news
Mon Jan 24 14:56:33 CST 2005
This option appears on the Site Administration page of each subsite, So, if
you had sites:
http://wss.example.com/
http://wss.example.com/animals
http://wss.example.com/animals/birds
http://wss.example.com/animals/birds/waterfowl
and you wanted the whole /animals/birds tree to have unique permissions, you
would configure this on the Site Administration page that appears within the
/animals/birds site.
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Jody" wrote:
> Dear Jim - I understand in concept what you are talking about. However, I do
> not have the option in any virtual server root Site Admininstration for
> "Manage Permission Inheritance" I have looked through all the "manage"
> options in case it was burried somewhere else, but no luck! Any suggestions?
>
> Thanks- Jody
>
> "Jim Buyens" wrote:
>
> > Responses interspersed...
> >
> > "Jody" wrote:
> >
> > > Jim - Thanks for your help. Here are my results and more questions / issues.
> > >
> > > I used the internal server IP address listed in IIS for my VS as you
> > > suggested (great procedure â?? thanks!) and successfully created a user via the
> > > command-line BUTâ?¦
> > >
> > > If the user was not first created in AD then I would get the error:
> > > â??User does not existâ??
> >
> > In that case, you either failed to give the SharePoint server's application
> > pool account the necessary permissions to create the account, or the server
> > isn't running in Active Directory Account Creation mode.
> >
> > To narrow this down, try:
> >
> >
http://support.microsoft.com/default.aspx?scid=kb;en-us;823507
> > How to use Stsadm.exe to determine whether Windows SharePoint Services is in
> > Active Directory account creation mode
> >
> > > I then created the user in AD then re-tried the exact command-line and
> > > successfully created the user. BUTâ?¦
> > >
> > > That user was a global user and existed in all virtual servers (VS). Going
> > > into one Virtual server topâ??level website site administration, I deleted the
> > > new user and it was removed it from all VS/Sites.
> >
> > Well then, all your subsites must be inheriting permissions from the
> > top-level site.
> >
> > For each subsite that you want to have different permissions, you have to go
> > into Site Settings, Site Administration, Manage Permission Inheritance, and
> > then select Use Unique Permissions and click OK.
> >
> > Then, you click Manage Users, add the users you want, and delete the users
> > you don't want.
> >
> > > I must have the ability to create users that can only access certain sites &
> > > sub-sites only.
> >
> > It works the other way. You (or a designated site admin) get the ability to
> > configure each site so it only admits the people you want.
> >
> > > I canâ??t have users figuring out that they can access other
> > > peopleâ??s sites that they have no business accessing using their login.
> >
> > Then the owners of those other sites (or you, acting in their behalf) had
> > better keep their user lists up-to-date.
> >
> > > How do I accomplish this with one internal IP for all VSâ??s. Should I have a
> > > separate public IP for each virtual server? If that is so I tried earlier to
> > > use the Public NS1 IP but it would not create the user.
> >
> > No, don't set up a different IP address for each server. That's not
> > supported. Any time you hve two or more content servers on the same computer,
> > they should all be configured in IIS as (all unassigned).
> >
> > > My logins are for MCE\Administrator or MCE\Reader etc. Can I control user
> > > access if somehow I can figure out how to create different domains other than
> > > MCE\ ?
> >
> > Again, the trick is to configure each site to admit the appropriate users.
> > Site permissions are a property of the site, and not a property of the user
> > account.
> >
> > I mean, if all readers user the same account, MCE\Reader, then all readers
> > are going to have the same permissions. If some readers need different
> > permissions than other, then each reader needs his or her own account.
> >
> > > I am now confused about AD account creation mode and users. The reference I
> > > referred where I said I must add users via the command line was in the WSS
> > > Admin guide â??Installation Considerations for Windows SharePoint Serviceâ?? page
> > > 2 of 6 Note.
> > >
> > > I GREATLY appreciate your help and expert advice!
> > > Jody
> >
> > That has to do with scalable hosting mode, which I don't believe you need to
> > worry about. It's unfortunate that the same article describes both Active
> > Directory Account Creation and Scalable Hosting Mode in parallel.
> >
> > > I am confused now about AD account reation mode
> >
> > It means that if you try to grant privileges to an account that doesn't
> > exist, WSS creates the account in a designated Active Directory OU. This
> > segregates such accounts from those that, say, internal users will use to
> > access resources throughout a doman.
> >
> > Jim Buyens
> > Microsoft FrontPage MVP
> >
http://www.interlacken.com
> > Author of:
> > *----------------------------------------------------
> > |\---------------------------------------------------
> > || Microsoft Windows SharePoint Services Inside Out
> > || Microsoft Office FrontPage 2003 Inside Out
> > ||---------------------------------------------------
> > || Web Database Development Step by Step .NET Edition
> > || Microsoft FrontPage Version 2002 Inside Out
> > || Faster Smarter Beginning Programming
> > || (All from Microsoft Press)
> > |/---------------------------------------------------
> > *----------------------------------------------------
> >
> >
> > > "Jim Buyens" wrote:
> > >
> > > > Responses interspersed...
> > > >
> > > > "Jody" wrote:
> > > >
> > > > > I am a newbie to WSS and would appreciate help. I have a single server
> > > > > installation with working sites in the admin virtual server. I have also
> > > > > extended a second virtual server and created a sites successfully there as
> > > > > well.
> > > > >
> > > > > I am utilizing Active Directory so I need to add users via the command-line.
> > > >
> > > > What makes you think that?
> > > >
> > > > > This is where I am having trouble. I am wondering if I am not entering the
> > > > > correct path syntax for the â??url parameter.
> > > > >
> > > > > QUESTIONS:
> > > > >
> > > > > 1. What is the default path for the admin virtual server and other extended
> > > > > virtual servers?
> > > >
> > > > Whatever IIS is filtering on. For example, if IIS is filtering traffic to a
> > > > WSS virtual server based on host headers, the -url switch has to specify one
> > > > of the hostnames listed in IIS.
> > > >
> > > > So, open Administrative Tools, Internet Information Services Manager, expand
> > > > your computer, expand Web Sites, right-click your virtual server, choose
> > > > Properties, click the Web Site tab, then click Advanced. The host names
> > > > listed under Host Header value are the ones you can use. Otherwise, use the
> > > > IP address.
> > > >
> > > > > 2. Do users all have to be created in Active Directory first or does the
> > > > > command-line operation create and store user accounts at the root Virtual
> > > > > Server level?
> > > >
> > > > If you installed your site using the normal defaults, you should be able to
> > > > specify existing domain users in domain\username format.
> > > >
> > > > If you specified Active Directory Account Creation Mode when you isntalled
> > > > WSS, and then you specify a username of johndoe, WSS will use the existing
> > > > johndoe account if one exists. Otherwise, it will create a johndoe account
> > > > within the OU you specified when you installed WSS.
> > > >
> > > > > This is what I have tried:
> > > > >
> > > > > Stsadm â??o adduser â??url
http://server netbios name/Virtual Server Name
> > > > > â??userlogin DOMAIN\Username â??useremail user@domain.com â??username â??joeuserâ??
> > > > > -role reader
> > > > >
> > > > > I am getting the following error message no matter what path I try for the
> > > > > â??url path
> > > > >
> > > > > â??The Web site that is referenced here is not in the configuration databaseâ??
> > > > >
> > > > > Thanks - Jody
> > > >
> > > > Specify a hostname per above.
> > > >
> > > > Jim Buyens
> > > > Microsoft FrontPage MVP
> > > >
http://www.interlacken.com
> > > > Author of:
> > > > *----------------------------------------------------
> > > > |\---------------------------------------------------
> > > > || Microsoft Windows SharePoint Services Inside Out
> > > > || Microsoft Office FrontPage 2003 Inside Out
> > > > ||---------------------------------------------------
> > > > || Web Database Development Step by Step .NET Edition
> > > > || Microsoft FrontPage Version 2002 Inside Out
> > > > || Faster Smarter Beginning Programming
> > > > || (All from Microsoft Press)
> > > > |/---------------------------------------------------
> > > > *----------------------------------------------------
> > > >
> > > >
> > > >