (for clients, contractors, etc), but after
reading this discussion it sounds like I can get rid of that maintenance
task and let site administrators add users as needed without IT involvement.
I hope I'm understanding all this correctly.
We already use Sharepoint on our Intranet and love it!
Thanks!
Justin
|
Yes, that's how it works. It's slightly unintuitive because there are no
special screens for adding new users; you (or the site admin) simply type the
new user's e-mail address, and if the account doesn't exist, WSS creates it.
Unfortunately, Active Directory Account Creation is something you can
activate only during initial install. If you have existing content, I think
you could connect the existing content datbases to the new server, but this
is something you should test carefully in advance.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
| Quote: | "Jim Buyens" <news@interlacken.com> wrote in message
news:B228E2D1-EC20-494E-AAFF-A6531E063A20@microsoft.com...
First, make sure you installed the SharePoint server as directed at:
http://www.microsoft.com/resources/documentation/wss/2/all/adminguide/en-us/stsc05.mspx
You can bypass the instructions that pertain to Scalable Hosting Mode
(also
called Host Header Mode) if you like. This is a mode where, for
performance
reasons, you support multiple host names by having WSS (rather than IIS)
filter on the HTTP host header.
Then, you create the user accounts in WSS by typing their names into the
normal WSS screens, such as Site Settings, Manage Users, Add Users. If the
account doesn't exist, WSS will add it to the OU you designated during
setup.
(Note that the WSS application pool account will need permission to do
this.)
To restrict the privileges of accounts created this way, you would
generally
use group policy.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Dan Marth" wrote:
Jim,
I just tried setting up a test user and went to the account tab, then
"logon
hours" and clicked the radio button for "logon denied". I then granted
access to a sharepoint site and tried to login. I tried 3 times and got
the
same error everytime, "The Local Security Authority cannot be contacted".
I
then tried it with "logon permitted" and didn't get the error, I was able
to
access the site. Did I goto the wrong place to disable domain logon?
Thanks,
Dan
"Dan Marth" <danmarth@earthlink.net> wrote in message
news:e$bOaKJ$EHA.2568@TK2MSFTNGP11.phx.gbl...
Thanks for all the help!
I think setting up the user in a predesignated OU and not permitting
domain
logins on that OU is the way I will go.
Thanks again,
Dan
"Jim Buyens" <news@interlacken.com> wrote in message
news:3837BC81-DE62-4632-ABCE-91FD980EFDC0@microsoft.com...
Yes. The accounts don't have to permit domain logins, but they do
need
to
be
in Active Directory.
One approach that might be useful on an Extranet is to set up a new
domain
for this purpose only, and to locate it entirely within a DMZ.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Dan Marth" wrote:
So, is it true to say that the only authentication mode is using a
Windows
AD account?
"Jim Buyens" <news@interlacken.com> wrote in message
news:88CC7ABC-2DC6-4359-A72F-500D83656B78@microsoft.com...
Install the external copy of WSS in Active Directory Account
Creation
mode.
With this mode in effect, whenever a site administrator grants
access
to a
username that doesn't exist, WSS creates an account with the
given
name in
a
predesignated Active Directory OU. This maks it easier to
identify
the
external visitors and strip away the privileges you don't want
them
to
have.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Dan Marth" wrote:
Can this be done? I already have an Intranet Sharepoint server
setup
but
our
vendors and affiliates can't access it without us giving them a
network
account. If the users don't have a network
account..........what
other
authentication could I use so the site is not completely
public?
Thanks in advance,
Dan
|
|
|
| Back to top |
|
|
Justin Mosier
Guest
|
| Posted:
Thu Jan 20, 2005 3:54 am Post subject:
Re: Using Sharepoint as an Extranet? |
|
|
Thanks for the confirmation!
Thankfully the extranet we setup last week has not been completely launched,
so I'm at a point where I can reinstall using AD connection without a
problem.
Now my only challenge is to convince my Network Manager to agree to AD
connectivity from the DMZ.
Are there any security concerns with the extranet server connecting to AD or
with allowing external users to be stored in AD? It sounds like putting the
right limits in the OU group policy will do the necessary lock down.
"Jim Buyens" <news@interlacken.com> wrote in message
news:B1054EBD-8726-4229-95DE-9D82DDD73F9E@microsoft.com...
| Quote: | "Justin Mosier" wrote:
Jim,
Where does the WSS administrator setup a password for the users that are
automatically created in AD? As I step through the screens (Site
Settings,
Manage Users, Add Users) I don't see a place to specify a password.
WSS choses a random password and e-mails it to the user. The user can then
change it after they log in the first time.
BTW, this discussion is very timely for my group. We just setup WSS as an
extranet last week using local user authentication (not tied to Active
Directory). I was resigned to creating local user accounts on the box
whenever new users are needed (for clients, contractors, etc), but after
reading this discussion it sounds like I can get rid of that maintenance
task and let site administrators add users as needed without IT
involvement.
I hope I'm understanding all this correctly.
We already use Sharepoint on our Intranet and love it!
Thanks!
Justin
Yes, that's how it works. It's slightly unintuitive because there are no
special screens for adding new users; you (or the site admin) simply type
the
new user's e-mail address, and if the account doesn't exist, WSS creates
it.
Unfortunately, Active Directory Account Creation is something you can
activate only during initial install. If you have existing content, I
think
you could connect the existing content datbases to the new server, but
this
is something you should test carefully in advance.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Jim Buyens" <news@interlacken.com> wrote in message
news:B228E2D1-EC20-494E-AAFF-A6531E063A20@microsoft.com...
First, make sure you installed the SharePoint server as directed at:
http://www.microsoft.com/resources/documentation/wss/2/all/adminguide/en-us/stsc05.mspx
You can bypass the instructions that pertain to Scalable Hosting Mode
(also
called Host Header Mode) if you like. This is a mode where, for
performance
reasons, you support multiple host names by having WSS (rather than
IIS)
filter on the HTTP host header.
Then, you create the user accounts in WSS by typing their names into
the
normal WSS screens, such as Site Settings, Manage Users, Add Users. If
the
account doesn't exist, WSS will add it to the OU you designated during
setup.
(Note that the WSS application pool account will need permission to do
this.)
To restrict the privileges of accounts created this way, you would
generally
use group policy.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Dan Marth" wrote:
Jim,
I just tried setting up a test user and went to the account tab, then
"logon
hours" and clicked the radio button for "logon denied". I then
granted
access to a sharepoint site and tried to login. I tried 3 times and
got
the
same error everytime, "The Local Security Authority cannot be
contacted".
I
then tried it with "logon permitted" and didn't get the error, I was
able
to
access the site. Did I goto the wrong place to disable domain logon?
Thanks,
Dan
"Dan Marth" <danmarth@earthlink.net> wrote in message
news:e$bOaKJ$EHA.2568@TK2MSFTNGP11.phx.gbl...
Thanks for all the help!
I think setting up the user in a predesignated OU and not permitting
domain
logins on that OU is the way I will go.
Thanks again,
Dan
"Jim Buyens" <news@interlacken.com> wrote in message
news:3837BC81-DE62-4632-ABCE-91FD980EFDC0@microsoft.com...
Yes. The accounts don't have to permit domain logins, but they do
need
to
be
in Active Directory.
One approach that might be useful on an Extranet is to set up a
new
domain
for this purpose only, and to locate it entirely within a DMZ.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Dan Marth" wrote:
So, is it true to say that the only authentication mode is using
a
Windows
AD account?
"Jim Buyens" <news@interlacken.com> wrote in message
news:88CC7ABC-2DC6-4359-A72F-500D83656B78@microsoft.com...
Install the external copy of WSS in Active Directory Account
Creation
mode.
With this mode in effect, whenever a site administrator grants
access
to a
username that doesn't exist, WSS creates an account with the
given
name in
a
predesignated Active Directory OU. This maks it easier to
identify
the
external visitors and strip away the privileges you don't want
them
to
have.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Dan Marth" wrote:
Can this be done? I already have an Intranet Sharepoint
server
setup
but
our
vendors and affiliates can't access it without us giving
them a
network
account. If the users don't have a network
account..........what
other
authentication could I use so the site is not completely
public?
Thanks in advance,
Dan
|
|
|
| Back to top |
|
|
Justin Mosier
Guest
|
| Posted:
Thu Jan 20, 2005 4:44 am Post subject:
Re: Using Sharepoint as an Extranet? |
|
|
Jim,
Something I'm not understanding is how users are able to "change their
passwords after they log in the first time." Where?
The security window that pops up in the browser when first accessing the
sharepoint site only has username and password entry boxes. It doesn't have
a "Change Password" button like your standard Windows login popup window.
I clicked all over the sharepoint site and I didn't see anything about users
or administrators being able to change passwords.
I guess you mean the passwords have to be managed via AD? I can't make every
Sharepoint site administrator also a domain administrator in order to manage
the users for their respective SP sites!
My goal in exploring an AD connection is simply to avoid having to manage
local windows users on the extranet server myself and instead let each
Sharepoint site administrator add / edit / delete users as needed, without
intervention by us in IT. I can just foresee the management of local windows
users becoming a big headache as the number of sharepoint sites grows. But
if managing them through AD is limited to domain admins (ie. only my Network
Manager) then I can't go that route.
Hopefully I'm misunderstanding something. Thanks again for your patience!
Justin
"Jim Buyens" <news@interlacken.com> wrote in message
news:B1054EBD-8726-4229-95DE-9D82DDD73F9E@microsoft.com...
| Quote: | "Justin Mosier" wrote:
Jim,
Where does the WSS administrator setup a password for the users that are
automatically created in AD? As I step through the screens (Site
Settings,
Manage Users, Add Users) I don't see a place to specify a password.
WSS choses a random password and e-mails it to the user. The user can then
change it after they log in the first time.
BTW, this discussion is very timely for my group. We just setup WSS as an
extranet last week using local user authentication (not tied to Active
Directory). I was resigned to creating local user accounts on the box
whenever new users are needed (for clients, contractors, etc), but after
reading this discussion it sounds like I can get rid of that maintenance
task and let site administrators add users as needed without IT
involvement.
I hope I'm understanding all this correctly.
We already use Sharepoint on our Intranet and love it!
Thanks!
Justin
Yes, that's how it works. It's slightly unintuitive because there are no
special screens for adding new users; you (or the site admin) simply type
the
new user's e-mail address, and if the account doesn't exist, WSS creates
it.
Unfortunately, Active Directory Account Creation is something you can
activate only during initial install. If you have existing content, I
think
you could connect the existing content datbases to the new server, but
this
is something you should test carefully in advance.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Jim Buyens" <news@interlacken.com> wrote in message
news:B228E2D1-EC20-494E-AAFF-A6531E063A20@microsoft.com...
First, make sure you installed the SharePoint server as directed at:
http://www.microsoft.com/resources/documentation/wss/2/all/adminguide/en-us/stsc05.mspx
You can bypass the instructions that pertain to Scalable Hosting Mode
(also
called Host Header Mode) if you like. This is a mode where, for
performance
reasons, you support multiple host names by having WSS (rather than
IIS)
filter on the HTTP host header.
Then, you create the user accounts in WSS by typing their names into
the
normal WSS screens, such as Site Settings, Manage Users, Add Users. If
the
account doesn't exist, WSS will add it to the OU you designated during
setup.
(Note that the WSS application pool account will need permission to do
this.)
To restrict the privileges of accounts created this way, you would
generally
use group policy.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Dan Marth" wrote:
Jim,
I just tried setting up a test user and went to the account tab, then
"logon
hours" and clicked the radio button for "logon denied". I then
granted
access to a sharepoint site and tried to login. I tried 3 times and
got
the
same error everytime, "The Local Security Authority cannot be
contacted".
I
then tried it with "logon permitted" and didn't get the error, I was
able
to
access the site. Did I goto the wrong place to disable domain logon?
Thanks,
Dan
"Dan Marth" <danmarth@earthlink.net> wrote in message
news:e$bOaKJ$EHA.2568@TK2MSFTNGP11.phx.gbl...
Thanks for all the help!
I think setting up the user in a predesignated OU and not permitting
domain
logins on that OU is the way I will go.
Thanks again,
Dan
"Jim Buyens" <news@interlacken.com> wrote in message
news:3837BC81-DE62-4632-ABCE-91FD980EFDC0@microsoft.com...
Yes. The accounts don't have to permit domain logins, but they do
need
to
be
in Active Directory.
One approach that might be useful on an Extranet is to set up a
new
domain
for this purpose only, and to locate it entirely within a DMZ.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Dan Marth" wrote:
So, is it true to say that the only authentication mode is using
a
Windows
AD account?
"Jim Buyens" <news@interlacken.com> wrote in message
news:88CC7ABC-2DC6-4359-A72F-500D83656B78@microsoft.com...
Install the external copy of WSS in Active Directory Account
Creation
mode.
With this mode in effect, whenever a site administrator grants
access
to a
username that doesn't exist, WSS creates an account with the
given
name in
a
predesignated Active Directory OU. This maks it easier to
identify
the
external visitors and strip away the privileges you don't want
them
to
have.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Dan Marth" wrote:
Can this be done? I already have an Intranet Sharepoint
server
setup
but
our
vendors and affiliates can't access it without us giving
them a
network
account. If the users don't have a network
account..........what
other
authentication could I use so the site is not completely
public?
Thanks in advance,
Dan
|
|
|
| Back to top |
|
|
John Kisha
Guest
|
| Posted:
Thu Jan 20, 2005 5:43 am Post subject:
Re: Using Sharepoint as an Extranet? |
|
|
Go to SITE SETTINGS | UPDATE MY INFORMATION and you will see the link to
change passwords there.
Administrators can change user passwords after clicking on VIEW
INFORMATION ABOUT SITE USERS | <USER NAME> | CHANGE PASSWORD
I'm not sure, but this may only be available under Active Directory
Account Creation Mode.
John Kisha
Inland Pacific Consulting
http://www.VisitUsAt.com
323-463-8300
-----Original Message-----
From: Justin Mosier [mailto:anonymous@newsgroups.microsoft.com]
Posted At: Wednesday, January 19, 2005 2:44 PM
Posted To: microsoft.public.sharepoint.windowsservices
Conversation: Using Sharepoint as an Extranet?
Subject: Re: Using Sharepoint as an Extranet?
Jim,
Something I'm not understanding is how users are able to "change their
passwords after they log in the first time." Where?
The security window that pops up in the browser when first accessing the
sharepoint site only has username and password entry boxes. It doesn't
have
a "Change Password" button like your standard Windows login popup
window.
I clicked all over the sharepoint site and I didn't see anything about
users
or administrators being able to change passwords.
I guess you mean the passwords have to be managed via AD? I can't make
every
Sharepoint site administrator also a domain administrator in order to
manage
the users for their respective SP sites!
My goal in exploring an AD connection is simply to avoid having to
manage
local windows users on the extranet server myself and instead let each
Sharepoint site administrator add / edit / delete users as needed,
without
intervention by us in IT. I can just foresee the management of local
windows
users becoming a big headache as the number of sharepoint sites grows.
But
if managing them through AD is limited to domain admins (ie. only my
Network
Manager) then I can't go that route.
Hopefully I'm misunderstanding something. Thanks again for your
patience!
Justin
"Jim Buyens" <news@interlacken.com> wrote in message
news:B1054EBD-8726-4229-95DE-9D82DDD73F9E@microsoft.com...
| Quote: | "Justin Mosier" wrote:
Jim,
Where does the WSS administrator setup a password for the users that
are
automatically created in AD? As I step through the screens (Site
Settings,
Manage Users, Add Users) I don't see a place to specify a password.
WSS choses a random password and e-mails it to the user. The user can
then
change it after they log in the first time.
BTW, this discussion is very timely for my group. We just setup WSS
as an
extranet last week using local user authentication (not tied to
Active
Directory). I was resigned to creating local user accounts on the box
whenever new users are needed (for clients, contractors, etc), but
after
reading this discussion it sounds like I can get rid of that
maintenance
task and let site administrators add users as needed without IT
involvement.
I hope I'm understanding all this correctly.
We already use Sharepoint on our Intranet and love it!
Thanks!
Justin
Yes, that's how it works. It's slightly unintuitive because there are
no
special screens for adding new users; you (or the site admin) simply
type
the
new user's e-mail address, and if the account doesn't exist, WSS
creates
it.
Unfortunately, Active Directory Account Creation is something you can
activate only during initial install. If you have existing content, I
think
you could connect the existing content datbases to the new server, but
this
is something you should test carefully in advance.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Jim Buyens" <news@interlacken.com> wrote in message
news:B228E2D1-EC20-494E-AAFF-A6531E063A20@microsoft.com...
First, make sure you installed the SharePoint server as directed
at:
http://www.microsoft.com/resources/documentation/wss/2/all/adminguide/en |
-us/stsc05.mspx
| Quote: |
You can bypass the instructions that pertain to Scalable Hosting
Mode
(also
called Host Header Mode) if you like. This is a mode where, for
performance
reasons, you support multiple host names by having WSS (rather than
IIS)
filter on the HTTP host header.
Then, you create the user accounts in WSS by typing their names
into
the
normal WSS screens, such as Site Settings, Manage Users, Add Users.
If
the
account doesn't exist, WSS will add it to the OU you designated
during
setup.
(Note that the WSS application pool account will need permission to
do
this.)
To restrict the privileges of accounts created this way, you would
generally
use group policy.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Dan Marth" wrote:
Jim,
I just tried setting up a test user and went to the account tab,
then
"logon
hours" and clicked the radio button for "logon denied". I then
granted
access to a sharepoint site and tried to login. I tried 3 times
and
got
the
same error everytime, "The Local Security Authority cannot be
contacted".
I
then tried it with "logon permitted" and didn't get the error, I
was
able
to
access the site. Did I goto the wrong place to disable domain
logon?
Thanks,
Dan
"Dan Marth" <danmarth@earthlink.net> wrote in message
news:e$bOaKJ$EHA.2568@TK2MSFTNGP11.phx.gbl...
Thanks for all the help!
I think setting up the user in a predesignated OU and not
permitting
domain
logins on that OU is the way I will go.
Thanks again,
Dan
"Jim Buyens" <news@interlacken.com> wrote in message
news:3837BC81-DE62-4632-ABCE-91FD980EFDC0@microsoft.com...
Yes. The accounts don't have to permit domain logins, but they
do
need
to
be
in Active Directory.
One approach that might be useful on an Extranet is to set up
a
new
domain
for this purpose only, and to locate it entirely within a DMZ.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Dan Marth" wrote:
So, is it true to say that the only authentication mode is
using
a
Windows
AD account?
"Jim Buyens" <news@interlacken.com> wrote in message
news:88CC7ABC-2DC6-4359-A72F-500D83656B78@microsoft.com...
Install the external copy of WSS in Active Directory
Account
Creation
mode.
With this mode in effect, whenever a site administrator
grants
access
to a
username that doesn't exist, WSS creates an account with
the
given
name in
a
predesignated Active Directory OU. This maks it easier to
identify
the
external visitors and strip away the privileges you don't
want
them
to
have.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Dan Marth" wrote:
Can this be done? I already have an Intranet Sharepoint
server
setup
but
our
vendors and affiliates can't access it without us giving
them a
network
account. If the users don't have a network
account..........what
other
authentication could I use so the site is not completely
public?
Thanks in advance,
Dan
|
|
|
| Back to top |
|
|
Guest
|
| Posted:
Sat Jan 22, 2005 12:59 am Post subject:
Re: Using Sharepoint as an Extranet? |
|
|
Is _is_ only available under Active Directory Account Creation Mode. Does
anyone know how to enable password changes by the user when running in the
default, Domain Account Mode?
<Todd />
"John Kisha" <john@inlandconsulting.com> wrote in message
news:eh0CoCo$EHA.1904@TK2MSFTNGP14.phx.gbl...
| Quote: | Go to SITE SETTINGS | UPDATE MY INFORMATION and you will see the link to
change passwords there.
Administrators can change user passwords after clicking on VIEW
INFORMATION ABOUT SITE USERS | <USER NAME> | CHANGE PASSWORD
I'm not sure, but this may only be available under Active Directory
Account Creation Mode.
John Kisha
Inland Pacific Consulting
http://www.VisitUsAt.com
323-463-8300
-----Original Message-----
From: Justin Mosier [mailto:anonymous@newsgroups.microsoft.com]
Posted At: Wednesday, January 19, 2005 2:44 PM
Posted To: microsoft.public.sharepoint.windowsservices
Conversation: Using Sharepoint as an Extranet?
Subject: Re: Using Sharepoint as an Extranet?
Jim,
Something I'm not understanding is how users are able to "change their
passwords after they log in the first time." Where?
The security window that pops up in the browser when first accessing the
sharepoint site only has username and password entry boxes. It doesn't
have
a "Change Password" button like your standard Windows login popup
window.
I clicked all over the sharepoint site and I didn't see anything about
users
or administrators being able to change passwords.
I guess you mean the passwords have to be managed via AD? I can't make
every
Sharepoint site administrator also a domain administrator in order to
manage
the users for their respective SP sites!
My goal in exploring an AD connection is simply to avoid having to
manage
local windows users on the extranet server myself and instead let each
Sharepoint site administrator add / edit / delete users as needed,
without
intervention by us in IT. I can just foresee the management of local
windows
users becoming a big headache as the number of sharepoint sites grows.
But
if managing them through AD is limited to domain admins (ie. only my
Network
Manager) then I can't go that route.
Hopefully I'm misunderstanding something. Thanks again for your
patience!
Justin
"Jim Buyens" <news@interlacken.com> wrote in message
news:B1054EBD-8726-4229-95DE-9D82DDD73F9E@microsoft.com...
"Justin Mosier" wrote:
Jim,
Where does the WSS administrator setup a password for the users that
are
automatically created in AD? As I step through the screens (Site
Settings,
Manage Users, Add Users) I don't see a place to specify a password.
WSS choses a random password and e-mails it to the user. The user can
then
change it after they log in the first time.
BTW, this discussion is very timely for my group. We just setup WSS
as an
extranet last week using local user authentication (not tied to
Active
Directory). I was resigned to creating local user accounts on the box
whenever new users are needed (for clients, contractors, etc), but
after
reading this discussion it sounds like I can get rid of that
maintenance
task and let site administrators add users as needed without IT
involvement.
I hope I'm understanding all this correctly.
We already use Sharepoint on our Intranet and love it!
Thanks!
Justin
Yes, that's how it works. It's slightly unintuitive because there are
no
special screens for adding new users; you (or the site admin) simply
type
the
new user's e-mail address, and if the account doesn't exist, WSS
creates
it.
Unfortunately, Active Directory Account Creation is something you can
activate only during initial install. If you have existing content, I
think
you could connect the existing content datbases to the new server, but
this
is something you should test carefully in advance.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Jim Buyens" <news@interlacken.com> wrote in message
news:B228E2D1-EC20-494E-AAFF-A6531E063A20@microsoft.com...
First, make sure you installed the SharePoint server as directed
at:
http://www.microsoft.com/resources/documentation/wss/2/all/adminguide/en
-us/stsc05.mspx
You can bypass the instructions that pertain to Scalable Hosting
Mode
(also
called Host Header Mode) if you like. This is a mode where, for
performance
reasons, you support multiple host names by having WSS (rather than
IIS)
filter on the HTTP host header.
Then, you create the user accounts in WSS by typing their names
into
the
normal WSS screens, such as Site Settings, Manage Users, Add Users.
If
the
account doesn't exist, WSS will add it to the OU you designated
during
setup.
(Note that the WSS application pool account will need permission to
do
this.)
To restrict the privileges of accounts created this way, you would
generally
use group policy.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Dan Marth" wrote:
Jim,
I just tried setting up a test user and went to the account tab,
then
"logon
hours" and clicked the radio button for "logon denied". I then
granted
access to a sharepoint site and tried to login. I tried 3 times
and
got
the
same error everytime, "The Local Security Authority cannot be
contacted".
I
then tried it with "logon permitted" and didn't get the error, I
was
able
to
access the site. Did I goto the wrong place to disable domain
logon?
Thanks,
Dan
"Dan Marth" <danmarth@earthlink.net> wrote in message
news:e$bOaKJ$EHA.2568@TK2MSFTNGP11.phx.gbl...
Thanks for all the help!
I think setting up the user in a predesignated OU and not
permitting
domain
logins on that OU is the way I will go.
Thanks again,
Dan
"Jim Buyens" <news@interlacken.com> wrote in message
news:3837BC81-DE62-4632-ABCE-91FD980EFDC0@microsoft.com...
Yes. The accounts don't have to permit domain logins, but they
do
need
to
be
in Active Directory.
One approach that might be useful on an Extranet is to set up
a
new
domain
for this purpose only, and to locate it entirely within a DMZ.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*--------------------------------- |
| |
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in